Re: [CentOS] Off Topic bash question

2020-07-23 Thread Giles Coochey 



On 23/07/2020 15:37, Jerry Geis wrote:

Thanks, when I change it do the following I get a syntax error

#!/bin/bash
#
while read LINE
do
  echo $LINE
done < cat list.txt

done < list.txt


./test_bash.sh
./test_bash.sh: line 6: syntax error near unexpected token `list.txt'
./test_bash.sh: line 6: ` done < cat list.txt'
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


--
Giles Coochey

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Accounting package recommendations

2020-06-23 Thread Giles Coochey 



On 23/06/2020 17:37, Frank Cox wrote:

On Tue, 23 Jun 2020 14:31:10 +0200
Rudi Ahlers wrote:


I have an accountant, but still need todo my part from the business'
end. They don't invoice my clients. Quickbooks works very well, but
keeps me stuck in Windows land.

Depending on the complexity of your needs, you might not need dedicated 
accounting software.

I own and operate a small business (movie theatre).  I do all of my accounting 
on a spreadsheet.  Today I use Libreoffice, when I opened my theatre I used 
Microsoft Multiplan.

I print out my revenue and expenses pages for my accountant at the end of the 
year and he's happy with that.  When I need to generate an actual invoice 
(fairly rare as my theatre is almost entirely a cash business) I make it up 
with Libreoffice as well.  I have an invoice template saved that I use for that 
purpose.


+1 to the above, can only re-iterate, if you need your accounts to be 
auditable, and can't get your head round accountancy software, then 
provide the information in any readable form to your accountant and let 
them deal with it.


If you don't need them to be auditable, or you are an accountant, then 
just learn how to use whatever accountancy software do it, and don't let 
an emotional belief in to what operating system you use take control 
over what choices you have in this regard.


--
Giles Coochey

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Accounting package recommendations

2020-06-22 Thread Giles Coochey 



On 22/06/2020 13:57, Rudi Ahlers wrote:

I have to say, GnuCash simply doesn't do it for me. As a tech, I don't
have time to figure out accounting systems, and I really don't want to
have this info on the internet in 3rd party's control.



On Tue, Jun 9, 2020 at 7:22 PM Rudi Ahlers  wrote:


Hi,

I am looking for an offline accounting package recommendation, please.
I enjoyed using Xero accounting, but need something that's offline,
and where the data remains my property. Having used Quickbooks on
Windows in the past, I am looking for something similar.

Any recommendations?

--
Kind Regards
Rudi Ahlers
Website: http://www.rudiahlers.co.za


Don't take this the wrong way, but if you're looking for an accounting 
solution, but at the same time you don't want to learn how to use a 
perfectly adequate accounting solution, then perhaps all you need is an 
accountant, and not a piece of software.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Video projector vs. onboard video card

2019-09-23 Thread Giles Coochey 



On 23/09/2019 13:10, Nicolas Kovacs wrote:

Hi,

I have a CentOS 7 desktop client installed on an old Dell Optiplex
computer with an Intel video card integrated into the motherboard. The
card has a single VGA connector, and the 19" monitor is connected to it.

I wonder how I could connect a video projector to this computer while
keeping the monitor, in a mirroring configuration, e. g. output is the
same on the video projector and the monitor.

Do I have to replace my onboard video card by something like an NVidia
GT710 graphic card with two video connectors ? Or is there a different
solution for this?

If you are not concerned about not being able to dual-screen (i.e. have 
different things displaying on the monitor to what is on the projector, 
then the easiest way is to just get a VGA splitter.


https://www.amazon.co.uk/AmazonBasics-VGA-Monitor-Splitter-Black/dp/B06XJNMDBL/ref=asc_df_B06XJNMDBL 
<https://www.amazon.co.uk/AmazonBasics-VGA-Monitor-Splitter-Black/dp/B06XJNMDBL/ref=asc_df_B06XJNMDBL/?tag=googshopuk-21=df0=309981988222=1o2=g=8312392659667639436c===1006978=pla-366774003587=1=1=1>


If you do want to dual-screen, you should replace the embedded intel 
with a dual-screen compatible card with the appropriate output 
connectors. This is sometimes useful for presentations, as you can put 
the presentation on the projector and keep presentation notes on the screen.


I think most Optiplex systems support this, things to check:

* Look in the BIOS for the system, there should be a setting about which 
GPU to use, without an additional card inserted in the system the only 
working option here would be something like "Integrated Graphics", but 
when you fit a new GPU to a slot the new GPU will become an option or it 
may allow you to choose a PCIe (or AGP on older systems) - this could 
give you a clue about what type of GPU you need to get.


* Check the form factor (i.e. size of slot & space available) - some 
Optiplexes are small, so you might need a low form-factor card.


* Check slot type, most cards today are PCIe, older models might only 
have a AGP card - which will be harder to find new.


* Check bandwidth of PCIe slot - most whizzy cards need a x16, Optiplex 
might only have a x8 or x4.


--
Giles Coochey

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 7.7.1908, interface bonding, and default route

2019-09-20 Thread Giles Coochey 

On 20/09/2019 04:55, Carlos A. Carnero Delgado wrote:

Hi!

I just upgraded a machine to 7.7.1908 and the default route is not being
set on boot. This particular server has a bonded interface, and the
corresponding configuration for the master is (
/etc/sysconfig/network-scripts/ifcfg-bond0):

   TYPE=Bond
   BOOTPROTO=none
   DEFROUTE=yes
   IPV4_FAILURE_FATAL=yes
   NAME=bond0
   DEVICE=bond0
   ONBOOT=yes
   IPADDR=10.3.20.131
   PREFIX=24
   GATEWAY=10.3.20.1
   DNS1=10.3.2.8
   BONDING_MASTER=yes
   BONDING_OPTS="mode=802.3ad xmit_hash_policy=layer2 miimon=100"

The slaves (two of them) are configured like

   TYPE=Ethernet
   BOOTPROTO=none
   NAME=bond0-slave0
   DEVICE=em3
   ONBOOT=yes
   MASTER=bond0
   SLAVE=yes

After booting, the routing table is

   10.3.20.0/24 dev bond0 proto kernel scope link src 10.3.20.131 metric 300

with no default route configured (manually adding it will work, of course.)

This machine worked perfectly before, and it did during previous upgrades
and reboots. Has anyone ever had this problem before?

I have a similar set up to you, and just did the upgrade to 1908, I 
didn't experience the problem you had, I can't see anything out of the 
ordinary in your network files.


I originally set up my bond using nmtui

Here is my configuration:

#Bond:

BONDING_OPTS="ad_select=stable all_slaves_active=0 arp_all_targets=any 
downdelay=0 fail_over_mac=none lp_interval=1 miimon=100 min_links=0 
mode=802.3ad num_grat_arp=1 num_unsol_na=1 primary_reselect=always 
resend_igmp=1 updelay=0 use_carrier=1 xmit_hash_policy=layer2"

TYPE=Bond
BONDING_MASTER=yes
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=a.b.c.249
PREFIX=24
GATEWAY=a.b.c.1
DNS1=a.b.d.253
DNS2=a.b.d.4
DNS3=a.b.d.12
DOMAIN=redacted.net
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
NAME="Bond connection 1"
UUID=4ccacb42-dfad-484f-8168-b78c70a66c8d
DEVICE=nm-bond
ONBOOT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy

#Channel Interface example

TYPE=Ethernet
NAME="Ethernet connection 1"
UUID=5a961074-d502-49a3-ae3b-b6850a990e86
DEVICE=enp7s0f0
ONBOOT=yes
MASTER=nm-bond
SLAVE=yes
MASTER_UUID=4ccacb42-dfad-484f-8168-b78c70a66c8d


Thanks,
Carlos.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


--
Giles Coochey

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

2019-08-06 Thread Giles Coochey 



On 06/08/2019 00:12, Jon LaBadie wrote:

On Mon, Aug 05, 2019 at 09:31:56AM +0100, Giles Coochey wrote:

On 05/08/2019 09:18, Pete Biggs wrote:

I've found the default 10min bans hardly bother some attackers.
So I've added the "recidive" feature of fail2ban.  After the
second 10min ban, the attacker is blocked for 1 week.


Oh definitely. My systems are set to "3 bans and you're out" - a
recidive ban is permanent after three other bans.  I have large parts
of some subnets in my ban list as attackers just move from one host to
another as they get banned.

P.


I worked for a company some time back that had an association with a South
African company who wanted to host some infrastructure in our data centre,
the network admin there wanted a specific configuration for outbound source
NAT from a certain host that would scroll through a list of source NAT IP
addresses (think a whole /24) for every connection attempt, pretty sure it
was for sending unsolicited emails, in any case the association with that
company didn't last and I took redundancy after less than a year there.

Now that would be a single firewall rule and a kernel ipset.

Well, yes - I had a conversation with the guy, and he always had an 
answer, "oh if that happens I can do this", he said that with real pride 
- a real slippery lizard in my opinion and at the back of my head was, 
"maybe the people you're sending emails to just don't want to receive 
them! And that's why you're jumping through these countless hoops, if 
you actually had proper opt-in, with a working opt-out per default you 
might not need this awful hack", there are companies out there 
specifically selling IP addresses with good reputations to companies who 
ruin that IP range's reputation, once they reputation has been ruined I 
guess they get discarded, sold on to another company who only then finds 
out that they can't run a mail server on that range because its been 
added to every blocklist on the planet.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Peculiar process name in /proc

2019-08-05 Thread Giles Coochey 



On 05/08/2019 13:44, John Horne wrote:

On Mon, 2019-08-05 at 13:06 +0100, Giles Coochey wrote:

On 05/08/2019 12:56, John Horne wrote:


I was going to say no to both of these, however the RPM package ('xymon') was
itself updated at around the time mentioned on Aug 02.
The hex number is equivalent to 1564754190 in decimal which, as an epoch time,
is '2019-08-02 14:56:30'. So it might be possible that '/usr/sbin/xymond' was
replaced and the hex number just indicates the time that occurred.
It might be explained that the file doesn't get deleted until its file 
handles are released?


The downside is that the package update was a bit earlier than 14:56 though, so
the numbers don't seem to quite match up. Secondly, the whole xymon process was
restarted, but the server itself not rebooted, so I would expect all the
processes to be using the new executables rather than an older/deleted one. (I
am a little loath to restart the service at the moment as I may well lose the
info currently in '/proc/.../exe'.)

Did you upgrade xymon, or perhaps install it from a different 
maintainers RPM from the original one, or perhaps the original one 
wasn't an RPM install at all?


In these cases, the old running process in /proc/pid/exe is probably the 
original one, which the new install tried to restart / but because of a 
discrepancy in what is in /var/run it didn't quite work out as planned.


I think to truly understand this we might need more background 
information and a journal of what tasks were carried out.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Peculiar process name in /proc

2019-08-05 Thread Giles Coochey 



On 05/08/2019 12:56, John Horne wrote:

Hello,

I was looking at a process through the '/proc' file system, and came across a
process name which seemed to contain a hex value:

lrwxrwxrwx. 1 xymon xymon 0 Aug  2 14:07 /proc/58032/exe ->
/usr/sbin/xymond;5d44410e (deleted)

I am aware of what the 'deleted' part means, but have no idea what the
';5d44410e' part means. Is this some sort of thread reference?
The file '/usr/sbin/xymond' does exist and is running as a daemon.

Anyone know what the ';5d44410e' is referring to? I have tried Googling about
this, but found no mention of it.


I am not absolutely sure, but is it saying that /usr/sbin/xymond was 
deleted, but was located at that inode reference on the disk?


I know you say it exists, but perhaps it was deleted since running and 
then re-created? or perhaps it is an self-modifying executable?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

2019-08-05 Thread Giles Coochey 



On 05/08/2019 09:18, Pete Biggs wrote:

I've found the default 10min bans hardly bother some attackers.
So I've added the "recidive" feature of fail2ban.  After the
second 10min ban, the attacker is blocked for 1 week.


Oh definitely. My systems are set to "3 bans and you're out" - a
recidive ban is permanent after three other bans.  I have large parts
of some subnets in my ban list as attackers just move from one host to
another as they get banned.

P.

I worked for a company some time back that had an association with a 
South African company who wanted to host some infrastructure in our data 
centre, the network admin there wanted a specific configuration for 
outbound source NAT from a certain host that would scroll through a list 
of source NAT IP addresses (think a whole /24) for every connection 
attempt, pretty sure it was for sending unsolicited emails, in any case 
the association with that company didn't last and I took redundancy 
after less than a year there.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

2019-08-05 Thread Giles Coochey 


On 05/08/2019 08:50, Jon LaBadie wrote:


I've found the default 10min bans hardly bother some attackers.
So I've added the "recidive" feature of fail2ban.  After the
second 10min ban, the attacker is blocked for 1 week.

Interesting, didn't know about that feature, but, oh, I just generally 
ban for a whole week regardless, yes, I realise that a typo might  set 
it off for a actual user, but I have other methods of entry to unban if 
that happens, and we have a number of whitelisted IPs that cover most 
things like that for most use cases, and a VPN within the whitelist that 
can be used if the public services get locked out.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

2019-08-03 Thread Giles Coochey 



On 02/08/2019 19:38, Jon LaBadie wrote:

On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:

Fred Smith wrote:

On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:



One thing I don't understand is how/why the firewall is DROPping so
many attempts on port 25 when it in fact has a port forward rule sending
port 25 on to my mailserver. How does it know, or why does it think that
some of them can be dropped at the outer barrier?


you, but thank you for taking a hundred thousand or so for all of us.

Hey, its the least I can do for all the good guys out there! :)
But that doesn't mean the same dratsabs aren't hitting all the rest
of you too.


I'm sure they are. Are you running fail2ban?


Several years back I switched from sendmail to postfix.
Not knowing what I was doing, I think I have it set to
say it will forward email following SASL authentication.
But as I had no intention of forwarding anything, I did
not set up any authentication methods.  So anyone who
tries fails to authenticate.

With fail2ban in place I get 200-500 daily SASL "fail to
authenticate" instances.  In contrast, several months ago
fail2ban either died or did not restart correctly.  This
went unnoticed for about a week.  During that time I got
1-32000 daily "failed to authenticate".

Jon


I've been using fail2ban for some time, I have a number of ports open to 
the Internet - SSH, SMTP, IMAPS, HTTP and HTTPS on my external subnet.


This thread made me look at how fail2ban was doing, and I noticed that 
it wasn't particularly working too well for SSH, as I have turned off 
password authentication, so I edited the filters a little, and found it 
started filtering some more IPs. I found on my firewall that there were 
something like 500 active connection states to SSH - it looked like a 
scanning tool was just hanging and sending many connections, the same 
thing for about three remote IPs - I put a manual block on these at the 
firewall.


The firewall has a block feature, which allows me to enter URLs which 
point to lists of IPs (Blocklists) and block traffic from those IPs at 
the firewall.


It's designed to use these types of IP feeds: http://iplists.firehol.org/

Well, there's nothing stopping me running a cron-job on my Centos boxes 
to do the following:


iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0" {print $4}' > 
/tmp/banned


I can then transfer the banned file to a web-server and block the bad IP 
addresses completely from my network. I like this as if a system is 
brute-forcing my SSH server, I can now block it from all resources on 
the network, and stop the attempts even reaching the internal hosts.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

2019-08-02 Thread Giles Coochey 



On 02/08/2019 15:07, Fred Smith wrote:


and I didn't even mention the huge number of failed attempts on port
25. /var/log/maillog is full of systems trying to send spam, or trying
to DOS me with incompleted connection attempts, or just plain spamming
with mail for addresses not at this system. The little light on the
network switch serving this machine hardly ever stops blinking with all
the traffic hitting it.

One thing I don't understand is how/why the firewall is DROPping so
many attempts on port 25 when it in fact has a port forward rule
sending port 25 on to my mailserver. How does it know, or why does
it think that some of them can be dropped at the outer barrier?


Some spamming tools are just telnet with an expect script, lightweight 
and can be loaded onto embedded systems, e.g. other firewalls / modems 
etc...


A downside of using these tools is that telnet sets the PUSH TCP flag, 
so many firewalls (e.g. Cisco ASA) have protocol inspection for SMTP and 
signals the connection as invalid. if it uses the PUSH TCP flag, which a 
proper SMTP daemon wouldn't use for that protocol (PUSH flags ask the 
server to service the sent data, even if it hasn't finished with a CR/LF)


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

2019-08-02 Thread Giles Coochey 



On 02/08/2019 14:12, Fred Smith wrote:


but the amount of attempted traffic on that port certainly does seem
like it could be a botnet banging on me.


One thing that you could try is to port forward that port to an actual 
listening port (think like running nc/netcat in listening mode). That 
way it will complete the TCP handshake and you can see what commands (if 
any) it sends, might be useful to record it with tcpdump / wireshark.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

2019-08-02 Thread Giles Coochey 



On 02/08/2019 04:58, John Pierce wrote:

On Thu, Aug 1, 2019 at 8:53 PM Fred Smith 
wrote:




reveals that of all the source addresses trying to poke at 48825,

there are 193 unique addresses. Either this indicates a heck of a lot
of sites having at my firewall, or that some few sites are all spoofing
their addresses. I can sort of understand people whaling away at ports
that may conceal gold, from their warped point of view, but I haven't a
clue why so many people would be beating on some apparently unassigned
and unused port.



distributed botnets  its all noise.



One of the nice things about IPv6, is that the address space is so vast 
and sparse, that it isn't feasible to scan it in the way IPv4 gets 
scanned, so if we ever get round to moving to IPv6 this sort of stuff 
will go away.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to increase DNS reliability?

2019-07-28 Thread Giles Coochey 


On 26/07/2019 17:35, Nataraj wrote:


If you administer the secondary slave servers, there is no reason not to
use a very large number, 30 days or more for the SOA expiration.  Only
reason to use a lower number would be if you don't have control over the
slave servers and don't want to have old zone files that you can't update.

Another alternative, which many people did for years in the early days
when zone transfers were unreliable, is to use a script which replicates
the entire DNS configuration to the secondaries and then run all the
servers as primary masters.  If the script is written cleanly, you can
then edit the zone on any server and rsync it to the other servers.
Main thing is to prevent multiple people applying updates simultaneously.

Nataraj
PowerDNS supports MySQL backends for the zone files, so one way that 
they can work is in Native mode, as an alternative to Master / Slave, in 
which the replication and information resilience is handled by the 
backend (e.g. a MySQL cluster), and the servers just read the zone from 
the database, with no need to perform zone transfers at all. The expire 
timer in the SOA record then becomes pretty defunct, although if you 
export your zones to non-PowerDNS servers, e.g. bind, then they take effect.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to increase DNS reliability?

2019-07-26 Thread Giles Coochey 



On 26/07/2019 14:45, Leroy Tennison wrote:

This brings up one of the caveats for (at least ISC) DNS, if the master goes 
down the slaves will take over for a time but eventually will stop serving for 
the domains of the master if it remains down too long.  If my (sometimes 
faulty) memory serves me well it is in the three day range (but configurable) 
which is ample time unless the problem occurs early in a holiday weekend and 
and the notification/escalation process isn't what it should be (Murphey's 
Law)...


The value you refer to is the SOA record _expire_ value for a zone, I 
believe is should be set to between 14 and 28 days.


https://en.wikipedia.org/wiki/SOA_record


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to increase DNS reliability?

2019-07-25 Thread Giles Coochey 


On 25/07/2019 22:17, Giles Coochey wrote:


Separate DNS servers must be on a different subnet according to 
RFC2182 (https://tools.ietf.org/html/rfc2182):


Secondary servers must be placed at both topologically and
   geographically dispersed locations on the Internet, to minimise the
   likelihood of a single failure disabling all of them.

I know that UPSs are physical, and subnets are logical, but the 
reasoning behind the requirement is due to having to be on a different 
infrastructure.


__


Shock horror, replying to my own post, but in cloud cluster 
environments, you might consider anti-affinity rules to prevent multiple 
name servers going down at the same time due to a cluster node failure 
(i.e. rules to ensure that hypervisors keep different name servers on 
different hosts).


I know it doesn't help OP, who was looking for cluster based solutions, 
but the same applies if using load balancing virtual appliances, hosting 
IPs as name servers.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to increase DNS reliability?

2019-07-25 Thread Giles Coochey 



On 25/07/2019 20:39, John Pierce wrote:

On Thu, Jul 25, 2019 at 10:32 AM hw  wrote:


I can't help it when the primary name server goes down because the UPS
fails
the self test and tells the server it has 2 minutes or so left in wich case
the server figures it needs to shut down.  I wanted better UPSs ...


critical infrastructure servers should have redudant PSUs, on seperate UPSs.


Separate DNS servers must be on a different subnet according to RFC2182 
(https://tools.ietf.org/html/rfc2182):


Secondary servers must be placed at both topologically and
   geographically dispersed locations on the Internet, to minimise the
   likelihood of a single failure disabling all of them.

I know that UPSs are physical, and subnets are logical, but the 
reasoning behind the requirement is due to having to be on a different 
infrastructure.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to increase DNS reliability?

2019-07-25 Thread Giles Coochey 



On 25/07/2019 13:51, hw wrote:

Hi,

how can DNS reliability, as experienced by clients on the LAN who are
sending queries, be increased?

Would I have to set up some sort of cluster consisting of several
servers all providing DNS services which is reachable under a single
IP address known to the clients?

Just setting up several name servers and making them known to the clients
for the clients to automatically switch isn't a good solution because
the clients take their timeouts and users lacking even the most basic
knowledge inevitably panic when the first name server does not answer
queries.


Sounds like you're performing maintenance on your servers

(a) too often
(b) during office / peak hours

You could load balance multiple servers (using lots of available 
load-balancing technologies) to allow you to perform maintenance at 
certain times, but it has its own issues.


I've recently been looking at PowerDNS, which separates the recursor and 
the authoritative server into two distinct packages. I'm just running 
the authoritative server as a master, and keeping my old bind/named 
servers as recursors / slaves. It's a home office network, but I only 
have issues when I'm tinkering, and if I were to be doing this kind of 
work in a larger commercial environment, then I would not be doing DNS 
server maintenance while others were relying on them.


For much of the back end infrastructure I use IP addresses rather than 
DNS names in their configuration, just to take DNS issues out of the 
equation completely.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyone with RedHat Subscription?

2019-07-02 Thread Giles Coochey 

On 02/07/2019 14:28, Jason Pyeron wrote:

This is kinda of why it makes sense to purchase at least one license.

I would start with a loop back test on both ends. Dirty ports happen.

Did you grab the most recent version of ethtool and build it?


OK, so this is a third party product that is built on Centos/RHEL, the 
product provider does not allow us to install/modify stuff. So we're 
stuck with the tools on the system and cannot make/build modifications 
on it, so in fact we have no Centos nor RedHat in this environment, so I 
was just curious to hear upstream's view on what a possible solution 
might be.


We have a plan to do many things as part of the diagnosis, but I'm 
currently performing an information gathering exercise to discern the 
other of our future steps.


I have received an answer to my query that the optical RX/TX 
inforrmation is only available on RHEL 7 and not on RHEL 6. We will 
therefore look to boot this host into diagnostic mode for further 
troubleshooting.



-Original Message-
From: CentOS  On Behalf Of Giles Coochey
Sent: Tuesday, July 2, 2019 9:19 AM
To: CentOS mailing list 
Subject: [CentOS] Anyone with RedHat Subscription?

Does Anyone with a RedHat subscription able to give a hint as to what
the solution to the following knowledgebase article is:

https://access.redhat.com/solutions/2801051

I'm having a similar issue with an SFP on a Centos host, and am
searching for a way to view Optical RX/TX Power on the SFP.

  From the switch side, I'm not seeing any RX Power from the Centos host.

Thanks in advance

Giles


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyone with RedHat Subscription?

2019-07-02 Thread Giles Coochey 



On 02/07/2019 14:35, Scott Silverman wrote:

Their "resolution" is: Update to RHEL 7 to get the more recent ethtool
output format.

You should be able to build a newer ethtool from source (or depending on
your NIC manufacturer, they may supply a tool with more recent features.
Solarflare, for example, provides 'sfctool', basically new ethtool features
for old kernels).


I was a bit economical with the situation in full in my original post.

This system is using third-party repo's, i.e. neither Centos / RedHat, 
although it is clearly based on Centos. The repo's do not have any 
development tool-chains, so we would have to put together another 
system, build ethtool on that, create an rpm and then invalidate the 
third-parties warranty by installing it on the production system.


I think we'll just boot into diagnostic mode and see what we can discern 
from there.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Anyone with RedHat Subscription?

2019-07-02 Thread Giles Coochey 
Does Anyone with a RedHat subscription able to give a hint as to what 
the solution to the following knowledgebase article is:


https://access.redhat.com/solutions/2801051

I'm having a similar issue with an SFP on a Centos host, and am 
searching for a way to view Optical RX/TX Power on the SFP.


From the switch side, I'm not seeing any RX Power from the Centos host.

Thanks in advance

Giles


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to create centos bootable USB flash drive?

2019-05-14 Thread Giles Coochey 



On 14/05/2019 09:28, Gary Stainburn wrote:

On Tuesday 14 May 2019 08:36:26 qw wrote:

Hi,


I can create centos 7.4 DVD. But how to create centos bootable USB flash drive?

I've just done this with the latest DVD using

dd if=CentOS-7-x86_64-DVD-1810.iso of=/dev/sdb

where sdb was the USB drive as assigned by the kernel when I plugged it in. I 
got this by running

tail -f /var/log/messages

You can do that, but if you have a lot happening in /var/log/messages 
and it's pretty busy then running the "dmesg" command after inserting 
the USB drive, it displays the kernel message buffer, so would be 
limited to the loading of drivers etc... the end of the output should 
correspond to the device you just connected.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] polkit package issue?

2019-03-22 Thread Giles Coochey 

deltarpm=0 in yum.conf fixed it.

On 22/03/2019 10:09, Giles Coochey wrote:

I'm seeing the following on trying a yum update on Centos 7:


polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.mhd.uk.as44574.net/mirror.centos.org/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.vorboss.net/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable0 B 
--:--:-- ETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.sov.uk.goscomb.net/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable:--:-- ETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.ox.ac.uk/sites/mirror.centos.org/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not SatisfiableETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.econdc.com/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable 0 B 
--:--:-- ETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.cwcs.co.uk/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable 0 B 
--:--:-- ETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.clustered.net/mirror.centos.org/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable ETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://anorien.csc.warwick.ac.uk/mirrors/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not SatisfiableTA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.freethought-internet.co.uk/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not SatisfiableTA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirrors.coreix.net/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable0 B 
--:--:-- ETA

Trying other mirror.

On 09/03/2019 12:00, centos-announce-requ...@centos.org wrote:

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

    1. CESA-2019:0230 Important CentOS 7 polkit Security Update
   (Johnny Hughes)


--

Message: 1
Date: Fri, 8 Mar 2019 15:46:15 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2019:0230 Important CentOS 7 polkit
Security    Update
Message-ID: <20190308154615.ga29...@bstore1.rdu2.centos.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2019:0230 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2019:0230

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
0df2b8477aa99ea7221643459c947b956f387dc010c63b3f1c92ab01c01cab6a 
polkit-0.112-18.el7_6.1.i686.rpm
b7efc34c3dc4f8d6fb51b0695c4b7225a7767edf64902cacc541a65bcafb5053 
polkit-0.112-18.el7_6.1.x86_64.rpm
19d8382626658664654d7cfb84fad2020d67b1da7ed163126e53773e1cf0dd09 
polkit-devel-0.112-18.el7_6.1.i686.rpm
1c83b760d4639e6c68c8ac8ff564b83e8352967c8ca2db31694acd0f775e2299 
polkit-devel-0.112-18.el7_6.1.x86_64.rpm
4edbcd1d840915c92917faccaa72f9b6fca911abd73252b37ed8c160a86cfd1a 
polkit-docs-0.112-18.el7_6.1.noarch.rpm


Source:
72043fa864750f6491a5b9fff2bd25a13a4973a2623002caae262e3b2f3f1e45 
polkit-0.112-18.el7_6.1.src.rpm





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] polkit package issue?

2019-03-22 Thread Giles Coochey 

I'm seeing the following on trying a yum update on Centos 7:


polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.mhd.uk.as44574.net/mirror.centos.org/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.vorboss.net/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable0 B --:--:-- ETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.sov.uk.goscomb.net/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable:--:-- ETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.ox.ac.uk/sites/mirror.centos.org/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not SatisfiableETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.econdc.com/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable 0 B --:--:-- ETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.cwcs.co.uk/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable 0 B --:--:-- ETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.clustered.net/mirror.centos.org/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable ETA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://anorien.csc.warwick.ac.uk/mirrors/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not SatisfiableTA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirror.freethought-internet.co.uk/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not SatisfiableTA

Trying other mirror.
polkit-0.112-18.el7_6.1.x86_64 FAILED
http://mirrors.coreix.net/centos/7.6.1810/updates/x86_64/Packages/polkit-0.112-18.el7_6.1.x86_64.rpm: 
[Errno 14] HTTP Error 416 - Requested Range Not Satisfiable0 B --:--:-- ETA

Trying other mirror.

On 09/03/2019 12:00, centos-announce-requ...@centos.org wrote:

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

1. CESA-2019:0230 Important CentOS 7 polkit SecurityUpdate
   (Johnny Hughes)


--

Message: 1
Date: Fri, 8 Mar 2019 15:46:15 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2019:0230 Important CentOS 7 polkit
SecurityUpdate
Message-ID: <20190308154615.ga29...@bstore1.rdu2.centos.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2019:0230 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2019:0230

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
0df2b8477aa99ea7221643459c947b956f387dc010c63b3f1c92ab01c01cab6a  
polkit-0.112-18.el7_6.1.i686.rpm
b7efc34c3dc4f8d6fb51b0695c4b7225a7767edf64902cacc541a65bcafb5053  
polkit-0.112-18.el7_6.1.x86_64.rpm
19d8382626658664654d7cfb84fad2020d67b1da7ed163126e53773e1cf0dd09  
polkit-devel-0.112-18.el7_6.1.i686.rpm
1c83b760d4639e6c68c8ac8ff564b83e8352967c8ca2db31694acd0f775e2299  
polkit-devel-0.112-18.el7_6.1.x86_64.rpm
4edbcd1d840915c92917faccaa72f9b6fca911abd73252b37ed8c160a86cfd1a  
polkit-docs-0.112-18.el7_6.1.noarch.rpm

Source:
72043fa864750f6491a5b9fff2bd25a13a4973a2623002caae262e3b2f3f1e45  
polkit-0.112-18.el7_6.1.src.rpm




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrade CentOS 7.4 to 7.5 and don't want to upgrade it to 7.6

2019-01-07 Thread Giles Coochey 



On 07/01/2019 10:29, Kaushal Shriyan wrote:

On Mon, Jan 7, 2019 at 1:49 PM Fabian Arrotin  wrote:


On 07/01/2019 07:51, Kaushal Shriyan wrote:

Hi,

Is there a way to upgrade from Centos Linux release 7.4.1708 (Core) to
Centos Linux release 7.5.1804 (Core) and not up to CentOS Linux release
7.6.1810 (Core) as the product does not support the latest CentOS Linux
release 7.6.1810 (Core) version as of now. It is still a work in

progress.

Any help will be highly appreciable. I look forward to hearing from you.

Thanks in Advance.

Best Regards,

Kaushal

Well, there is no 7.6, nor 7.5, but only centos 7, with updates 
meaning that it just represent which updates were rolled-in at install
time, nothing else.
So if you don't want to apply updates, it's of course up to you, but
then you're on your own for all security issues ;-)

--
Fabian Arrotin


Thanks Fabian for the quick response. I understand it completely about the
security compliance requirements. I will use the below commands to keep all
the security patches up to date.

#yum list-security --security
#yum update --security

Is there a way to upgrade from Centos Linux release 7.4.1708 (Core)
to Centos Linux release 7.5.1804 (Core) as we will not avail support if we
upgrade it to CentOS Linux release 7.6.1810 (Core) as per the software
requirements of the product. I look forward to hearing from you.

Thanks in Advance.

Best Regards,

Kaushal
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


You should not do this, but set your repo to use vault.centos.org e.g. 
http://vault.centos.org/7.5.1804/updates/x86_64/


Then do yum updates, then set it back to what it was before.

The likelyhood is that your software supplier, and possibly yourself, do 
not actually understand the Centos Reaase Scheme.


https://wiki.centos.org/FAQ/General#head-3ac1bdb51f0fecde1f98142cef90e887b1b12a00


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum through a proxy

2018-11-09 Thread Giles Coochey 




On 09/11/2018 15:10, Vic Chester wrote:

Good to know I am not the only one. I imagine since many environments use
proxies these days, this is encountered more frequently.

Would be great to hear from the devs on this.

You should ask upstream, http://lists.baseurl.org/mailman/listinfo/yum-devel

Bit of a long shot to ask here.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Remote update OS from 6 to 7

2018-08-29 Thread Giles Coochey 

On 29/08/2018 13:24, Jerry Geis wrote:

Hello all...
I have a remote machine running C6. I desire to update it to C7. Not
possible to be on-site. Can I copy the Everything ISO for C7 to the
machine,
mount -o loop C7.Everything.iso  /media/cdrom

then do a "yum upgrade" ?

Will that work? The server is using software raid.

Thanks

Jerry

I've seen many comments discouraging trying to do this, let alone trying 
to do it remotely (and I assume you don't have IPMI, iLO or other 'bare 
metal' remote acess).


However, the process does not involve yum upgrade, you can check the 
following link which seems to go through the process in detail:


https://shaunfreeman.name/blog/upgrading-centos-6-5-to-centos-7-2

Be sure to complete the backup, and be ready to travel to site, or have 
remote-hands to restore the backup should the process go wrong.


Best Practice would be to configure a new Centos 7 system, and ship it 
pre-configured ready for a data transfer and migration of service to the 
new system, the decomission the old system and have it sent back to you.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] formating DVR-RW

2018-04-25 Thread Giles Coochey 

On 25/04/2018 16:07, Fred Smith wrote:

On Wed, Apr 25, 2018 at 09:30:46AM -0500, Bill Gee wrote:

On Wednesday, April 25, 2018 9:10:34 AM CDT Michael Hennebry wrote:

My Centos 6 wodim tell me that it can only format DVD+RW.
I have DVD-RWs.
Even when I format a DVD-RW on my standalone DVD recorder,
wodim still will not write to it.
Is there a centos-6-useable mechanism
for formatting and writing DVD-RWs?

According to the man page for wodim - formatting is not supported for DVD-RW.
You might take a look at growisofs and dvd+rw-format.  The latter command, in
spite of the name, can deal with DVD-RW media.

It is possible that the optical drive in your computer does not support DVD-RW
media.  The only way I know of to find what media are supported is to use K3B.
If you go to Settings - Devices, you should get a list of readable and
writable media for each device.

Bill Gee

potentially stupid question here: Why would one format a cd/dvd?
I've never had to do that, I just write to 'em.

for what purpose or need would one format one?


In order to delete something that you had previously written to it?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install CentOS 7 over serial port on router board ?

2018-03-16 Thread Giles Coochey 



On 16/03/18 12:57, Nicolas Kovacs wrote:

Hi,

I have to install CentOS 7 for a client, to act as cache & filtering
proxy using Squid.

I'd like to use this piece of specialized hardware :

http://store.calexium.com/fr/systeme-pre-assemble/869-systeme-pre-assemble-rackmatrix-apu-amd-gx-412tc-quatre-coeurs-1-ghz.html

There is no VGA or HDMI video output, just a serial port to connect to,
and then three NICs and two USB ports.

I've never installed CentOS over a serial console, so I don't even know
if it's possible in the first place. Has anyone ever done something like
that ?

Any suggestions ?
You should look up installing Centos over a serial console, I believe 
you should be able to change the install parameters for netinstall to 
provide a console on the serial port.


Failing that have you considered installing Centos to the mSATA disk on 
a different system and then just transplanting the built system into 
this appliance?




Niki


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 1600x900 not available

2018-01-10 Thread Giles Coochey 

On 10/01/2018 14:43, Sean Smith wrote:
My laptop is a Dell XPS-13 running CentOS 7.  It has a 13" 1920x1080 
screen and it's a bit difficult for my mid-40s eyesight.  Fedora and 
Debian, on this laptop, give me the option of choosing 1600x900 which 
is much easier for me to read but CentOS doesn't show this resolution 
as available.


I followed the steps I found in a post on stackexchange using xrandr, 
substituting 1600x900 where applicable and it worked but, once I 
rebooted, it went back to 1920x1080 with no 1600x900 option in 
settings-display.


Is there a way I can add 1600x900 resolution the list of available 
resolutions in settings-display? 
Bit of a generic answer, and not a solution, but the problem for you 
isn't the resolution, it is the DPI you have set, isn't there a way for 
you to change the DPI without losing out on the quality of the screen?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Flame war police

2017-10-10 Thread Giles Coochey 

On 10/10/2017 16:03, Andrew Holway wrote:

Hiya everyone,

Is there a way to disable a thread that has degenerated into flaming? The
recent "discussion" on /var/run descended into some quite nasty places and
perhaps a lid should have been put on it. This seems to happen every few
weeks and is somewhat embarrassing when I'm trying to persuade people of
the "active and friendly Centos community"
In Thunderbird, right click on a message in the thread, and click 
"Ignore Thread", for other mail user agents you can find a similar feature.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] New CentOS/RHEL group on Facebook

2017-10-09 Thread Giles Coochey 

On 09/10/2017 13:59, Nux! wrote:

So, there is no switch there to make the group public?
It requires login now, that's what I was moaning about basically.
I think the point of it is that it is a Facebook group, i.e. It is a 
group for Facebook users who have an interest in CentOS/RHEL.


If it were to be an open-source group, then it would be over an 
open-source medium.




--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -

From: "Nicolas Kovacs" 
To: "CentOS mailing list" 
Sent: Monday, 9 October, 2017 13:26:57
Subject: Re: [CentOS] New CentOS/RHEL group on Facebook
Le 09/10/2017 à 13:14, Nux! a écrit :

I personally dislike Facebook, but even so, I think a basic
requirement for any web site striving to share knowledge is to be
publicly accessible to all which at the moment it is not. Search
engines won't be able to crawl it, people without an account won't be
able to access it.

Can this be changed?

Facebook is what it is, and as far as I'm concerned, I use the good bits
while ignoring the bad bits. It's OK for sharing links to new blog posts
and tutorials in tech groups, but that's pretty much it. For technical
questions, the mailing list and the forums are much more suited, and
this is also stated in the Facebook group's welcome message.

Consider it as "Twitter with unlimited characters".

Cheers,

Niki

--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-09 Thread Giles Coochey 



On 09/03/17 09:28, John Hodrien wrote:


I'll obviously argue I wasn't scaremongering.  You can start with 
CentOS, and
do anything you like with it, and as I've said, you're absolutely free 
to do
that.  But at some point, you have to accept that what you've got left 
isn't
CentOS.  If you don't use what the distribution provides, what you're 
doing
isn't the distribution.  Given you're getting no formal support on 
this, that
possibly means little to you, but don't be surprised by the community 
backing
away from providing unofficial support to something that's no longer 
CentOS.


You see this sort of thing in a more extreme way with things like cPanel.
Well, let's put it this way, the more someone argues that I need to run 
some software that I clearly don't need, the more I become suspicious of 
what that software is doing. The network configuration of my servers is 
static, it doesn't need to be changed once the server has booted up. So 
it doesn't need some piece of software running away doing goodness knows 
what... I'm just going to be waiting for it to bug or error out and 
leave me high and dry without a network config.


I am not trying to suggest of encourage people to emulate what I have 
done, I have just been making a point that if you want to run something 
to manage your network configuration, and your network configuration is 
clearly not going to change, then it might be simpler to hardcode that 
configuration.


In any case, two alternatives have come out of this thread, the networkd 
alternative, and the configure-and-exit parameter to NetworkManager.


I think it best we leave this thread to die, and accept that others will 
not always do things your way and/or the Redhat/Centos way, but go on 
their own path, and they will probably be happy to accept that this is 
their own creation and the risks associated with that (no support / 
unknown behaviour in certain circumstances etc...). Their creation may 
address things that NetworkManager doesn't do in the future, and if 
adopted everyone will benefit.


Is this the Catherdral or the Bazaar?

--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 14:54, Jonathan Billings wrote:


If you'd like a really simple solution that avoids NetworkManager, I
suggest using systemd-networkd (both systemd-networkd and
systemd-resolved packages required).  I've used it to set up a bridge
on my workstattion for use with libvirtd/kvm, and it is just as simple
a text file but future compatible.  Heck, it probably even works on
other distros that use systemd.

Here's a super-simple static configuration:

# cat /etc/systemd/network/10-static-eno1.network
[Match]
name=eno1

[Network]
Address=192.168.1.2
Gateway=192.168.1.1
DNS=192.168.1.1

You need to make sure that /etc/resolv.conf is a symlink
/run/systemd/resolve/resolv.conf if you want the systemd-resolved
service to manage it.  Just disable NetworkManager and network
services and enable the systemd-networkd and systemd-resolved
services.

Honestly, I've found systemd-networkd very useful for the more complex
networking on my workstation (bridged VMs to external network) but its
also useful for my tiny VMs that don't need extra daemons running.

That's interesting, I'll snapshot and perhaps take that tangent on the 
next build and see how it goes.


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 13:16, Steve Clark wrote:


Let us have a vote - how many of us do teaming/bonding/vlans on our servers?
Our networking gear does that in our installation.

The majority of my servers are virtual, if I need multiple subnets 
(VLANs) then I have multiple cards.
Their throughput does not require bonding, resiliency is performed at a 
different level - by having multiple load balanced VMs.


I have to admit, on one hypervisor I use  VLANs, but actually use 
NetworkManager in that case - and it worked since installation, if I 
have a problem with it in the future though, I will resort to scripting 
it as well :-) - It would be the simplest way for me to resolve the 
issue - I can't afford to wait for patches to a monolithic, as you say, 
black-box system, which is in effect just trying to apply sanity 
checking a bunch of scripts in the first place.


I don't add VLANs and Bonds on my servers for _fun_, they are there to 
run the applications and infrastructure - faffing around with that once 
a server is in production is just asking for trouble.


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 11:10, James Hogarth wrote:

On 8 March 2017 at 10:58, Giles Coochey <gi...@coochey.net> wrote:


On 08/03/17 10:52, John Hodrien wrote:


It means you're stuck in your own hand crafted niche.  Which is fine, but
it's
up to you to maintain the niche, or you find yourself using obsolete tools
like ifconfig and route.

I'd argue there's a gulf between keeping things simple and doing things
your
own way.


I'm sure there are drop in replacements for ifconfig and route, but even if
deprecated I have not needed to revisit that script for many years, so I'm
not changing it.
When it does eventually break I have to look at four lines to discover where
the problem might be, I can troubleshoot it by trying to run each line
manually and see what is going on.

When qw hit a bug in NetworkManager that breaks something specific that
you're doing then you can try to raise a bug with upstream, or you could try
to review the thousands of lines of code that make it up and try to fix the
problem yourself.

Or perhaps you'll do what I did, remove it and put in a 4 line script.



That's nice ... but what you've provided is terrible advice that
doesn't handle a wide range of scenarios such as teaming, bonding,
vlans, bridging, network interface changes, race conditions of things
dependent on networking or acting as part of the network.target or
network-online.target systemd units which declare when network is
ready ...

If you want to do something unsupportable in any sane environment that
is on you ... but really please don't suggest to those who don't know
better to carry out such activities.

I didn't suggest you use anything, you asked me what script I used, I 
gave you that information YMMV.


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 10:52, John Hodrien wrote:


It means you're stuck in your own hand crafted niche.  Which is fine, 
but it's
up to you to maintain the niche, or you find yourself using obsolete 
tools

like ifconfig and route.

I'd argue there's a gulf between keeping things simple and doing 
things your

own way.

I'm sure there are drop in replacements for ifconfig and route, but even 
if deprecated I have not needed to revisit that script for many years, 
so I'm not changing it.
When it does eventually break I have to look at four lines to discover 
where the problem might be, I can troubleshoot it by trying to run each 
line manually and see what is going on.


When qw hit a bug in NetworkManager that breaks something specific that 
you're doing then you can try to raise a bug with upstream, or you could 
try to review the thousands of lines of code that make it up and try to 
fix the problem yourself.


Or perhaps you'll do what I did, remove it and put in a 4 line script.

--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 10:38, John Hodrien wrote:

On Wed, 8 Mar 2017, Giles Coochey wrote:


ifconfig enp0s25 192.168.0.1 netmask 255.255.255.0
route add default gw 192.168.0.254 enp0s25
echo nameserver 8.8.8.8 > /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf


Oh okay, you really do want to back away from Redhat entirely. That's
entirely your choice.

What you end up with if you take this approach widely is effectively
your own
linux distribution.

Not really, Redhat/Centos has a lot to offer, but for me, networking is 
a one-time configuration, and the best way to configure it is using 
something that falls within this principle:


https://en.wikipedia.org/wiki/KISS_principle

I'm not flaming NetworkManager, I'm just stating that for many (perhaps 
most), it is over-engineered for a server orientated distribution. I can 
run with the script above on 30 server instances, and it doesn't, as 
yet, break any of the other features of Centos that I enjoy.


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 10:15, John Hodrien wrote:

On Wed, 8 Mar 2017, Giles Coochey wrote:

The truth is a lot of us run servers that don't need to have their 
network

"managed" by Networkmanager.


You're opting to have your network managed by a bunch of unloved legacy
scripts that you're advised to avoid using unless necessary, or you've 
having
it managed by NetworkManager.  If you want to have it managing it this 
way,

you'll be writing your own scripts.

We just need to set an IP address, subnet mask, gateway, and DNS 
servers and we will never be changing that configuration ever again 
for the entire life of the server.
Any 3-4 line script that does the job is sufficient, servers don't 
need gimmicks, they're not going to be hotspotting on wireless 
networks, the cable goes in, the server enters production and that's it!


By 3-4 line script, I assume you mean the content of all the files in
/etc/sysconfig/network-scripts that aren't your ifcfg files?


ifconfig enp0s25 192.168.0.1 netmask 255.255.255.0
route add default gw 192.168.0.254 enp0s25
echo nameserver 8.8.8.8 > /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf

--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



The recommended configuration for EL7 is to use NetworkManager unless
you have a very specific edge case preventing you from doing so:

The truth is a lot of us run servers that don't need to have their 
network "managed" by Networkmanager.


We just need to set an IP address, subnet mask, gateway, and DNS servers 
and we will never be changing that configuration ever again for the 
entire life of the server.
Any 3-4 line script that does the job is sufficient, servers don't need 
gimmicks, they're not going to be hotspotting on wireless networks, the 
cable goes in, the server enters production and that's it!


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hardware raid LSI Megaraid not working since Centos 6.6

2015-01-06 Thread Giles Coochey 

On 06/01/2015 09:36, Philippe BOURDEU d'AGUERRE wrote:

Thank you for your help.

Le 05/01/2015 19:10, John R Pierce a écrit :

works here fine on the 9261, which is an OEM version of the same card
with the connectors in a different orientation...  you might check your
LSI firmware revision.


My firmware seems to be more up to date. Anyway, I will try to update 
firmware. I have to check how to do that.


# dmesg |grep LSI
scsi4 : LSI SAS based MegaRAID driver
scsi 4:2:0:0: Direct-Access LSI  MR9260-4i2.13 PQ: 0 
ANSI: 5

# /opt/MegaRAID/MegaCli/MegaCli64 -ShowSummary -aAll

System
Operating System:  Linux version 2.6.32-431.29.2.el6.x86_64
Driver Version: 06.700.06.00-rh1
CLI Version: 8.07.14

Hardware
Controller
 ProductName : LSI MegaRAID SAS 9260-4i(Bus 0, Dev 0)
 SAS Address   : 500605b008a30fc0
 FW Package Version: 12.14.0-0167
 Status: Optimal
BBU
 BBU Type  : iBBU
 Status: Healthy
Enclosure
 Product Id: SGPIO
 Type  : SGPIO
 Status: OK
.
.
.

For info:

# /opt/MegaRAID/MegaCli/MegaCli64 -ShowSummary -aAll

System
Operating System:  Linux version 2.6.32-504.3.3.el6.x86_64
Driver Version: 06.803.01.00-rh1
CLI Version: 8.04.07

Hardware
Controller
 ProductName   : LSI MegaRAID SAS 9260-4i(Bus 0, Dev 0)
 SAS Address   : 500605b0048274e0
 FW Package Version: 12.15.0-0189
 Status: Optimal
BBU
 BBU Type  : iBBU08
 Status: Healthy
Enclosure
 Product Id: SGPIO
 Type  : SGPIO
 Status: OK


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hardware raid LSI Megaraid not working since Centos 6.6

2015-01-05 Thread Giles Coochey 

On 05/01/2015 15:14, Philippe BOURDEU d'AGUERRE wrote:

Happy new year !

We have a SuperMicro server with a LSI MegaRAID 9260-4i controller.

Since Centos 6.6 update (kernel 2.6.32-504), the controller doesn't 
initialize at boot. Reverting to kernel 2.6.32-431 allows server to 
boot fine.



I have a similar system, and don't have your problem:

# uname -rv
2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17 01:55:02 UTC 2014
# dmesg | grep LSI
scsi4 : LSI SAS based MegaRAID driver
scsi 4:2:0:0: Direct-Access LSI  MR9260-4i2.13 PQ: 0 ANSI: 5
Copyright (c) 1999-2008 LSI Corporation
# dmesg | grep Supermicro
DMI: Supermicro X8DTU/X8DTU, BIOS 2.1b   12/30/2011



The server can't boot due to a bug in LSI megaraid module. Boot log 
ends by a lot of lines:


RESET_GEN2: retry=xxx, hostdiag=a4

I tried Centos 6.6 install disk and it also fails to find disks but 
Centos 7 install disk boot fine.


It's annoying to be stuck at 2.6.32-431 kernel and I have no idea how 
to solve this issue :-(


Thanks for any help.



--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware question

2014-09-17 Thread Giles Coochey 

On 16/09/2014 22:35, Valeri Galtsev wrote:
I would use riser 1. If you use riser 2, you will create more 
resistance to airflow in area where already is one big heater. I 
assume, there are no separators of airflow going from front to end (or 
from middle where the set of fans are usually situated). My guess 
would be chips facing down have much less effect on effectiveness of 
cooling unless your configuration is such that airflow path along 
chips (i.e. underneath that board in riser 1) is totally blocked.


I concur here, my guess is to use riser 1

If it were me, I would add the temperature sensors to my monitoring and 
change it if I thought it was too high.


If you have two servers have one in riser 1 and the other in riser 2 - 
Assuming the manufacturer hasn't got a recommendation or warning about 
using either.
I would then add both to monitoring, and if there was any massive 
difference in temperature or perhaps even performance (not all PCI-Es 
are the same) then I would schedule a maintenance window to swap one of 
the cards in one of the servers after deployment.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install php-imap using yum or any on CentOS 7

2014-07-30 Thread Giles Coochey 

On 30/07/2014 13:11, Vivek Patil wrote:

I tryied 7 also from the following link but no luck

http://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/

Please guide me if m going wrong



http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/php-imap-5.4.16-2.el7.x86_64.rpm

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install php-imap using yum or any on CentOS 7

2014-07-30 Thread Giles Coochey 

On 30/07/2014 13:34, Vivek Patil wrote:

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7arch=$basearch
failovermethod=priority
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7arch=$basearch
failovermethod=priority
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1


On 7/30/2014 5:46 PM, Reindl Harald wrote:

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
# baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7


Your links are wrong, change them to 
whateveryourmirroris/pub/epel/beta/7/$basearch


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] radius?

2014-03-11 Thread Giles Coochey 

On 11/03/2014 11:46, Hadi Motamedi wrote:

Dear All
Can you please let me know how can I check if a radius server
application is present on my centos server ?
Thank you

You can check if something called radius, or is listening on the radius 
port with:


netstat -tulp | grep radius

Typically, the radius package installed for linux systems is 
freeradius, you could check whether you have that installed?


rpm -qa | grep radius

Both these answers are easily found by a couple of free form google 
searches...


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Best way to virtualize Windows XP on Centos

2014-02-20 Thread Giles Coochey 

On 19/02/2014 23:09, Johnny Hughes wrote:

On 02/19/2014 05:05 PM, Les Mikesell wrote:

On Wed, Feb 19, 2014 at 4:31 PM, John R Pierce pie...@hogranch.com wrote:

On 2/19/2014 2:25 PM, Les Mikesell wrote:

When I got a server with too much RAM for the free version of ESXi

that limit was rescinded in August.ESXI 5.5 is now free for
unlimited memory.  about the only restriction is max 8 CPU cores per VM.


Figures... I think I built those in June or so.   Anyway, while the
VMware console client is somewhat slicker I don't see any functional
reason to change back - KVM runs them just the same.


I ran (in my previous job) four Windows 2008 server VMs, two Windows XP
VMs, and one Windows 7 VM on KVM with CentOS-5.x as the base OS.  I did
not have any major issues .. but I did not try to do things like USB
connections, etc.


I run, on Centos 6.5, a headless Virtualbox system with phpVirtualbox 
which runs:


17 Centos 6.5 Systems
1 Windows 7 System
1 FreeBSD System

Works a treat, the hardware is a dual Quad core Xeon system with 96GB of 
RAM. Not had any problems with CPU over-subscription.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can we trust RedHAt encryption tools?

2014-01-07 Thread Giles Coochey 

On 07/01/2014 15:52, Steve Clark wrote:

On 01/07/2014 09:04 AM, m.r...@5-cent.us wrote:

John Doe wrote:

After all the news about backdoors, planted bugs or weakened standards
in apps, in routers, hardware firmwares, etc... these days, can we trust
anything?
Can we trust the bios?

Can we trust the compiler not to stealthily inject a backdoor in the
compiled version of a clean code?Given that most entries from the The
International Obfuscated C Code Contest (http://www.ioccc.org/)

Yeah didn't Dennis Richie modify the C compiler to insert a backdoor for him 
when
ever the compiler saw login.c was being programmed?

I think that was ken...

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can we trust RedHAt encryption tools?

2014-01-07 Thread Giles Coochey 

On 07/01/2014 15:55, Giles Coochey wrote:

On 07/01/2014 15:52, Steve Clark wrote:

On 01/07/2014 09:04 AM, m.r...@5-cent.us wrote:

John Doe wrote:
After all the news about backdoors, planted bugs or weakened 
standards
in apps, in routers, hardware firmwares, etc... these days, can we 
trust

anything?
Can we trust the bios?

Can we trust the compiler not to stealthily inject a backdoor in the
compiled version of a clean code?Given that most entries from the The
International Obfuscated C Code Contest (http://www.ioccc.org/)
Yeah didn't Dennis Richie modify the C compiler to insert a backdoor 
for him when

ever the compiler saw login.c was being programmed?

I think that was ken...

http://cm.bell-labs.com/who/ken/trust.html

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.5 VirtualBox

2013-12-06 Thread Giles Coochey 

On 06/12/2013 08:18, Toralf Lund wrote:

On 06/12/13 04:15, Anthony K wrote:

On 06/12/13 01:08, Toralf Lund wrote:

OK. So it's my system.

- Toralf


Not necessarily!  I wouldn't worry too much about VirtualBox 4.3 - it is
terribly hosed; I suggest you downgrade back to 4.2.20 which,

Problem is, I also tried a couple of different releases of 4.2.20, with
the same result...


   like
Giles, I've been using without any adverse effects for a while.  I too
run a headless server but make use of VRDE where I need to access a
Windows host!

Maybe headless works, and the normal GUI startup doesn't? Actually, I
VBoxHeadless does seem to start, but I'm not quite sure how to verify
that it works the way it should.

(

 [toralf@osl-71465 ~]$ VirtualBox -startvm Win7partition
 Segmentation fault
 [toralf@osl-71465 ~]$  VirtualBox
 Segmentation fault
 [toralf@osl-71465 ~]$ VBoxHeadless -startvm Win7partition
 Oracle VM VirtualBox Headless Interface 4.3.4
 (C) 2008-2013 Oracle Corporation
 All rights reserved.

)


- Toralf


I usually exclusively use vboxmanage and the vbox web-service (through 
phpVirtualbox), but out of interest to your problem yesterday I ran a X 
server on my system and ran the Virtualbox GUI (v.4.2.20) on my server, 
it seemed to show all my servers running OK etc... I didn't try to 
interact with them, but it didn't seg-fault. I sometimes also use VRDE 
bound to localhost 127.0.0.1 as well...


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.5 VirtualBox

2013-12-05 Thread Giles Coochey 



Toralf Lund writes:

Hi

Is anyone here using VirtualBox? I've had it working rather well for
some time, but after some recent upgrade or the other it's started
exiting with a Segmentation fault just after startup, before
windows are
opened or anything. I've tried a few different versions, all with the
same result. I'm using binary packages
http://download.virtualbox.org/virtualbox/rpm/el.

So, have any of you lot seen this? Is there a way to make things work?

I'm using Virtualbox 4.2 from the repository at virtualbox.org,
currently on 4.2.20 I think.

Upgraded both Host and 15 or so guests to Centos 6.5 recently. No
obvious issues, all my guests are console only.

Forgot to mention my host is headless too...

OK.

32-bit or 64-bit?


All are 64-bit.

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.5 VirtualBox

2013-12-04 Thread Giles Coochey 

On 04/12/2013 12:39, Lars Hecking wrote:

Toralf Lund writes:

Hi

Is anyone here using VirtualBox? I've had it working rather well for
some time, but after some recent upgrade or the other it's started
exiting with a Segmentation fault just after startup, before windows are
opened or anything. I've tried a few different versions, all with the
same result. I'm using binary packages
http://download.virtualbox.org/virtualbox/rpm/el.

So, have any of you lot seen this? Is there a way to make things work?


I'm using Virtualbox 4.2 from the repository at virtualbox.org, 
currently on 4.2.20 I think.


Upgraded both Host and 15 or so guests to Centos 6.5 recently. No 
obvious issues, all my guests are console only.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.5 VirtualBox

2013-12-04 Thread Giles Coochey 

On 04/12/2013 13:16, Giles Coochey wrote:

On 04/12/2013 12:39, Lars Hecking wrote:

Toralf Lund writes:

Hi

Is anyone here using VirtualBox? I've had it working rather well for
some time, but after some recent upgrade or the other it's started
exiting with a Segmentation fault just after startup, before windows 
are

opened or anything. I've tried a few different versions, all with the
same result. I'm using binary packages
http://download.virtualbox.org/virtualbox/rpm/el.

So, have any of you lot seen this? Is there a way to make things work?


I'm using Virtualbox 4.2 from the repository at virtualbox.org, 
currently on 4.2.20 I think.


Upgraded both Host and 15 or so guests to Centos 6.5 recently. No 
obvious issues, all my guests are console only.

Forgot to mention my host is headless too...

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ultrabook for CentOS?

2013-11-27 Thread Giles Coochey 

On 27/11/2013 15:01, Johnny Hughes wrote:

On 11/27/2013 07:26 AM, Nux! wrote:

Hello,

I need to buy an ultrabook. Any recommendations for something that
would work out of the box more or less?
I do not want a Chromebook (or anything ARM) or one of these new
touch laptops, in fact I'm after a nice matte screen. Budget is
modest-ish (£500/$800) so dont go crazy. :)

Thanks!


The Lenovo ThinkPad X series all seem to work very well with CentOS/RHEL.


Yes - Although they are pricey - if money were no object I'd go for a 
nice X series.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] top command

2013-10-24 Thread Giles Coochey 

On 24/10/2013 12:20, Kaushal Shriyan wrote:

Hi,

I am running CentOS 6.4 on a remote server. when i run the below command,
it prints out the headers too. is there a way to remove headers using the
below command line

*top -b -p 22657  topcpu.txt*

Perhaps the 'ps' command in a sleep 3 loop is more suited for what 
you're looking for?


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] top command

2013-10-24 Thread Giles Coochey 

On 24/10/2013 13:29, Kaushal Shriyan wrote:

On Thu, Oct 24, 2013 at 4:53 PM, Giles Coochey gi...@coochey.net wrote:


On 24/10/2013 12:20, Kaushal Shriyan wrote:


Hi,

I am running CentOS 6.4 on a remote server. when i run the below command,
it prints out the headers too. is there a way to remove headers using the
below command line

*top -b -p 22657  topcpu.txt*

  Perhaps the 'ps' command in a sleep 3 loop is more suited for what

you're looking for?



Hi Giles,

Thanks for the quick reply. Any example for ps command as per your advice?

Regards,

Kaushal



If you're looking for CPU usage examine the output of:

 ps -p 22657 --no-headers -o %C

If that is what you're looking for then stick it in a bash script loop 
that repeats the command at your required frequency (hint: use sleep 
to pause a few seconds and check the ps manual page for other output 
(e.g. memory usage) that you might also want.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Enterprise Class Hard Drive - Scam Warning

2013-10-08 Thread Giles Coochey 

On 07/10/2013 19:28, John R Pierce wrote:

On 10/7/2013 5:59 AM, Eliezer Croitoru wrote:

I am still wating for WD or SEAGATE representetive of them to describe
for me the details of how a how a drive was made from 0 to 100.

I'm sure they both consider that information trade secret.

its my understanding that testing done on the factory floor leaves the
counters cleared when the final firmware is installed.  Ditto factory
'remanufactured' aka 'refurbished' drives that are tested, and
relabeled, they get cleared after test.  last one of these I got, sold
as such, had a different colored label (green instead of silver) and
clearly said remanufactured, I'm pretty sure its SMART data was also
reset. What the OP got appears to be a drive that was returned,
retested and resold somewhere in the distributor-retailer train, NOT by
the factory, hence what people refer to as 'grey market'.


I've replaced a number of Seagate 1TB SAS drives, constellations I 
think, and at least 2 of the 3 replacements I've done were with drives 
that were clearly marked as for RMA REPLACEMENT ONLY, which I assume are 
previously 'failed' drives that have gone back, been re-assessed / 
re-furbished and put back into the market.
I don't know much about SMART, but I get the impression that the drives 
decide to fail themselves when some metric goes anomalous, rather than 
continue running and potentially cause data corruption. Therefore 
there's likely to be a large number of drives that can be tweaked to go 
back into production after they have 'failed'
If I buy a drive from a retailer, then I expect a factory 'new' one 
though, hence my request for the manufacturer and retailer to be named 
by the OP.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Enterprise Class Hard Drive - Scam Warning

2013-10-03 Thread Giles Coochey 

On 02/10/2013 17:28, Stephen Harris wrote:
And name the retailer... 

+1000

Come on, this isn't the BBC, name the retailer and the manufacturer...

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Red Hat CEO: Go Ahead, Copy Our Software

2013-08-16 Thread Giles Coochey 

On 15/08/2013 23:58, Les Mikesell wrote:

On Thu, Aug 15, 2013 at 5:34 PM, Reindl Harald h.rei...@thelounge.net wrote:

So, what about redistribution of copies?

learn the difference between trademarks and software licences

So, if you have a license that says  the distribution of the whole
must be on the terms of this License, and  You may not impose any
further restrictions on the recipients' exercise of the rights granted
herein, it really means that you can add something that adds
restrictions.


I could use debian, but then I'd have to learn to type apt-get instead
of rpm. I'd prefer to continue using the commands that Red Hat
baited us with

so learn it or shut up with your Redhat hate for no reason

I have my reason.  You don't have to like it.


For me Redhat and CentOS have their place, together in the same environment:

RedHat -- Production Systems, with paid-for support, something goes 
wrong then I have some commercial comeback to get it fixed. High change 
control environment.


CentOS -- QA, Development and Test Systems, and sometimes, non-critical 
infrastructure, community support, more roll-your-own fixes and 
workarounds. Less change control.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Red Hat CEO: Go Ahead, Copy Our Software

2013-08-16 Thread Giles Coochey 

On 16/08/2013 12:34, Andrew Wyatt wrote:



RedHat -- Production Systems, with paid-for support, something goes wrong
then I have some commercial comeback to get it fixed. High change control
environment.

CentOS -- QA, Development and Test Systems, and sometimes, non-critical
infrastructure, community support, more roll-your-own fixes and
workarounds. Less change control.



You can also purchase production support for CentOS through OpenLogic.
  Roll your own bug fixes aren't necessarily bad, especially when you are
able to send them upstream so they benefit everyone.
___

While I agree that CentOS will always have support while it is community 
driven, and has an upstream - without RedHat, no Centos... the truth of 
the matter (when it comes to $$$):


CEO's and CTO's like to hear that their critical software is supported 
by a company with a $10bn market cap. That is their indicator that 
they're not relying on some fly by night, dead-end technology.
They also like to hear that our non-essential infrastructure is run on 
software that is 'free' and mirrors the company they run their critical 
software on.
I'm sure companies like OpenLogic do a good job, but it is difficult to 
convince upper management that these companies are still going to be 
around in 5-10 years time.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] convert webpage to image

2013-08-14 Thread Giles Coochey 

On 14/08/2013 13:47, Carl T. Miller wrote:

What is the easiest way to convert a webpage into a jpg
or png file?  I've seen several programs that can do
various conversions, but nothing open source that can
do it in a single conversion.

Just wondering if anyone on the list has suggestions
for something I can put into a script to convert a
webpage into a file I can use with my screensaver.

c


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Perhaps use one of the PDF printing tools (where you can print to a PDF 
file) and then use convert from ImageMagick to convert the PDF file to a 
graphics format.?


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] convert webpage to image

2013-08-14 Thread Giles Coochey 

On 14/08/2013 13:59, Leon Jacobs wrote:
I don't really think this is on topic, 


I'm assuming he's using Centos and wants a solution to a task he wants 
to do with it. So possibly tenuously on-topic...


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6.4, bnx2 in promiscuous mode does not see packets

2013-07-03 Thread Giles Coochey 

On 02/07/2013 08:39, Giles Coochey wrote:

Hi,

I hope someone can help me, I cannot seem to get a system's ethernet
interface to correctly work in promiscuous mode...

I have a Centos 6.4 system with 2 bnx2 interfaces on it.

I have set up eth1 in promiscuous mode and am sending traffic to it
using the port mirroring configuration on a Nortel 3510-24T switch.
The switch reports that it is sending a fair amount of traffic to the
mirror port.

However, within Centos 6.4, I only see broadcast traffic from the
switch:


This turned out, not to be a problem with Centos, but a limitation or 
the interpretation of the port mirror feature on the Nortel 3510-24T switch.


Setting up a mirror port to capture traffic to/from portx and to/from 
porty doesn't create a mirror port of traffic passing through either 
interface, but seems to mirror traffic that passes through both 
interfaces, which is no good in a VRRP situation!!


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 6.4, bnx2 in promiscuous mode does not see packets

2013-07-02 Thread Giles Coochey 
Hi,

I hope someone can help me, I cannot seem to get a system's ethernet 
interface to correctly work in promiscuous mode...

I have a Centos 6.4 system with 2 bnx2 interfaces on it.

I have set up eth1 in promiscuous mode and am sending traffic to it 
using the port mirroring configuration on a Nortel 3510-24T switch.
The switch reports that it is sending a fair amount of traffic to the 
mirror port.

However, within Centos 6.4, I only see broadcast traffic from the 
switch:

[root@host eth1]# ifconfig eth1
eth1  Link encap:Ethernet  HWaddr 00:19:B9:E2:30:AE
   UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
   RX packets:75 errors:0 dropped:0 overruns:0 frame:0
   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000
   RX bytes:4800 (4.6 KiB)  TX bytes:0 (0.0 b)

I have tried various options configuring eth1 via 
/etc/sysconfig/networking/devices/ifcfg-eth1

Currently it looks like this:

DEVICE=eth1
BOOTPROTO=static
HWADDR=00:19:B9:E2:30:AE
#NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
#UUID=e753ec9b-fc35-4460-bcd1-87f26f8d1553
IPV6INIT=no
USERCTL=no
PROMISC=yes

I have also tried to manually put the interface in promiscuous mode (as 
I think PROMISC=yes is deprecated):

ifconfig eth1 promisc

It shows as being in promiscuous mode via ifconfig...

The relevant parks of bootup / system messages:

bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.2.3 (June 
27, 2012)
bnx2 :05:00.0: PCI INT A - GSI 16 (level, low) - IRQ 16
bnx2 :05:00.0: firmware: requesting bnx2/bnx2-mips-06-6.2.3.fw
bnx2 :05:00.0: firmware: requesting bnx2/bnx2-rv2p-06-6.0.15.fw
bnx2 :05:00.0: eth0: Broadcom NetXtreme II BCM5708 1000Base-T (B2) 
PCI-X 64-bit 133MHz found at mem f800, IRQ 16, node addr 
00:19:b9:e2:30:ac
bnx2 :09:00.0: PCI INT A - GSI 16 (level, low) - IRQ 16
bnx2 :09:00.0: firmware: requesting bnx2/bnx2-mips-06-6.2.3.fw
bnx2 :09:00.0: firmware: requesting bnx2/bnx2-rv2p-06-6.0.15.fw
bnx2 :09:00.0: eth1: Broadcom NetXtreme II BCM5708 1000Base-T (B2) 
PCI-X 64-bit 133MHz found at mem f400, IRQ 16, node addr 
00:19:b9:e2:30:ae
bnx2 :05:00.0: irq 95 for MSI/MSI-X
bnx2 :05:00.0: eth0: using MSI
bnx2 :05:00.0: eth0: NIC Copper Link is Up, 1000 Mbps full duplex
bnx2 :09:00.0: irq 96 for MSI/MSI-X
bnx2 :09:00.0: eth1: using MSI
bnx2 :09:00.0: eth1: NIC Copper Link is Up, 1000 Mbps full duplex, 
receive  transmit flow control ON
bnx2 :05:00.0: irq 95 for MSI/MSI-X
bnx2 :05:00.0: eth0: using MSI
bnx2 :05:00.0: eth0: NIC Copper Link is Up, 1000 Mbps full duplex
bnx2 :09:00.0: irq 96 for MSI/MSI-X
bnx2 :09:00.0: eth1: using MSI
bnx2 :09:00.0: eth1: NIC Copper Link is Up, 1000 Mbps full duplex, 
receive  transmit flow control ON

Does anyone have any ideas?

Thanks

Giles
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] xhost + via Desktop centos 6.3 not working

2013-06-05 Thread Giles Coochey 

On 05/06/2013 14:15, Edsall, William (WJ) wrote:

Hello list,
  In the past we have instructed users to perform 'xhost +' from their centos 
desktop,

http://www.phy.bnl.gov/cybersecurity/old/xhost_plus.html

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Getting confirmation for power button

2013-04-25 Thread Giles Coochey 

On 25/04/2013 14:43, Vanhorn, Mike wrote:

Using CentOS 5.8:

Currently on my workstations, when I press the power button the computer
immediately does a 'shutdown -h now' (per /etc/acpid/events/power.conf).
Is there a way to change it so that a confirmation dialog comes up, rather
than an immediate shutdown?

I assume that I am going to need to change that power.conf file to tell
some program that the power button's been pressed, rather than making a
call to shutdown, but I haven't been able to figure out what program to
which I need to make a call.



You are talking about something that acpid is doing for you:

http://linux.die.net/man/8/acpid


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Getting confirmation for power button

2013-04-25 Thread Giles Coochey 

On 25/04/2013 15:00, Vanhorn, Mike wrote:

On 4/25/13 9:46 AM, Giles Coochey gi...@coochey.net wrote:


You are talking about something that acpid is doing for you:

http://linux.die.net/man/8/acpid



Yes, I know this is handled by acpid; that's where the
/etc/acpid/events/power.sh file comes in. I'm asking if anyone knows what
changes to make to that file so that it gives a prompt first.

I'm guessing that there is a program out there already that will prompt
for a shutdown, I just don't know what that program is.


It kind of depends what environment you are using and how you can hook 
into the standard power-off program that runs when you shutdown in the 
GUI. You would edit the actions to run that program.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6.4 - yum update gives: Error: kernel conflicts with bfa-firmware

2013-03-12 Thread Giles Coochey 

On 11/03/2013 16:55, Johnny Hughes wrote:

On 03/11/2013 08:30 AM, Tru Huynh wrote:

On Mon, Mar 11, 2013 at 01:24:17PM +, Giles Coochey wrote:

Yes - I use my own local repo and don't sync the 'os' part - I
assumed that was going to be static and only updated with 'updates'

you can't update to 6.4 from 6.3 with only updates, you MUST have 6.4/os and 
6.4/update

The os ([base]) part is unchanged during the 6.n lifetime, not during the 6.n 
- 6.n+1.


In other words ... we just updated from CentOS-6.3 to CentOS-6.4 ... so
the OS directory and the UPDATES directories both changed ... so your
assumption is incorrect.

This is because, 6.4/os is not the same as 6.3/os.  Remember that the OS
directory is what is on the ISOs ... that obviously updates if we move
to a newer point release and release new ISOs.

You know what they say about assume :D

So I rsync'd with 6 os on the mirrors and everything works now. Thanks 
for clarifying.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 6.4 - yum update gives: Error: kernel conflicts with bfa-firmware

2013-03-11 Thread Giles Coochey 

On trying a yum update I get the following error:

Error: kernel conflicts with bfa-firmware

yum suggests I work around the problem with --skip-broken or try running 
'rpm -Va --nofiles --nodigest'


Is there an accepted process for resolving this?

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6.4 - yum update gives: Error: kernel conflicts with bfa-firmware

2013-03-11 Thread Giles Coochey 

On 11/03/2013 12:50, Johnny Hughes wrote:

On 03/11/2013 05:21 AM, Giles Coochey wrote:

On trying a yum update I get the following error:

Error: kernel conflicts with bfa-firmware

yum suggests I work around the problem with --skip-broken or try
running 'rpm -Va --nofiles --nodigest'

Is there an accepted process for resolving this?

Can you post the kernel versions and bfa-firmware versions that are
trying to up upgraded ... and whether you have the i386 or x86_64
version installed?

Also, what are you upgrading from?

We have not seen this specific issue in our QA testing.


I am on Centos 6.3, but I'm assuming that 'yum update' is trying to get 
me to Centos 6.4


This is x86_64, current kernel is 2.6.32-279.22.1.el6.x86_64

[root@repo ~]# yum info bfa-firmware
Loaded plugins: fastestmirror, presto, security
Loading mirror speeds from cached hostfile
Installed Packages
Name: bfa-firmware
Arch: noarch
Version : 3.0.0.0
Release : 1.el6
Size: 1.3 M
Repo: installed
From repo   : anaconda-CentOS-201112091719.x86_64
Summary : Brocade Fibre Channel HBA Firmware
URL : 
http://www.brocade.com/sites/dotcom/services-support/drivers-downloads/CNA/Linux.page

License : Redistributable, no modification permitted
Description : Brocade Fibre Channel HBA Firmware.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6.4 - yum update gives: Error: kernel conflicts with bfa-firmware

2013-03-11 Thread Giles Coochey 

On 11/03/2013 13:13, Peter Eckel wrote:

Hi Johnny,


Can you post the kernel versions and bfa-firmware versions that are
trying to up upgraded ... and whether you have the i386 or x86_64
version installed?

I'm getting exactly the same error when I try to update using the 'updates' 
repo only:


Yes - I use my own local repo and don't sync the 'os' part - I assumed 
that was going to be static and only updated with 'updates'



--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Did anybody do a dovecot update on centos 5.x?

2013-02-26 Thread Giles Coochey 

On 26/02/2013 13:31, Götz Reinicke - IT Koordinator wrote:

Hi,

dose anybody did a dovecot update from the original 1.0.7 to e.g. 1.1 or
1.2 from atrpms repository?

We dont have any special settings; Each user one mbox mailbox. About 500
imap/pop3 accounts, 400GB data.

Any suggestions and comments are welcome.

Regards . G. Reinicke



I use the city-fan repo. I think I'm running dovecot 2.1.15 or so...

--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Did anybody do a dovecot update on centos 5.x?

2013-02-26 Thread Giles Coochey 

On 26/02/2013 13:47, Götz Reinicke - IT Koordinator wrote:

Hi,
Am 26.02.13 14:40, schrieb Giles Coochey:

On 26/02/2013 13:31, Götz Reinicke - IT Koordinator wrote:

Hi,

dose anybody did a dovecot update from the original 1.0.7 to e.g. 1.1 or
1.2 from atrpms repository?

We dont have any special settings; Each user one mbox mailbox. About 500
imap/pop3 accounts, 400GB data.

Any suggestions and comments are welcome.

 Regards . G. Reinicke



I use the city-fan repo. I think I'm running dovecot 2.1.15 or so...

And did you do an upgrade from a running, working 1.0 installation?

regards . Götz


No, I installed via city-fan right from the start, and I've since 
upgraded the system to centos 6.x as well.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] I want an advice

2013-02-14 Thread Giles Coochey 

On 14/02/2013 16:00, m.r...@5-cent.us wrote:

Les Mikesell wrote:

On Thu, Feb 14, 2013 at 9:07 AM,  m.r...@5-cent.us wrote:

I keep hearing this arcane - even the author of xkcd commented about
not remembering tar flags... and yet, 80%-90% of them are trivially

obvious

to me - -r (or -R) for recursion, -f for file. For configuration, such as
firewalls, there's always copy an existing line and edit, then do a
syntax check.

The 'arcane' issue isn't so much per-process as it is knowing which
program does what and how or if they interact in a way that affects
your upper-level task.  For example, I don't think it is very obvious
what you have to do for common things like giving a dhcp address with
an associated dns name to a specific device.  Or maybe setting up a
group of users with some special file system access, samba shares, web
logins with group access for several different web apps, and an email

True - but that's getting into nontrivial tasks, if you're doing it for
more than your own machine at home. There are security issues, and
organization policies, etc.



Windows lures us into a false sense of security anyway:

Under Windows you just run the security  policy program, click next, 
next, finish and 'hey' you're done, all secure


At least when you have to think about something you can get more real 
confidence that you've done it right!!


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT - odd behavior of Cisco switch

2013-02-07 Thread Giles Coochey 

On 06/02/2013 18:34, m.r...@5-cent.us wrote:

Les Mikesell wrote:

On Wed, Feb 6, 2013 at 11:19 AM, SilverTip257 silvertip...@gmail.com
wrote:

If one of your hosts intermittently loses connectivity, the switch will
broadcast that traffic to all ports because it can't find the host's MAC
address.

(And what Les said about the switch broadcasting traffic until it learns
MAC addresses.)

Some spanning tree events will force the switch to re-learn MACs too.

I should have mentioned this switch is *only* in use on our subnet, though
of course we go through it to go Out There, there are gov't firewalls
outside of it. All the traffic is only on our subnet, in this case, and
the weirdness was intermittent.

At the time, there were two heavy users (me, doing an offline backup, from
one room to another, the latter with the server being hit by me in it, and
at that switch, and another user doing heave scientific computing). That
is, of course, in addition to all the other normal traffic from dozens of
other servers.

Btw, he's not seeing it today, but I'm not running any more backups just
now


You may have some trunking issues if you use VLANs, inter-operate these 
switches with non-Cisco equipment and have left every port on the switch 
in the default VLAN1.


Have you actually configured the switch, or did you just plug it in and 
get running?


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mail notification in panel/system tray on CentOS 6

2013-01-25 Thread Giles Coochey 

On 25/01/2013 15:00, Toralf Lund wrote:

Hi.

Does anyone know of a way to add a new mail notification icon to the
panel/system tray under CentOS 6?
On CentOS 5, I used the mail-notification software package provided by
the Fedora EPEL distribution, but this is gone from the version 6
repository, and the one from version 5 won't install just like that due
to dependency issues. Maybe it's possible to resolve those, but I'm
wondering if that's the way to go, or if there is a better alternative
these days.




In the old days we used biff... then xbiff came along... new fangled things!

Something like: http://homepages.shu.ac.uk/~cmsps/freeScripts/xbiff.py

Don't some MUAs come with small panel applets for this?

It isn't so common to receive email locally anymore, most people are 
using remote mail servers.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Off-Topic: Low Power Hardware

2013-01-16 Thread Giles Coochey 

On 14/01/2013 15:03, Arun Khan wrote:

On Mon, Jan 14, 2013 at 9:14 AM, SilverTip257 silvertip...@gmail.com wrote:

On Sun, Jan 13, 2013 at 8:12 PM, Gordon Messmer yiny...@eburg.com wrote:


On 01/13/2013 10:15 AM, SilverTip257 wrote:

And it looks like their Atom E6xx CPU [0] supports Intel VT-x.
[0]

http://www.intel.com/p/en_US/embedded/hwsw/hardware/atom-e6xx/overview

Before you get too excited, the board's firmware is comBIOS, which is a
Soekris-specific firmware that is designed to work well with a serial
console.  I didn't spend a lot of time on it, but I did give KVM virt a
quick pass and did not get it working.  They do run a 64-bit Linux, with
good support for serial console and gigabit Ethernet.



Any ideas why KVM didn't work?


Unless, the comBIOS cripples the VT-x feature, CLI qemu-kvm  with
-vga none is worth a try.


I re-call such a discussion on the Soekris mailing list, can't locate 
the thread, but there were issues with virtualisation even though the 
atom chip supported it.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.3 as Firewall/Router

2013-01-08 Thread Giles Coochey 

On 05/01/2013 15:25, Ryan Wagoner wrote:


Or don't use CentOS at all and try OpenBSD  PF.  The syntax is much
cleaner and easier to maintain than Netfilter/IPTables and it works pretty
darn well.  ;)

If you want to stick with linux look at Vyatta. I have 5 production
installs (3 physical and 3 VMs) and upgrades have been flawless. The config
resides in one file and the console has a Juniper style syntax.



On a similar vein, I use pfsense as a Firewall (FreeBSD derivative)

Has many features and Web GUI configuration. Seems to really do the 
trick for me.


I tend to only use the iptables firewall in Centos for host based 
firewalling (basically I only edit the INPUT table), for multi-homed 
dedicated firewalls (i.e. using the FORWARD'ing table) something like 
pfsense really does it nicely.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] courier mail for Centos

2012-12-07 Thread Giles Coochey 

On 06/12/2012 16:24, Les Mikesell wrote:

On Thu, Dec 6, 2012 at 10:13 AM, Robert Moskowitz r...@htt-consult.com wrote:

Filtering Inbound Firewalls are generally useless if the user of the
system doesn't know what they're doing. A lot of intrusions these days
are the result of inbound policy permitted traffic in causing someone to
initiate an outbound connection that gets them hacked.

And you expect someone to be better at stopping this with iptables and
a 'howto' than dedicated hardware and vendor training/support?


And outbound rule writing is very hard, as you have to sniff out traffic
many times to figure out why an app is failing and then write a rule to
allow that app out.

More like impossible in the general case, although you can always get
any specific case to work if you spend enough time at it.   But to
catch some of the most likely known problems you need packet
inspection to at least the level of URL filtering.

It's very difficult to build a technical firewall policy without a 
corporate Internet usage policy that backs it up. (Use of proxy for 
outbound traffic etc...), but with the right corporate policy in place 
it is possible to accomplish.
There will always be some hosts that will have to be given full outbound 
access, not necessarily due to technical constraints, but due to 
procedural ones (devs won't or can't give the information on how the 
device needs to communicate).
Full Outbound Access should be the exception rather than the rule - just 
think how clean the Internet would be if that was followed across the globe.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] courier mail for Centos

2012-12-06 Thread Giles Coochey 
On 06-12-2012 15:41, Les Mikesell wrote:
 On Thu, Dec 6, 2012 at 9:13 AM,  m.r...@5-cent.us wrote:

 Disabling selinux, or at least setting it to permissive, I agree 
 with.
 Turning down your firewall?! Anyone suggesting that is, IMO, either 
 a)
 clueless, or b) a malware user/vendor trying to make life easier. 
 Can
 anyone think of any other possibilities?

 Someone with good site and subnet-level hardware firewalling.  And a
 good feeling that all the bad guys are on the other side of the
 firewalls.

Filtering Inbound Firewalls are generally useless if the user of the 
system doesn't know what they're doing. A lot of intrusions these days 
are the result of inbound policy permitted traffic in causing someone to 
initiate an outbound connection that gets them hacked.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] network and stability issues

2012-11-01 Thread Giles Coochey 
On 2012-10-31 23:10, Karanbir Singh wrote:
 On 10/31/2012 11:07 PM, Karanbir Singh wrote:
 hi Guys,

 Over the last 24 hours we have had a series of stability issues.

 if it wasent clear : isues on mail.centos.org and lists.centos.org

Thanks for the information - it's perfectly clear and understandable 
that you'll have issues in NY for a week or so.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 8139 dropping packets

2012-10-29 Thread Giles Coochey 

On 29/10/2012 13:26, Jerry Geis wrote:

ck your duplex.  I have had two recent problems with duplex:

One, with a Cisco router - it auto-negotiated every time to half duplex, even
though it really -was- full.  Use mii-tool to find out.

Just a note, auto-negotiation of 10/100 links will not work reliably 
unless both sides of the link are set to auto-negotiate.


If one side is set to 100/full, and the other side is set to auto 
negotiate, then it will try to negotiate, the side that is hard coded 
100/full will _NOT_ negotiate and negotiation will fail, the side that 
was set to auto negotiate will fail back to a 'fail-safe' 10/half duplex 
link.


My rule of thumb, static link (e.g. those to servers, inter switch 
links, switch to router links etc...) should just be hard coded. Links 
that might have a variety of devices connected to them, e.g. the access 
layer ports - set them to auto-negotiate.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completely automatic yum updating on Centos 6

2012-10-26 Thread Giles Coochey 
On 2012-10-26 08:27, Sorin Srbu wrote:
 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On 
 Behalf
 Of Frank Cox
 Sent: den 26 oktober 2012 00:19
 To: centos@centos.org
 Subject: Re: [CentOS] Completely automatic yum updating on Centos 6

So if I plan to log into it remotely, I'll have to have it report its 
 current
address to me on occasion.

Which probably wouldn't be a bad thing, anyway.

 How would one do that?


Dyndns (now just called Dyn) is a good way, it dynamically updates a 
DNS record based on your current IP.

http://dyn.com/dns/dyndns-pro/

Looks like it's a commercial service these days...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sending Email Via Telnet

2012-10-17 Thread Giles Coochey 

On 16/10/2012 16:16, John Reddy wrote:



Something isn't quite right with your setup.  When you do the HELO command, 
the server should reply with something.  For example:

==
$ telnet smtp.comcast.net 25
Trying 76.96.40.155...
Connected to smtp.comcast.net.
Escape character is '^]'.
220 omta12.emeryville.ca.mail.comcast.net comcast ESMTP server ready
HELO comcast.net
250 omta12.emeryville.ca.mail.comcast.net hello [69.24.1.7], pleased to meet you
==

Does the mail server ever return anything back to you?


Sometimes, if you are traversing a firewall between you and the mail 
server the firewall blocks the connection because telnet uses the tcp 
PUSH flag.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SpamAssassin reporting help

2012-09-19 Thread Giles Coochey 

On 19/09/2012 16:45, Jason T. Slack-Moehrle wrote:

Hello All,

CentOS release 6.3 (Final)

I am getting e-mails now where they are:

Subject: Cron root@www /usr/share/spamassassin/sa-update.cron 21 |
tee -a /var/log/sa-update.log

Body: http: GET http://daryl.dostech.ca/sa-update/asf/1387055.tar.gz
request failed: 404 Not Found: !DOCTYPE HTML PUBLIC -//IETF//DTD
HTML 2.0//EN htmlhead title404 Not Found/title /headbody
h1Not Found/h1 pThe requested URL /sa-update/asf/1387055.tar.gz
was not found on this server./p hr addressApache/2.2.6 (Fedora)
Server at daryl.dostech.ca Port 80/address /body/html

Can anyone help me understand what is happening here?
I've been getting these too... if I run sa-update manually it appears 
that I'm on the latest version, so I'm just lazily waiting to see if 
anyone will fix the cron email..
So until someone else chirps up, I guess we're on our own :-), but I 
thought you might appreciate that you're not alone.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-18 Thread Giles Coochey 

On 14/09/2012 17:06, M. Fioretti wrote:


of course I can't do it right now, exactly because... I can't connect to
the server. But I will pass along these and all other similar suggestions
to the VPS provider help desk, since they will surely save time, so thanks
for these and any other tips that may come!



Well you can... ssh into B and then try to ssh from B to A...

--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with logwatch under CentOS 6.3

2012-09-12 Thread Giles Coochey 

On 12/09/2012 08:19, C. L. Martinez wrote:

Hi all,

  Last week I have migrated 5 CentoS 6.2 servers to CentOS 6.3. In all
of them, I receive every day problems with logwatch:

/etc/cron.daily/0logwatch:

Can't exec sendmail: No such file or directory at /usr/sbin/logwatch
line 1040, TESTFILE line 1.
Can't execute sendmail -t: No such file or directory

  It is really strange, because I am using default config ... On the
other side, I have three CentOS 6.2 servers and these problems doesn't
appears ...

  How can I debug this??

  Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

I had this problem on one of 18 Centos 6.x servers I have installed.

The particular server has had a large number of CPAN perl updates 
applied to it.


In order to resolve the problem I added the following line to 
/etc/logwatch/conf/logwatch.conf


mailer = /usr/sbin/sendmail -t

My systems are using postfix.



--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NTP server problem behind firewall

2012-09-04 Thread Giles Coochey 

On 04/09/2012 07:31, Artifex Maximus wrote:


The first time (16:39:13.653674) client cannot sync to the server but
second time (16:39:43.145984) that was successful even if there is a
'bad udp cksum'. BTW, is it normal? Tcpdump says there was traffic and
sync happened later so rule is OK I think.

When tried later sync needs three tries for success. Other time needs
only one. Might depend on Moon phase. It looks like I have some
network equipment related problem as well. Therefore I have to talk
with some Cisco expert.

At the moment I have problem with rsyslogd because there is no log of
denied packets but that is another story. :-)

Thanks for all of your help!


Without seeing the full timeline of events, you should bear in mind that 
there will be a gap between the time that an NTP server is started 
before other clocks are allowed to sync to it. This makes sense as you 
wouldn't want to sync time to a source that itself isn't reliable. Once 
the NTP server fulfils some criteria and believes it's clock to be 
reliable, it will allow other systems to sync to it.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NTP server problem behind firewall

2012-09-03 Thread Giles Coochey 

On 03/09/2012 13:00, Philippe Naudin wrote:

Le lun. 03 sept. 2012 13:15:41 CEST, Leonard den Ottolander a écrit:


On Sun, 2012-09-02 at 07:46 +, Artifex Maximus wrote:

Any idea what is wrong?

The iptables rules you specify only allow clients from your local
network access to your proxy ntp server. However, you do not specify
any rules for eth1 to allow that ntp server to synchronise with the
remote servers it is using. So unless you are using a local time source
that might be your problem.

I don't think this is the problem : the firewall accept everything in
the output chain, and established/related in input : my ntp server
works fine with the same rules (123/tcp is indeed useless).

For me, the problem is not ntp+iptables, or it should appears in
/var/log/messages, thanks to the -j LOG.
There can be something wrong in ntp.conf (but this is probably not the
case since it works without firewall), in the firewall (for example, if
it blocks DNS requests), or in the network configuration.

Regards,



Does 'ntpq -p' show your server actually syncing with ntp hosts?

--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NTP server problem behind firewall

2012-09-03 Thread Giles Coochey 

On 03/09/2012 15:18, Artifex Maximus wrote:

On Mon, Sep 3, 2012 at 11:15 AM, Leonard den Ottolander
leon...@den.ottolander.nl wrote:

On Sun, 2012-09-02 at 07:46 +, Artifex Maximus wrote:

Any idea what is wrong?

The iptables rules you specify only allow clients from your local
network access to your proxy ntp server. However, you do not specify
any rules for eth1 to allow that ntp server to synchronise with the
remote servers it is using. So unless you are using a local time source
that might be your problem.

Btw, when specifying rules for the external ntp servers you might want
to specify IPs as well to restrict access.

Thanks. You are right ntp proxy is absolutely what I want. Mine
description was not clean probably. So this is the setup:

GPSNTP(10.0.1.99/24) - eth1 myserver eth0 - clients(10.0.0.0/24)

Because GPSNTP is on a physically separated network I need this proxy
for my clients. My server is able to synchronize with GPSNTP so rules
are fine for that (because my output chain is ACCEPT per default). My
clients whom are cannot synchronize with my server even if I allow NTP
port which I do not understand.


So at this stage, doing a tcpdump -i eth0 -s 0 -w capture.cap and 
getting one of your clients to try to sync time with your server and 
then repeating this with the firewall turned off (when it purportedly 
works) ought to give you enough information to be able to view the 
packet capture and see what is going wrong.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NTOP alternatives?

2012-08-29 Thread Giles Coochey 

On 29/08/2012 09:29, Bent Terp wrote:

On Wed, Aug 29, 2012 at 9:52 AM, Rafał Radecki radecki.ra...@gmail.comwrote:


After some search I think I will use ntop ;)


Having lurked in this thread, I think I'll start using ntop as well. Did a
quick test today on my laptop and got it up and running in no time.

But to answer the question people at the office keeps asking me, I need to
dump Network Load data with a 1-second granularity. Does anoybody know how
to do that? Basic question is, do we have large fluctuations on our
internet connection usage.

Thanks in advance!

I know it's a Windows utility (WINE??), but we used STG traffic grapher 
in a previous ISP environment. Graphing at a 1s interval is possible, 
looks very much like MRTG.


http://leonidvm.chat.ru/

--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NTOP alternatives?

2012-08-28 Thread Giles Coochey 

On 28/08/2012 07:35, Rafał Radecki wrote:

Hi all.

I have currently a task to implement a network traffic analyzer. Some years
ago I've used NTOP for that purpose, I would also like to test some
alternatives.
Which alternatives can you recommend and why?

Thanks ;)

If you looking at just a netflow web-frontend  netflow processing I 
quite like nfsen / nfdump


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos machine sometimes unreachable

2012-08-22 Thread Giles Coochey 

On 22/08/2012 14:01, Richard Reina wrote:

I have a simple perl script that every few hours pings the handful of
machines on my LAN. Lately I've sometimes been getting

ping of 192.168.0.1 succeeded
ping of 192.168.0.7 succeeded
ping of 192.168.0.5 FAILED
ping of 192.168.0.6 succeeded
ping of 192.168.0.9 succeeded

   This machine in question has been running Centos faithfully for about six
years and no recent changes to it have been made. When I try and ping the
machine manually it works.   /var/og/messages does not seem irregular. Does
anyone know know what might be the problem or what else I might check?



I had this problem in the past and found that it seemed to be due to 
iCMP rate limiting. We were pinging a lot of hosts from the monitoring 
system, however... But you might want to investigate here: 
http://www.kernel.org/doc/man-pages/online/pages/man7/icmp.7.html


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] projects.centos.org - certificate has expired

2012-08-21 Thread Giles Coochey 

On 21/08/2012 15:47, Greg Bailey wrote:

On 8/21/2012 7:39 AM, John Doe wrote:

From: Rainer Duffner rai...@ultra-secure.de


Just FYI
I guess, you could also run your own CA and sign stuff yourself.
After all, your RPMs are also self-signed ;-)

But that means the browsers will complain until each user permanently adds

this untrusted certificate manually... which might be no big deal if only a

few ttech savy people are using this sub-domain...

If CentOS is rich, a wildcard certificate costs around $120/year,

maybe cheaper...


Or $0/year at startssl.com...

-Greg


I use startssl.com - and generally it is fine... I have however had a 
problem.
Someone recently sent an email in my name (but not from my email 
address) asking for my certificate to be revoked to the startssl 
certmaster. The startssl certmaster went ahead and revoked my 
certificate, this caused me a fair amount of pain, and obviously there 
is little cross-verification done against this type of 
social-engineering attack.
I have been told that it is unlikely to happen again (because my account 
now has red flags all over it), but if you use certificates for anything 
serious you might want to use an organisation that has enough funding to 
perform some cross-verification against such attacks..


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Configure LAGG Interface?

2012-08-06 Thread Giles Coochey 

On 02/08/2012 02:00, Tim Nelson wrote:

- Original Message -

On 01.08.2012 21:17, Tim Nelson wrote:

Greetings- I'd like to configure multiple copper NICs on a server
running CentOS 6.2 in a LAGG configuration for better throughput to
the core switch. After quite a bit of searching, I'm not seeing
anything of the sort. Is LAGG specific to the BSD world and the HP
switches I'm running? Or, does it go by a different name? Bonding
perhaps? If so, is bonding compatible with LAGG?

--Tim
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Hi Tim,

In Centos you would be doing nic bonding, it's the same thing.


The big question though, can I bond two NICs on a CentOS system, and connect 
those interfaces to two LAGG ports on my switches?



http://centoshelp.org/networking/nic-bonding/

Configure the switches as a LACP port-channel, you probably want to use 
a host mode (e.g. silent) configuration.


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] No tengo red despues de instalar

2012-07-27 Thread Giles Coochey 

On 27/07/2012 03:44, Fernando Cassia wrote:

On Thu, Jul 26, 2012 at 11:42 PM, Fernando Cassia fcas...@gmail.com wrote:

He adds I've seen other users' reports where they DO find a
ifcfg-eth0 and they end up adding onboot=yes. but he doesn' t get that
file. He says he has CentOS 6.2 and did the minimal install.

Ha!, just another reason NOT to include system-config-network-tui as
part of the base install, I guess. Who needs friendly menus to setup
networking?. *sarcasm*

JOKE JOKE...
FC


¿Se ve realmente una interfaz eth0 existentes en el sistema? por ejemplo 
ifconfig eth0 produce una salida de la interfaz?


Do you actually see an eth0 interface existing on the system?

e.g. ifconfig eth0 produces some output about the interface?

--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] system-config-network-tui not part of base install... wtf

2012-07-26 Thread Giles Coochey 

On 23/07/2012 04:40, Fernando Cassia wrote:

Who was the genius that decided that system-config-network-tui should
NOT be part of the base CentOS 6.3 install ??

Not to mention it has insane deps like wifi firmware packages... not
really if all you want to do is configure eth0 from the command
line...



/sbin/ifconfig eth0 w.x.y.z netmask v.v.v.0
/sbin/route add default gw a.b.c.d
echo nameserver e.f.g.h  /etc/resolv.conf
echo nameserver i.j.k.l  /etc/resolv.conf


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] system-config-network-tui not part of base install... wtf

2012-07-26 Thread Giles Coochey 

On 26/07/2012 12:34, Fernando Cassia wrote:

On Thu, Jul 26, 2012 at 8:00 AM, Giles Coochey gi...@coochey.net wrote:

echo nameserver e.f.g.h  /etc/resolv.conf
echo nameserver i.j.k.l  /etc/resolv.conf

Yes I know BUT for that I have to THINK. Screens and input fields ie
type tab tab tab enter type tab tab tab enter are what is known as
user friendly since the MS-DOS 5.0 setup.exe onwards...


After having built a number of machines, I kind of rattle off that by 
heart, just enough to then do a:


yum install system-config-network-tui after a minimal install.

But, yes, you're right, it was a minor annoyance.

--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] system-config-network-tui not part of base install... wtf

2012-07-26 Thread Giles Coochey 

On 26/07/2012 15:50, Scott Robbins wrote:
Unfortunately, according to folks who have more knowledge than I do 
about these things, in later versions of Fedora, and therefore, 
probably the next version or so of RH, just manually editing 
sysconfig/network-scripts will overlook some necessary parts. 
system-config-network-tui may wind up becoming necessary. Through RH 
5.x it was enough to manually edit the necessary files. However, in 
later versions of Fedora, this may cause errors because there will be 
some other scripts or files elsewhere, that system-config-network-tui 
manipulates. Meanwhile, Fedora is trying to make NetworkManager the 
default interface handler, (and there is apparently a command line 
version.) I know I'm old and cranky, but to me, it just seems like 
those meddlesome kids with their newfangled smartphones and touch 
screens are taking over development, and that many of them just don't 
care about the sysadmin portion of use. 
Interestingly, even when I use system-config-network-tui (at least on 
CentOS 6.2) I still had to manually edit the ONBOOT network parameter in 
/etc/sysconfig for my Ethernet to be enabled at startup.


Not sure if there is something in the menu system that would do that for 
me...


--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

  1   2   >