Re: [CentOS] why would ls, while or ci use NIS?

If you have NIS configured, it'll be used by anything that needs to map a uid or gid number to a name, or anything that needs a list of groups for users, among other things. That means (IIRC) that having a crontab implies a NIS lookup, because creating a new session for your user needs to

Re: [CentOS] kvm/qemu and CPU load

On 06/02/2017 04:32 AM, hw wrote: What may cause the high CPU load? Offhand, it's hard to say. I don't see similar behavior. Can you post the libvirt XML definitions for those VMs somewhere? pastebin maybe? What's the output of "rpm -qa qemu\*"?

Re: [CentOS] C7 ansible 2.3 become_method: su not working

On 06/05/2017 10:40 AM, Mark Haney wrote: [root@ansible ~]# ansible-playbook playbooks/radtest.yml --ask-become-pass SUDO password: ansible-playbook --become-method su --ask-become-pass playbooks/radtest.yml ___ CentOS mailing list

Re: [CentOS] CentOS 6.9, shredding a RAID

On 05/31/2017 08:04 AM, m.r...@5-cent.us wrote: I've got an old RAID that I attached to a box. LSI card, and the RAID has 12 drives, for a total RAID size of 9.1TB, I think. I started shred /dev/sda the Friday before last... and it's still running. Is this reasonable for it to be taking this

Re: [CentOS] question about shared samba directory file permissions..

On 05/22/2017 12:57 PM, Jason Welsh wrote: im trying to set up a shared samba directory for users to use on centos 7, but whenever I create a file from the samba client to the samba server, the owner of the file ends up being the user the share is mounted up as.. That's how SMB works.

Re: [CentOS] CentOS 6.8 and samba

On 05/20/2017 06:10 PM, Adam Tauno Williams wrote: Six months later, now on CentOS6.9, we still see the same issue - constantly logging this message. Server packages are all up-to-date. I find multiple reports on the Internet - but no solutions. The bug report mentioned in the message you

Re: [CentOS] C6 Module Keys

Use "rpm -Vf /path/to/original/module.ko" If rpm tells you that the checksum has been modified, then the "original" file you've got isn't the correct file. Download the rpm that owns that file, and use "rpm -i --replacefiles --replacepkgs " to reinstall the kernel package.

Re: [CentOS] Virt-Manager and full-screen display

On 05/13/2017 02:52 AM, Nicolas Kovacs wrote: But when I do the same thing with CentOS, I don't have a real full-screen display. There's still two grey bars left on the upper and lower end of the screen. From the virt-manager main window: Edit -> Preferences -> Console -> Resize guest with

Re: [CentOS] rpcbind fails to start after creating virbr0 bridge

On 05/09/2017 04:08 AM, Nicolas Kovacs wrote: I'd like this machine to also be a KVM virtualization host, so I installed qemu-kvm and libvirt. The interface facing the LAN is enp3s0, so I created a virbr0 bridge like this. virbr0 is a device managed by libvirt, and it'll come up later than

Re: [CentOS] systemd missing something?

On 05/07/2017 07:22 AM, ken wrote: "Note that traditional init scripts continue to function on a systemd system. An init script /etc/rc.d/init.d/foobar is implicitly mapped into a service unit foobar.service during system initialization." ... However, what it implies doesn't seem to work out.

Re: [CentOS] Samba active domain controller guide for Centos 7

On 05/02/2017 01:39 PM, Robert Moskowitz wrote: Is there a good guide for setting up a Samba active domain controller? There's samba's guide: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller ..though you can't use the Red Hat/CentOS packages, since

Re: [CentOS] selinux problem policies

On 04/30/2017 07:24 PM, Günther J. Niederwimmer wrote: when I like to set this Rule ? semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ typo3conf(/.*)?" This Errors are displayd ? neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244 I see,

Re: [CentOS] selinux problem policies

On 04/30/2017 07:03 AM, Günther J. Niederwimmer wrote: I write this! semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ typo3conf(/.*)?" OK. Did you get an error? I have more instances from typo3 I found this construct in the selinux policies

Re: [CentOS] SCSI drives and Centos 7

On 04/29/2017 06:50 AM, Gregory P. Ennis wrote: about 4 years ago, I tried to install CentOS 6 on a Supermicro server with SCSI drives using a LSI raid system. Red Hat does discontinue support for some storage driver for very old hardware when they start a new release series. For EL6, that

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/28/2017 12:06 AM, Robert Moskowitz wrote: Here are the messages I got: type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process

Re: [CentOS] SAN certificates for multiple domains and multiple services

On 04/28/2017 01:37 AM, Nicolas Kovacs wrote: So before I go any further with this, I'm asking the more technically proficient admins here. Are there any drawbacks to using this solution? Until you run in to the limit of 100 domains per cert, I think the process you described is preferred.

Re: [CentOS] sha256sum a dvd

On Mon, Apr 24, 2017 at 9:53 AM, James B. Byrne wrote: > sha256sum /dev/sr0 > Which gave this result: > sha256sum: /dev/sr0: Input/output error isoinfo -d -i /dev/sr0 | grep -i -E 'block size|volume size' dd if=/dev/cdrom bs= count= | sha256sum Reference:

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/26/2017 12:29 AM, Robert Moskowitz wrote: But the policy generates errors. I will have to submit a bug report, it seems A bug report would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 10:29 PM, Robert Moskowitz wrote: did not work. it was set off, so I turned it on and tried it out. Got the same errors: Apr 26 01:25:45 z9m9z dovecot: dict: Error: mysql(/var/lib/mysql/mysql.sock): Connect failed to database (postfix): Can't connect to local MySQL server

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 03:25 PM, Robert Moskowitz wrote: This made the same content as before that caused problems: I still don't understand, exactly. Are you seeing *new* problems after installing a policy? What are the problems? # The file '/var/lib/mysql/mysql.sock' is mislabeled on your

Re: [CentOS] saslauth logging

On 04/25/2017 07:00 PM, Jobst Schmalenbach wrote: What I want is the IP address and if possible the incorrect password (just to see how far they are off). Is this possible? I hope not. That's a terrible idea. Every time a user fat-fingers their password, your plain-text logs have a copy

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 12:05 PM, Robert Moskowitz wrote: How do I undo the damage the last attempt caused? I'm not sure what damage you mean. If you installed a custom selinux module already and want to remove it, look at the files in /etc/selinux/targeted/modules/active/modules/. Those are the

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: Quick’n’(really) dirty SELinux howto: Alternate process: 1: setenforce permissive 2: tail -f /var/log/audit/audit.log | grep AVC 3: use the service, exercise each function that's constrained by the existing policy 4: copy and paste the

Re: [CentOS] How to PXE kickstart hosts with little memory (Error: "Warning: /dev/root does not exist")?

On 04/21/2017 12:49 PM, Frank Thommen wrote: It seems, that this is not related to local disk space - as I initally thought - but to too small memory. It only happens with VMs with little RAM (1024 MB). As soon as we raise the available memory to 2048 MB, kickstarting works fine. The RHEL

Re: [CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.

On 04/16/2017 03:53 AM, ken wrote: And, yes, the exploits also include more than a few against linux. Go to their site and look under vault7. Or search for "linux" or "redhat"... you'll get hundreds of hits. Here's just one:

Re: [CentOS] connection state tracking with DNS [was Primary DNS...]

On 04/11/2017 04:16 PM, Alice Wonder wrote: Hi, I would like to see this addressed. Is there a firewalld solution to this issue? Yes: # Disable connection tracking for UDP DNS traffic # https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html firewall-cmd --permanent

Re: [CentOS] Network Manager / CentOS 7 / local unbound

On Tue, Apr 11, 2017 at 1:40 AM, Alice Wonder wrote: > http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager > > That says it works for CentOS 5 and I *suspect* the methods there (3 listed) > would work Across comments, there

Re: [CentOS] OT: systemd Poll

On 04/11/2017 07:09 PM, Keith Keller wrote: On 2017-04-11, Gordon Messmer<gordon.mess...@gmail.com> wrote: You also don't have the flexibility to replace the kernel. Or glibc. But you do, don't you? It'll take you months to replace them, or years to rewrite, but you*can* do it. Th

Re: [CentOS] OT: systemd Poll

On 04/11/2017 10:16 AM, Nicolas Kovacs wrote: I just read through this thread, and I must say I'm a bit worried, to the point that I'm asking myself: is CentOS still as reliable as it was? Yes. I've been very happy with release 7 across hundreds of servers and dozens of configurations.

Re: [CentOS] Primary DNS server with BIND on a public machine running CentOS 7

On 04/11/2017 10:05 AM, Nicolas Kovacs wrote: Is there a*reliable* more or less quick & dirty tutorial on how to get BIND up and running as a primary public nameserver, with the default configuration as a starting point? 1: Change the "listen-on" settings to bind to network interfaces: -

Re: [CentOS] OT: systemd Poll

On 04/11/2017 09:48 AM, Leroy Tennison wrote: Interesting that you should cite Stallman because freedom is an issue here, we've been reduced to Microsoft when it comes to init. We've lost most of our flexibility with no option to choose piecemeal what we want and don't want. You also

Re: [CentOS] firewalld management on a headless server

On 03/27/2017 02:31 PM, m.r...@5-cent.us wrote: Has that changed? That answer is probably subjective. I'll probably never trust it, but the number of recent known critical exploits isn't as high as it used to be: https://www.cvedetails.com/vulnerability-list/vendor_id-358/Webmin.html

Re: [CentOS] Python 3.x on Centos 7

On 03/24/2017 06:52 AM, Matt wrote: I already have epel installed. If it breaks something is it as simple as yum erase python34 to restore everything back to normal? Consider using "yum history undo" or "yum history revert" to remove dependencies as well.

Re: [CentOS] Centos-6.8 fsck and lvms

On 03/18/2017 10:46 AM, James B. Byrne wrote: When I try to run fsck on any of them I see the following error: fsck from util-linux-ng.2.17.2 e2fsck 1.41.12.(17-May-2010) fsck.ext2: No such file or directory while trying to open /dev/vg. . . Once you've completed enabling the logical

Re: [CentOS] lock out account after 3 failures

On 03/17/2017 02:41 AM, Ian Diddams wrote: I’ve followed this https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls Can you send the

Re: [CentOS] qmail package for CentOS 7

On 03/14/2017 12:53 AM, Rajmohan Banavi wrote: Is there any package available for qmail? I am having hard time finding it. If you're interested in an qmail-style mail server that's actively maintained, take a few minutes to look at Courier MTA. It features POP and IMAP servers in addition

Re: [CentOS] kernel update/reboot best practice question

On 02/27/2017 08:21 AM, Valeri Galtsev wrote: Quite some time ago I have noticed that kernel updated quite often "come in pairs". Looking at the errata list for the kernel package on RHEL 6, I don't see any such pattern. It's certainly happened that kernel updates are released withing a

Re: [CentOS] RHEL 8 speculation ???

On 02/25/2017 12:20 AM, Alice Wonder wrote: I'm working on a major project bitcoin related and it would be frustrating to deploy a bunch of CentOS 7 virtual machines only to have 8 come out fairly soon afterwards. I'd expect the release of RHEL 8 no less than 6 months after a beta was

Re: [CentOS] question about directory size in linux..

On 02/22/2017 07:02 PM, John R Pierce wrote: Without knowing what the OP's file system but assuming he too is using EXT4, what would the directory be storing that's so different from mine? a bajillion small files vs a few large ones. Not to be pedantic, but the size of a directory has

Re: [CentOS] question about directory size in linux..

On 02/22/2017 12:27 PM, Anthony K wrote: On 23/02/17 06:04, John R Pierce wrote: on many modern file systems, larger directories are stored as some sort of B-Tree or hash tree, so there's quite a lot of indexing data in there along with the actual directory entries So I gather this depends

Re: [CentOS] question about directory size in linux..

On 02/22/2017 06:34 AM, Jason Welsh wrote: How does the directory *itself* have a size of 2.8 megs? If you write a large number of directory entries in a directory, the directory will grow in order to provide storage for those directory entries. You can imagine a directory as a text file

Re: [CentOS] RAID questions

On 02/16/2017 09:18 PM, Keith Keller wrote: Doesn't mdraid support changing RAID levels? It supports a small number of conversions. See the "GROW MODE" section of mdadm for details. ___ CentOS mailing list CentOS@centos.org

Re: [CentOS] GCC 4.9 in CentOS 7 ??

On 02/17/2017 04:25 AM, Johnny Hughes wrote: Here are where all the builds for EL6 devtoolset live: http://cbs.centos.org/koji/search?match=glob=tag=*devtoolset*el6* Thanks. Should we report the packages missing from "vault" somewhere? ___ CentOS

Re: [CentOS] USB 2.0 device on a USB 3.0 plug

On 02/16/2017 01:20 PM, John R Pierce wrote: look very closely at a USB 3.0 port, with the 'blue' tongued A connector, and you'll see 5 additional pins in there behind the standard USB1/2 4 pins. I will be a monkey's uncle. Thanks for the pointers.

Re: [CentOS] GCC 4.9 in CentOS 7 ??

On 02/16/2017 04:45 PM, Dave Johansen wrote: The source RPMs for devtoolset don't appear to be there, but I did find them here: http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHSCL/SRPMS/ Possibly a result of an unspecified "accident"

Re: [CentOS] USB 2.0 device on a USB 3.0 plug

On 02/16/2017 12:28 PM, John R Pierce wrote: USB 1 and 2 used 4 pins.USB 3 ports have an ADDITIONAL 5 pins, the original 4 are used for USB 1/2 operation, the new 5 only for USB 3 operation. they are effectively two completely independent controllers. Do you mean USB type C? USB 3 is

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

On 02/15/2017 12:08 PM, Valeri Galtsev wrote: /run/screen/S- - NOT on CentOS 5 /var/spool/samba - NOT on CentOS 5 that needs extra security - in our shop; To be pedantic: screen definitely creates a user-writable directory on CentOS 5, in a different location, and samba will include that

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

On 02/15/2017 08:47 AM, Valeri Galtsev wrote: And yes, ALL user writable places (including often overlooked /dev/shm) are mounted with nosuid, nosgid, nodev, noexec options on servers where users are allowed to have shell. How sure are you? On the system I'm looking at right now, any user

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

On 02/15/2017 08:22 AM, Chris Adams wrote: noexec is not that big of a protection. On a normal CentOS system, you almost certainly have python installed (as well as likely other scripting languages such as perl), and they can be used to do just about anything compiled code can do. Exactly.

Re: [CentOS] CentOS 7, systemd, NetworkMangler, oh, my

On 02/15/2017 12:23 AM, John R Pierce wrote: DHCPv6 is really unusual. IPv6 addressing and routing is set up almost entirely in the kernel, unless you're using static addresses. IPv6 is neither harder nor easier with NetworkManager, in my experience. It was my understanding that most ipv6

Re: [CentOS] CentOS 7, systemd, NetworkMangler, oh, my

On 02/14/2017 08:40 PM, Alice Wonder wrote: Well CentOS 7 doesn't use that, and trying to figure out where in the mess of /etc/sysconfig/network-scripts the problem is occurring has caused me much frustration. DHCPv6 is really unusual. IPv6 addressing and routing is set up almost entirely

Re: [CentOS] CentOS 7, systemd, NetworkMangler, oh, my

On 02/13/2017 10:35 AM, m.r...@5-cent.us wrote: What's in /etc/sysconfig/network-scripts/ifcfg-? Does it say NM_CONTROLLED=no? Good catch. No, it doesn't say no... because the line was commented out. I've just uncommented it, and set it to yes. Commented out should be the same as =yes.

Re: [CentOS] CentOS 7, systemd, NetworkMangler, oh, my

On 02/13/2017 07:35 AM, m.r...@5-cent.us wrote: Finally, I do an ifdown, followed by an ifup, and everything's wonderful. What's in /etc/sysconfig/network-scripts/ifcfg-? Does it say NM_CONTROLLED=no? My manager thinks that the NM daemon thinks everything's fine, and there've been no

Re: [CentOS] A question on networking (CentOS 6)

On 02/13/2017 06:55 AM, KM wrote: The NIC went bad and it has been replaced. I knew enough to update the HW address in the ifcfg-* files. The network service restarts successfully without errors. However I cannot connect via ping or ssh with the pt2pt network setup on 192.168.x.*. When I

Re: [CentOS] Centos7 and old Bind bug

On 02/12/2017 10:50 AM, Robert Moskowitz wrote: ? What do I install for this? You don't have to install anything. You'd just temporarily disable "dontaudit" rules by running "semodule -BD". Give named time to log additional "permission denied" errors, and then look for related AVC

Re: [CentOS] Centos7 and old Bind bug

On 02/12/2017 10:56 AM, Robert Moskowitz wrote: It's probably safe to specify some range of higher numbered ports: use-v4-udp-ports { range 10240 65535; }; use-v6-udp-ports { range 10240 65535; }; But that is not the ports that I am seeing in logwatch: Yes, I know. The work-around in

Re: [CentOS] Centos7 and old Bind bug

On 02/12/2017 10:40 AM, Gordon Messmer wrote: I'm not seeing those errors logged, either, so maybe your system differs from mine. If I'm misreading, hopefully someone will chime in to clarify. ... Also, it might be useful to get the AVCs on your system. The bug entry indicated that you'd

Re: [CentOS] Centos7 and old Bind bug

On 02/11/2017 08:56 PM, Robert Moskowitz wrote: This seems to be bug 1103439 which was 'fixed' for Centos6. What should I do about this? Is there a SELinux policy to apply or should I the avoid upd-ports option in Bind? It looks like that bug was assigned to the selinux-policy component,

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

On 02/09/2017 02:55 PM, John R Pierce wrote: you realize noone on this email list has anything to do with the source code for this pkcheck thing?CentOS uses the code exactly as is that Red Hat releases.You're tilting at windmills in the wrong country here. Yes, I do. And I tried

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

On 02/09/2017 02:27 PM, Warren Young wrote: I’m with Gordon: someone certainly should fix this problem for its own sake, but don’t try to strong-arm Red Hat into doing it for you because Security. Way too many bad things are done Because Security. My larger concern is that there *does* seem

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

On 02/09/2017 01:03 PM, Leonard den Ottolander wrote: Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. There is no such thing as a root exploit in a library. A "root exploit" is one that ends with the attacker executing code as

Re: [CentOS] Centos7 - SELinux messing with my named.conf

On 02/09/2017 01:36 PM, Robert Moskowitz wrote: So what SELinux magic do I need here restorecon /etc/named.conf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Checksums for git repo content?

On 02/09/2017 10:50 AM, Leonard den Ottolander wrote: SRPMS are signed which allows the integrity of the contents to be checked. Such an integrity check is missing from the git repo. Git already has the protection you're looking for. As part of its core design, git uses a hash chain to

Re: [CentOS] GCC 4.9 in CentOS 7 ??

On 02/07/2017 02:33 PM, Alice Wonder wrote: That's what I am trying to avoid, and that is easiest to avoid by just using /usr as the prefix so that devel files have their headers in /usr/include and devel files for different implementations of the same API can not be installed at the same

Re: [CentOS] Rebuild gstreamer

On 02/07/2017 08:05 AM, Jerry Geis wrote: I was expecting that command would build and install? If that is not the case what do you run to install the package for gstreamer and the plugins? When rpmbuild finishes, it will list the rpm packages that it generated. You can install those

Re: [CentOS] Rebuild gstreamer

On 02/07/2017 05:50 AM, Jerry Geis wrote: Did I miss something? Did you install the package that you built? "rpm -qf /usr/bin/gst-inspect" ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] GCC 4.9 in CentOS 7 ??

On 02/07/2017 01:42 AM, Alice Wonder wrote: The software collections looks like it might interfere with some of my own packaging (repos that build upon EPEL to provide modern server stack based on LibreSSL and a repo for modern multimedia) Where do you see a conflict? Those packages are

Re: [CentOS] GCC 4.9 in CentOS 7 ??

On 02/05/2017 06:37 PM, Alice Wonder wrote: Where are src.rpm's ? Same place as everything else: http://vault.centos.org/7.3.1611/sclo/Source/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] GCC 4.9 in CentOS 7 ??

On 02/05/2017 05:33 PM, Alice Wonder wrote: Is there by chance a compat package for gcc 4.9.x available? Yes. Use the software collections. https://www.softwarecollections.org/en/ https://www.softwarecollections.org/en/scls/rhscl/devtoolset-4/ yum install centos-release-scl && yum

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

On 02/02/2017 12:37 PM, Leonard den Ottolander wrote: So by continuing to have these memory leaks in the binary you are making it easier for a malevolent local user to mount an attack that might cause the "desired" privilege escalation. I'm really struggling to explain this more simply and

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

On 02/02/2017 11:46 AM, Leonard den Ottolander wrote: That memory leak can be used to cause the heap and the stack to run in to each other, and that flaw has previously been combined with bugs in glibc to produce an exploit. The glibc bug is now fixed, but there is still a risk that collision

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

On 02/02/2017 07:35 AM, Leonard den Ottolander wrote: If that's so, why are you supplying patches to pkcheck rather than fixing pkexec? The patch has a fix for three memory leaks. One memory leak that allows heap spraying in pkexec.c that according to the aforementioned article is*directly*

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

On 02/02/2017 06:51 AM, Leonard den Ottolander wrote: pkcheck might not be directly vulnerable. However, pkexec is. If that's so, why are you supplying patches to pkcheck rather than fixing pkexec? If your bug report, you said, "The author clearly states that in his example exploit he

Re: [CentOS] Script not running correctly as cronjob

On 02/01/2017 01:02 AM, Daniel Reich wrote: I have a script to resign all DNS zones every two weeks. I don't think I can answer the question about why your script is failing per se, but I can say that there are some flaws in the approach that your script is taking. Primarily, if you delete

Re: [CentOS] tor and selinux

On 01/29/2017 10:32 PM, Mark wrote: That's strange, because I started the tor process simply with sudo systemctl start tor Yes, it looks like that package runs the service as "root". That doesn't seem like a good default, and it could be a packaging bug. Try adding "User toranon" to the

Re: [CentOS] Notes on openssh configuration

On 01/29/2017 02:35 PM, Leon Fauster wrote: The next EL6 release (6.9) will have them marked as deprecated algorithms (disabled by default). The client will no longer attempt to use hmac-md5. The server will continue to accept them.

Re: [CentOS] firewalld

On 01/29/2017 01:54 PM, TE Dukes wrote: I telnet to localhost 143 or 993 and I can connect, telneting to 25 or 465, connection refused. As I mentioned before: firewalld allows all traffic to localhost. If you're getting connection refused, then those services aren't running. As for

Re: [CentOS] tor and selinux

On 01/29/2017 11:59 AM, Mark wrote: As I don't know what dac_override is I don't know if it's a good idea to give it to tor and the confidence seems quite low. dac_override indicates that you're running your process as root, and it's trying to do something on the filesystem which is not

Re: [CentOS] Preferred mail client

On 01/28/2017 04:03 PM, TE Dukes wrote: What is the preferred remote mail client for 7.3? I'm a fan of SOGo. https://sogo.nu/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewalld

On 01/27/2017 06:01 PM, TE Dukes wrote: I telnet localhost 143, I get connection refused. What zone is used for the local network and what zone is used for outside access? All traffic from localhost is allowed. No zone is involved. The zone for "outside" access depends on which interface

Re: [CentOS] Notes on openssh configuration

On 01/27/2017 10:59 AM, Leonard den Ottolander wrote: https://en.wikipedia.org/wiki/MD5 seems to disagree: No, it doesn't. That page links to RFC 6151, which notes: "It is not urgent to stop using MD5 in other ways, such as HMAC-MD5" There's nothing wrong with disabling hmac-md5 in your

Re: [CentOS] Notes on openssh configuration

On 01/27/2017 10:03 AM, Leonard den Ottolander wrote: To my astonishment the openssh versions on both C6 and C7 will by default negotiate an MD5 HMAC. Cryptographers still consider MD5 secure for HMAC use. Wikipedia's references (currently 6, 7, and 8) in this article are useful:

Re: [CentOS] software raid 1 failure

On 01/26/2017 05:27 PM, Jerry Geis wrote: I tried many things to mount it, to mdadm add it but could not get it to cooperate. You probably want to "mdadm --assemble --scan". If there were logical volumes on it, you'd also want to "lvchange -a y" afterward.

Re: [CentOS] CentOS 7 install on one RAID 1 [not-so-SOLVED]

On 01/26/2017 01:40 AM, Tony Mountifield wrote: Anaconda doesn't set up the boot sector on the second drive by default, so I put some grub commands in the post-install section of kickstart to do so. I can't attest that it *works* (mostly since I use UEFI everywhere possible) but anaconda

Re: [CentOS] CentOS 7 install on one RAID 1 [not-so-SOLVED]

You didn't answer all of the questions I asked, but I'll answer as best I can with the information you gave. On 01/25/2017 04:47 AM, mark wrote: Made an md RAID 0 on the raw disks - /dev/sda /dev/sdb. No partitions, nothing. OK, so right off the bat we have to note that this is not a

Re: [CentOS] CentOS 7 install on one RAID 1

On 01/24/2017 08:33 AM, m.r...@5-cent.us wrote: I'm building a new box, and I want three partitions - /boot, /, and swap, on*one* RAID 1, not three separate partitions. Other than mdadm...,*is* there any way in the graphical installer to do this? All I see is a way to make three separate

Re: [CentOS] CentOS 7 and Areca ARC-1883I SAS controller: JBOD or not to JBOD?

On 01/20/2017 09:31 AM, Peter Peltonen wrote: I am planning to have RAID1 setup and I am wondering if I should use the controller's RAID functionality which has 2GB cache or should I go with JBOD + Linux software RAID? I'd recommend testing the specific application that will run on this

Re: [CentOS] SSSD cache case-sensitivity

On 01/20/2017 04:13 AM, Robbert Eggermont wrote: Since this (opposite defaults) is broken by design, I hope the AD provider will be fixed so it follows the general default. I find filing bug reports generally more effective than hoping, and submitting patches more effective still.

Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)

On 01/19/2017 06:54 AM, Subscriber wrote: But I collect such statistics in Zabbix. And the numbers and graphs indicate an increase in the load on the CPU (ie System time). "load" has another meaning in the context of POSIX system performance counters. I'm pretty sure you're talking about

Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)

On 01/19/2017 06:29 AM, Subscriber wrote: and what kind of IO patterns do those VMs have? Do not quite understand. What do you mean? What at the VMs doing? Are they entirely idle? Are they doing light work, mostly reading from disks? If they're not generating disk IO, then that's not

Re: [CentOS] SELinux upgrade

On 01/19/2017 12:43 AM, Marcin Trendota wrote: After recent system upgrade (this night) i lost access to two servers through SSH, because of change in SELinux policy - i have ssh there on different port and now it's gone. Which release? I also run ssh on an alternate port on one host, and

Re: [CentOS] Avago (LSI) SAS-3 controller, poor performance on CentOS 7

For the archive's sake: https://plus.google.com/+GordonMessmer/posts/H5DuyP1LHPU?sfc=false https://plus.google.com/+GordonMessmer/posts/eSe6iNmk1Fs?sfc=false During testing, I found that under CentOS 7.2, the default storage layout for software RAID5 was the worst possible configuration. 512k

Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)

On 01/18/2017 05:34 AM, Subscriber wrote: Someone noticed something similar? How is your storage arranged, and what kind of IO patterns do those VMs have? During recent testing, I found that the read performance of software RAID volumes was worse under 7.3 than it was under 7.2. Most

Re: [CentOS] Centos 7 dhcpd failure to allow a 2nd network over same interal nic

On 01/15/2017 10:19 AM, Gregory P. Ennis wrote: It seems apparent to me that a better way to do what I wanted would be to have two wireless routers, one wifi being controlled by the dhcpd server that assigns ip addresses through it to known and trusted connections with one subnet, and the other

Re: [CentOS] Centos 7 dhcpd failure to allow a 2nd network over same interal nic

On 01/15/2017 09:11 AM, Gregory P. Ennis wrote: All I can say is that when I looked at the dhcpd.conf examples and read the man pages as well as the explanations of how dhcpd works, we should be able to use dhcpd for more than one subnet : You can, provided they're on different physical

Re: [CentOS] Unable to edit resolv.conf

On 01/13/2017 07:07 AM, TE Dukes wrote: I may have. If so, is there a way to undo it? You can determine whether you've set the file's immutable attribute using "lsattr". You can remove it using "chattr -i" ___ CentOS mailing list

Re: [CentOS] Unable to edit resolv.conf

On 01/13/2017 04:49 AM, TE Dukes wrote: I changed ISPs and need to update name servers in resolv.conf. ... I have Network Manager turned off and when I enable it , eth0 and eth1 have no entries. I enabled it, added the connections, but still no changes. If you want to use NetworkManager,

Re: [CentOS] How to avoid "firstboot" in CentOS 7 kickstart

On 01/11/2017 05:22 AM, Tru Huynh wrote: %post # workaround required but should be handled by anaconda. imho systemctl disable initial-setup-graphical.service Has this been tested? My understanding is that systemctl doesn't work in chroots, and can't be used in %post. Regardless of that,

Re: [CentOS] kickstart problems since 7.3

I tracked this down, eventually. Under RHEL/CentOS 7.2, the rootfs was limited to the size of available memory. Under 7.3, there's an artificial restriction of 50% of total system memory. The default size of a VM under "virt-manager" is 1G, which creates a ~500MB rootfs in the installer.

Re: [CentOS] Strange (?) device.map in CentOS 7 VM installations

On 01/06/2017 07:11 AM, Nikolaos Milas wrote: Any feedback regarding this "issue" and its possible repercussions will be appreciated! Probably none. That file indicates which Linux device file corresponds to the (hdX) references in grub.cfg. I'm not really sure it's even used under

<    1   2   3   4   5   6   7   8   9   10   >