Re: [CentOS-docs] Searching the wiki
Eugene Fong wrote: Agreed Majorly. Probably should use google search on the entire wiki Write plugin - I will integrate it ... =:) Ralph pgplfrY7E8tvV.pgp Description: PGP signature ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Searching the wiki
Dag Wieers wrote: I guess the default really should be text search for most users. Alain? --- /home/ralph/modern-CentOS/modern-CentOS.py 2008-05-19 21:10:02.0 + +++ /var/www/wiki.centos.org/wiki_instance/data/plugin/theme/modern-CentOS.py 2008-05-24 18:32:15.0 + @@ -198,10 +198,10 @@ input id=searchinput type=text name=value value=%(search_value)s size=20 onfocus=searchFocus(this) onblur=searchBlur(this) onkeyup=searchChange(this) onchange=searchChange(this) alt=Search -input id=titlesearch name=titlesearch type=submit -value=%(search_title_label)s alt=Search Titles input id=fullsearch name=fullsearch type=submit value=%(search_full_label)s alt=Search Full Text +input id=titlesearch name=titlesearch type=submit +value=%(search_title_label)s alt=Search Titles /div /form script type=text/javascript Can you incorporate that into the next version of modern-CentOS (the one where the borders are back), so that we can put that onto the real wiki then? Thanks and Cheers, Ralph pgpTX2KU4wAsd.pgp Description: PGP signature ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] I want to add a tip.
Florian La Roche wrote: On Sun, May 25, 2008 at 12:19:11PM +0900, TAIRA Hajime wrote: Thanks. I think this step should be a bit more verbose, telling people to replace 'sda' with the actual disk device. http://wiki.centos.org/TipsAndTricks/ReinstallGRUB I added verbose information about disk device. Please confirm it? There is a small typo at the beginning: cann't - can't regards, Florian La Roche I have corrected a couple of typos, including this one. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] I want to add a tip.
Thank you. Best regards. TAIRA Hajime [EMAIL PROTECTED], web: http://pantora.net/ CentOS WikiName: HajimeTaira On 2008/05/25, at 18:34, Ned Slider wrote: Florian La Roche wrote: On Sun, May 25, 2008 at 12:19:11PM +0900, TAIRA Hajime wrote: Thanks. I think this step should be a bit more verbose, telling people to replace 'sda' with the actual disk device. http://wiki.centos.org/TipsAndTricks/ReinstallGRUB I added verbose information about disk device. Please confirm it? There is a small typo at the beginning: cann't - can't regards, Florian La Roche I have corrected a couple of typos, including this one. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
RE: [CentOS] read only root file system
A very big thanks -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fred Noz Sent: Saturday, May 24, 2008 1:30 PM To: centos@centos.org Subject: [CentOS] read only root file system On Saturday 24 May 2008 12:05:30 Fred Noz wrote: Responding to a question posted earlier this month, Centos 5.1 includes configuration files for enabling the read-only root filesystem. Actually, all filesystems can be mounted read-only with particular files and directories mounted on a read-write tmpfs (in RAM). This capability comes directly from the upstream provider. When your computer comes back up, the root and any other system partitions will be mounted read-only. All the files and directories listed in /etc/rwtab will be mounted read-write on a tmpfs filesystem. You can add additional files and directories to rwtab to make them writable after reboot. Note that this system is stateless. When you reboot again, everything written to the tmpfs filesystem vanishes and the system will be exactly as it was the last time it was booted. You could add a writable filesystem on disk or NFS for writing files you want to retain after rebooting. This is very interesting. Thanks for the sharing Fred. So, it's somekind of Live CD on a disk? I can't think of a practical benefit of using such system, is it to protect it from unwanted modification? Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial - Fajar, There are many practical reasons why one would want to run a Linux system, whether it be desktop or server, with a read-only root. One reason is for ease of maintenance, especially when there are many systems to maintain. You might be administering computers in a classroom, internet access point, or library and you want to be certain that after reboot, the system is exactly as it was the last time it was rebooted, even if the users mess with the system accidentally or on purpose. For example, if a user fills up the /tmp filesystem and causes the system to crash, after booting, the system will have an empty /tmp filesystem. It will not require that fsck to be run because the other filesystems were mounted read-only. This implies no risk of filesystem corruption (except due to physical failures on the disk). Not needing fsck saves time on boot. You could use read-only root on embedded systems where there is no way an administrator could get to the system to fix it. Read-only root is beneficial on a system running on flash media because this avoids having recurring writes wear out some sectors on the media. This is a practical way to run a large group of diskless systems. A single read-only root filesystem can be made available on a network from an NFS server. Many diskless clients can use this readonly-root simultaneously. Of course, this is a way to implement a live CD. In addition to easy maintenance, readonly-root adds a layer of security. The security is broken if someone gains access to the root user, but then many security protections are lost if someone gains root. Even a Database server can benefit from being run on read-only root. The data disk would certainly be mounted read-write, but there is no reason why the operating system and database application software need to be on disks mounted read-write. When an administrator wants to perform an update, upgrade, software, installation. or other system change, the administrator sets the readonly filesystems to read-write using a simple mount command. After the administrator finishes making the changes, a simple mount command (or reboot) sets the readonly filesystems back to read-only. Of course, on systems where the root and system filesystems have no physical write capability, such as on a live CD, they cannot be set to read-write. - Fred - Fred Noz [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] USBDisk question
i have the same question ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] saslauthd for sendmail SMTP relay
Hi, I'm running a Centos 5.1 server that uses saslauthd to allow sendmail SMTP relaying for some clients. saslauthd is configured to use method shadow to lookup the username / password directly from /etc/shadow. This setup has been working for several month now, but is broken since last Monday. I haven't changed anything neither on the server nor on the clients. Now whenever a client tries to relay email I see this messages in the logs: /var/log/maillog: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed /var/log/messages: saslauthd[3665]: do_auth : auth failure: [user=username] [service=smtp] [realm=] [mech=shadow] [reason=Unknown] Does someone have an idea how to debug this further, esp. how to find the real reason as the message [reason=Unknown] is not very helpful at all. Thanks in advance, Bernd. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] saslauthd for sendmail SMTP relay
Bernd Bartmann wrote: /var/log/maillog: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed /var/log/messages: saslauthd[3665]: do_auth : auth failure: [user=username] [service=smtp] [realm=] [mech=shadow] [reason=Unknown] Does someone have an idea how to debug this further, esp. how to find the real reason as the message [reason=Unknown] is not very helpful at all. Is saslauthd still running? Could it have failed or not started if the server has rebooted? Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] saslauthd for sendmail SMTP relay
On Sun, May 25, 2008 at 11:42 AM, Ian Blackwell wrote: Bernd Bartmann wrote: /var/log/maillog: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed /var/log/messages: saslauthd[3665]: do_auth : auth failure: [user=username] [service=smtp] [realm=] [mech=shadow] [reason=Unknown] Does someone have an idea how to debug this further, esp. how to find the real reason as the message [reason=Unknown] is not very helpful at all. Is saslauthd still running? Could it have failed or not started if the server has rebooted? Thanks Ian. That's indeed the reason. service saslauthd status gives saslauthd dead but subsys locked. Now, what could be the reason why saslauthd was not running any more? cu, Bernd. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] read only root file system
On Sat, May 24, 2008 at 8:29 PM, Fred Noz [EMAIL PROTECTED] wrote: In addition to easy maintenance, readonly-root adds a layer of security. The security is broken if someone gains access to the root user, but then many security protections are lost if someone gains root. However, this should *never* be used alone for security concerns. A compromiser can easily run that simple mount command to remount read-write after root access. But sometimes before gaining root access, some system spesific files are over-written to gain root access with the help of exploits.. This helps keeping from them. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: RAID5 or RAID50 for database?
William Warren wrote: I'm not a fan of RAID 5 at all since it can only tolerate one failure at all. Go with raid 10 or something like that which is able to handle more than one failure. Intermittent, uncorrectable sector failures during rebuilds are becoming an increasing problem with today's drives. Is that raid10 or raid 1+0 or raid 0+1? :D At least for the latter two, their handling more than one failure depends on which disks blow. Not sure how the raid10 module handles things. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
Why are you still using CentOS 4? Do you have an issue with Centos 4? I prefer to wait for RH to work most of the kinks with their new releases. Centos 5 has new versions of various libraries and software. They have never been able to guarantee zero breakage. Eg: I have heard of constantly crashing firefox. A known issue too. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
Christopher Chan wrote: Why are you still using CentOS 4? Do you have an issue with Centos 4? I prefer to wait for RH to work most of the kinks with their new releases. Centos 5 has new versions of various libraries and software. They have never been able to guarantee zero breakage. Eg: I have heard of constantly crashing firefox. A known issue too. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Just asking. I don't use CentOS as a desktop OS, so the firefox problem doesn't bother me at all, but CentOS 5 is an upgrade in many regards, and I find it very stable. I have yet to try RAID10 with it though, as soon as I can get my hands on enough spare HDD's :) -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS-Samba question
MHR wrote: My main system is a CentOS 5.1 64-bit desktop with gobs of disk and a couple of printers attached that work just fine. I have it set up with samba so my VMWare guest Windows XP can access most of the files and the printers. But, when I try to connect to the printers from a remote machine that has a Win98/WinXP dual boot, I can't see the printers at all. Do they should up if you run the command below in the Linux host? smbclient -L //localhost Both 98/XP can ping the host by IP address or by name (I've updated the host on both and the lmhost file on the 98 boot), but the 98 boot can't see the network at all, and the XP boot can't see anything on my CentOS box, although it at least sees that the box is there. Not even the home share? Have you created a machine account for the XP guest? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
So they say, and correct me if i'm wrong, that RAID10 is a RAID 1 of RAID 0. A mirror of stripe sets. You said it's not that, i lost you on this one. Heh, I dare say most of us are lost on this one. It is a blinking new module for md that is not available on Centos 4. This should help us deal with any future questions from people asking, How do I create a raid10 array for root during installation? or similar. Answer: You cannot not. But you can do raid 1+0/0+1. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
Christopher Chan wrote: So they say, and correct me if i'm wrong, that RAID10 is a RAID 1 of RAID 0. A mirror of stripe sets. You said it's not that, i lost you on this one. Heh, I dare say most of us are lost on this one. It is a blinking new module for md that is not available on Centos 4. This should help us deal with any future questions from people asking, How do I create a raid10 array for root during installation? or similar. Answer: You cannot not. But you can do raid 1+0/0+1. ___ Why are you still using CentOS 4? -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
Linux wrote: On Fri, May 23, 2008 at 4:19 AM, Christopher Chan [EMAIL PROTECTED] wrote: And stick with md-raid 10 (also known as software raid) because it is much more intelligently designed than any closed-source-embedded-raid-controller. This was valid until...quite a few years ago. Has hardware-raid vendors open-sourced their firmware then? So? Has the vendor of your motherboard open sourced their firmware? Do you flash a piece of open source bios code into your motherboard's chip if not so? Nowadays hardware raid frightens me because of the need to have spare raid-controllers for every hardware-raid-configuration I have. They are neither interchangable nor easily recoverable. You seem to have been living under a rock for the last half decade. For each hardware-raid configuration I keep a redundant raid-controller. In case of controller failure it's the best way to recover my data on disks. I tried simple test cases once (yes, on the last half decade) and most failed except simple RAID-1 configurations. Sorry, I have never had a 3ware card fail on me during my four years at Outblaze Ltd. and besides, other users of 3ware had just have to plug in another card and they got all their data back. Of course, I have heard of horror stories with other brands like Mylex which might act up on a reboot. md-raid 10 can be established with any number of disks (at least 3 but better check with google) Hmm, I think your advice must be taken with a grain of salt. Have you actually tried to do what you suggest? In any case, I will give you the benefit of the doubt that you just did a typo. mdadm raid10 is neither raid 1+0 nor raid 0+1. Go check with man mdadm or google. Each stripe is written on 2 different disks with a rolling frame and loss of 1 disk in 3 disk configuration can be recovered online. OH, you were talking about that new module that is not available on Centos 4. That is the problem these days, acronyms are not necessarily uniform. Sorry, no experience with that particular module and I think this should clear up a lot of misunderstanding on answering questions about how do I make a raid10 array during installation. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] saslauthd for sendmail SMTP relay
Bernd Bartmann wrote: Thanks Ian. That's indeed the reason. service saslauthd status gives saslauthd dead but subsys locked. Now, what could be the reason why saslauthd was not running any more? cu, Bernd. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hard to say without seeing the logs. Does it restart for you or is it continuing to fail? Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] saslauthd for sendmail SMTP relay
On Sun, May 25, 2008 at 2:42 PM, Ian Blackwell wrote: Bernd Bartmann wrote: Thanks Ian. That's indeed the reason. service saslauthd status gives saslauthd dead but subsys locked. Now, what could be the reason why saslauthd was not running any more? Hard to say without seeing the logs. Does it restart for you or is it continuing to fail? It did start without any problems. Looks like I found the cause. From the logs I see that someone tried a brute force attach on the SMTP relay with several username / password combinations. Then one of the attempts lead to a segfault of saslauth. Which probably means that there is a bug in saslauthd as it should not be possible to crash a service just by suppling a weird comibination of input data. May 18 17:25:36 srsrzfw01 saslauthd[5167]: do_auth : auth failure: [user=marketing] [s ervice=smtp] [realm=] [mech=shadow] [reason=Unknown] May 18 17:25:37 srsrzfw01 kernel: saslauthd[5168]: segfault at 4ba33160 rip 00323d e76170 rsp 7fff78d4fb18 error 4 May 18 17:25:37 srsrzfw01 kernel: saslauthd[5166]: segfault at 4ba33160 rip 00323d e76170 rsp 7fff78d4fb18 error 4 May 18 17:25:37 srsrzfw01 kernel: saslauthd[5169]: segfault at 4ba33160 rip 00323d e76170 rsp 7fff78d4fb18 error 4 May 18 17:25:38 srsrzfw01 kernel: saslauthd[5170]: segfault at 4ba33160 rip 00323d e76170 rsp 7fff78d4fb18 error 4 May 18 17:25:38 srsrzfw01 kernel: saslauthd[5167]: segfault at 4ba33160 rip 00323d e76170 rsp 7fff78d4fb18 error 4 May 22 18:29:53 srsrzfw01 saslauthd[26597]: detach_tty : master pid is: 26597 May 22 18:29:53 srsrzfw01 saslauthd[26597]: ipc_init: listening on socket: /var/run/sa slauthd/mux May 22 18:45:39 srsrzfw01 saslauthd[26597]: server_exit : master exited: 26597 May 22 18:47:31 srsrzfw01 saslauthd[5160]: detach_tty : master pid is: 5160 May 22 18:47:31 srsrzfw01 saslauthd[5160]: ipc_init: listening on socket: /var/run/sas lauthd/mux May 22 18:57:24 srsrzfw01 saslauthd[5160]: server_exit : master exited: 5160 cu, Bernd ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] CentOS-Samba question
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MHR Sent: Saturday, May 24, 2008 4:00 PM To: CentOS mailing list Subject: [CentOS] CentOS-Samba question My main system is a CentOS 5.1 64-bit desktop with gobs of disk and a couple of printers attached that work just fine. I have it set up with samba so my VMWare guest Windows XP can access most of the files and the printers. But, when I try to connect to the printers from a remote machine that has a Win98/WinXP dual boot, I can't see the printers at all. Both 98/XP can ping the host by IP address or by name (I've updated the host on both and the lmhost file on the 98 boot), but the 98 boot can't see the network at all, and the XP boot can't see anything on my CentOS box, although it at least sees that the box is there. Here's my smb.conf: # Global parameters [global] workgroup = MARKHOME domain master = yes preferred master = yes server string = Samba Server printcap name = /etc/printcap cups options = raw log file = /var/log/samba/%m.log max log size = 50 password server = none username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins support = yes dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories valid users = %S path = /home/%u create mask = 664 directory mask = 775 writeable = yes browseable = yes [tmp] comment = Temporary file space path = /tmp writeable = yes guest ok = yes [printers] comment = All Printers path = /var/spool/samba browseable = yes printable = yes What am I missing? Thanks. Mhr -- Simple Configuration... Your Global is wrong. This is for sane simple Printing! Read the samba howto's on samba.org. [global] printing = bsd load printers = yes [printers] path = /var/spool/samba printable = yes public = yes writable = no ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: RAID5 or RAID50 for database?
Christopher Chan wrote: William Warren wrote: I'm not a fan of RAID 5 at all since it can only tolerate one failure at all. Go with raid 10 or something like that which is able to handle more than one failure. Intermittent, uncorrectable sector failures during rebuilds are becoming an increasing problem with today's drives. Is that raid10 or raid 1+0 or raid 0+1? :D At least for the latter two, their handling more than one failure depends on which disks blow. Not sure how the raid10 module handles things. Whoever implements RAID10 will want the RAID1+0 which is a stripe set of mirrors, rather then the RAID0+1 which is a mirror of stripe sets. The problem being two fold, 1) in a RAID0+1 a single drive failure on either side of the mirror will put the whole array into total failure jeopardy, a failure on both sides is a total loss, 2) the pathway for simultaneous operations is cut down from (say X is an even number of disks) X reads, X/2 writes, to 2 reads, 1 write. On a RAID5/6 array you are limited to a pathway of 1 read and 1 write at a time and all writes must write across the entire stripe, so if you do choose RAID5/6 then it is highly recommended to use a hardware RAID controller with a BBU write-back and read-ahead cache which can minimize the impact of this by caching a whole stripe set to write at once and to have a stripe set of reads waiting for io requests. For database log files and other applications that do a lot of random io it is recommended to use fast RPM drives in a RAID10 which has the multiple pathways for reads and writes which will maximize the total number of random IOPS (ios per second). Typically most vendors recommend a two-prong approach, keep the database data files on a RAID5/RAID6 type array and keep the log files on a RAID10 array. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: RAID5 or RAID50 for database?
From: Ross S. W. Walker Sent: May 25, 2008 08:56 Typically most vendors recommend a two-prong approach, keep the database data files on a RAID5/RAID6 type array and keep the log files on a RAID10 array. I can not comment on most vendors but for the PROGRESS RDBMS RAID5 is definitely not recommended. It will work but you will see a significant reduction in performance. We strongly recommend that our clients go with RAID10 (as in RAID 1+0). In-house we only use RAID10. Just my 0.02CA. Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] how to debug ssh slow connection issues.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Filipe Brandenburger Sent: Friday, May 23, 2008 8:55 PM To: CentOS mailing list Subject: Re: [CentOS] how to debug ssh slow connection issues. Try to change this in your /etc/ssh/sshd_config: Change: UseDNS yes to: UseDNS no Okay that fixed it, but why? I used nslookup and set my server to the same as /etc/resolv.conf. There were no delays, at all all of our class C resolves both ways (and matching) same as out private net. Where to go next on properly fixing this sshd/dns issue? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: RAID5 or RAID50 for database?
Hugh E Cruickshank wrote: From: Ross S. W. Walker Sent: May 25, 2008 08:56 Typically most vendors recommend a two-prong approach, keep the database data files on a RAID5/RAID6 type array and keep the log files on a RAID10 array. I can not comment on most vendors but for the PROGRESS RDBMS RAID5 is definitely not recommended. It will work but you will see a significant reduction in performance. We strongly recommend that our clients go with RAID10 (as in RAID 1+0). In-house we only use RAID10. Ok, most vendors meaning MS, Oracle, Sybase. I am unfamiliar with PROGRESS (Postgresql variant?), but in my experience with the aforementioned they typically do all writing to the db log files, which is recommended to be kept on a RAID10, then when when transactions are checkpointed, they are written to the DB files. The software makes all attempts to keep the data written to the database files as linear as possible to make sequential access possible and dump/restore fast. This makes the log files write-mostly and the database files read-mostly and of course why the two different RAID types. Of course that really only pays if your databases are large enough to justify two separate storage systems. Right now my databases are small enough to be kept together with logs on a RAID10, but when they grow unwieldy I will move the databases off the RAID10 onto a RAID5/6/50/60 whatever and leave the log files on the RAID10. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: RAID5 or RAID50 for database?
I can not comment on most vendors but for the PROGRESS RDBMS RAID5 is definitely not recommended. It will work but you will see a significant reduction in performance. We strongly recommend that our clients go with RAID10 (as in RAID 1+0). In-house we only use RAID10. +1 Write performance of RAID5 on hardware MegaRAID SATA 150-6D is *very* poor. -- Nikolay Ulyanitsky [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] How is this possible?
As an experiment, I am attempting to build a more recent version of GNOME than 2.16.0 on CentOS 5.1. I've tried both garnome and jhbuild, and neither one works quite right. Jhbuild blows out looking for a dbus-glib-1 revision = 0/74 (the release rev is 0.70), so I downloaded that and tried to build it. This results in the following error: gcc -g -O2 -Wall -Wchar-subscripts -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wcast-align -Wfloat-equal -Wsign-compare -o .libs/dbus-binding-tool dbus-binding-tool-glib.o dbus-glib-tool.o ./.libs/libdbus-gtool.a -L/lib64 ./.libs/libdbus-glib-1.so -ldbus-1 -lgobject-2.0 -lglib-2.0 /usr/lib/libexpat.so -lnsl /usr/lib/libexpat.so: could not read symbols: File in wrong format collect2: ld returned 1 exit status make[4]: *** [dbus-binding-tool] Error 1 make[4]: Leaving directory `/home/mhr/Download/dbus-glib-0.74/dbus' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/mhr/Download/dbus-glib-0.74/dbus' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/mhr/Download/dbus-glib-0.74/dbus' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/mhr/Download/dbus-glib-0.74' make: *** [all] Error 2 When I try to use garnome, it eventually runs into exactly the same error. I've checked /usr/lib/libexpat.so, and this is what I get: $ ls -l /usr/lib/libexpat.so lrwxrwxrwx 1 root root 27 Jan 8 13:11 /usr/lib/libexpat.so - ../../lib/libexpat.so.0.5.0 $ ls -l /lib/libexpat.so.0.5.0 -rwxr-xr-x 1 root root 133056 Jan 6 2007 /lib/libexpat.so.0.5.0 $ file /lib/libexpat.so.0.5.0 /lib/libexpat.so.0.5.0: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), stripped When I look at this library with nm, lld and objdump, they all seem to be able to read it just fine. There is also the 64 bit version that lives in /ib64 and has a .ink from /usr/lib64, and that also reads fine. What did I miss here? Thanks. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How is this possible?
MHR wrote: As an experiment, I am attempting to build a more recent version of GNOME than 2.16.0 on CentOS 5.1. I've tried both garnome and jhbuild, and neither one works quite right. Jhbuild blows out looking for a dbus-glib-1 revision = 0/74 (the release rev is 0.70), so I downloaded that and tried to build it. This results in the following error: gcc -g -O2 -Wall -Wchar-subscripts -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wcast-align -Wfloat-equal -Wsign-compare -o .libs/dbus-binding-tool dbus-binding-tool-glib.o dbus-glib-tool.o ./.libs/libdbus-gtool.a -L/lib64 ./.libs/libdbus-glib-1.so -ldbus-1 -lgobject-2.0 -lglib-2.0 /usr/lib/libexpat.so -lnsl /usr/lib/libexpat.so: could not read symbols: File in wrong format collect2: ld returned 1 exit status make[4]: *** [dbus-binding-tool] Error 1 make[4]: Leaving directory `/home/mhr/Download/dbus-glib-0.74/dbus' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/mhr/Download/dbus-glib-0.74/dbus' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/mhr/Download/dbus-glib-0.74/dbus' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/mhr/Download/dbus-glib-0.74' make: *** [all] Error 2 When I try to use garnome, it eventually runs into exactly the same error. I've checked /usr/lib/libexpat.so, and this is what I get: $ ls -l /usr/lib/libexpat.so lrwxrwxrwx 1 root root 27 Jan 8 13:11 /usr/lib/libexpat.so - ../../lib/libexpat.so.0.5.0 $ ls -l /lib/libexpat.so.0.5.0 -rwxr-xr-x 1 root root 133056 Jan 6 2007 /lib/libexpat.so.0.5.0 $ file /lib/libexpat.so.0.5.0 /lib/libexpat.so.0.5.0: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), stripped When I look at this library with nm, lld and objdump, they all seem to be able to read it just fine. There is also the 64 bit version that lives in /ib64 and has a .ink from /usr/lib64, and that also reads fine. What did I miss here? Thanks. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Howdy, Just a thought, do you have the expat-devel package installed? Thanks, Finnur ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How is this possible?
On Sun, May 25, 2008 at 1:35 PM, Tru Huynh [EMAIL PROTECTED] wrote: ... just my 1st and last warning: if you break your setup don't come complaining here :) I presume you mean my GNOME setup, and yes, I know - there are instructions on both jhbuild and garnome on how to avoid that. Hopefully they are more effective that the build instructions )-; The error message is quite clear. ... you are running a 64 bits CentOS-5 machine and you are trying to link a 64 bits objects with a 32 bits shared lib. Actually, I respectfully disagree - the message is far too vague, although the implication may not be. However, that raises another question: why does the build (either one) not know the machine architecture on which it is running and therefore detect the proper library to which to link? Or do I have to fake it by replacing the links in /usr/lib with those from /usr/lib64? IOW: how do I (or does anyone) build GNOME (or even just dbus-glib) on a 64-bit platform? good luck. Thanks. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How is this possible?
MHR wrote: However, that raises another question: why does the build (either one) not know the machine architecture on which it is running and therefore detect the proper library to which to link? Did you ask the people who wrote that buildsystem ? what did they say ? -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How is this possible?
On Sun, May 25, 2008 at 1:49 PM, Karanbir Singh [EMAIL PROTECTED] wrote: Did you ask the people who wrote that buildsystem ? what did they say ? Yes, I was emailing back and forth with them yesterday. So far, on this problem (the latest in a line), no response yet. Of course, I did not specifically ask them this question (how does one build on a 64-bit platform), but I did mention up front that that's what I'm running. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Hourly restart
Hi, Without any update, hardware/software modification, etc... one of my systems Hourly restart problem started again. Currently, I counted 5 restarts at 59th minute. No log entry, no console error, nothing really interesting. If I do not see camera records with my own eyes, I'll suspect about someone from D.C. hardreseting the box. Now, I guess /var failed mounting and ssh not available. Maybe next hour restart does a magic... Last time, a kernel update solved hourly restart problem. Before loosing access, I checked and saw a new kernel with -21 ending number (x86_64, forgot to mention) and waiting for XFS module to be ready (Well, I wish I had left it ext3) After that, perhaps update will solve the problem again, but why? Last time I stopped all crons, unneeded services, remote access, etc.. Put a man in front of the monitor and made him monitor everything. Only thing he saw was a welcoming BIOS without any sign at the 60th minute. Replaced power cords, power supply, some disks, RAM modules, etc... Currently I have the last recovered remote logs of temperature and voltage sensors of the system, all seems fine, nothing suspicious. I am out of ideas. I have many gentoo boxes on the almost same hardware and a few centos boxes. Only this one failes continuously... I'd like to hear advice and suggestions about how to debug / repair this situation. Thanks. P.S.: Complete hardware replacement plan is currently in action, new hardware will be ready soon but I'm not so sure about hardware failure. Why did it stopped last time after a simple kernel update? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Hourly restart
Anything in the bios called watchdog turned on? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hourly restart
On Mon, May 26, 2008 at 12:30 AM, Gregg McClintic [EMAIL PROTECTED] wrote: Anything in the bios called watchdog turned on? Waiting for morning (it's late night here) for further diag. Should I disable it? Or is it malfunctioning because of CentOS? Thanks... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] saslauthd for sendmail SMTP relay
Bernd Bartmann wrote: It did start without any problems. Looks like I found the cause. From the logs I see that someone tried a brute force attach on the SMTP relay with several username / password combinations. Then one of the attempts lead to a segfault of saslauth. Which probably means that there is a bug in saslauthd as it should not be possible to crash a service just by suppling a weird comibination of input data. Sounds to me like you should consider running SELinux - that is if you aren't already :-) . Of course it won't solve the segfault, but it should restrict any damage a compromised saslauthd process can do. Anyway, glad you're on track again. Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] read only root file system
Linux wrote: However, this should *never* be used alone for security concerns. A compromiser can easily run that simple mount command to remount read-write after root access. I've been reading some of your recent comments, Anonymous looser, and I've really got to say this - you seem to make some authoritative style comments on things you really dont know much about. eg. in this case - the filesystem could be mounted readonly since its only exposed readonly from the underlying i/o or block subsystem. - KB -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1333/8GB Intel motherboard for C5.1
MHR wrote: Perhaps I was not clear in my original email, the point being that you dont need to rebuild drivers when kernels update ( in 99% of the cases ) Is that now true also of the nvidia driver(s)? I haven't seen anything so to indicate. The nvidia driver, for me, built against 2.6.18-8.el5) has worked fine upto the latest released kernel ( 2.6.18-92.el5 ) try running the vmware-server installed on centos-5, irrespective of what kernel version you use / run - the vmware binary modules used are from an early kernel as well... -- [EMAIL PROTECTED] misc]$ /sbin/modinfo vmmon.o | grep verm vermagic: 2.6.18-8.el5 SMP mod_unload gcc-4.1 [EMAIL PROTECTED] misc]$ uname -r 2.6.18-53.1.4.el5 --- -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Opinions about SSH and DNS
Hi People, As part of securing SSH we currently have UseDNS set to yes. But we are finding that a number of ISP's are deliberately refusing to configure matching forward and reverse DNS records. So I am wondering how many of you are still using this option? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Hourly restart
To be honest I have no idea what is needed by the kernel for the bios to beable to check that the os is responding correctly. I enabled it on a test server and had the same issue on a default 4.6 cent install. I could have the name in the bios (the service ) incorrect ie, watch guard,watch dog , watch something I know it is psent on serval types of motherboad manufactures. Take a look should be easy to find ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] read only root file system
On Mon, May 26, 2008 at 2:15 AM, Karanbir Singh [EMAIL PROTECTED] wrote: I've been reading some of your recent comments, Anonymous looser, and I've really got to say this - you seem to make some authoritative style comments on things you really dont know much about. eg. in this case - the filesystem could be mounted readonly since its only exposed readonly from the underlying i/o or block subsystem. Thank you for your comments. Next time I'll try to stop my ego... I guess you are right. An authorative style would mean nothing without an identity. A cd-rom can provide security as a readonly mount, but readonly mounted ordinary filesystem/disk means almost nothing. Dont you read comments like administrator remounts read-write? Why? I dont know, I like to be an a**hole looser I think. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Opinions about SSH and DNS
On Mon, May 26, 2008, Clint Dilks wrote: Hi People, As part of securing SSH we currently have UseDNS set to yes. But we are finding that a number of ISP's are deliberately refusing to configure matching forward and reverse DNS records. So I am wondering how many of you are still using this option? The main utility of using DNS is in conjunction with tcp_wrappers where one wants to use host/domain names in /etc/hosts.allow. IHMO, competent ISPs will handle DNS forward and reverse properly. Unfortunately there are a lot of incompetents who purport to be ISPs. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 A government which robs Peter to pay Paul can always depend on the support of Paul -- George Bernard Shaw ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] read only root file system
Linux wrote: A cd-rom can provide security as a readonly mount, but readonly mounted ordinary filesystem/disk means almost nothing. Dont you read comments like administrator remounts read-write? Why? If your blockdev is exposed to the OS as 'ro', your administator can go jump off a cliff if he wants, he's not geting +w on there. -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Chip set support
John Bowden wrote: NVIDIA® nForce® 430 MCP Lan= NVIDIA® nForce® 430 MCP built-in Gigabit MAC with external Attansic PHY. The forcedeth drivers in the CentOS-5 kernel seem to work fine for that interface -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Hourly restart
On Sun, 2008-05-25 at 18:33 -0400, Gregg McClintic wrote: To be honest I have no idea what is needed by the kernel for the bios to beable to check that the os is responding correctly. I enabled it on a test server and had the same issue on a default 4.6 cent install. I could have the name in the bios (the service ) incorrect ie, watch guard,watch dog , watch something I know it is psent on serval types of motherboad manufactures. Take a look should be easy to find I don't know if this generally applies, but my last contract w/IBM, we had a custom BIOS with a hardware watchdog. Certain bits needed to be reset before the hardware countdown completed. If not, reboot began with the boot device automatically set to the CD. If that failed, it did it with floppy. We were strong on RAS for the project, a NAS product. Needless to say, I can't recall if any kernel changes were made to support it or not (2.4 kernels). If your BIOS has anything like that setup, you'll probably need to disable the feature until you can find out what needs to be done. Then that will need to be in a very early init script, IIRC. I do remember that part of it. Hmmm, ISTR that we had a device driver that gave us access, root privileges only. snip sig stuff HTH -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: RAID5 or RAID50 for database?
Ross S. W. Walker wrote: Christopher Chan wrote: William Warren wrote: I'm not a fan of RAID 5 at all since it can only tolerate one failure at all. Go with raid 10 or something like that which is able to handle more than one failure. Intermittent, uncorrectable sector failures during rebuilds are becoming an increasing problem with today's drives. Is that raid10 or raid 1+0 or raid 0+1? :D At least for the latter two, their handling more than one failure depends on which disks blow. Not sure how the raid10 module handles things. Whoever implements RAID10 will want the RAID1+0 which is a stripe set of mirrors, rather then the RAID0+1 which is a mirror of stripe sets. Here we go. Please go and hammer Neil Brown about his version of RAID10 for md which is decidedly different from doing md 0+1/1+0. http://neil.brown.name/blog/20040827225440 Feel free to also hammer him on his definition of raid 1+0/0+1 as he calls raid 0+1 a raid0 array built over a collection of raid1 arrays. The problem being two fold, 1) in a RAID0+1 a single drive failure on either side of the mirror will put the whole array into total failure jeopardy, a failure on both sides is a total loss, 2) the pathway for simultaneous operations is cut down from (say X is an even number of disks) X reads, X/2 writes, to 2 reads, 1 write. A failure of one mirror will destroy the whole raid 1+0 array too. I do not see how having a functional raid0 array on one side of the mirror in raid 0+1 will cut writes to one disk instead of two. However, I would personally go for a stripe of mirrored disks since a rebuild will not involve all disks. On a RAID5/6 array you are limited to a pathway of 1 read and 1 write at a time and all writes must write across the entire stripe, so if you do choose RAID5/6 then it is highly recommended to use a hardware RAID controller with a BBU write-back and read-ahead cache which can minimize the impact of this by caching a whole stripe set to write at once and to have a stripe set of reads waiting for io requests. Yes, any hardware raid doing raid5 without a decent amount of cache is going to be very poor on write performance. For database log files and other applications that do a lot of random io it is recommended to use fast RPM drives in a RAID10 which has the multiple pathways for reads and writes which will maximize the total number of random IOPS (ios per second). Next time, please follow the thread. We are japping about the raid10 module for md by Neil Brown and how it apparently does not require the traditional way of doing raid 1+0/0+1. Like how his module can do raid10 with just three disks. http://neil.brown.name/blog/20040827225440 Typically most vendors recommend a two-prong approach, keep the database data files on a RAID5/RAID6 type array and keep the log files on a RAID10 array. Thank you for your information. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
Just asking. I don't use CentOS as a desktop OS, so the firefox problem doesn't bother me at all, but CentOS 5 is an upgrade in many regards, and I find it very stable. I have yet to try RAID10 with it though, as soon as I can get my hands on enough spare HDD's :) I believe you cannot do it via the installer yet. Can anybody confirm the presence of raid10 personality in Centos 5? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: RAID5 or RAID50 for database?
Nikolay Ulyanitsky wrote: I can not comment on most vendors but for the PROGRESS RDBMS RAID5 is definitely not recommended. It will work but you will see a significant reduction in performance. We strongly recommend that our clients go with RAID10 (as in RAID 1+0). In-house we only use RAID10. +1 Write performance of RAID5 on hardware MegaRAID SATA 150-6D is *very* poor. So? That thing is 1) ancient with what looks like a half-baked chip solution for raid5 calculations and 2) just comes with only 64MB of cache. You can get a 3ware card with much more cache (9550 and above) and blow away that LSI piece of rubbish. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
On Mon, May 26, 2008 at 3:16 AM, Christopher Chan [EMAIL PROTECTED] wrote: I believe you cannot do it via the installer yet. Can anybody confirm the presence of raid10 personality in Centos 5? Installer does not have raid10 as an option. Not sure whether boot cd has this module or not. But after installing, it exists. Current mdadm raid10 version in CentOS5 is a little old (v2.5.4 - 13 October 2006) and has a bug which sometimes kicks one drive from raid after initial resync and repeats kicking-after-resync when hot added again and again and again. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] how to debug ssh slow connection issues.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Pyeron Sent: Sunday, May 25, 2008 3:27 PM -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jay Leafey Sent: Sunday, May 25, 2008 2:17 PM From the earlier posts, it appears that your DNS server is not properly resolving the REVERSE addresses, i.e. IP address-to-hostname. SSH does a reverse lookup, trying to resolve the IP address to a hostname, unless you set the UseDNS option to no. Agreed, but all of my tests indicate DNS is fine I have also checked the /etc/host* files, all is empty. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Saturday 24 May 2008 21:55:57 Robert Spangler wrote: First of all, thank you Robert for pointing some points. For the sake of discussion, may I say something too? Since you believe that he wants a very strict firewall why are you setting the default policy's to ACCEPT? Security 101, strict firewall drops everything from the start. Then you open the access you require, not the other way around. This is my mistake I think. It's because I was assuming the setting of the firewall is done from another machine (ssh). Those rules are to prevent unaware lockout. #Allowing needed ports: iptables -A INPUT -i eth0 -m multiport -p udp --dport 5060,1:6 -s ipthatyouwantallow -j ACCEPT iptables -A INPUT -i eth1 -m multiport -p udp --dport 53,80,5060,1:6 -j ACCEPT iptables -A OUTPUT -m multiport -p udp --dport 53 -j ACCEPT iptables -A FORWARD -m multiport -p udp --dport 53,5060,1:6 -s ipthatyouallow -j ACCEPT iptables -A FORWARD -m multiport -p tcp --dport 80 -j ACCEPT First question you need to ask yourself is there any hosting services on this box that will require a connection form the WAN side. If not then you should change your input statements to allow only the LAN. You do not require the INPUT statements for packets that pass through the box as the FORWARD will handle all traffic passing through. The OP said that it's an Asterisk box. So it surely needs some open ports, doesn't it? Second question is if you are using ESTABLISHED,RELATED why are you not using NEW in the above rules? It depends on the context and level of details needed. Pls CMIIW, if we allow NEW in the above rules, then ALL traffic will be matched, and thus rendering all subsequent rules useless. Again pls CMIIW :) Third question is have you enables connection tracking? If you are using ESTABLISHED,RELATED then the system needs a way to keep track of the connection. I believe Centos has them enabled and it will automatically loaded when the rules are fired up. Pls CMIIW. If you want a 100% secure firewall then you will not allow any INPUT. All modification would have to be done from the box using a keyboard. If this is not an option then you can allow access from a trusted IP only and setup other security options. Yes, this is my mistake assuming wrongly. Worth noted for the OP and everyone. #For masquerading: iptables -t nat -A POSTROUTING -o eth0 -d ! 192.168.0.0/24 -j MASQUERADE If the WAN port is connected directly to the Internet then you should MASQ all out going traffic and anything that is heading to 192.168.0.0/24 should be dropped. You mean it should be: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ? #Finally dropping all other traffic (positive list firewall): iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP This should be at the top for the firewall not the ACCEPT you have there now. For your reading enjoyment. http://iptables.rlworkman.net/chunkyhtml/index.html Yes, the Oscar's tutorial seems to be the most popular one. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 07:46:18 up 45 min, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
Linux wrote: On Mon, May 26, 2008 at 3:16 AM, Christopher Chan [EMAIL PROTECTED] wrote: I believe you cannot do it via the installer yet. Can anybody confirm the presence of raid10 personality in Centos 5? Installer does not have raid10 as an option. Not sure whether boot cd has this module or not. But after installing, it exists. Current mdadm raid10 version in CentOS5 is a little old (v2.5.4 - 13 October 2006) and has a bug which sometimes kicks one drive from raid after initial resync and repeats kicking-after-resync when hot added again and again and again. In other words, broken. So do not use raid10 personality on Centos5. Okay. Back to stripping mirrors people. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] cups causing segfault
On Thu, 2008-05-08 at 14:58 -0500, Gregory P. Ennis wrote: On Thu, 2008-05-08 at 12:31 -0400, Ross S. W. Walker wrote: Gregory P. Ennis wrote: On Thu, 2008-05-08 at 10:46 -0400, Ross S. W. Walker wrote: Gregory P. Ennis wrote: On Wed, 2008-05-07 at 12:00 -0500, Gregory P. Ennis wrote: Everyone, I have a new installation of Centos 5.1 that I am using on a gateway server that also has dhcp, named servers. I also have cups set up to function as a print server, and sendmail is being used as a relay to our mail server. yum-cron appears to be updating everything daily as desired. This Centos 5.1 gateway was created to replace a Fedora Core 5 system with the same functions. When I set up cups I copied the FC5 subdirectory into the Centos 5.1 system. Everything appears to work as expected. For some reason I am having sendmail crator without giving me a notice in the logs as far as I can determine. However, when I looked at the messages logs I found it filled with many entries in the form of : kernel: ipp[24519]: segfault at rip 2bf2abc0 rsp 7fff25495348 error 4 I've done a google search and there appeared to be a problem with doubled printer entries in the printer.conf causing the log entry, but after checking my printer.conf file everything appears to be ok. This file also worked on FC5 without a problem. I am not sure if the cups problem is related to the sendmail problem. Any ideas? Greg Ennis I have tried several things in the past 48 hours to try to understand what is happening. The only thing I have done that seems to have made a difference is that I have switched 2.6.18-53.1.14.el5xen to 2.6.18-53.1.14.el5. I am still getting the following log entries : May 8 08:23:14 DeGw kernel: ipp[11677]: segfault at rip 2bf2abc0 rsp 7fff7b7ff6b8 error 4 May 8 08:28:26 DeGw kernel: ipp[12925]: segfault at rip 2bf2abc0 rsp 7fffa5ab6988 error 4 However I have only received 7 of these since last night instead of hundreds while running xen. When I booted the system last night with 2.6.18-53.1.14.el5 I received some additional messages log entries : May 8 01:50:00 DeGw kernel: irq 193: nobody cared (try booting with the irqpoll option) May 8 01:50:00 DeGw kernel: May 8 01:50:00 DeGw kernel: Call Trace: May 8 01:50:00 DeGw kernel: IRQ [800b703a]__report_bad_irq+0x30/0x7d May 8 01:50:00 DeGw kernel: [800b726d] note_interrupt+0x1e6/0x227 May 8 01:50:00 DeGw kernel: [800b677f] __do_IRQ+0xc7/0x105 May 8 01:50:00 DeGw kernel: [80011cc5] __do_softirq+0x5e/0xd5 May 8 01:50:00 DeGw kernel: [8006b3bd] do_IRQ+0xe7/0xf5 May 8 01:50:00 DeGw kernel: [80069d0e] default_idle+0x0/0x50 May 8 01:50:00 DeGw kernel: [8005c615] ret_from_intr+0x0/0xa May 8 01:50:00 DeGw kernel: EOI [80069d37] default_idle+0x29/0x50 May 8 01:50:00 DeGw kernel: [80046fb1] cpu_idle+0x95/0xb8 May 8 01:50:00 DeGw kernel: [803d3806] start_kernel+0x220/0x225 May 8 01:50:00 DeGw kernel: [803d3237] _sinittext+0x237/0x23e May 8 01:50:00 DeGw kernel: May 8 01:50:00 DeGw kernel: handlers: May 8 01:50:00 DeGw kernel: [801dc154] (usb_hcd_irq+0x0/0x55) May 8 01:50:00 DeGw kernel: Disabling IRQ #193 If any of you can help me get a start on this problem I would sure appreciate your help. It appears to be a flakey USB controller. Is the printer USB? Is it plugged into a USB hub? Check your USB cables, hubs and try to plug it into a different port. Ross, Thanks for your response. All the printers are networked and none are connected to the server's usb ports. In fact there is nothing connected to this server's usb ports. In looking at the cups error logs I am getting abundant entries of : (/usr/lib/cups/backend/ipp) crashed on signal 11! I turned on cups debug, but did not learn anything else. Thanks again for your help, Well the IRQ error is definitely USB related. Maybe a memory check is in order here. Sendmail and cups are not related and the fact that you see errors in both and strange runaway IRQ errors seems to mean there is a hardware problem here. Check memory (low hanging fruit), then it may be time to start looking at the motherboard. -Ross Ross, I was hoping it might be something else. I'll
[CentOS] I/O statistics per PID
Hi, I've found a great tool called pidstat which is able to report I/O disks statistic. But, it's only for kernels 2.6.20 and later only, is there any tool for Centos xen kernel? Thanks in advance! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] get widescreen 1280x800 for intel 965GM chipset
On Sun, 25 May 2008 21:31:53 -0400 Chen Xu [EMAIL PROTECTED] wrote: I have trouble to get 1280x800 resolution. The driver used is I810. I don't know if the chipset is too new for the xorg driver, and can anyone tell me if there is a fix, maybe with 915resolution? http://www.melvilletheatre.com/articles/intel-widescreen/index.html -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] how to debug ssh slow connection issues.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Filipe Brandenburger Sent: Monday, May 26, 2008 12:15 AM To: CentOS mailing list Subject: Re: [CentOS] how to debug ssh slow connection issues. On Sun, May 25, 2008 at 2:02 PM, Jason Pyeron [EMAIL PROTECTED] wrote: Try to change this in your /etc/ssh/sshd_config: Change: UseDNS yes to: UseDNS no Okay that fixed it, but why? I used nslookup and set my server to the same as /etc/resolv.conf. There were no delays, at all all of our class C resolves both ways (and matching) same as out private net. Where to go next on properly fixing this sshd/dns issue? Once I had this problem and it was related to IPv6. You may try to see if the other change (ListenAddress :: to ListenAddress IP) also fixes the issue without touching DNS. The problem is that sshd tries to resolve IPv6 addresses using queries and your DNS fails to answer to them, giving it a timeout of 5 seconds for each query (10 seconds in total IIRC). Did that, no net effect. This is much harder to debug, I've actually found that to be the misbehaviour by using strace on an sshd. You may also try to run tcpdump udp on your sshd server, you might see the queries and the timeouts. So I have a log, but not sure what I am looking at. debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: Trying to reverse map address 192.168.1.80. 00:28:03.376914 IP 192.168.1.21.36264 192.168.1.10.domain: 38414+ PTR? 80.1.168.192.in-addr.arpa. (43) 00:28:04.041912 IP 192.168.1.10.domain 192.168.1.21.36264: 38414* 1/1/0 (110) In any case, I would say that the proper way to fix it is to disable IPv6 if you don't need it and have no use for it. (Or go all the way and configure DNS for it, although it is really tricky right now.) The way to do it is include alias net-pf-10 off in /etc/modprobe.conf. Will look into that. Fixed it, but why? rpm -e samba system-config-samba samba-common samba-client -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
