Re: [CentOS] Multiple RAID support in CentOS?
On 30/01/2010 12:09 PM, Victor Padro wrote: Hello, I was wondering if someone could help me, I'll try... I want to use one array with the 2 500GB HDDs in RAID1 for the OS and for some VMs, That will work OK. and the other 4 1TB HDDs I want to create an array in RAID5 or RAID10 for file sharing across my home Network. You can use these disks in a RAID5 array, but not RAID10. I fairly sure you need more than 4. RAID10 is mirrored, so you only have 2 disks in the array, which isn't enough for parity/striping stuff. You need at least 3, which would mean 6 disks for RAID10. Having said that, I'm assuming you want to use the entire hard disk as a participant in an array. You could create 2 x 500Gb partions on each disk and then you have 8 x 500Gb partitions to use in a RAID10 array. This approach sacrifices some redundancy though. If a disk dies entirely, then you will lose two participants in the RAID array, which may or may not be catastrophic - it depends on what you put where... I found a guide but it's a little bit outdated and it's for Debian... Do you have any other pointer I can read/use? http://wiki.centos.org/HowTos/SoftwareRAIDonCentOS5 I've mostly installed RAID arrays at install time, which you'll need to do as well if you want to put the OS on a RAID1 array. TIA. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Multiple RAID support in CentOS?
On 30/01/2010 1:42 PM, Victor Padro wrote: I'll read that howto, is for fakeRAID though... TIA Yes, I got RAID10 wrong - knew I would (haven't used it before). If you're using hardware RAID, then the Op/Sys will just see two disks and you don't really need a HowTo. How you partition/use them is up to you when you install. I know there is continuous debate about hardware vs. software RAID, but I've only ever had problems with hardware, and never any problems with software. Your mileage may vary :) Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables default configuration
Rob Kampen wrote: Carlos Santana wrote: - What does 'RH-Firewall-1-INPUT' chain means? This also seems to be a predefined chain, although not mentioned in wiki. - The wiki page approach is to flush existing rules and then add required rules to iptables. Is it possible to add/append required rules without flushing existing set of rules? Not sure, but I think this is where 'RH-Firewall-1-INPUT' chain comes into picture (user defined rules). Any explanation or resource link on this would be really helpful. Try using webmin - there are rpm available for it and the interface helps deal with the cryptic items that make up an iptable filter. The reason for the RH-Firewall-1-INPUT chain means you can use the same rule set for multiple items - i.e. both input and forward. I also find it useful to create different chains for different network traffic. For example, I have a chain that allows all web access - ports 80, 443, 8080 etc. I have a different chain for file-share access - e.g. NFS and Samba. This way, I can watch what is happening with those chains specifically, without wading through the significant output of the command iptables -nvL. By using different chains, I can issue a command like watch -d iptables -nvL CentOS-MAIL to monitor network traffic on related ports. This has helped me many times in the past to see where network traffic is being blocked or given access. Just my 2c worth :) Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Linux router with CentOS
Alan McKay wrote: just download one of the firewall distros that have the built in pfSense (FreeBSD) or IPCop (Linux) are the first 2 to mind. ClarkConnect is another good one though it may have limited functionality without paying, I don't know for sure. But we paid for it at work and it works really well for doing that. IPCop, if I recall correctly, doesn't load balance or fail-over - pfsense does. Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
ken wrote: On 10/18/2009 08:17 AM Kwan Lowe wrote: I'm pretty sure most corporations will continue to pay to use Red Hat. It's pretty tough to go the head of IT and tell them you want to use an OS without a corporate support license. Support is a security blanket, if nothing else -- and it's a place to lay blame if something goes wrong. (Though there are some exceptions.) If my company is in any way representative, then RedHat has nothing to fear from CentOS. Though a few of the engineers use CentOS as workstations or POC machines, our policy is that we have commercial support of our production software. We have run into issues with other applications that are no longer under support. CentOS has actually played a large role in getting RedHat into our environment. Without the ability to demo POCs, I think it would be unlikely that we would have tried Linux. (I of course am not speaking for my company in any way.) In the couple of months I've had the need to contact Redhat support on just one issue and their support has been terrible, so far completely useless and a waste of time. I don't know what Redhat charges us for support, but whatever it is, it hasn't been worth it. I even went so far as to express this to others in the department and have a private conversation with the head of the department (my boss's boss), expressing my disappointment with redhat support to him. My experience has been good and I have no negative feelings about their support offering. We had a critical issue once on a production server with 250 users, and that they solved for us very quickly. Other lower priority issues have been resolved in appropriate time frames. From my perspective, its all good. Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
Ron Blizzard wrote: I wonder if Red Hat has ever considered limited, paid support options for CentOS? I think that would be brand cannibalisation and self-defeating. To charge a lower support fee for the same product with a different name would surely only devalue their prime product and lead to revenue decreases in the long run. Hopefully there are and will remain to be enough businesses who support Red Hat. I know most of my customers would not be comfortable with a community support arrangement and so pay Red Hat's subscription fees. Thank goodness they do, because without them we wouldn't have CentOS. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.4? anyone?
Jake Shipton wrote: Post #148. You count your posts? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.4? anyone?
Jake Shipton wrote: On 16/10/09 09:38, Ian Blackwell wrote: Jake Shipton wrote: Post #148. You count your posts? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos No, that's the post # in the thread, of which I linked to (Eg, the one to look at). Oh. My mistake. Sorry :) Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Inquiry:Application cannot start on my CentOS 5.2
hadi motamedi wrote: Dear All Please be informed that I tried to start my application on my CentOS 5.2 client but it cannot be started and returns the following error message : There are 1744M available in /usr Starting mscmain service : system clock granularity : 1 microseconds. Error ip address Error config file ./conf/msc_sys.conf! Can you please do me favor and help me ? Thank you in advance You must think we're all mind readers. What service are you trying to start? I don't know what mscmain is without you telling me. Google doesn't tell me anything either. But then again, why am I Googling your problem when you should be doing that? I suggest you read this http://catb.org/~esr/faqs/smart-questions.html thoroughly and then post your question again with more detail - e.g. what package it is, which version, what you've Googled so far, what you've done yourself to attempt to fix it, what the logs say, Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] GnuPG for CentOS 5.3?
Dick Roth wrote: Good Morning-- I'm looking to shore up security in my system and with communications. Can you point me to the proper version of GnuPG for CentOS 5.3 (Final)? From my fully patched box:- 2.6.18-128.4.1.el5[r...@www CentosIKEL]# yum info gnupg Loaded plugins: fastestmirror, priorities Loading mirror speeds from cached hostfile Excluding Packages from CentOS-5 - Base Finished Excluding Packages from CentOS-5 - Updates Finished 1193 packages excluded due to repository priority protections Installed Packages Name : gnupg Arch : i386 Version: 1.4.5 Release: 14 Size : 4.5 M Repo : installed Summary: A GNU utility for secure communication and data storage. URL: http://www.gnupg.org/ License: GPL Description: GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key : management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't : use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, : which is patented worldwide). Thanks, Dick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Stupid Question (Linux antivirus)
Eric Clark wrote: Is there a real big need for having an anti-virus on linux? if so what are some good ones to use? Will the software be used in a commercial environment? If not, then you could use AVG from Grisoft:- http://free.avg.com/download I've used it for a couple of years now and haven't had any problems. Come to think of it, it hasn't found any viruses either!?!?! Perhaps I've been lucky, but I prefer to believe my email server is fairly good at rejecting spam etc. If you are using it in a commercial environment, you can purchase a subscription server licence for Linux from them. http://www.avg.com/product-avg-server-edition-for-linux Regards, Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Crontabs
James Bensley wrote: The crontabs are like the following example; 30 20 * * * sh /home/a_user/nightlyscrips/nightly_script_1 /home/a_user/nightlyscripts/`date +%d-%m-%Y--%H-%M-%S`.log I'm a big fan of keeping the contents of crontab very simple. The only thing I like to see in crontab is the path to the script, and the script does all the tricky stuff. If the script isn't called, you know cron is at fault. If the script is called and failed, then you know the script is broken. I find it makes it easy to determine where the problem is by making life very simple for cron. Just my 2c worth :) Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IBM ServeRAID Manager software
Drew wrote: Hi there, I'm in the process of installing Centos 5.2 on an IBM x236 w/ ServeRAID 7k I recently acquired to act as a samba file server. The hardware has all passed various stress tests I could throw at it so we're okay there. My question is. Has anyone had any luck getting the latest IBM ServeRAID Manager v9.0 working in CentOS? If so how? ServeRAID Manager is based off Adaptec's Storage Manager and I'm encountering two errors. The first relates to the login. It asks me for my username password then throws a java.lang.UnsatisfiedLinkError: authenticateUser error. I've tried it with both Sun Java 1.4 1.6 and the same error both times. There's also supposed to be a file /etc/pam.d/storman created according to the docs but nowhere in the rpm file or on the web can I find out what the contents of the file are supposed to look like. The second error, is after I hit cancel (which logs me in as guest), the software says no raid controller exists, which is of course incorrect. As a side note, I've already tried googling the problem, visiting Adaptec's site, and visiting IBM's support developerworks sites. The support site's are useless and developerworks keeps spitting out HTTP 50x errors. Use mdadm as Timo suggests. ServeRaid will only give you grief. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix Questions
Jason Todd Slack-Moehrle wrote: 1. mynetworks = Do I put my public static IP here? So I am hosting at another provider on my own dedicated hardware. Do I put that machines IP or the IP of my apartment where I want to access from? Second, do I have to know the Ip information for my BlackBerry to work as well See here: http://wiki.centos.org/HowTos/postfix This is what I am working with in section 3.1, but I am confused as t what the right answer is. -Jason Only put your private IP network addresses here, not public ones. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to get iptables rule to log actions?
Rudi Ahlers wrote: I have the following options in /etc/sysconfig/iptables: -A RH-Firewall-1-OUTPUT -d 87.89.180.50 -j LOG -A RH-Firewall-1-OUTPUT -d 87.89.180.50 - j DROP Perhaps it is the space between the hyphen and the j on your second line? Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to get iptables rule to log actions?
Rudi Ahlers wrote: On Mon, Apr 6, 2009 at 2:04 PM, Ian Blackwell i...@ikel.id.au wrote: Rudi Ahlers wrote: I have the following options in /etc/sysconfig/iptables: -A RH-Firewall-1-OUTPUT -d 87.89.180.50 -j LOG -A RH-Firewall-1-OUTPUT -d 87.89.180.50 - j DROP Perhaps it is the space between the hyphen and the j on your second line? Ian ___ Hi Ian, There's no space, I made a typo when I typed what I saw. I can't copy past from the remote KVM. Excusing the space, your syntax looks OK - as long as you have something like this at the top of your file:- :RH-Firewall-1-OUTPUT - [0:0] Can you send more detail about your OUTPUT chain? Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Torrent software choice
Linux Advocate wrote: is there a cli option? Yes, there is. /usr/bin/bittorrent-console is provided as part of the bittorrent package, available from http://bittorrent.com/ 2.6.18-128.1.1.el5[r...@www ~]# yum info bittorrent Loaded plugins: fastestmirror, priorities Loading mirror speeds from cached hostfile * base: mirror.internode.on.net * updates: mirror.internode.on.net * centosplus: mirror.internode.on.net * addons: mirror.internode.on.net * extras: mirror.internode.on.net 955 packages excluded due to repository priority protections Installed Packages Name : bittorrent Arch : noarch Version: 4.4.0 Release: 1.el5.rf Size : 3.4 M Repo : installed Summary: Network file transfer tool URL: http://bittorrent.com/ License: BitTorrent Open Source License Description: BitTorrent is a tool for copying files from one machine to another. FTP punishes sites : for being popular: Since all uploading is done from one place, a popular site needs big : iron and big bandwidth. With BitTorrent, clients automatically mirror files they : download, making the publisher's burden almost nothing. 2.6.18-128.1.1.el5[r...@www ~]# smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Signature Script
cen...@unixplanet.biz wrote: Hi There was a script or program that convert the normal character to a drawing of a lines to create a graphical signature and I don't remember its name. any one knows that script ? The program (well the one that I know of) is figlet, and it is available form the rpmforge repo. I don't know of anything in the standard/base CentOS repos. yum install figlet Cheers, Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Joyeux Noel
Merry Christmas everyone. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] telnet isssue
Indunil Jayasooriya wrote: When it reches about 60 telnet users, the remaing users will NOT be able to login. Look at /etc/xinetd.conf. In this file, you will find an entry for instances. On CentOS and RHEL, telnet is launched by xinetd and is governed by the instances limit in the /etc/xinetd.conf file. Change the limit and use service xinetd reload to reload the config file. Cheers, Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Educentos?
Christopher Chan wrote: Is there an Edubuntu equivalent for Centos? The K12LTSP is based on CentOS. http://k12ltsp.org/mediawiki/index.php/Main_Page Cheers, Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 with IBM SERVERAID 6i
[EMAIL PROTECTED] wrote: My question now is: what would be the better way to implement RAID 5 on this server? Should I use the detected array and respective driver or should I delete the array and go for Linus Software RAID? I've installed RHEL 4 on several IBM eSeries servers with ServeRaid controllers and I despise them. They fail too often and often don't tell you that they are having problems until it is too late. My suggestion is to use Linux software for your RAID array, and bypass the ServeRaid controller entirely. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Timeout for a script
Jussi Hirvi wrote: How could I make a script time out after nn minutes, if it's not finished by then? I put this little test script together. It seems to work OK... #!/bin/bash timeoutseconds=5 pid=$$ (echo Will kill $pid in $timeoutseconds seconds; sleep $timeoutseconds; kill -1 $pid) while true do echo Hello sleep 0.6 done You may need to vary the signal in the kill statement, depending on what you're running. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
Balaji wrote: Dear All, I have executed the following command and i have changed the /etc/selinux/config file and reboot the PC also setenforce 1 i have getting the following message only setenforce: SELinux is disabled Try using the GUI tools to enable and configure SELinux. Let us know if anything changes or not. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
Balaji wrote: * Can any one help me or guide me to 1. Enable the selinux setenforce 1 Use getenforce to determine the current status of selinux. Look in /etc/selinux/config for details of policy being used - e.g. targeted. 2. Selinux Customize my own policy man setsebool man getsebool These will help you modify options in the supplied policies. For example, use getsebool -a | grep http to list all selinux options and filter the list for those pertaining to http. You can of course create your own policy and local customisations based on audit logs etc, but I've not ventured down this path myself. Others on the list will be able to assist if you need to go that way. Hope that gets you started :) Cheers, Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
Balaji wrote: Dear All, I have executed the following command and i have changed the /etc/selinux/config file and reboot the PC also setenforce 1 i have getting the following message only setenforce: SELinux is disabled Please post your /etc/selinux/config file. Thanks, Ian PS: Please bottom post and trim messages - these are the guidelines for this list. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Shell script to list group members
Bob Beers wrote: grep group_name: /etc/group | cut -d: -f4 will give a comma separated list, provided group_name is a valid group name. There is one problem with this approach, which is the assumption that all users' primary group is the same as their login id - which I agree is typically the RHEL way, but it doesn't have to be the case. If however you have users with their primary group set to something other than the login id - e.g. admin or marketing - then you need to look in the /etc/passwd file as well because these users don't appear in the comma separated list outlined above. To check the /etc/passwd file, you have to determine the group id value, and then scan the /etc/passwd file looking for that value in column 4. This will give you a list of users whose primary group is the group value you're interested in. Cheers, Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Shell script to list group members
Bob Beers wrote: Part 1: You have a valid point, but the OP's question was: I am looking for a (simple) shell command to run from a bash script that will allow me to list user accounts that belong to a particular group. In all likelihood the system follows the default approach of setting the primary group to be the user's personal ground. If that is the case then you're correct in providing a simple solution as requested. I just wanted to make Tim aware that if his user's have primary groups other than their personal groups - e.g. admin or marketing - then there isn't a simple answer (not that the answer is all that hard). Here's a script I knocked up to do it - although there can be duplication and output formatting isn't perfect:- #!/bin/bash #set -x # $1 is the group to test if [ $1 = ]; then echo Which group? exit 1 fi groupid=$(getent group $1 | cut -d: -f3) grouplst=$(getent group $1 | cut -d: -f4) for User in $(cat /etc/passwd | cut -f1 -d:) do if [ $(id -g $User) = $groupid ]; then grouplst=$(echo $grouplst),$User fi done echo Members of group $1 are: $grouplst exit 0 Regards, Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rc.local
Ric Moore wrote: I note that there are two 'rc.local' files. One is in /etc and the other in /etc/rc.d Which has precedence and is the one to use? Thanks, Ric ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi Ric, You'll find one is a link to the other, so you really only have one file on disk. Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Webalizer displays wrong year
Jussi Hirvi wrote: I just run webalizer manually on an Apache log, like I have done many times before. Some new statistics were created, but for August 2006 instead of August 2008. I cannot figure why! Because of my mistake, the webalizer statistics for this site have not been updated since February. Now I tried to update them for the first time - with the results I described above. The system clock is in correct time (2008). The dates printed in Apache logs are correct (2008). Webalizer, when it is run, creates these new files (note the wrong year): -rwxrwx--- 1 root apache 569 Aug 29 10:57 webalizer.hist -rwxrwx--- 1 root apache 127507 Aug 29 10:57 webalizer.current -rwxrwx--- 1 root apache2957 Aug 29 10:57 usage.png -rwxrwx--- 1 root apache 137863 Aug 29 10:57 usage_200608.html -rwxrwx--- 1 root apache 10190 Aug 29 10:57 index.html -rwxrwx--- 1 root apache2178 Aug 29 10:57 hourly_usage_200608.png -rwxrwx--- 1 root apache3900 Aug 29 10:57 daily_usage_200608.png On Webalizer page index.html, the new stats get labeled Aug 2006, and - another strange thing - the item is displayed on the list (on index.html) between Jul 2007 and Sep 2007!! The original Aug 2007 seems to be missing. Any ideas what could be wrong?? Something similar happened to me, but only when I had set the server date forward and accessed the apache server pages with a future date. As a result, the apache logs contained that future date. The /var/lib/webalizer/webalizer.current file then contained a future date and so with Webalizer working in incremental mode, it was ignoring all log entries prior to that future date. The result was my correctly dated logs were being ignored. To fix this, and I know it seems to be the reverse of you are describing, I cleared the /var/lib/webalizer/webalizer.current file and purged my logs of future dated entries. I can only hope that this helps you a little... :) Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Webalizer displays wrong year
Jussi Hirvi wrote: Hi Ian, I know you from the LassoTalk list, right? :-) Hi Jussi, No, I've not been on the LassoTalk list - that must be an alter ego of mine. I live in South Australia and had to Google LassoTalk to find out what it was :-\ Anyway, I'm glad to hear you've repaired your webalizer ;-) Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Boot CentOS 5 to command line
Barry Brimer wrote: id:3:initdefault: This will tell your system to boot into text mode. If you want to switch while you are running .. you can type init 3 to go to text mode and init 5 to go to graphical mode. This will need to be done as the root user. The obligatory warning:- Run level 3 may have different services loaded than run level 5. Study the output from chkconfig --list on your server to see what services are started in each run level. E.g.:- [EMAIL PROTECTED] ~]# chkconfig --list nfslock 0:off 1:off 2:off 3:on4:on5:on6:off ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off acpid 0:off 1:off 2:off 3:on4:on5:on6:off diskdump0:off 1:off 2:off 3:off 4:off 5:off 6:off webmin 0:off 1:off 2:on3:on4:off 5:on6:off cqcs_acs0:off 1:off 2:on3:on4:on5:on6:off ntpd0:off 1:off 2:off 3:on4:off 5:on6:off xfs 0:off 1:off 2:on3:on4:on5:on6:off snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sshd0:off 1:off 2:on3:on4:on5:on6:off nscd0:off 1:off 2:off 3:off 4:off 5:off 6:off syslog 0:off 1:off 2:on3:on4:on5:on6:off sysstat 0:off 1:on2:on3:on4:on5:on6:off cpuspeed0:off 1:on2:on3:on4:on5:on6:off readahead 0:off 1:off 2:off *3:off* 4:off *5:on*6:off smartd 0:off 1:off 2:on3:on4:on5:on6:off rpcsvcgssd 0:off 1:off 2:off 3:on4:on5:on6:off radiusd 0:off 1:off 2:off 3:off 4:off 5:off 6:off mysqld 0:off 1:off 2:on3:on4:off 5:on6:off snip Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux httpd portmap
Craig White wrote: Suggest that you make sure you are fully updated, then 'touch /.autorelabel' then reboot (reboot at a time you choose because it may take a long time to relabel every file on your system - especially if you have a lot of files). Craig What Craig implies is that your system won't be available for quite a long time (relatively), while the relabel takes place. The boot time with an autorelabel is very long, and you won't have access to the server until the relabel is completed. So choose your time for the reboot with that knowledge. Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] using new sysconfig file
Kai Schaetzl wrote: Thanks for the hint. It was the CRLF sequence from creating the file on a Windows machine. I haven't had a problem with this in a long time, bash scripts etc. work fine, no matter if LF or CRLF is used, but it seems to make a difference when including a file. Glad to hear :-) BTW: Postgrey recommend a maximum delay of 300. Is there a reason you're using 660? It's the default and been the default since postgrey saw the light of day, but I wouldn't deem it recommended. ;-) I've been doing greylisting (with sendmail) for many years and started out with ten minutes. You're history with greylisting eclipses my recent foray into the field, so I bow to your experience. I took the 300 from the CentOS HowTo where they write:- quoteSetting your delay to values larger than 300 Seconds ( 5 Minutes ) is really not recommended./quote This has proven to be quite successful, but there is a growing number of spammers that come back after exactly ten minutes, so I'm moving it up to 11 minutes on new machines. I doubt that 5 minutes gives any advantage in terms of faster turnaround time for ham messages. Most MTAs retry after 15 or 30 minutes, I would actually consider an MTA that retries after only 5 minutes a bit rude. I started my delay at 60 seconds as the how-to suggests, and have moved it up to 300 now. If your experience suggests 660, then I'll try that next ;-) Anything to kill Spam is cool in my book 8-) Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: I am up and running on our normal IPCop box again. Last night, I changed the DNS Settings in the ADSL Modem, from using the DNS Servers at our local ISP, to those of opendns.com http://opendns.com and that probably will help a lot, until I can get IPCop configured properly for the Caching DNS Server. My understanding is that IPCop provides a Caching DNS *Proxy*, not a Caching Name Server. Being a proxy means it forwards any queries that it can't answer from it's own cache to full DNS Servers (caching or not). Once it knows the answer it will cache it locally and return that answer to local users without contacting the DNS server again - as long as it is valid to do so based on the cache time set for that particular domain. For exmaple, my domain's cache time is short because my server lives on a dynamic IP address, but google's cache time is long because their servers are on static IP addresses and caching for a long time is safe for the DNS client to do (no need to query often because the servers aren't moving). If your ADSL modem can act as a DNS server, then you can point IPCop to that for DNS, but you can't point IPCop to itself (127.0.0.1) because it is only a proxy - not a full DNS server. In my view, for DNS your IPCop box should be directed to:- 1) your ISP's DNS servers; or 2) public DNS servers; or 3) your ADSL modem which is using either of the above. As I've already mentioned in other replies on this topic, my IPCop server uses my ISP for DNS requests. This means my ADSL modem is bypassed for DNS queries, but I'm not even sure if it could respond to DNS queries. Even if it could, since the IPCop is a caching proxy, it will keep the query results as long as it is entitled to before re-querying the real DNS server again. Using the ADSL modem won't help here because it can't cache any longer than the IPCop box can, so it will have to query the real DNS server in this situation. My view is you might as well make the IPCop do that in one step - why involve the modem? Regards, Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: Question: The next time I connect our Backup IPCop box, should I put the 2 IP addresses for opendns.com there, or, the IP of our ADSL Modem? Which will be faster? If I understand, you have the IP addresses in your IPCop box and that bypasses your ADSL Modem. TIA, Lanny My advice is to forget DNS on the modem because it won't be more up-to-date than the cache on the IPCop server, so it won't serve any useful function. Set the IPCop box to use the IP addresses provided by opendns.com. It will cache DNS query results and contact the opendns servers when it needs to refresh expired data or get new data not already in the IPCop cache. The modem can't help in this scenario, so leave it alone and bypass it by telling IPCop to go directly to opendns for DNS queries. Cheers, Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] using new sysconfig file
Kai Schaetzl wrote: I installed postgrey from rpmforge and wanted to use sysconfig to change options instead of overwriting the init file. However, I get a weird warning from postgrey. I'm not sure if this is a postgrey quirk or I use sysconfig the wrong way. /etc/sysconfig/postgrey: OPTIONS=--unix=/var/spool/postfix/postgrey/socket --delay=660 Hi Kai, I got similar errors by corrupting my /etc/sysconfig/postgrey file, by putting text into the delay value - i.e. I replaced 660 with 66O. I suggest you recreate the file (from scratch) to make sure you haven't got some odd binary data in their somehow (null's?). BTW: Postgrey recommend a maximum delay of 300. Is there a reason you're using 660? Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: You entered them there and you can dig +trace from there. That's interesting. I would like to discontinue using the DNS Servers at my ISP, because: (a ) frequently slow (b) sometimes no DNS (c) the recent problem where I get to opendns.com Generally your ISP's DNS should be quickest because they are closest. If you're not happy with them, google for public DNS and you'll find a plethora of publicly accessible DNS systems. You can also create a backup using the web-interface. The backup will be saved on your local machine and you can restore it from there if needed. Thank you for reminding me about that! The IPCop box I am using now, I backed up on 23 February. The Backup IPCop box, which I am going to use to test this, will need to be updated and then I will backup, before I try these changes. Don't forget to save the backup to your local system in case your IPCop box gets totally hosed. You can then rebuild the IPCop system and restore the backup from your desktop. snip Ian: Thank you for the information! Lanny You're welcome. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: Good morning to you! It is 647 Saturday night here in Colombia. ___ 9:34am Sunday morning here in Australia :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Scott Silva wrote: You would set the primary dns to 127.0.0.1 and if you want set the secondary dns to what your primary dns was set at. You might have to play with the options to have dhcp assigned red and still be able to set your nameserver settings. The ipcop boxes I have are all on static ip's, on either T1's or business class DSL, so the settings are a little different. For what it is worth, my IPCop box has the DNS values supplied by my ISP entered here instead of 127.0.0.1. My dig +trace tests are all running fine. Scott: Thank you, for the above explanation! I was able to SSH into the IPCop box on Port 222, very early this morning (with the syntax correct, that was easy) and I saw the Setup menu. Whatever you do, write down the original settings of anything you change so you can restore it if it horribly breaks. You can also create a backup using the web-interface. The backup will be saved on your local machine and you can restore it from there if needed. Amen. I will write down the original settings, before I change them. In a tiny way, the IPCop box is a Production Server in our house. I have two (2) very demanding users: a wife and a 7 year old daughter and I don't want them mad :-) Something like not wanting your boss at work mad at you I am going to be working on this, when they are not using their Desktop boxes and I am going to do this on our Backup IPCop box, which actually has much better HW than the one we normally use for IPCop. If I can't get this to work on IPCop, that is the one I will install SME Server or the CentOS 4.4 Server CD on. It sounds like this is going to work on IPCop, which will be much easier and much faster for me to get up and running properly. Question: Awhile ago, I got into the configuration settings for our ZTE ADSL Modem. For the change to me having my own Caching DNS Server, in the settings for the ADSL modem at this time, using the DNS servers at our ISP: Primary DNS Server 200.29.104.22 Secondary DNS Server 200.29.96.22 These are the number I would enter into the IPCop setup screen for DNS and Gateway. My gateway value is the IP address of my ADSL modem. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: anything in CentOS 5.2 that uses opendns.com whenbrowsing web?
Lanny Marcus wrote: On 7/10/08, Dennis McLeod [EMAIL PROTECTED] wrote: IPCOP here. Use it for Masq, dhcp, NAT, time, Transparent Webfiltering via URLFilter plugin (and automatic blacklist downloads) and banned internal MAC addresses (our inside machines) via advancedproxy plugin, and more. It's on our public access wifi network with a dedicated DSL connection. Been up for 2 years. It's on an old IBM Netvista SFF Celeron 900 with 512M of ram. I'm gonna build one at home, cause my kids are getting to the age Dennis Great. I have IPCop running on a Pentium 233 MMX box with 64 MB of RAM. It's our oldest box and it does the job for our house. :-) IPCop here too - since 2004 - with a full Blue, Orange, Green and Red configuration (CentOS in Orange for email/web etc). I too used a really old P200 with about 96Mb RAM. It will work OK on that hardware - as it does on yours - but you just can't get it to do the extra stuff - e.g. CopFilter, Snort, etc. I've just updated to an AMD Athlon XP 1700+ with 512Mb of RAM and I can now run all the cool add-ons I couldn't before. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: [EMAIL PROTECTED] ~]# ssh ipcop.homelan:222 ssh: ipcop.homelan:222: Name or service not known [EMAIL PROTECTED] ~]# Try:- ssh -p 222 ipcop.homelan Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gentee
Ray Van Dolson wrote: Gentee is a programming language, CentOS is a Linux Distribution. You would hope the question was really about Gentoo, but I have a suspicion that perhaps it wasn't :-D Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Wheel and YUM!!
Plant, Dean wrote: I see your trying to protect your users from becoming root. You do realise that with that sudo configuration a user can still run sudo /bin/bash or any of the other shells to gain root access. Hi Dean, I don't think that's correct. One of the purposes of the sudoers file is you can limit users to specific programs, excluding them from others. This entry, which I just tested in my CentOS5.2 box, allows the user tldap to use yum, but not /bin/bash:- tldap ALL=/usr/bin/yum Here's what happens when I try sudo as user tldap:- [EMAIL PROTECTED] ~]$ sudo yum update Loading fastestmirror plugin Loading priorities plugin Loading mirror speeds from cached hostfile * base: rsync.atworks.co.jp * updates: rsync.atworks.co.jp * centosplus: mirror.exetel.com.au * addons: mirror.exetel.com.au * extras: mirror.exetel.com.au 0 packages excluded due to repository priority protections Setting up Update Process No Packages marked for Update [EMAIL PROTECTED] ~]$ sudo /bin/bash Sorry, user tldap is not allowed to execute '/bin/bash' as root on www [EMAIL PROTECTED] ~]$ Cheers, Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Wheel and YUM!!
Plant, Dean wrote: What I was trying to point out is that if is he is disabling commands like su then they must be enabled somewhere in the groups he is calling and it is good practice to disable all the shells as well. All my sudoers lines that call groups like he was trying to do always have a !SU, !SHELLS to specifically deny root access. Noted. Anyway I will shut up now as none of this will help fix his problem. Ditto :-) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Broken upgrade to 5.2
Johnny Hughes wrote:
Could you post the output of the command /bin/rpm -qa --qf
'%{name}-%{version}-%{release}.%{arch}.rpm\n' ?
I would add a | sort to that like this:
/bin/rpm -qa --qf '%{name}-%{version}-%{release}.%{arch}.rpm\n' | sort
[EMAIL PROTECTED] ~]# /bin/rpm -qa --qf
'%{name}-%{version}-%{release}.%{arch}.rpm\n' | sort
a2ps-4.13b-57.1.el5.i386.rpm
a52dec-0.7.4-8.el5.rf.i386.rpm
aalib-1.4.0-5.el5.rf.i386.rpm
acl-2.2.39-2.1.el5.i386.rpm
acpid-1.0.4-5.i386.rpm
adminutil-1.1.5-1.fc6.i386.rpm
adobe-release-i386-1.0-1.noarch.rpm
agg-2.5-1.el5.rf.i386.rpm
aide-0.13.1-2.0.4.el5.i386.rpm
alacarte-0.10.0-1.fc6.noarch.rpm
alchemist-1.0.36-2.el5.i386.rpm
alsa-lib-1.0.14-1.rc4.el5.i386.rpm
alsa-utils-1.0.14-2.rc4.el5.i386.rpm
amtu-1.0.4-4.i386.rpm
anacron-2.3-45.el5.centos.i386.rpm
ant-1.6.5-2jpp.2.i386.rpm
antlr-2.7.6-4jpp.2.i386.rpm
apmd-3.2.2-5.i386.rpm
apr-1.2.7-11.i386.rpm
apr-util-1.2.7-6.i386.rpm
arts-1.5.4-1.i386.rpm
aspell-0.60.3-7.1.i386.rpm
aspell-en-6.0-2.1.i386.rpm
at-3.1.8-82.fc6.i386.rpm
atk-1.12.2-1.fc6.i386.rpm
at-spi-1.7.11-2.fc6.i386.rpm
attr-2.4.32-1.1.i386.rpm
audiofile-0.2.6-5.i386.rpm
audit-1.5.5-7.el5.i386.rpm
audit-libs-1.5.5-7.el5.i386.rpm
audit-libs-1.6.5-9.el5.i386.rpm
audit-libs-python-1.5.5-7.el5.i386.rpm
authconfig-5.3.12-2.el5.i386.rpm
authconfig-gtk-5.3.12-2.el5.i386.rpm
autoconf-2.59-12.noarch.rpm
autofs-5.0.1-0.rc2.55.el5.3.i386.rpm
automake14-1.4p6-13.noarch.rpm
automake15-1.5-16.noarch.rpm
automake16-1.6.3-8.noarch.rpm
automake17-1.7.9-7.noarch.rpm
automake-1.9.6-2.1.noarch.rpm
avahi-0.6.16-1.el5.i386.rpm
avahi-glib-0.6.16-1.el5.i386.rpm
avahi-qt3-0.6.16-1.el5.i386.rpm
avg75flr-r51-a1243.i386.rpm
axis-1.2.1-2jpp.6.i386.rpm
basesystem-8.0-5.1.1.el5.centos.noarch.rpm
bash-3.1-16.1.i386.rpm
bash-3.2-21.el5.i386.rpm
bc-1.06-21.i386.rpm
bcel-5.1-8jpp.1.i386.rpm
beecrypt-4.1.2-10.1.1.i386.rpm
bind-9.3.3-10.el5.i386.rpm
bind-chroot-9.3.3-10.el5.i386.rpm
bind-libs-9.3.3-10.el5.i386.rpm
bind-libs-9.3.4-6.P1.el5.i386.rpm
bind-utils-9.3.3-10.el5.i386.rpm
binutils-2.17.50.0.6-5.el5.i386.rpm
binutils-2.17.50.0.6-6.el5.i386.rpm
bison-2.3-2.1.i386.rpm
bitmap-fonts-0.3-5.1.1.noarch.rpm
bitstream-vera-fonts-1.10-7.noarch.rpm
bluez-gnome-0.5-5.fc6.i386.rpm
bluez-hcidump-1.32-1.i386.rpm
bluez-libs-3.7-1.i386.rpm
bluez-utils-3.7-2.el5.centos.i386.rpm
boost-1.33.1-10.el5.i386.rpm
boost-devel-1.33.1-10.el5.i386.rpm
bridge-utils-1.1-2.i386.rpm
brlapi-0.4.1-1.fc6.1.i386.rpm
bsf-2.3.0-11jpp.1.i386.rpm
bsh-1.3.0-9jpp.1.i386.rpm
bsh-demo-1.3.0-9jpp.1.i386.rpm
bsh-javadoc-1.3.0-9jpp.1.i386.rpm
bsh-manual-1.3.0-9jpp.1.i386.rpm
busybox-1.2.0-3.el5.centos.i386.rpm
byacc-1.9-29.2.2.i386.rpm
bzip2-1.0.3-3.i386.rpm
bzip2-devel-1.0.3-3.i386.rpm
bzip2-libs-1.0.3-3.i386.rpm
caching-nameserver-9.3.3-10.el5.i386.rpm
cadaver-0.22.5-1.el5.rf.i386.rpm
cairo-1.2.4-3.el5_1.i386.rpm
cairo-1.2.4-5.el5.i386.rpm
ccid-1.0.1-6.el5.i386.rpm
cdda2wav-2.01-10.i386.rpm
cdparanoia-alpha9.8-27.2.i386.rpm
cdparanoia-libs-alpha9.8-27.2.i386.rpm
cdrdao-1.2.1-2.i386.rpm
cdrecord-2.01-10.i386.rpm
centos-release-5-1.0.el5.centos.1.i386.rpm
centos-release-notes-5.1.0-2.i386.rpm
checkpolicy-1.33.1-2.el5.i386.rpm
chkconfig-1.3.30.1-1.i386.rpm
chkconfig-1.3.30.1-2.i386.rpm
chkfontpath-1.10.1-1.1.i386.rpm
classpathx-jaf-1.0-9jpp.1.i386.rpm
classpathx-mail-1.1.1-4jpp.2.i386.rpm
compat-gcc-34-3.4.6-4.i386.rpm
compat-gcc-34-c++-3.4.6-4.i386.rpm
compat-gcc-34-g77-3.4.6-4.i386.rpm
compat-glibc-2.3.4-2.26.i386.rpm
compat-glibc-headers-2.3.4-2.26.i386.rpm
compat-libf2c-34-3.4.6-4.i386.rpm
compat-libstdc++-296-2.96-138.i386.rpm
compat-libstdc++-33-3.2.3-61.i386.rpm
comps-extras-11.1-1.1.el5.centos.noarch.rpm
conman-0.1.9.2-8.el5.i386.rpm
control-center-2.16.0-14.el5.i386.rpm
coolkey-1.1.0-5.el5.i386.rpm
coolkey-devel-1.1.0-5.el5.i386.rpm
coreutils-5.97-12.1.el5.i386.rpm
coreutils-5.97-14.el5.i386.rpm
cpio-2.6-20.i386.rpm
cpp-4.1.2-14.el5.i386.rpm
cpuspeed-1.2.1-1.48.el5.i386.rpm
cracklib-2.8.9-3.3.i386.rpm
cracklib-dicts-2.8.9-3.3.i386.rpm
crash-4.0-4.6.1.i386.rpm
crontabs-1.10-8.noarch.rpm
crypto-utils-2.3-1.i386.rpm
cryptsetup-luks-1.0.3-2.2.el5.i386.rpm
cscope-15.5-15.fc6.1.i386.rpm
ctags-5.6-1.1.i386.rpm
cups-1.2.4-11.14.el5_1.6.i386.rpm
cups-libs-1.2.4-11.14.el5_1.6.i386.rpm
cups-libs-1.2.4-11.18.el5_2.1.i386.rpm
curl-7.15.5-2.el5.i386.rpm
curl-devel-7.15.5-2.el5.i386.rpm
cvs-1.11.22-5.el5.i386.rpm
cyrus-sasl-2.1.22-4.i386.rpm
cyrus-sasl-devel-2.1.22-4.i386.rpm
cyrus-sasl-gssapi-2.1.22-4.i386.rpm
cyrus-sasl-lib-2.1.22-4.i386.rpm
cyrus-sasl-md5-2.1.22-4.i386.rpm
cyrus-sasl-plain-2.1.22-4.i386.rpm
db4-4.3.29-9.fc6.i386.rpm
db4-devel-4.3.29-9.fc6.i386.rpm
dbus-1.0.0-6.3.el5_1.i386.rpm
dbus-1.0.0-7.el5.i386.rpm
dbus-devel-1.0.0-6.3.el5_1.i386.rpm
dbus-glib-0.70-5.i386.rpm
dbus-python-0.70-7.el5.i386.rpm
dbus-x11-1.0.0-6.3.el5_1.i386.rpm
dcraw-0.0.20060521-1.1.i386.rpm
dejavu-lgc-fonts-2.10-1.noarch.rpm
Deployment_Guide-en-US-5.1.0-11.el5.centos.1.noarch.rpm
desktop-backgrounds-basic-2.0-40.el5.centos.noarch.rpm
Re: [CentOS] Broken upgrade to 5.2 {solved - I hope}
Thanks to all that offered advice to help solve this for me. Here's a
round up for those that may follow in similarly ill-fated foot-steps.
1. Don't update/upgrade remotely without using screen. Dropping the
ssh session caused yum to die inelegantly, with duplicate packages in
the RPM database.
2. Analysing the output from
/bin/rpm -qa --qf '%{name}-%{version}-%{release}.%{arch}.rpm\n' | sort
led me to erase almost 30 new packages that appeared to be duplicates of
existing packages. This wasn't without problems though, because I used
this command:-
yum erase libgcc-4.1.2-42.el5.i386
to remove the duplication noticed here:-
libgcc-4.1.2-14.el5.i386.rpm
libgcc-4.1.2-42.el5.i386.rpm
3. This broke the machine badly, and caused yum to stop working
completely with missing libgcc_s.so.1 being reported as the cause. This
also effected other programs, e.g. man wasn't working either. Anyway,
long story short, I booted from the 5.1 DVD in rescue mode. I was
reluctant to reboot the box in a half upgraded state, but was forced
into this due to the corrupt libgcc problem. I then forced the
reinstallation of libgcc-4.1.2-14.el5.i386 from the DVD using:-
rpm -ivh --force --root /mnt/sysimage libgcc-4.1.2-14.el5.i386.rpm
This worked OK and the machine rebooted without a problem (what a relief).
4. Next I tried the yum -y upgrade process again (from the console this
time), and to my enormous delight, it downloaded the packages I had
removed earlier and then passed all transaction tests and started to
process the 577 steps left to upgrade to 5.2.
5. I think there may still be some duplicates, which I'll check for
after the upgrade has completed. I didn't get all the way through my
analysis of the duplicate package list because of the broken libgcc
issue. Having resolved this with the rescue boot, I took a punt on
having done enough and restarted yum upgrade. Since it worked, I
decided against interrupting it with the view to a subsequent
reconciliation.
All being well, I should have an upgraded machine fairly soon.
Thanks again for your prompt and enlightened assistance 8-)
Ian
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where is CENTOS 5.2 DVD ISO???
Tim Verhoeven wrote: 2008/6/25 mcclnx mcc [EMAIL PROTECTED]: I tried to download 64 bit CENTOS 5.2 DVD ISO. I already checked more than 30 download site and can NOT find it. Some site show DVD ISO in there, but it is fake. This URL works for me http://www.mirrorservice.org/sites/mirror.centos.org/5.2/isos/x86_64/CentOS-5.2-x86_64-bin-DVD.iso; or example. Here's another, closer to home for you :- http://ftp.tcc.edu.tw/Linux/CentOS/5.2/isos/x86_64/CentOS-5.2-x86_64-bin-DVD.iso ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problem with telnet
fabian dacunha wrote: jus a couple of days back when i tried to telnet to the server it gave me connection refused i go to the server and when i say telnet localhost it says getaddrinfo: localhost Name or service not known Are there lots of telnet sessions already running? You could have hit the instances limit in /etc/xinetd.conf. If this is the problem (and BTW I'm not convinced it is), you can increase the number of allowed telnet sessions and reload xinetd with service xinetd reload. I hit this problem on a RHEL3 server several years ago and can't recall exactly how it manifested itself, but I do remember that this was the solution. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Broken upgrade to 5.2
Hello all, I was upgrading a CentOS 5.1 box to 5.2 remotely, and I lost my ssh connection to the server. Now when I rerun the yum upgrade it fails due to conflicts in the transaction check stage. Before I dig myself a deeper hole, I think I need advice. The original error I received was a conflict between python-devel and python, so I erased python-devel with the plan to install it again after, but now I'm getting more errors and I think I might be up to my neck and I've got that cold feeling on the back of my neck :-( I have the CentOS-Base repo enabled (base, updates, addons, extras centosplus) and CentOS-Media --- but no others. A full transcript appears at the bottom, but here are the salient points of the failing yum process:- transcript [EMAIL PROTECTED] ~]# yum -y upgrade Loading installonlyn plugin Loading priorities plugin Setting up Upgrade Process Setting up repositories Reading repository metadata in from local files 0 packages excluded due to repository priority protections Resolving Dependencies -- Populating transaction set with selected packages. Please wait. --- Package frysk.i686 0:0.0.1.2008.03.19.rh1-1.el5 set to be updated ... big snip ... yum-fastestmirror noarch 1.1.10-9.el5.centos base 13 k Transaction Summary = Install 14 Package(s) Update 251 Package(s) Remove 0 Package(s) Total download size: 539 M Downloading Packages: Running Transaction Test Finished Transaction Test Transaction Check Error: file /usr/bin/mysqldumpslow from install of mysql-server-5.0.45-7.el5 conflicts with file from package mysql-5.0.22-2.2.el5_1.1 file /sbin/dmeventd from install of device-mapper-event-1.02.24-1.el5 conflicts with file from package device-mapper-1.02.20-1.el5 Error Summary - /transcript Hopefully someone can point me toward a solution :-[ . I've tried the following (and many variations of these - install, update, upgrade), but nothing has worked so far:- yum -y install mysql-server yum -y update device-mapper-event Cheers, Ian Full Transcript:- [EMAIL PROTECTED] ~]# yum -y upgrade Loading installonlyn plugin Loading priorities plugin Setting up Upgrade Process Setting up repositories Reading repository metadata in from local files 0 packages excluded due to repository priority protections Resolving Dependencies -- Populating transaction set with selected packages. Please wait. --- Package frysk.i686 0:0.0.1.2008.03.19.rh1-1.el5 set to be updated --- Package shared-mime-info.i386 0:0.19-5.el5 set to be updated --- Package nautilus.i386 0:2.16.2-7.el5 set to be updated --- Package gnome-screensaver.i386 0:2.16.1-8.el5 set to be updated --- Package pciutils-devel.i386 0:2.2.3-5 set to be updated --- Package tomcat5-server-lib.i386 0:5.5.23-0jpp.7.el5 set to be updated --- Package traceroute.i386 3:2.0.1-3.el5 set to be updated --- Package libacl-devel.i386 0:2.2.39-3.el5 set to be updated --- Package kernel-xen-devel.i686 0:2.6.18-92.1.1.el5.centos.plus set to be installed --- Package gnome-python2-libegg.i386 0:2.14.2-6.el5 set to be updated --- Package gtkhtml3.i386 0:3.16.3-1.el5 set to be updated --- Package desktop-printing.i386 0:0.19-20.2.el5 set to be updated --- Package ipsec-tools.i386 0:0.6.5-9.el5_2.1 set to be updated --- Package irqbalance.i386 2:0.55-10.el5 set to be updated --- Package sysstat.i386 0:7.0.2-1.el5 set to be updated --- Package krb5-devel.i386 0:1.6.1-25.el5 set to be updated --- Package selinux-policy.noarch 0:2.4.6-137.el5 set to be updated --- Package Deployment_Guide-en-US.noarch 0:5.2-9.el5.centos set to be updated --- Package xorg-x11-drv-sis.i386 0:0.9.1-7.1.el5 set to be updated --- Package grub.i386 0:0.97-13.2 set to be updated --- Package pcsc-lite.i386 0:1.4.4-0.1.el5 set to be updated --- Package openoffice.org-writer.i386 1:2.3.0-6.5.1.el5_2 set to be updated --- Package dbus-x11.i386 0:1.0.0-7.el5 set to be updated --- Package make.i386 1:3.81-3.el5 set to be updated --- Package m2crypto.i386 0:0.16-6.el5.2 set to be updated --- Package kudzu-devel.i386 0:1.2.57.1.17-1 set to be updated --- Package libgnomeprint22.i386 0:2.12.1-10.el5 set to be updated --- Package yelp.i386 0:2.16.0-18.el5 set to be updated --- Package rhpxl.i386 0:0.41.1-6.el5 set to be updated --- Package gnome-power-manager.i386 0:2.16.0-9.el5 set to be updated --- Package yum-metadata-parser.i386 0:1.1.2-2.el5 set to be updated --- Package tomcat5-common-lib.i386 0:5.5.23-0jpp.7.el5 set to be updated --- Package system-config-printer.i386 0:0.7.32.8-1.el5 set to be updated --- Package control-center.i386 1:2.16.0-16.el5 set to be updated --- Package vsftpd.i386 0:2.0.5-12.el5 set to be updated --- Package wpa_supplicant.i386 1:0.4.8-10.2.el5 set to be updated --- Package rpm-libs.i386 0:4.4.2-48.el5 set to be updated --- Package centos-release-notes.i386 0:5.2-2 set to be updated --- Package
Re: [CentOS] is CentOS an LSB certified product?
Morten Nilsen wrote: And what, pray tell, is LSB? http://www.linuxfoundation.org/en/LSB quote About the Linux Standard Base (LSB) The Linux Standard Base delivers interoperability between applications and the Linux operating system. Currently all major distributions comply with the LSB and many major application vendors, like MySQL, RealNetworks and SAP, are certifying. The LSB offers a cost-effective way for application vendors to target multiple Linux distributions while building only one software package. For end-users, the LSB and its mark of interoperability preserves choice by allowing them to select the applications and distributions they want while avoiding vendor lock-in. LSB certification of distributions results in more applications being ported to Linux and ensures that distribution vendors are compatible with those applications. In short, the LSB ensures Linux does not fragment. If you are an end user looking for Linux distributions that support open standards, please see our list of LSB certified products https://www.linux-foundation.org/lsb-cert/productdir.php?by_lsb. If you are a developer looking to build portable Linux applications that will work on these distributions, please see the Linux Developer Network http://www.linuxfoundation.org/en/Developers./quote ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] School Server Setup
Hi Harry, Some good suggestions so far, and I would add these:- 1. Use postfix for your email, not sendmail. Postfix is much easier to configure and use. 2. Install Webmin - a web based server config tool. This will make package customization easier if you're new to Linux. 3. Look into LDAP for centralized user authentication. You don't want to have to create users on 24 machines if you don't need to. If you're keen to host your own email and web site, then you'll need a domain name that is linked to your IP address - e.g. somewhereinFNQ.qld.edu.au I guess you'll need to liaise with the Qld Edu department on making those DNS changes. Anyway, if you get stuck with anything, please don't hesitate to contact me off-line if you prefer. I'm in the Adelaide Hills, so in global terms that's just next door really. Cheers, Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] School Server Setup
Ian Blackwell wrote: Hi Harry, Some good suggestions so far, and I would add these:- 1. Use postfix for your email, not sendmail. Postfix is much easier to configure and use. 2. Install Webmin - a web based server config tool. This will make package customization easier if you're new to Linux. 3. Look into LDAP for centralized user authentication. You don't want to have to create users on 24 machines if you don't need to. If you're keen to host your own email and web site, then you'll need a domain name that is linked to your IP address - e.g. somewhereinFNQ.qld.edu.au I guess you'll need to liaise with the Qld Edu department on making those DNS changes. Anyway, if you get stuck with anything, please don't hesitate to contact me off-line if you prefer. I'm in the Adelaide Hills, so in global terms that's just next door really. Cheers, Ian PS: Don't forget about a backup strategy. If you're going to host all this data (emails, docs, etc.) on a server, then you need to make sure you put a good backup policy in place. smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vsftp 553 Could not create file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi lingu, | *vsftp 553 Could not create file*** I think this means you have a file with the same name already there, and you don't have permission to replace it. I connected from Windows to my CentOS 5.1 server using the same vsftpd.conf settings, and here's the transcript:- C:\Users\Ianftp 192.168.3.2 Connected to 192.168.3.2. 220 (vsFTPd 2.0.5) User (192.168.3.2:(none)): ian 331 Please specify the password. Password: 230 Login successful. ftp send winscp.RND 200 PORT command successful. Consider using PASV. 150 Ok to send data. 226 File receive OK. ftp: 600 bytes sent in 0.00Seconds 300.00Kbytes/sec. ftp send winscp.RND 200 PORT command successful. Consider using PASV. 150 Ok to send data. 226 File receive OK. ftp: 600 bytes sent in 0.00Seconds 200.00Kbytes/sec. ftp send winscp.RND 200 PORT command successful. Consider using PASV. 553 Could not create file. ftp All worked well until the last send, when I had changed the file permissions for winscp.RND from rw-r--r-- to r--r--r--. This was all with iptables and SELinux running at the time. Hope that helps :) Ian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFITkNKLwWMnKQTL2sRAlk9AJ4iCpB2nDNmpUSLW0nbWOHlEdI60QCePtRw h8nhAQyXZbiNtI+pq3FETiA= =m+rf -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vsftp 553 Could not create file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I mentioned firewall and SELinux to positively exclude them. For me, with both running, I was getting the same error when I was trying to overwrite an existing file with read-only permissions. When the file was read-write I was able to repeatedly overwrite it. Is there anything in your /var/log/vsftpd.log or /var/log/messages log files? Ian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFITkomLwWMnKQTL2sRAuvRAJ9a1O2OR+8D8b0dYhi1fJo2q+JdiQCfU+bU hF9oaR/fUwukpc4tHZ1Lw8g= =gybN -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Boot-Up Progress Bar Show Details Menu is Not Working
Balaji wrote: After some changes the Linux Boot-Up Progress bar Show Details Menu when i enable the Menu it will not shows the start-up services details. When the grub menu appears, press a key to interrupt the countdown timer. Then press e to edit the default boot kernel settings. Follow instructions on the screen as they appear, but the aim is to edit the boot command and remove the rhgb setting on the boot command. This will disable the GUI boot and you'll see a text based boot sequence. At one point, you'll see where the damage is. Using this same technique, you can edit the boot command and add single to the command so the machine will boot into single user mode. You can then correct your error and hopefully the machine will then boot normally. If your server is badly damaged, you may need to boot into rescue mode using the CentOS install CD/DVD. Let us know how you get on :) Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] saslauthd for sendmail SMTP relay
Bernd Bartmann wrote: /var/log/maillog: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed /var/log/messages: saslauthd[3665]: do_auth : auth failure: [user=username] [service=smtp] [realm=] [mech=shadow] [reason=Unknown] Does someone have an idea how to debug this further, esp. how to find the real reason as the message [reason=Unknown] is not very helpful at all. Is saslauthd still running? Could it have failed or not started if the server has rebooted? Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] saslauthd for sendmail SMTP relay
Bernd Bartmann wrote: Thanks Ian. That's indeed the reason. service saslauthd status gives saslauthd dead but subsys locked. Now, what could be the reason why saslauthd was not running any more? cu, Bernd. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hard to say without seeing the logs. Does it restart for you or is it continuing to fail? Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] saslauthd for sendmail SMTP relay
Bernd Bartmann wrote: It did start without any problems. Looks like I found the cause. From the logs I see that someone tried a brute force attach on the SMTP relay with several username / password combinations. Then one of the attempts lead to a segfault of saslauth. Which probably means that there is a bug in saslauthd as it should not be possible to crash a service just by suppling a weird comibination of input data. Sounds to me like you should consider running SELinux - that is if you aren't already :-) . Of course it won't solve the segfault, but it should restrict any damage a compromised saslauthd process can do. Anyway, glad you're on track again. Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] COBOL
Michael wrote: Just curious, maybe some old timers could help me out. I am working with a company that is migrating 20 years of Mainframe Software Development to Unix, HPUX. How much harder would it be to go to Linux, Centos Linux? I think you would be better served looking for a flavour of COBOL that provides portability via platform independence, rather than choosing your platform and then a COBOL to suit. We use ACUCOBOL from Acucorp for this reason. Our code, once compiled, will run on many different platforms without us doing anything. Acucorp had the write once run everywhere idea well before Java did. Also, anyone have any experience with Fujitsu Cobol on Centos? The Fujitsu people only support Red Hat, and said I'd be on my own with Centos. In other words if it works, then I don't care about Fujitsu support. I know some of you are thinking, did someone say COBOL? Nobody uses COBOL anymore! If so, let me say You are wrong. Many large corporations are taking their old business logic that was written in COBOL decades ago, and moving it to new modern platforms, like Linux. Programatically giving these applications a GUI face-lift, while maintaining their original business logic. I know because many companies pay me to do just that. I have a client that wants to use Centos Linux with Fujistu Cobol, and Fujitsu says it's gotta be Red Hat, any help will much appreciated. I know COBOL is still out there, and the latest tools for GUI development let you build apps that users can't recognise as COBOL apps. Business logic in COBOL is rock solid and won't be replaced anytime soon. With a GUI front-end, why change? Thanks, Cheers, Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Show IP Traffic on a port
Joseph L. Casale wrote: I am trying to determine the root of an issue I am having. How can I watch traffic destined to a specific port on my CentOS 5.1 box to see if its even hitting it? It would be udp traffic. Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos If you're using IPTABLES on your CentOS box, then you can watch the traffic hit your rules using watch -d iptables -nvL. The -d will highlight changes (so you can spot them) and you should see the number of packets change as each packet is processed by your rules. If you have a specific chain name that deals with your port, then add that after the -nvL in the command - e.g. watch -d iptables -nvL myChain Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shell script strangeness...
Craig White wrote: That works fine one CentOS 5 (double quotes and backtics) but not on CentOS 4.6 Thanks...I guess it's good enough for now. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I can only imagine it is working in 4.6 because the result of grep entry_chooser.js /var/log/httpd/access_log is either empty or 1 word. The test syntax [ -z xxx ] would report the too many arguments error whenever the grep returned more than one word. You can test this at your command line by typing in:- [ -z one ] and [ -z one two three four five ] The first will return false but you'll just see another bash prompt, the second will report the too many arguments error. This is certainly the case for me using RHEL4.6, so I would imagine CentOS4.6 should be the same. You can also see it explained by these commands and results:- [EMAIL PROTECTED] ~]$ [ -z ] [EMAIL PROTECTED] ~]$ echo $? 0 [EMAIL PROTECTED] ~]$ [ -z one ] [EMAIL PROTECTED] ~]$ echo $? 1 [EMAIL PROTECTED] ~]$[ -z one two three four ] -bash: [: too many arguments [EMAIL PROTECTED] ~]$ echo $? 2 [EMAIL PROTECTED] ~]$ I hope this helps you understand why it is working on one machine but not another. Ian PS: I always prefer $(cmd) to backtics for readability. e.g. if [ -z $(grep entry_chooser.js /var/log/httpd/access_log) ] PPS: grep -q works for me on RHEL4.6 and CentOS5.1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shell script strangeness...
Craig White wrote: On my CentOS 4.6 server, this works... if [ -z `grep entry_chooser.js /var/log/httpd/access_log` ] On my CentOS 5.1 server, this gives me the following error... ./test_file.scr: line 3: [: too many arguments Can anyone explain why the difference and suggest something that makes both cases happy? Thanks Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Not sure why 4.6 is allowing it, but your if test will be resolving to something like this:- if [ -z this line from your log file and another line and even more lines until your if test fails with too many arguments I hope you don't want me to keep typing to make the point ] To fix it, wrap the grep instead double quotes as well as the ticks - e.g. if [ -z `grep entry_chooser.js /var/log/httpd/access_log` ] Then the output from the grep will be seen as one long string, not a multitude of words from your log file. Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Redirects...
This is what I have in my /etc/httpd/conf/httpd.conf file:-
Directory /var/www/html
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{HTTP_HOST}:443%{REQUEST_URI}
[QSA,R=permanent,L]
I hope this helps,
Ian
Craig White wrote:
I'm trying to require SSL for drupal login and admin pages and it seems
that this should work but it doesn't redirect if added to httpd.conf or
to .htaccess (I've tried both)
RewriteCond %{REQUEST_URI} ^/(user|admin)
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L,R]
Shouldn't this be enough so that the URL...(googling suggests that it
is)
http://cms.tobyhouse.com/user/login
is automatically redirected to
https://cms.tobyhouse.com/user/login
?
Craig
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 4.5 - mounting remote windows fileserver using smb or cifs
This works for me... In /etc/fstab:- //share/name/mount/point cifs _netdev,credentials=/etc/samba/cred.txt 0 0 In the credentials file:- username=your-windows-user password=XXX Make sure the credentials file is owned by root and only readable by root. Regards, Ian Tom Brown wrote: Hi I need to mount a windows share on a CentOS 4.5 box running stock kernel etc - I have tried using cifs and also smbfs My fstab looks like //share/name /mount/pointsmbfs username=user,password=password,uid=useridhere 0 0 or the same using cifs When i try and mount that i get the following errors depending on the share type smbfs: mount_data version 1919251317 is not supported CIFS VFS: cifs_mount failed w/return code = -22 i would have thought that cifs was the way forward but any ideas? These use creds are being used on an ancient 7.3 box and they work fine thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
