Re: [CentOS] Where can I find the CentOS gpg keys?
On 04/28/2016 02:29 PM, Albin Otterhäll wrote: Apparently I wasn't clear enough. I'm using Arch Linux (i.e. I haven't access to the gpg key that comes with an installation) and would like to verify the ISO I've downloaded. To-do that I need the key used to sign the "sha256sum.txt.asc" file. I need to import the CentOS Release 7 (and maybe additional keys) from a keyserver or download the keyfile to be able do that. Regards, Albin ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Open up a browser and go to: http://mirror.centos.org/centos-7/7/os/x86_64/ The GPG keys used to sign the RPM packages are in that directory. That may also be the key used to sign the checksum files. Here;s what I did on my system to check: [jleafey@icarus temp]$ gpg --import RPM-GPG-KEY-CentOS-7 gpg: key F4A80EB5: public key "CentOS-7 Key (CentOS 7 Official Signing Key) <secur...@centos.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) [jleafey@icarus temp]$ gpg --verify sha256sum.txt.asc gpg: Signature made Thu 10 Dec 2015 09:41:44 AM CST using RSA key ID F4A80EB5 gpg: Good signature from "CentOS-7 Key (CentOS 7 Official Signing Key) <secur...@centos.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6341 AB27 53D7 8A78 A7C2 7BB1 24C6 A8A7 F4A8 0EB5 [jleafey@icarus temp]$ The bit that says "Good signature" seems to indicate that it was OK. Hope that answers your question! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh freezes
>> On 10/26/2015 01:28 PM, Michael Hennebry wrote: >>> >>> All too often, my ssh session will freeze. >>> I'm fairly certain the problem is at my end. > >>> Any suggestions on how to diagnose? >>> I can remember having this sort of issue a while back. I believe it turned out that our PIX firewall was being a bit too aggressive in pruning what it thought were idle sessions. Adding the following to my ~/.ssh/config file seems to have fixed it: > ServerAliveInterval 15 > ServerAliveCountMax 3 The manpage for ssh_config describes these parameters and how they interact. YMMV! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] (?) Mailman VERY slow with IPv6 (with work-around)
I recently stood up an EL7 box with Mailman for a few lists I run for some friends. My old install, on an EL6 system, ran with no issues for several years but I was induced to upgrade by a "hardware casualty" on the old system. I was going to have to rebuild anyway, so why not take it as an opportunity to try EL7? The build went fine and I was able to migrate the lists over with no issues, but once I got there just about everything to do with Mailman operations were painfully slow. For example, "list_lists" took 5 seconds of "real" time. I was used to it taking _much_ less as I only have about 6 lists. This affected both the command-line Mailman tools and the web interface. My first inclination was to blame Python, but other code executed just fine with it. While testing I tried an strace of list_lists and found that it was timing out on a read operation to a socket to the Avahi daemon (/var/run/avahi-daemon/socket) while trying to resolve the link-local IPv6 address. Having flashbacks to Sendmail stalling on DNS issues I decided to try fixing resolution first. As a test I put the link-local address into my /etc/hosts file with a localized name. Running list_lists then took about 0.19 seconds "real" time! The web interface also changed from painfully slow to it's previous behaviour on EL6. I imagine just turning off IPv6 would work as well, but I have an actual use case that is a lot easier with it turned on. I don't know if anybody else has seen this, but thought it might be handy for someone else. -- Jay Leafey - Memphis, TN jay.lea...@mindless.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 on Dell Inspiron with ATI Radeon HD 6320 video card
On 03/15/2015 05:15 AM, Niki Kovacs wrote: Hi, I'm currently installing CentOS 7 on a client's Dell Inspiron laptop. Here's the video card: # lspci | grep -i vga 00:01.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Wrestler [Radeon HD 6320] Most of the time, I either have to deal with Intel or NVidia graphic chipsets. As far as I understand, I can choose either the free 'radeon' driver or the proprietary 'fglrx' driver with this video card. I'm not too worried about performance, since this will essentially be a laptop for office productivity. On the other hand, I do worry about driver stability. I vaguely remember having seen freeze problems with these cards. Which driver should I use for a most stable setup? Cheers, Niki It sort of depends on your usage. For normal desktop usage, the provided Radeon driver seems adequate and stable. If you have any need for reasonable 3D performance, fglrx is a better proposition. Like you I've mostly dealt with nVidia or Intel video. I had some painful initial issues with the fglrx driver, but once I became more accustomed to the quirks it was quite stable. The wiki at elrepo was helpful. This was on desktop systems, I know the portable chipsets used in the laptops are a bit different. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - disabling IPv6 addressing
On 03/09/2015 12:52 PM, Robert Moskowitz wrote: No change after running this and trying both: system network restart ifdown eth0; ifup eth0 Still having an IPv6 addr. The box has been up for 140 days. Would like to keep it running... This box is really Redsleeve 6, which is the port of Centos 6 to arm. The kernel I am using is the F19 kernel. All of this MIGHT be contributing to things not working as they would on a 'normal' Centos box. I am awaiting the start of the Centos7-arm work ;) Hmm, I've used the information in this link in the past with good results: http://wiki.centos.org/FAQ/CentOS6#head-d47139912868bcb9d754441ecb6a8a10d41781df Don't know how this would with with Redsleeve, but with both CentOS 6 and RHEL 6 it works fine. I was able to disable IPv6 on-the-fly without a reboot using the sysctl -w method. Your Mileage May Vary! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kickstart setup
On 02/03/2015 10:28 AM, Ashley M. Kirchner wrote: Is there a way to use kickstart to boot a machine into a manual setup process? Basically what I'm getting to is this, the machine doesn't not have a CD drive in it (nor can I add one), but I can boot it via kickstart. The install media is on the network. What I'd like to do is boot this machine up and rather than have kickstart do everything for me as far as installing the OS and packages, instead present me with a manual setup (that I can get to via vnc) where I get to pick what I want or don't want on the machine. After it's all done, I'm going to go through the anaconda files and generate a base kickstart for all future installs. Does anyone have an example kickstart file I can go off of to do that? It sounds like you just want to do a VNC install. There is a write-up in the RHEL installation guide on doing just that. You can either have the installer accept incoming VNC connections for the session or have it connect to a listening VNC client via boot arguments. The documentation says that you can just put vnc (or vncconnect={host}) in the kickstart file in the command section and proceed from there. Here's a link to an article in Red Hat Magazine that has a pretty good overview: http://www.redhat.com/magazine/024oct06/features/kickstart/ As usual, YMMV! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kickstart setup
On 02/03/2015 11:19 AM, Jay Leafey wrote: The documentation says that you can just put vnc (or vncconnect={host}) in the kickstart file in the command section and proceed from there. Here's a link to an article in Red Hat Magazine that has a pretty good overview: http://www.redhat.com/magazine/024oct06/features/kickstart/ As usual, YMMV! OK, not QUITE that simple after all. The vnc or vncconnect entries have to be passed to the kernel via grub or syslinux/isolinux rather than in the kickstart file. Your network install media would have to be altered to do this if you cannot add the options to the command line interactively. Sorry! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with deleting a reference in 389DS
On 11/28/2014 09:45 AM, Kevin Thorpe wrote: Hi, I'm having problems deleting something from 389DS. At one point I had a link to use an external LDAP server for authentication for a particular client. I now need to delete this but I am having trouble. Firstly I can't find this object in either the directory manager or ldapadmin. I can see the object using db2ldif: SNIP but I can't delete with ldapdelete: [root@logger ~]# ldapdelete -D cn=Directory Manager -w mypassword -p 389 -h localhost -x dn=cn=bloggsco,dc=mycompany,dc=com ldap_delete: No such object (32) matched DN: dc=mycompany,dc=com any ideas? Just a thought, I don't think ldapdelete wants the DN in the form dn=cn= Try to remove the dn= prefix from the DN. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] trying to kickstart a vm guest from my datastore
On 10/06/2014 10:36 AM, Dan Hyatt wrote: I have a new ESXi server (5.x), and trying to load some VM guests on there. I have the guests configured, but when I try and boot from ISO image, the graphics are so bad it is futile. No worries I normally use kickstart anyways. Because the ESXi (on the same network as my physical servers) cannot talk to the PXE server. But works fine on the network (I can ssh/scp in and out of the ESXi server). i am unable to kickstart from the network. As this is a blade, there is not DVD access. But I have a kickstart file, an iso image on my datastore. Really I have two questions: 1. how do I test or troubleshoot WHY ESXi cannot reach the pxe server. The mac addresses/ips/hostnames of the VM guests are in DNS and DHCP. 2. How do I kickstart a VM guest from the datastore kickstart file/iso image? D. I can't say much about (1), but I do kickstart my VM installs all the time. My approach might not work for you, but here goes. I put all my ISO images on an NFS share from my workstation, which I then configure on my EXSi boxes as a datastore. I then put my kickstart files in a directory reachable via http. I configure the VMs using VSphere and power them on. Since I don't have a PXE server configured it pauses there, so I open the console to the VM, point the CD drive to an ISO image on the datastore, and reboot the VM using send ctrl-alt-del, which then boots from the ISO image. When the boot menu comes, up, I hit tab and append ks=http://{url to kickstart file} to the kernel line and continue from there. The installation generally continues without much manual intervention from there, other than the Initialize Disk? messages. There's a LOT more manual intervention here than I like, but there are constraints in my environment that will not allow me to stand up a PXE server. I have been able to do this with the VSphere client on Windows (grumble!) and the web GUI via VCenter. YMMV! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7: Remove Gnome from GDM options
On 10/04/2014 03:55 PM, Frank Cox wrote: When you click on the gear icon on the GDM login screen, it provides a list of the available desktop environments so you can pick between them. Since I exclusively use Mate on this computer, how can I remove the other options from that menu? Earlier today when I logged in the machine decided on its own that what I really wanted was Gnome Classic, so I had to log out to change it back to Mate, then log in again. I would like to tell it to use Mate exclusively, with no other options to select by mistake. Well, I haven't tried it, but I believe the available session types are stored in desktop files in /usr/share/xsessions. You could move the ones you don't want to a different location and see how the picker in GDM behaves... a bit like swatting a fly with a hammer, but as long as you can move them back it should be OK. I found mention of this in an Ubuntu-oriented forum somewhere, don't recall where. Here's what that directory on my C7 box, with MATE installed, looks like: [root@megamind gdm]# ls /usr/share/xsessions gnome-classic.desktop gnome.desktop gnome-custom-session.desktop mate.desktop [root@megamind gdm]# I would try moving all of the .desktop files elsewhere temporarily and see if that changes the available desktop list. YMMV! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Starting the gotour server on CentOS 6
On 04/18/2014 12:13 PM, Evan Rowley wrote: Hey CentOS folks! I have an interesting issue with starting a server on a CentOS 6 KVM guest. The server (service) in particular is gotour, which is a web application created by Google and their Golang developers, intended to teach users the basics of using the Go programming langauge. When starting gotour, the program claims to be binding to port 12049, but the VM doesn't seem to be serving anything on that port. Upon checking the netstat output, I see a process bound to port 12049. It is definitley possible that the problem is with Go itself, but I'd like to rule out the possibility that something on an out-of-the-box CentOS 6 image might be preventing the server from working. Here is some of the output: [appengine@centos6-paas-dev gotour]$ gotour 2014/04/17 22:04:33 Serving content from /home/appengine/goprojects/firstproj/go/src/code.google.com/p/go-tour 2014/04/17 22:04:33 WARNING! WARNING! WARNING! I appear to be listening on an address that is not localhost. Anyone with access to this address and port will have access to this machine as the user running gotour. If you don't understand this message, hit Control-C to terminate this process. WARNING! WARNING! WARNING! 2014/04/17 22:04:34 Please open your web browser and visit http://10.10.10.205:12049 [root@centos6-paas-dev ~]# netstat -pnaevZ Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program nameSecurity Context ... tcp0 0 10.10.10.205:12049 0.0.0.0:* LISTEN 505224898 9331/gotour fined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [appengine@centos6-paas-dev gotour]$ getenforce Permissive Any ideas? Is that port open in your host firewall? A quick check with iptables should tell you. If 'iptables -L -n | grep 12049' doesn't return something then it might need to be opened up in the firewall. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] yum fails in FIPS mode
I guess my Google-fu wasn't up to this one! I have a system running CentOS 5.9 32-bit running in FIPS mode that I would like to update. Unfortunately, it fails when attempting to run yum update. I've disabled all the repositories except for base and updates and still get the same issue, an error carping about an algorithm forbidden by FIPS. Here's what I see: [root@ctsi1 proc]# yum --disablerepo=\* --enablerepo=updates,base update Loaded plugins: downloadonly, fastestmirror Loading mirror speeds from cached hostfile * base: mirror.beyondhosting.net * updates: yum.singlehop.com digest.c(151): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored Aborted [root@ctsi1 proc]# My searches seem to indicate that FIPS doesn't like MD5, which I thought was pretty much essential to verifying the packages, but I saw no documented work-arounds. I've done a yum clean all (at least THAT works!) and it had no effect. I get the same error on yum repolist, just in case you were wondering. Grasping at other straws, I checked the system time, which is correct (using NTP anyway). Anybody got any ideas about how to work around this? I would really rather NOT reboot in non-FIPS mode to update the system, then reboot in FIPS mode, but if that's the only solution that's what I'll do. Thanks! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is X79 Motherboard supported by latest Centos 5.9 version?
On 08/25/2013 11:13 AM, Steve Brooks wrote: [2] I am still confused how given the kernel reports as being 2.6.18-348.12.1.el5 #1 SMP and not a PAE kernel.. Why am I seeing MemTotal: 3574676 kB Steve As I recall, as of EL6 they no longer ship separate SMP and/or PAE kernels for i386. They're all SMP- and PAE-enabled out-of-the-box. I just looked in http://mirror.centos.org/centos-6/6/os/i386/Packages/ and there is ONLY one kernel package provided. There are kernel-debug, -header, -firmware, -devel and -doc packages, but no -SMP or -PAE packages. I believe it stated as much in the EL6 release notes, at least for the initial release. But I've slept since then... -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sda and sdb reverse order with an external USB drive
On 07/04/2013 10:46 AM, Joseph Hesse wrote: Hello I am using 64 bit CentOS 6.4 on an i7 laptop with one sata drive and a CD drive. I installed CentOS by manually partitioning sda as: sda1 as /boot, sda2 as swap, sda3 as /. The booted system works great. When I insert an external USB drive, formatted as ext3, the hard drive on the laptop and the USB drive are either sda or sdb, depending upon the order on which I insert the USB drive and boot the system. Please see the two mount commands below for each of these situations. This seems to work in either order except for the fact that I don't want my USB drive to automount. What I want is that after I insert the USB drive in a running system and wait 15 seconds, I want to mount the USB drive with the command # mount /mnt. To accomplish this I added a line to /etc/fstab but it didn't work. When I uncomment the last line in fstab (see below) the computer hangs and doesn't boot. I was successful with this strategy on a similar laptop with Fedora 18 but not my current one. Thank you, Joe Hesse I have had similar issues in the past. The take-away is that you cannot depend on device names being stable, it depends on the order in which devices are enumerated at boot time. In my case, an eSATA drive shows up as the first device if it is turned on when the system boots. It apparently enumerates as sda and the rest of the drives are bumped up one drive letter. The system boots OK, but the drive letters are different. When I want to mount the external drive I use LABEL=. When I formatted the external drive I specified a filesystem label and rather than specifying /dev/sdb1 in my fstab I used LABEL=fslabel. That way it doesn't matter what device name comes up, it mounts the filesystem by that label. The label can be added after-the-fact using tune2fs or the appropriate tool for the on-disk format. You can also use UUID=uuid if you prefer to use UUIDs. See the mount manpage for more information. Of course, I could be wrong about what you are trying to accomplish, but I think it might be applicable. YMMV! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What is the recommended method to obtain Pan 0.136+ (with SSL) for Centos 6?
On 05/09/2013 01:31 PM, Rock wrote: I'm really no good at compiling unless all I have to do is issue the make command. So, maybe I'll have to hold off on compiling Pan 0.136 with stunnel... I was able to take the source RPM mentioned earlier and update it to build 0.139. The result has some quirks I was not used to, like remembering the last newsgroup I used, but it does work OK, including SSL. You can find the specfile I used at: http://pastebin.com/deUZpESH My build was under CentOS 6 (6.3 to be precise) 64-bit, I haven't tried any others. You will have to download the pan sources, but that shouldn't be too hard. Use rpmbuild (rpmbuild -bb pan.spec) and it should create a usable RPM, assuming you have the prerequisites installed. If not, rpmbuild will tell you what you need to install. No warranty is expressed or implied, no assurance of usability is provided, etc. Like any open-source project, if you break it you own both pieces. All I know is that it works for me. YMMV! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is my default DISPLAY suddenly :3.0?
On 04/26/2013 07:06 PM, Keith Keller wrote: On 2013-04-26, Joakim Ziegler joa...@terminalmx.com wrote: Sorry, brain fart, I'm running CentOS 6.3, not Fedora. The weird thing is that this changed after a reboot. I haven't done any updates that seem relevant lately either. And yes, I know :0.0 shouldn't be depended on, but it seems weird that it'd change like that for no good reason. Agreed. You might take James' advice and check the X logs. If you're lucky, if the issue is a couple of failures to start X, the successful start won't have written over the previous logs. (I'm not sure how you'd be able to tell if you were unlucky and X had to restart a few times but overwrote the log.) --keith I've seen this from time to time. It always seems to happen when I change run levels without a reboot. That makes me think it may have something to do with an earlier post, when an old X session does not exit completely before the new one. In any case, it seems to have little impact on how it all works. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Does CentOS support dual graphics cards with 2 monitors each?
On 03/28/2013 05:08 PM, Alfred von Campe wrote: I have a user who wants to have 4 monitors attached to his CentOS 6.4 system. I know that you can't use both on-board video and a PCI video card at the same time, but what about two PCI video cards? The system seems to recognize them as shown by the lspci -v output below, but I can't get Xorg to use the second card. Has anyone done this? If so, what is the trick to get it to work? Alfred It appears you are running the open-source nouveau drivers. I'm running dual monitors, albeit on a single nVidia card, but I'm using the nVidia packages from the elrepo repository. Look at http://elrepo.org/tiki/kmod-nvidia for more details. Just my $.02 -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CUPS halts when no Internet
On 03/04/2013 07:52 PM, Juan De Mola wrote: The logs only show LPD backend failed. I have tested restarting networking, re enabling printers, restartig the service. The only way to print is sending release commands from the CUPS web interface. The telnet login screen also become slow when the Internet goes down. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hmmm... this sounds like common issues that crop up when you are having DNS resolution issues. Are the name servers for your network on the other end of the ADSL connection? If so, you might be able to resolve some of the issues by editing the hosts file to make sure the local systems are resolving even when the name servers are unavailable or running a local caching nameserver. Just a thought! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bind - built in root hints?
A LONG time ago an older (at the time, I think I've caught up) sysadmin told me to use dig to update the named.ca file. Periodically he would run dig with no arguments and compare the output to the existing /var/named/named.ca file and copy it over the old one if anything had changed. Maybe it's a bad habit, but I still do it. I haven't had any adverse issues with it for about 15 years now. Your mileage may vary! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setting up bind - location for includes
On 02/15/2013 10:44 AM, Robert Moskowitz wrote: I am setting up bind this time around (just rebuilt my test machine via Kickstart) without chroot. I have a fair number of includes for named.conf; I have two views and other odds and ends. My thoughts are to make a directory; /etc/named.d to put all these includes into instead of 'dirtying' up /etc. This way the only files I replace/add to /etc are named.conf and rndc.key (I would like to work the latter around to also be in named.d, but this impacts rndc itself). Thoughts on this? Anyone else have a well segmented named.conf file? That's my line of thinking too. I normally have a pretty skeletal named.conf file, with all the heavy-lifting going on in files included from directory /etc/named.d. It seems to me that a more modular approach minimizes the impact of fat-fingering and generally makes it easier to change out chunks of configuration as needed. (named-checkconf is your friend!) Just for reference, at my place of employment I'm running a hidden master server and two separate sets of slaves for internal and external access for about 60 separate forward and reverse zones. The named.conf file basically consists of a single options stanza followed by a series of include statements. The includes themselves have other files that they include, the tier depth is about four levels deep at most. So far (knock on head) this has worked out fine for the last 8 years or so. Before that I was attempting to use a monolithic named.conf file and found it an absolute bear to maintain. Smaller pieces means smaller problems, once you've got the overall framework. Just my $.02! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setting PS1 for ordinary users
On 10/10/2012 04:43 PM, Nux! wrote: On 10.10.2012 19:52, m.r...@5-cent.us wrote: I have loked in/etc/profile.d and /etc/bashrc and I cannot see what condition is triggering the different behaviour. I'd guess whether there's a ~/.bashrc. I've got mine set the way I want it; I don't remember a ~/.bashrc being automagically created for new users. New users' homedirs are populated from /etc/skell if you use useradd, which do contain a .bashrc (and more). Another way (there is ALWAYS another way!) to do this for new accounts is to modify the /etc/default/useradd file and set the SHELL= line to use the shell you want. The unaltered file on my C6.3 box contains SHELL=/bin/bash. Of course, that doesn't help on existing accounts. YMMV -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kmod-nvidia?
On 07/20/2012 10:32 AM, m.r...@5-cent.us wrote: Now that he's up, which was my highest priority, I'm back to looking around. I did a yum clean all, then yum --enablerepo=elrepo list \*nvidia\*, and see * elrepo: mirror.symnds.com so this was what the mirrorlist came up with. That there's something screwy there. So I just pointed my browser there, and found elrepo there under distributions/elrepo. Anyone got any ideas why it finds that it's there, but yum doesn't see the actual repo (and yes, the kmod-nvidia packages are there)? mark Here's what the same operation looks like on my box: [jleafey@megamind ~]$ sudo yum list \*nvidia\* Loaded plugins: downloadonly, fastestmirror, priorities, refresh-packagekit, : security Loading mirror speeds from cached hostfile * base: dallas.tx.mirror.xygenhosting.com * elrepo: elrepo.org * epel: mirror.steadfast.net * extras: mirror.raystedman.net * nux-libreoffice.org-rpms: mirror.li.nux.ro * rpmforge: mirror.us.leaseweb.net * updates: mirror.raystedman.net 1314 packages excluded due to repository priority protections Installed Packages kmod-nvidia.x86_64295.59-1.el6.elrepo@elrepo nvidia-x11-drv.x86_64 295.59-1.el6.elrepo@elrepo Available Packages kmod-nvidia-173xx.x86_64 173.14.31-1.el6.elrepo elrepo kmod-nvidia-96xx.x86_64 96.43.20-1.el6.elrepo elrepo nvidia-x11-drv-173xx.x86_64 173.14.31-1.el6.elrepo elrepo nvidia-x11-drv-173xx-32bit.x86_64 173.14.31-1.el6.elrepo elrepo nvidia-x11-drv-32bit.x86_64 295.59-1.el6.elrepoelrepo nvidia-x11-drv-96xx.x86_6496.43.20-1.el6.elrepo elrepo nvidia-x11-drv-96xx-32bit.x86_64 96.43.20-1.el6.elrepo elrepo [jleafey@megamind ~]$ Just a thought, have you tried flushing yum's metadata? I have run across a couple of instances where yum seems to get a bit... retentive and won't retrieve new metadata for one or more repositories. I usually run yum clean metadata or yum clean all, then re-try the operation. Unless it is something *I* have boogered badly it usually works. Of course, YMMV! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] (?) Dual-monitor wallpapers on CEntOS 6
I've recently set up two workstations running CentOS 6, one with an nVidia card and the elrepo drivers and one with an ATI Radeon card with the elrepo fglrx drivers. Both work well, but one aspect of the systems works different from CEntOS 5 on those systems: I cannot get a wallpaper image to span the two monitors. I have tried both with and without xinerama and there is no difference in this regard. The specified wallpaper is displayed on both monitors. Has anybody else run across this or a solution? I freely admit, this is a trivial issue. It's strictly an aesthetic matter and I'm curious as to why it doesn't work the same. Just wonderin' -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] (?) Dual-monitor wallpapers on CEntOS 6
On 06/07/2012 04:08 PM, m.r...@5-cent.us wrote: For the nVidia one, are you using the nVidia X server setting applet? mark Yes, I am. I used the nvidia-xconfig program to set the initial display configuration. I believe I used the options --twinview --dynamic-twinview when I ran it. Here's the relevant sections from /etc/X11/xorg.conf: Section Device Identifier Device0 Driver nvidia VendorName NVIDIA Corporation BoardName GeForce 8400 GS EndSection Section Screen Identifier Screen0 Device Device0 MonitorMonitor0 DefaultDepth24 Option TwinView 1 Option TwinViewXineramaInfoOrder DFP-0 Option metamodes DFP: nvidia-auto-select +0+0, CRT: nvidia-auto-select +1920+0 SubSection Display Depth 24 EndSubSection EndSection As you can see, I've got one monitor on the DVI connection and one on the VGA. Both monitors are the same resolution, 1920x1080. Oddly, it only shows one Monitor section in the file, the one for the DVI connection. I believe this is an artefact of the dynamic-twinview option, the second monitor appears to be detected on-the-fly. Any thoughts? -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] (?) Dual-monitor wallpapers on CEntOS 6
A bit more Googling found the answer: it is a regression caused by a fix in Gnome to fix a reported problem where some individuals found it too difficult to create dual-monitor wallpapers. Apparently there are some patches available to the control-center package that will add a spanning option to the desktop background control, but Red Hat NAKed the change for 6.1. Apparently this is available in Fedora 12, but the option is missing in RHEL 6. See https://bugzilla.redhat.com/show_bug.cgi?id=616701 for the response. I may try to rebuild the control-center RPM with the patches when I get some time. I'll post here if I make any progress. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SPF Record questions
On 02/18/2012 12:16 PM, Jonathan Vomacka wrote: On 2/18/2012 12:53 PM, Reindl Harald wrote: A great resource is www.openspf.net. It has a lot of information on formatting SPF records and a tool that will help you test your rules. Hope that helps! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP encryption, not sure.
On 02/15/2012 08:20 PM, Fajar Priyanto wrote: Basic question... What's the different between TLS and SSL in LDAP? I googled no clue yet. A plain-old LDAPS (LDAP over SSL) connection starts off from the very beginning as an SSL connection on port 636. When using LDAP and TLS, the initial (unencrypted) connection is made to port 389 and the SSL connection is negotiated on-the-fly. Logically, the unencrypted connection is made initially, then the client and server start up an SSL handshake if both ends support it. The LDAP-over-SSL (LDAPS) method as been deprecated and the preferred method is LDAP and TLS. The TLS method is no less secure as the only thing that goes over the wire unencrypted is the SSL handshake. Just my $.02 -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] School cloud solution
On 11/05/2011 09:43 PM, Doug Coats wrote: I understand what google docs offers but it comes with the need for an email address that i can not make students have, the inability for me to control who has access to which files, and no way to get teachers access without each student configuring that on their own. My teachers have enough to worry about. They will not use a solution that is more difficult then what we already use. Any solution has to be a clear upgrade with advantages for it to be adopted. Sent from my ASUS Eee Pad How about OpenGoo, AKA Feng Office? (http://sourceforge.net/projects/opengoo/) It purports to provide a Google Docs-like experience but can be self-hosted. The community edition might give you a lot of what you want. YMMV! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Migration Assistance
I've used the instructions at http://wiki.centos.org/HowTos/MigrationGuide to move an RHEL system to CentOS with reasonable results. Of course, YMMV. It sounds like you have the added complication of a virtual-to-physical, I can't say much about that as it is not something I have done. Physical-to-virtual (w VMware) yes, but not v2p. Good luck! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PKA help
On 08/03/2011 12:51 PM, Todd wrote: Hi All, I was able to create a public key for one of my servers that I log into frequently. Now I want to do this for a few more servers (where I use the same user id) and my user id on my laptop is the same as the servers. I also want to use PKA for other users accounts on the servers (for website editing and SFTP transfers) where my id on my laptop does NOT match the user on the server. I dont see at all how to make these changes as I already have an id_rsa and id_rsa.pub. So as an example: my user id on my laptop is: jtsm and the user id i want to log into the server as is: wwwdata Can anyone shed some light on how to setup multiple PKA on a single laptop with a single user account connecting as multiple user accounts to the server? -Jason Since you've already generated an SSH key pair, you can add the public portion of your key to the authorized_keys file for each of the accounts to which you will be connecting. For example, say I have two accounts on a server, jleafey and webapps. All I would need to do is to concatenate the public key (id_rsa.pub) to the .ssh/authorized_keys file for each of those accounts. I would then specify the username when I connect, i.e. ssh webapps@server or ssh jleafey@server. This is very easy to do if you are using the OpenSSH client. If you are using Putty under Windows there is a configuration entry where you can specify the username under which you are connecting. YMMV! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] managing a rack full of centos servers
I usually use SSH keys in conjunction with ClusterSSH (http://clusterssh.sourceforge.net), I have been using the 3.27 version with good results. It makes managing batches of servers a bit easier, allowing the execution of the same command across multiple systems at the same time. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.6 - SRPM's
I got frustrated with having to edit my repo files every time an update came along to the release package, so I looked for a better way. What I found was http://www.gurulabs.com/goodies/YUM_automatic_local_mirror.php, which gave me the clues I needed to have my local repositories added to the mirror list dynamically. I hacked the script a bit to make it work with CentOS and fit my situation a bit better, but it's written in Perl so it should not be too hard to figure out. Once set up, all you need to do is point the DNS name mirrorlist.centos.org to your local server. I've used manual /etc/hosts entries and DNS, both work just fine. I've been using it for a couple of years now with good results. As always, YMMV. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best way to extend pv partition for LVM
Kai Schaetzl wrote: I've replaced disks in a hardware RAID 1 with larger disks and enlarged the array. Now I have to find a way to tell LVM about the extra space. It seems there are two ways: 1. delete partition with fdisk and recreate a larger one. This is obviously a bit tricky if you do not want to lose data, I haven't investigated further yet. 2. create another partition on the disk, pvcreate another pv and then add it to the existing volume group with vgextend 3. a possible third way: increase the partition size. According to Google most if not all disk tools want to resize a file system as well and since there is no file system they will fail. I'm not sure about the status with this for the tools that come with CentOS (fdisk, parted, other?) No. 2 seems to be the easy way. Any objections? One I thought of: What does happen when I use No. 2 and I add new lvs? Can it happen that new lvs get spanned over both pvs or can I assure that a pv gets created using only one of the pvs? (I would prefer the latter, it doesn't matter if I use a few MB because of the ineffectiveness of allocation.) Thanks for recommendations. Kai Kai, I ran into the same circumstances a while back and, after a lot of consideration and testing, I chose door #2. It's the most expedient way to do it if you have no other resources available, but it does have some inefficiencies involved in it. You COULD use option #1, but it requires some additional resources and a LOT of shuffling. Specifically: - add an extra disk to the volume group (pvcreate, vgextend) - move the extents off of the old PVs onto the new PV using pvmove - drop the PVs from the old disks out of the VG - delete the PVs from the old disks - repartitioned the old disks - created PVs on the old disks - added the new/old PVs to the VG - move the extents from the temporary PV to the new/old PVs - remove the temporary disk from the VG, delete the temporary PV WAY too much shuffling and moving parts to suit me. The system never has to shut down, but performance can truly go into the dumper while pvmove is shuffling bits. I was originally thinking option #3 would be the best (i.e. most efficient) way, but on a test system I tried several times to extend the partitions to include the extra space and failed miserably. Like you, I got stalled at the point of trying to extend the partitions. parted seems to refuse to do so unless there is a supported filesystem on the partition, which does not seem to include LVM. If anybody has some hints about how to work around parted's reluctance to merely extend an arbitrary partition, I'd really like to know! I know I could use fdisk to delete the old partition and recreated it at a larger size, but that scares the bejesus out of my timid soul, having had power failures during critical operations on more than one occasion. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Load balancing...
I've used round-robin DNS with good success, but I added some additional tweaks using Heartbeat to manage the actual addresses. A typical case is where you have two systems that will be used to offer a service. Each machine has it's own IP address, but in addition there are a pair of IPs for the SERVICE that are managed by Heartbeat. The round-robin DNS entry points to the service addresses, not the primary addresses of each node. When one node goes down, Heartbeat on the other node causes it to take over the failed node's service address. This minimizes the time where the resolved address points to a dead node. so the window for failure is narrowed significantly. We've used this for DNS server, LDAP servers, and simple web servers with good results. This is NOT an absolute fail-proof way of doing it, but it's easy to implement and is good enough in many cases. We've had some situations where Heartbeat didn't detect node failure quickly, but overall we've gotten acceptable results. Your mileage may vary! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ken Olsen od DEC, 1927-2011
Les Bell wrote: Raymond Lillard r...@sonic.net wrote: The statement is generally quoted without context as it is here. Correct. Olsen is also famous for saying People will get tired of managing personal computers and will want instead terminals, maybe with windows. (by which he meant, a windowing graphical terminal, a la X). He was right about that; witness the popular disenchantment with MS Windows and its endless cycle of patching, upgrades, malware removal and registry cleanup, and the fascination with cloud services accessed by lightweight clients like netbooks, tablets and phones. That's been good for the Linux and Centos communities, who have provided low-maintenance services for clients both on the desktop and in the cloud. I worked for Digital from 1984 to 1998 (a little after Compaq bought DEC) and I heartily agree that Ken had a massive impact on the face of computing today. The engineering and technical folks absolutely loved him. OTOH, it was my impression that the sales and marketing folks frequently cringed when he spoke in public. In addition to the quote above, he also declared that UNIX is snake oil. He later claimed to have been misquoted, but given the state of UNIX at the time I can't say I disagree entirely! Much as I love Linux, I'd still prefer to be running VMS on an x86 desktop box! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
We've got a CentOS/Apache server with a ton of content providers that only have write access to specific directories. In our case, we use ACLs to grant access to the specific parts of the /var/www/html tree. If there's only one or two users, we usually add individual ACL entries for each, if there's a herd[1] of them we set up a group, make them members, and set the ACLs to use the group. I'm surprised nobody brought it up already! [1] users come in herds, like all forms of cattle. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] smartmontools SRPM fails
Mike McCarty wrote: Mike McCarty wrote: [...] $ rpm -ivh smartmontools-5.39.1-2.el6.src.rpm warning: smartmontools-5.39.1-2.el6.src.rpm: V3 RSA/MD5 signature: NOKEY, key ID fd431d51 Hmm, maybe I need a later version of RPM. https://bugzilla.redhat.com/show_bug.cgi?id=436812 Mike As I understand it, there have been some changes in the checksum methods in the newer versions of RPM. If you want to install package built with the newer versions, you need to add the --nomd5 option to the rpm command to avoid the signature errors: rpm -ivh --nomd5 smartmontools-5.39-1.2.el6.src.rpm Of course, once that's done the fun is just starting. Since the original was built for RHEL6, it may have dependencies on newer versions of other packages. Your mileage may vary. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync via crontab spawns over 20 processes
aurfal...@gmail.com wrote: No hard links, some sym links. But I see what you are saying. Here is my crontab entry via /etc/crontab * 22 * * * root rsync --delete -avvH --progress source target - aurf So you want rsync to run every minute in the 10 PM hour? I think that first * needs to be replaced with a number designating the minute within the hour during which you want it to start. What you have there would kick off separate jobs at 22:00, 22:01, 22:02, etc. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fixing filenames with directories with spaces in the names
Craig White wrote: Should be simple and perhaps I'm tired but it's not coming to me. In its simplest form... for old in `cat $FILENAME`;do echo $old dirname $old new=$(echo $old | sed 's/\*/\-/') done I'm trying to take out some stupid Macintosh things - in this case filenames with asterisks but I have others like tilde's and probably others that I haven't come across. I found a nice little Perl script named cmv that will do all sorts of file name transformations along the lines you were discussing. You can get it at http://felix.canids.net/plaintext/cmv Essentially you pass it a Perl regular expression string and a list of files to use the string upon. If you wanted to replace all occurrences whitespace with a single hyphen for the files in a directory: cmv 's/\s+/-/g' * This would find all instances of one or more white space characters and replace them with a single hyphen for every file in the current directory. I've used this for about a year now and it has worked great. Hope that helps! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail Transfer of Large Files
Les Mikesell wrote: On 11/19/10 3:16 PM, Michael D. Berger wrote: On my intranet, I sometimes transfer large files, about 4G, to an CentOS old box that I use for a web server. I transfer with ftp or sftp. Usually, before the file is complete, the transfer stalls. At that point, ping from the destination box to the router fails. I then deactivate the net interface on the destination box and then activate it. Ping is then successful, and the transfer is completed. The transferred file is correct, as verified with sha1sum. All connections are via cat6 wire. So what do you think? Should I try changing the net card? Any tests to run? Any other suggestions? I haven't seen anything like that, at least in many years so it probably is hardware related - but make sure your software is up to date. As a workaround, you might try using rsync with the --bwlimit option to limit the speed of the transfer - and the -P option so you can restart a failed transfer from the point it stalled on the last attempt. This does ring a bell, but the circumstances were a bit different. In our case we were transferring large files between home and a remote site. SFTP/SCP transfers were stalling part-way through in an unpredictable manner. It turned out to be a bug in the selective acknowledgment functionality in the TCP stack. Short story, adding the following line to /etc/sysctl.conf fixed the issue: net.ipv4.tcp_sack = 0 Of course, you can set it on-the-fly using the sysctl command: sysctl -w net.ipv4.tcp_sack=0 It helped in our case, no way of telling if it will help you. As usual, your mileage may vary. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] xServes are dead ;-( / SAN Question
Nicolas Ross wrote: Thanks, On 11/05/2010 04:34 PM, Nicolas Ross wrote: Now with this said, I am searching for documentation on operating a SAN under linux. We are looking at Quantum StorNext FS2 product for the SAN itselft. I'm not sure how much help you'll get from the community. StorNext is a proprietary product that appears to have its own drivers and management tools. If you want documentation, ask the vendor for it. Is there any other solution for building a SAN under linux ? We're using a somewhat aged HP StorageWorks EVA3000 SAN and a 2 Gb fibre channel infrastructure with our CentOS 4 servers running the Red Hat Cluster Suite to support several instances of Oracle. The hardware includes Qlogic FC controllers and Brocade FC switches. It actually works quite well, though the versions of RHCS for RHEL/CentOS 4 are a bit complicated for today's needs. We are currently working to migrate this to an EMC CX4 SAN on an 8 Gb fibre channel infrastructure with Dell blade servers. We're using RHEL 5 and Oracle's cluster toolkit and it seems quite an improvement over RHCS and GFS2. OCFS2 seems to have caught up with GFS2 as far as capabilities go and is laughably simple to configure compared to RHCS 4. Of course, with it working so well we haven't had much opportunity to develop troubleshooting skills. We also use a LOT of iSCSI SAN connections, using either iSCSI servers from HP or Dell or general-purpose machines running OpenFiler. Performance isn't quite up to the 8 Gb/s SAN speeds, but with Gigabit Ethernet and jumbo frames it's pretty respectable. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forbidden: can't access *.html files in /var/www/html
Alexander Farber wrote: Hello, I'm using the latest CentOS with phpBB 3.0.x + postgreSQL + sendmail (relayed through gmail.com) - all those programs working fine, with no big modifications of the CentOS defaults (i.e. SELinux is on). Now I'm struggling with the seemingly simple problem, that when I put an .html file into /var/www/html/ then Apache won't serve it. SNIP I've looked into /etc/httpd/conf/httpd.conf and conf.d/ files... Does anybody know what is wrong, how to find out? Regards Alex Did you possibly use mv to put the file in that directory? If so, it will not always set the file context properly. You can tell if you will check to see if SELinux is active (run getenforce and see if it returns Enforcing) and use the -Z switch to ls to see the file context of the problem files. If the context is not httpd_sys_content_t or something similar you need to fix the context. Fixing it is easy, just run restorecon: restorecon -rv /var/www/html This will walk down the directory tree and fix up the file contexts, giving you a message about the files it changes. Of course, if it isn't an SELinux problem, this won't help. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] netstat - kill by pid ?
Carlos S wrote: I am writing a small script to kill process(es) listening on particular port number. Here I am particularly looking at Java servlet-containers like Tomcat and JBoss, which sometimes don't complete their shutdown process and it still shows up as running process with ps or netstat. This needs to be kill-ed and for that knowing pid of that process is necessary. The netstat by default doesn't give only pid(s), so one has to use sed/awk/tr like utility to extract pid info. Does anyone know any program/utility which gives pid(s) based on listening port numbers? Or is there any option in netstat that I am missing? Thanks, CS. fuser will do what you want. If you were looking for something listening on port 80, for instance: [r...@server ~]# fuser -n tcp 80 80/tcp: 3420 3718 3719 3721 3722 3723 3725 3726 3727 [r...@server ~]# The banner ( 80/tcp: ) is sent to STDERR and the actual PIDs to STDOUT, so you could do something like this: for procpid in $( fuser -n tcp 80 2/dev/null ) do kill ${procpid} done fuser requires root access. For more, man fuser -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Finding DHCP IP of guest system
JohnS wrote: Why you scrub the MACS? Sheer paranoia and long-standing habit. Elaborate, you that paranoid? Over paranoid gets you faster than scrubing MACs. I would worry about, does my router have holes in it? Plus let your MAC fly on the wireless network. I let my neighbor connect to mine, they can't afford the internet. One caveat, all they have is net access. Back in the mists of time, when I was working with VAXen and DECnet Phase IV, the general practice in our shop was to be careful about making MAC addresses generally known. Seems a quaint habit considering the network today, but old habits are sometimes hard to break... and they are not always a bad thing! As far as the security of my home network goes, I get a giggle every time I scan for wireless networks at home. Mine is the ONLY network that I can reach that is encrypted. As far as paranoia goes, one of my mentors once told me that a mild degree was a useful attribute for a system administrator. It tends to make one spend more time thinking about what CAN go wrong, which is great if you actually put the results into practice. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Finding DHCP IP of guest system
I had the same issue on my local network (DHCP server could not update DNS) so I cobbled up a shell script that runs periodically to update DNS manually. It does a ping-sweep using nmap -sP 192.168.1.0/24 and parses the output. The output (obfuscated and abbreviated) looks like this: Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2010-07-16 20:53 CDT Host 192.168.1.1 appears to be up. MAC Address: **:**:**:**:**:** (Unknown) Host 192.168.1.2 appears to be up. MAC Address: **:**:**:**:**:** (Compaq Computer) Host workstation.local (192.168.1.5) appears to be up. MAC Address: **:**:**:**:**:** (Hewlett Packard) Host printer.local (192.168.1.9) appears to be up. In my case, I added the MAC address/DNS name pairs in /etc/ethers and use that to drive the process. I've even got a few VMware hosts with bridged interfaces, they work the same as the physical machines. Admittedly, it's a heck of a kludge. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Finding DHCP IP of guest system
JohnS wrote: Awsome but a Day Late and a Dollar Short Care to share that shell script please. OK, but I warned you, it's a kludge. #!/bin/bash # # Get a list of the hosts on the local network via nmap -sP and check # them against the ethers file to retrieve the host name, if any. # Check DNS to see if the DNS entries match it in the local domain and, # if not, make the necessary changes. # # $Id$ # Jay Leafey - 10/29/2009 # TEST=0 test $# -gt 0 TEST=1 NSUPDATES=$( mktemp -t dynamic_dns.XX ) ME=$( hostname -f ) echo server localhost ${NSUPDATES} nmap -sP 192.168.1.0/24 | \ while read f1 f2 f3 f4 f5 do if [ ${f1} == Host ] then if [ ${f2} == ${ME} ] then continue fi read m1 m2 m3 m4 m5 MYIP= if [ ${f2%.*} == 192.168.1 ] then MYIP=${f2} else MYIP=$( echo ${f3} | sed 's/[\(\)]//g' ) fi MYMAC=${m3} MYHOST=$( grep -i ^${MYMAC} /etc/ethers | awk { print \$2 } | tr A-Z a-z) #~ echo ${MYMAC} ${MYIP} ${MYHOST} if [ ${MYHOST} ] then #~ Set the forward DNS entry DNSIP=$( host ${MYHOST} 2/dev/null | awk '/ has address / { print $NF}' ) if [ -z ${DNSIP} ] then echo -e update add ${MYHOST}.local 2400 IN A ${MYIP}\n ${NSUPDATES} elif [ ${MYIP} != ${DNSIP} ] then echo update delete ${MYHOST}.local IN A ${DNSIP} ${NSUPDATES} echo -e update add ${MYHOST}.local 240 IN A ${MYIP}\n ${NSUPDATES} fi #~ Set the reverse DNS entry DNSRR=$( host ${MYIP} | awk '/ domain name pointer / { print $1 }' ) DNSPTR=$( host ${MYIP} | awk '/ domain name pointer / { print $NF }' ) if [ -z ${DNSPTR} ] then echo -e update add ${MYIP##*.}.1.168.192.in-addr.arpa 2400 IN PTR ${MYHOST}.local.\n ${NSUPDATES} elif [ ${DNSPTR} != ${MYHOST}.local. ] then echo update delete ${DNSRR} IN PTR ${NSUPDATES} echo -e update add ${DNSRR} 2400 IN PTR ${MYHOST}.local.\n ${NSUPDATES} fi fi fi done if [ ${TEST} -gt 0 ] then cat ${NSUPDATES} exit fi if [ $( wc -l ${NSUPDATES} ) -gt 1 ] then #cat ${NSUPDATES} nsupdate ${NSUPDATES} if [ $? -ne 0 ] then echo nsupdate failed: cat ${NSUPDATES} fi fi rm -f ${NSUPDATES} exit The code makes a LOT of assumptions that may only be valid in my home network, but perhaps the ideas will be useful. I have considered rewriting this in Perl, but it works and I really need the time for other projects. Why you scrub the MACS? Sheer paranoia and long-standing habit. Enjoy! -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fresh install of centos looking for non-existant /dev/hda : /dev/hda: open failed: No medium found
Robert Heller wrote: At Tue, 29 Jun 2010 11:39:35 -1000 CentOS mailing list centos@centos.org wrote: # lvm pvs /dev/hda: open failed: No medium found Couldn't find device with uuid r5HNPO-l18V-XfJ7-9RXY-AaWC-a4YY-3oL5h7. PV VG Fmt Attr PSize PFree /dev/sda2 VolGroup01 lvm2 a- 232.72G 0 /dev/sdb1 VolGroup00 lvm2 a- 232.81G 32.00M unknown device VolGroup00 lvm2 a- 232.72G 32.00M I just installed the OS, did some tweaks, but did nothing to hardware. There was no /dev/hda listed when I went through the partitioning page of the install. Where did this come from? I'm guessing you have some sort of IDE CD/DVD-ROM/R/RW drive. How do I get rid of it? Remove the IDE CD/DVD-ROM drive :-) Does it matter? No. mahalo, Dave If the message is too distracting, you can exclude the specific devices from the LVM physical volume scan by defining a filter. You can do this by editing /etc/lvm/lvm.conf, there examples there. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux
Whit Blauvelt wrote: SNIP Then why was it also happy with sh /etc/init.d/smb start but not /etc/init.d/smb start. I'm happy to become more educated on this. But if invoking a major daemon startup that selinux wants to block is as easy as that, selinux is window dressing, not security. What am I missing about how that's anything like useful? As I understand it, the two different methods of invocation could involve different SELinux contexts. Under one of them the process could be less constrained than the other. If you want details, you'll have to look elsewhere, I'm just another seeker! I've found that running the SELinux troubleshoter has been very helpful. SELinux can be a royal pain, particularly with software not written with it in mind (cough*Oracle*cougn). I try to discourage the just turn off SELinux mindset... it sorta reminds me of the excuses for NOT using seat belts. In your case, there should have been AVC errors showing up in the audit log related to smbd. Using restorecon to fix up the security context on the files in /etc/samba might have resolved the issue quickly... but I guess the trick is having run across it before, eh? The best cure for mistakes is experience. The best source of experience is mistakes. - YMMV -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Small touch screens that works with CentOS
On Fri, March 19, 2010 06:44, Pascal Robert wrote: Hi, We want to display on a small LCD screen next to our meeting rooms and optionally let people book the room from the panel. We looked at different providers and those solutions either works with Exchange or Lotus Notes... Since I already have code to fetch events from any CalDAV/WebDSV servers, I'm looking at building the system myself. So I'm wondering if any of you can recommend small LCD screen that works well with Linux (the app would be a full screen Web app, browser have to be Gecko or WebKit based), and even better if the screen can have « touch buttons » (so that people don't have to use a physical keyboard to book the room), that's even better. I guess my other option would be a iPad. -- Pascal Robert I saw something on ThinkGeek that might suit your needs: http://www.thinkgeek.com/computing/usb-gadgets/bfa3/ They have simple and touch screen models. The monitor itself should be usable in Linux (I've seen similar monitors used in Linux) but I don't know about the touch screen. -- Jay Leafey Memphis, TN ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP Server Access Problem
Paul R. Ganci wrote: Note that ldap 'client' applications like ldapsearch use /etc/openldap/ldap.conf so I would suspect that the 'certificates' used by the 2 machines are different. This might be the missing piece. The certificates were generated from a signing request to CAcert. However, while the certificate is installed on the server machine it is not installed on the remote machine. I didn't think that was necessary especially given that the certificate was generated explicitly for example.mydomain.com. I can try this. I do know that the CAcert root certificate is not accepted by LDAP as coming from a valid certificate root authority. I manage to get around this by explicitly adding CAcert's root certificate to /etc/pki/tls/certs/ca-bundle.crt and adding that path to the /etc/openldap/ldap.conf config. I will try installing the certificate and then adding the path in /etc/openldap/ldap.conf. I probably should have shown the /etc/openldap/ldap.conf file. For the record here it is: HOST example.mydomain.com BASE dc=mydomain,dc=com URI ldaps://example.mydomain.com:636/ tls_cacertfile /etc/pki/tls/certs/ca-bundle.crt TLS_CACERTDIR /etc/openldap/cacerts Have to go to work now so will try later. Thanks. add -d 256 (or even higher debug level) to the ldapsearch command for debugging - I'm not going to hazard any actual guesses. Thanks for this suggestion ... should have thought of it myself. It occurs to me that you can turn off certificate validation by setting the TLS_REQCERT entry in either /etc/openldap/ldap.conf or ${HOME}/.ldaprc. Here's part of my .ldaprc: TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt TLS_REQCERT never If you run ldapsearch in with -d 1 you will see that it is indeed using the server's certificate but is not checking it for validity. I usually use this for testing purposes. Also, you generally don't want to use both HOST and URI at the same time. It can sometimes confuse issues. -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anyone using Active Driectory auth with Centos 5.4.....?
If you are using AD for JUST authentication and not user information, you can use the PAM Kerberos stuff. We've been using it for a couple of years from both CentOS/RHEL 4 and 5 systems with good results. It was actually pretty easy to do (once we figured out which type of chicken bones to burn). You can use authconfig to turn it all on: authconfig --enablekrb5 --krb5realm {AD domain name} \ --enbablekrb5kdcdns --enablekrb5realmdns --update This will use DNS to locate the domain controller and KDC for the domain given the AD domain name. You can manually specify the KDC and admin servers too, see the authconfig man page for specific details. If you want something perhaps more polished, you could look into the Likewise products, which handle the whole shooting match pretty well (http://www.likewise.com/products/likewise_open/). I've played with the Open (free) version and it worked just fine, the Enterprise has more features but I haven't played with it. As always, YMMV. -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Add /sbin to sudo PATH
Samuel Contesse wrote: Hello, Does anyone have an idee how to add /sbin to the sudo $PATH environment? Adding /sbin to .bashrc $PATH isn't really what I want... I'd like sudoers to be able to run: $ sudo chkconfig And not: $ sudo /sbin/chkconfig Thanks Sam I use an alias to handle that. I put the following line in my .bashrc file: alias sudo='PATH=$PATH:/usr/kerberos/sbin:/usr/local/sbin:/usr/sbin:/sbin /usr/bin/sudo' This dynamically adds the desired directories to the path BEFORE executing sudo. The downside is that it won't work in scripts, but I usually set the path explicitly in my scripts anyway. Hope that helps! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart and logins.def question
Kwan Lowe wrote: On Fri, Jan 1, 2010 at 11:02 AM, Kwan Lowe kwan.l...@gmail.com wrote: Still having issues with this... Here's the relevant line from my kickstart: authconfig --enableshadow --enablemd5 --enableldap --enableldapauth --ldapserver=ldapserver.digitalhermit.com --ldapbasedn=dc=digitalhermit,dc=com --enablecache And the sed scripts to enable the pieces that don't seem to have a passable keyword to change: %post yum -y groupinstall xfce sed -i -e s/^\(USEMKHOMEDIR=\).*$/\1\yes/ /etc/sysconfig/authconfig sed -i -e s/^\(USEPAMACCESS=\).*$/\1\yes/ /etc/sysconfig/authconfig sed -i -e s/^\(USELOCAUTHORIZE=\).*$/\1\yes/ /etc/sysconfig/authconfig Unfortunately this doesn't work. When I login immediately after the initial reboot it authenticates properly but complains that the user home directory does not exist. If I then go in as root and run system-config-authentication and change one item, it will start creating the home directories. SNIP Anyone can shed light on why it does not auto-create the home directories on initial boot? I think the issue here is that the change has to be made in both the authconfig file and in the /etc/pam.s/system-auth file. Just changing /etc/sysconfig/authconfig does not do it. You could use something like the following in your kickstart file instead of all the sed commands: /usr/sbin/authconfig --enablemkhomedir --enablelocauthorize \ --enablepamaccess --update This will make the changes you specified to /etc/sysconfig/authconfig AND update any other files affected by the change. I'm a lazy bum and it just seems easier and cleaner to me. Just a thought! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SFTP - stalled - on large files
We had a similar problem copying files between servers on two of our campuses via SCP. After a while the connection just stalled out and hung. The problem turned out to be SCP and SFTP interacting a bug in the SACK (Selective Acknowledgment) algorithm used in Linux. We turned it off on the two endpoints using the following addition to /etc/sysctl.conf: # Turn off SACK net.ipv4.tcp_sack = 0 and execute sysctl -p to apply it. You can also use sysctl -w net.ipv4.tcp_sack=0 to turn it off temporarily. Our file transfers worked just fine after the change. I realize there are differences our situation and yours and this might not work in your case. Given the length of this thread, though, it might be worth a try! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Launch applications on GNOME startup ?
Niki Kovacs wrote: Hi, I just installed and configured Conky, and I'd like to automatically launch it whenever I start a GNOME session. I expected to see some sort of PreferencesLaunch Applications on Startup, some user-specific equivalent of rc.local, but there doesn't seem to be such an entry. Any suggestions? System-Preferences-More Preferences-Sessions comes to mind... -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to change Disk sequence on DELL R900 CENTOS 5.3?
If you are not hung up on the device name changing, i.e. the device must ALWAYS be /dev/sda1 or /dev/hda1, you can use LABEL=? or UUID=? in /etc/fstab, or use LVM to create logical volumes that do not depend on the actual device name. By default, a fresh install will label the filesystem for /boot as /boot and put the following line in /etc/fstab: LABEL=/boot /boot ext3defaults1 2 This works just fine, but if you would prefer something that does not depend on labels you can determine the UUID of the device using vol_id and put that in /etc/fstab. For example, on my system the boot device happens to be /dev/sda3 for the moment. I can determine the UUID of that device file as follows: [r...@b82526 ~]# /lib/udev/vol_id /dev/sda3 ID_FS_USAGE=filesystem ID_FS_TYPE=ext3 ID_FS_VERSION=1.0 ID_FS_UUID=93ffbfba-d42b-48fb-aaf3-90e563b12dc0 ID_FS_LABEL=/boot ID_FS_LABEL_SAFE=boot [r...@b82526 ~]# Using that information, I can use the ID_FS_LABEL value in fstab using LABEL=, like the installer does, or I can use the ID_FS_UUID value in a UUID= line. For example: UUID=93ffbfba-d42b-48fb-aaf3-90e563b12dc0 /boot ext3defaults1 2 If it's not the /boot filesystem you are dealing with you can also use LVM. I believe there are several good references on using LVM available, including the Red hat-provided docs, that explain the procedures better than I can. Hope that gives you a starting-point! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Oracle client logging issue
Tom Brown wrote: Hi We have an app on CentOS 5 that is in pyton and uses some form of thin oracle client called oracle-instantclient-basic, this error is more towards that client i think but if anyone has seen this before then it would be great to hear about it. The basic issue is that we are getting lots of sqlnet.log 's on the filesystem and we dont seem to be ablr to configure the location of that log as there is no oracle configuration for the client as such it seems in terms of tnsnames etc that you'd get with the full client. Anyone ever used this client before or know how to direct its logs somewhere else? thanks The name and location of the SQLnet log file is determined by options in the sqlnet.ora file, usually found in $ORACLE_HOME/network/admin or wherever the environment variable TNS_ADMIN points. The options are: LOG_FILE_CLIENT - the name of the file (default sqlnet.log) LOG_DIRECTORY_CLIENT - the directory (default is your current directory) If you don't set these values, the default dumps the sqlnet.log file in the current working directory when a program runs into an Oracle exception. Hope that helps! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
Frank Ling wrote: Hi, My both CentOS 5 servers have logging problems. Logs such as messages, boot.log, kernel, spooler, and tallylog in /var/log directory are all 0 size. The kernel is: Linux 2.6.18-92.1.22.el5 #1 SMP. Since the /var/log/messages contained no information it would be impossible to troubleshoot the problem. I am very sure both systems have not been hacked by others. Sincerely, Frank Ling -- -rw--- 1 root root 0 Feb 8 04:02 messages -rw--- 1 root root 0 Feb 3 11:04 messages.1 -rw--- 1 root root 0 Jan 25 04:02 messages.3 -rw--- 1 root root 0 Jan 11 04:03 messages.4 -rw--- 1 root root 10 Dec 27 13:00 messages.offset -rwx-- 1 root root 0 Feb 11 19:12 kernel -rwx-- 1 root root 0 Feb 11 16:53 kernel.1 -rwx-- 1 root root 0 Jan 25 04:02 kernel.3 -rwx-- 1 root root 0 Jan 11 04:03 kernel.4 -rw--- 1 root root 0 Feb 8 04:02 spooler -rw--- 1 root root 0 Feb 3 07:51 spooler.1 -rw--- 1 root root 0 Jan 25 04:02 spooler.3 -rw--- 1 root root 0 Jan 11 04:03 spooler.4 -rw--- 1 root root 0 Jun 24 2008 tallylog -- I've had something similar happen a couple of times after an update. In my case the /etc/services file got it's security context clobbered when some package tried to update it's contents. When logrotate ran, the syslog daemon couldn't open /etc/services because of the error and I ended up with a bunch of empty log files. The quickest way to check for this is the command: restorecon -v /etc/services If nothing prints out in response, that's not the problem. If it DOES, that might explain it. I have been checking the contexts occasionally to try and trap exactly when it happens. I use: restorecon -R -n -v /etc which walks through the entire /etc tree looking for contexts to change but just reports any exceptions. Just a thought! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Creating an iso image of a audio CD with K3B
Robert Moskowitz wrote: Can you do this? I have not found the options to get this to happen. So far I have seen how to read the Audio CD and make a directory of WAV files with a control file for later burning to CD, but I want an iso image that I can archive and burn audio CDs to use as they get used up. I think cdrdao will do what you want. It's in the base repository, so no extra repos needed. -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cluster - ip address lost when service stopped
Fabio Macchi wrote: Hi Gowrishankar, this problem seems to be related to cluster, not to bonding: bonding is working correctly, anyway I’ve tryied a test removing bonding, and I experience the same problem directly on interface eth0. This is my cluster.conf ?xml version=1.0 ? cluster alias=cluster01 config_version=54 name=cluster01 fence_daemon clean_start=1 post_fail_delay=0 post_join_delay=30/ clusternodes clusternode name=AREA041 nodeid=2 votes=1 fence/ /clusternode clusternode name=AREA042 nodeid=3 votes=1 fence/ /clusternode /clusternodes cman expected_votes=1 two_node=1/ fencedevices/ rm failoverdomains failoverdomain name=httpd failover domain ordered=0 restricted=1 failoverdomainnode name=AREA041 priority=1/ /failoverdomain /failoverdomains resources ip address=10.0.181.3 monitor_link=1/ /resources service autostart=0 domain=httpd failover domain name=Apache recovery=disable script file=/etc/rc.d/init.d/httpd name=script httpd/ ip ref=10.0.181.3/ /service service autostart=0 domain=httpd failover domain name=Service Mail recovery=disable script file=/etc/rc.d/init.d/MailScanner name=MailScanner/ clusterfs device=/dev/DATI_MAIL/DATI_MAIL force_unmount=1 fsid=5845 fstype=gfs2 mountpoint=/dati_mail name=Share_dati_mail options=/ ip address=10.0.181.4 monitor_link=1/ /service /rm /cluster Many thanks From what I can tell, the behaviour you are noticing is consistent with your cluster.conf file. Since you have made the IP addresses part of the service definitions, the IP would go away when the associated service is stopped. If the service moved to another node, however, the IP would be enabled on the host to which the service was moved. If you want the IP addresses to be independent of the service state, then add them using files in /etc/sysconfig/network-scripts to define the alias addresses and remove them from your service definitions. See /usr/share/doc/initscripts-*/sysconfig.txt for details on how to set up the alias addresses. I'm doing something similar with IP addresses in a cluster, but I WANT the IP address to migrate to the target host when a service is moved from one node in the cluster to another. I have the IP address resources tied to the individual services to make that happen. Hope that helps! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How Auto Start Greeter on Ctrl-Alt-F8?
I had done this a LONG time ago, but the rules changed a bit since then. It turns out it's VERY easy, but note that this is a fully-updated CentOS 5 system. The method varies somewhat with v4. Open the file /etc/gdm/custom.conf with a text editor and go all the way to the bottom. You should see a section labeled [servers]. Add the following lines after the [servers] header: 0=Standard 1=Standard Save the file, restart X ( telinit 3 ; telinit 5 ) and you should have a GDM on both VC7 and VC8. The default (stored in /usr/share/gdm/defaults.conf) is to start up only display 0 and run a greeter, so there is only a 0=Standard line in the [servers] section there. Putting these lines in custom.conf overrides that section of the defaults.conf file. The comments in defaults.conf are pretty informative, so you might pick up some other tidbits there. Hope that helps! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Ole Fossils [ was Re: ls and rm: argument list too long]
I remember numbering on the back of cards with a pencil as a backup when you dropped the deck. And of course you numbered by tens just in case you had to insert something. I always took a magic-marker and made a diagonal line across the top of the deck. Made the initial rough sort after a deck reorg (somebody dropped the deck) easier. (NCR Century 100, circa. 1968) -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question about Open SSH Public Keys
Clint Dilks wrote: Hi People I am setting up some systems with ssh public keys and as part of this I am using the from directive inside .ssh/authorized_keys. Currently I am using the IP address to control the source. eg from=10.0.0.1 but on one CentOS 4 System that is up to date this will only work if I replace the IP with the DNS name of the server. I have verified that DNS is resolving the DNS Name to the correct IP address on the server in question and all seems to be fine. Just grasping at straws, but does the reverse DNS zone resolve to the correct DNS name? For example, if the DNS entry bob.example.com translates to 10.0.0.1, does 10.0.0.1 resolve to bob.example.com? -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package request: php, pear: spreadsheet::excel::writer
Morten Nilsen wrote: Hello, I am currently using this PEAR package to generate .xls documents in PHP; http://pear.php.net/package/Spreadsheet_Excel_Writer It would be very much appreciated if someone could add it to the repository, as it is always to prefer rpm packages over manually installed ones. Though note exactly the same, php-pear-excel is availabe on RPMforge. See http://dag.wieers.com/rpm/packages/php-pear-excel/ for more information. -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fetchmail pop server and clean spam messages
nightduke wrote: Hi i want to fetchmail from a pop server and check every email to any rbl spamhaus,spamcop,etc and if match at any rbl the email will be deleted. It's possible to do this? Thanks Nightduke If you've got fetchmail configured to retrieve messages from a remote MTA and deliver to a local MTA, say your local Sendmail instance, then put the RBL-matching stuff in your Sendmail configuration. The mail will still be fetched but will be discarded by your local MTA before dumping it in you local mailbox. In principle, it would be better to have the system you are fetching the mail from do the RBL operations, but if you don't have control over it then you really don't get much choice. I'm using this setup myself and it works, but it offends my aesthetic sense. OTOH, I'm easily offended! Your mileage may vary. -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 Missing Dependancy
Joseph L. Casale wrote: I am trying to install perl-Digest-Perl-MD5 from rf and it is failing suggesting it needs /usr/bin/false. #yum whatprovides /usr/bin/false yields nothing. My CentOS 5.1 machines don't have this, and this is the same list of yum install items I always use when setting up assp. Any idea what to do? jlc Wierd, I just confirmed the issue. There is not a /usr/bin/false, but there IS a /bin/false on a stock 5.2 install. You might check in the rpmforge forums/list archives for some mention of this problem. I thought I might be able to symlink /bin/false to /usr/bin/false (a kludge, I admit) or copy /bin/false to /usr/bin/false, but neither seems to work for me. Like I said, probably best to check with rpmforge. Sorry! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] using windows ad accounts for centos 5
Isaac Gonzalez wrote: Hi I read and used the article http://blog.wazollc.com/Lists/Posts/Post.aspx?ID=2 to authenticate my ad accounts when logging on to cent 5…however, once I edit the nsswitch.conf file, I can’t even log on as root or any local users anymore. Kinit seems to initialize fine doing a kinit [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] , however doing a getent passwd adusername ….it just sits there in the shell and does nothing. I actually had to put all files back to where they were before the change to even be able to login locally or use sudo. I followed the steps line by line on this article but get stuck everytime….anyone has an idea or a better documented way of achieving what I am trying to do , please let me know. Thanks, Isaac I'm using AD-via-Kerberos to authenticate users on several CentOS 5.1 systems. Setting it up was as easy as a single command line: authconfig \ --usemd5 --useshadow --enablelocauthorize \ --enablekrb5 \ --krb5realm={AD Domain Name} \ --enablekrb5kdcdns --enablekrb5realmdns --update This makes the necessary changes to /etc/krb5.conf, /etc/ and /etc/nsswitch.conf. I am NOT using this for user information, just password authentication, so I add user accounts for each authorized user. You can also consider using the --disablesysnetauth flag, which disables authenticating system accounts via the network services and forces them to use local authorization. This should prevent entries in the AD for root and other system accounts from being used. Hope that helps! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalled NFS
Jordi Prats wrote: Hi, I'm trying to setup a firewalled NFS server. I've configured my server (CentOS 5) using the following parameters /etc/sysconfig/nfs MOUNTD_NFS_V1=no MOUNTD_NFS_V2=no RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 RPCNFSDCOUNT=64 MOUNTD_PORT=892 STATD_PORT=662 STATD_OUTGOING_PORT=2020 SECURE_NFS=yes modprobe.conf: options lockd nlm_udpport=4001 nlm_tcpport=4001 But it does not mount it: # mount 172.20.0.150:/tmp/ /mnt/tmp/ mount: mount to NFS server '172.20.0.150' failed: timed out (giving up). There's anything else I must setup to use fixed ports ? Thanks, It may be an obvious question, but did you open the ports in iptables? I use a similar scheme on my NFS servers to fix the ports and it just doesn't work at ALL unless those ports are opened up in iptables. I use different ports, but here's the lines I inserted into my /etc/sysconfig/iptables file to get NFS working on the server: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT You'll have to alter the '--dports' and '-s' parameters to match the ports and IP address range you are using. Hope that helps! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] GFS
Mag Gam wrote: Hello: I am planning to implement GFS for my university as a summer project. I have 10 servers each with SAN disks attached. I will be reading and writing many files for professor's research projects. Each file can be anywhere from 1k to 120GB (fluid dynamic research images). The 10 servers will be using NIC bonding (1GB/network). So, would GFS be ideal for this? I have been reading a lot about it and it seems like a perfect solution. Any thoughts? TIA Perfect? No, but usable. We've got a cluster of 4 systems attached to a fibre-channel-based SAN running CentOS 4 and the Cluster Suite components with multiple instances of the Oracle database. It actually works pretty well and fails over nicely in the case of exceptions. It is moderately complex to set up, but the information needed REALLY IS in the docs... you just have to REALLY read them! We haven't tried CentOS 5 and the new cluster components as Oracle only supports the version of the database we're running on Red Hat EL4. Given that, the combination looks a bit more finished than the versions in EL4. Another alternative that we are examining is using OCFS2 (Oracle Cluster File System 2) and iSCSI for the shared storage with Heartbeat for service management. This combination looks to be a bit lighter than the Cluster Suite and GFS, but I'm hoping to confirm or disprove that impression this summer in my copious free time. As usual, you mileage may vary. -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Tony Schreiner wrote: Kai Schaetzl wrote: Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400: However, you didn't provide any of the information I asked for. You are not talking of www.bc.edu, do you? Kai ok, ok. https://bioinformatics.bc.edu Tony I could be full of cheese here, but did VeriSign send you an intermediate certificate along with your real certificate? If not, forget the When I went to the site and examined the cert I noticed that the cert was not signed by one of the CAs in the ca-bundle.crt provided by my copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1. You can examine the Issuer field of the certificate to see who signed it. I suspect that VeriSign sent you an intermediate certificate that was actually used to sign your cert. Apache has to present the intermediate cert at the same time it presents your real cert. Basically, since the intermediate cert was signed by a recognized CA cert and your cert was signed by the intermediate cert, then your cert is trustworthy. The easiest way to fix this is to append the intermediate certificate to your real certificate file. I've had a few of these in the past, particularly from smaller CAs that resell other folks's service. Just a thought! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RPM for perl-svn-notify?
J. Potter wrote: Hi List, Is it possible to get an rpm built and added into the plus or dag repos for the perl module svn-notify? (Note: not the same as svn-notify-mirror.) I know it's been brought up before that perl's internal CPAN build/install can cause serious conflicts with the rpm-based approach; if there are other / better ways of doing this in a standard fashion, please let me know. Installing Perl modules modules via CPAN makes them invisible to RPM, which can lead to a whole lot of fun! I think this is generally referred to as a bad thing around here. If I can't find an RPM for a Perl module on one of the third-party repositories, I usually use cpanflute2 to build an RPM, then install that. That way RPM knows all about the module and can handle it appropriately. You need to install the perl-RPM-Specfile package from rpmforge to make this work. Next download (BUT DO NOT INSTALL) the tarball for the module in question from CPAN. The last step is to run cpanflute2 against the tarball to generate the SRPM and then use rpmbuild --rebuild to create the installable RPM. You can use cpanflute2 with the '--arch=' and '--buildall' switches to create the appropriate installable RPM directly, but I usually install the SRPM file, tweak the specfile to taste, and build the installable RPM from that. There is some documentation out on the net for using this tool, but I don't have any links handy so fire up your browser and start hitting Google for more info! Your mileage may vary! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RPM for perl-svn-notify?
J. Potter wrote: Thanks, Jay! Mostly there. For some reason, the rpm file is outputting the files under /var/tmp, instead of on the system: rpm -ql perl-SVN-Notify /usr/share/doc/perl-SVN-Notify-2.66 /usr/share/doc/perl-SVN-Notify-2.66/Changes /usr/share/doc/perl-SVN-Notify-2.66/README /var/tmp/perl-SVN-Notify-2.66-8-root/usr/bin/svnnotify /var/tmp/perl-SVN-Notify-2.66-8-root/usr/lib/perl5/site_perl/5.8.8/SVN/Notify.pm /var/tmp/perl-SVN-Notify-2.66-8-root/usr/lib/perl5/site_perl/5.8.8/SVN/Notify/Alternative.pm ... Did I miss a setting somewhere? -Jeff On CentOS 5 x86_64: yum -y install perl-RPM-Specfile perl-IO-Zlib rpm-build perl-rpm-build-perl perl-Module-Build perl-HTML-Parser wget 'http://search.cpan.org/CPAN/authors/id/D/DW/DWHEELER/SVN-Notify-2.66.tar.gz' gunzip SVN-Notify-2.66.tar.gz cpanflute2 --name=SVN-Notify --version=2.66 SVN-Notify-2.66.tar --buildall rpm -Uvh perl-SVN-Notify-2.66-8.src.rpm I don't think you missed anything, I think cpanflute2 got a bit confused with the makefile provided by SVN::Notify. That's basically why I mentioned tweaking the specfile, you never know just what's going to happen! It works out-of-the-box most of the time, but even when it doesn't it's a lot easier for me to tweak it than it is to start from scratch. It appears that the makefile it attempted to install the files using the value of RPM's _tmppath macro, but it got doubled-up somehow. I got slightly different results from you as I have changed that macro to point to a slightly different location than the default. The issue appears to be in line 30 of the generated specfile, which goes: make pure_install PERL_INSTALL_ROOT=$RPM_BUILD_ROOT I removed the PREL_INSTALL_ROOT=... portion of the line so that it just reads: make pure_install and that seems to take care of the issue. You can fix this by installing the source RPM file (perl-SVN-Notify-2.66-8.src.rpm) and editing the specfile as noted above. Then just run: rpmbuild -bb --target=noarch perl-SVN-Notify.spec which should generate the installable RPM. It worked over here on my CentOS 5.1 i386 box, or at least the RPM contained the files in the right locations. Note that you will have to have an RPM build environment set up in your home directory to get this to work. There are some pointers to resources on this in the wiki at http://wiki.centos.org/PackageManagement/Rpm. Hope that helps! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] One approach to dealing with SSH brute force attacks.
What I would I like to do is: - allow 22 from specific IPs - allow another port (redirected) from anywhere. this port is then redirected to 22. I do exactly this with a combination of SSH config options and iptables rules. In your /etc/ssh/sshd_config file, find the Port 22 statement and add a Port statement for the desired port, something like: snip Port 22 Port 20022 Protocol 2 snip Then, in iptables, add the appropriate rules to let incoming connections to port 22 from only specific addresses and to allow port 20022 (or whatever you pick) to be available worldwide. Assuming you wanted port 22 access for a local subnet like 192.169.1.0/24, add the following to the /etc/sysconfig/iptables file before the REJECT statement at the end of the file: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20022 -j ACCEPT After restarting SSH and reloading iptables you should have just what you want. I use this, in addition to blockhosts (http://www.aczoom.com/cms/blockhosts/), on several production systems and the result has been almost total elimination of brute-force attacks. on those systems. Another possibility is a variation on port-knocking using PKI authentication or a shared secret. The project is called fwknop (http://www.cipherdyne.org/fwknop/) and has the potential to almost completely eliminate brute-force attacks. Essentially, the target port (22 in the case of SSH) is not open at all normally, but a daemon monitors the network interface for a specific packet signed using either a shared secret or a pre-authorized PGP key. When it sees the packet, it opens up the appropriate port for a specified time (usually just a few seconds) to the IP address the packet comes from. This allows a very short time window for the client system to complete its connection before the port gets closed down. I've set this up on a couple of systems so far with excellent results. Your mileage may vary! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bonding two network cards
Joseph L. Casale wrote: I am searching the net for instructions on how to do this in CentOS 5.1 but am not 100% sure I am finding a reliable doc. I am doing this remotely and don't have much room for error:) Can anyone point me along here? Thanks! jlc Try the wiki: http://wiki.centos.org/TipsAndTricks/BondingInterfaces -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh terminal froze once in a while
Miark wrote: On Thu, 13 Dec 2007 23:40:59 +0100, Alain wrote: Miark, do you suffer the problem very often ? Could you try to temporarily make a link from /dev/random to /dev/urandom ? Actually, I have to take that back. After I made the sshd config changes: ClientAliveInterval 30 ClientAliveCountMax 5 it did hang on me once, but I'm looking at Konsole rigth now, and my connection to the CentOS box has stayed alive all day. I guess all is well. I'll keep your suggestion, though. If the hangs return, I'll give your idea a shot. Thanks, Miark A couple of years back I was running into this problem very consistently, SSH sessions from my home to my office would just be dropped after a while. After talking to the network administrator I found that the Cisco firewall we were using would prune what it saw as inactive connections after a specific period of time. Adding the ClientAlive* entries to the sshd_config file has resolved this for me. -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mp3 plugin for Rythmbox or Totem?
Andrew Allen wrote: Can anybody please suggest a suitable plugin to enable playing of mp3 files with either Totem or Rythmbox. Both of these come as part of the CentOS 5 package, but strangely neither has the necessary plugin for mp3, which surely is a common enough format in the music world? Thanks, Andy This is covered in the CentOS general FAQ (http://wiki.centos.org/FAQ/General?highlight=%28mp3%29#q19). The MP3 codec is not included in CentOS becausing of licensing issues. Both Totem and Rhythmbox use the gstreamer libraries for handling different audio types, so you will need to get the appropriate gstreamer-plugins package from your favorite third-party repository. I think the mp3 codec (libgstlame.so) is in the gstreamer-plugins-ugly package, available at RPMforge. -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using a local mirror? [SOLVED]
This is a bit late, I know, but I found a similar setup described at: http://www.gurulabs.com/goodies/YUM_automatic_local_mirror.php Their server appears to be down right now, but that's where I found the information. The original was designed for Fedora, but it was adapted to CentOS pretty easily. I've been using this for about 4 months now with great results. Rather than spoofing the mirrorlist.centos.org entry in DNS, I just have anybody that wants to use the local mirror put an entry in their /etc/hosts file pointing to the IP address of the local server. The Perl CGI script adds the entry for our local server to the results returned from the real mirror list and depends on yum-fastestmirror to pick the local server from the list. Since we don't mirror all architectures on our local server, I added some intelligence to the Perl script so that it would only add the local server if the requested repository, release, and architecture were on the local server. If anybody wants to see the final results, just let me know and I'll post my modified script and the Apache config fragment or a pointer to it. -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Persistent iSCSI Device Names on CentOS 4
I found a lot of stuff about this on the web, but never an answer that worked. One of the most promising hints was about udev maintaining links in the /dev/disk/by-* directories. This works just fine in CentOS 5, but not CentOS 4. As I was trying to use the iSCSI devices as VMware disks this was particularly frustrating. After banging my head on this for a while, I figured out how to make it work. By default, iSCSI devices don't show up in the /dev/disk/by-* directories maintained by udev under CentOS 4. After looking at the scripts used by udev, it appeared that the scsi_id program was not returning anything for the iSCSI devices. Digging in the manpage and the /etc/scsi_id.config file led me to believe that the devices in question were blacklisted and never returned a valid device ID. The fix was to add a line to scsi_id.config to whitelist the particular devices. In my case, the iSCSI devices are provided by on Openfiler box, which shows up in /proc/scsi/scsi like this: Host: scsi2 Channel: 00 Id: 00 Lun: 00 Vendor: Openfile Model: Virtual disk Rev: 0 Type: Direct-AccessANSI SCSI revision: 04 The fix for me was to add the following line to my iscsi_id.config file: vendor=Openfile, model=Virtual disk, options=-g The values for vendor= and model= will vary with the specific iSCSI target used. After adding this and rebooting, udev now properly maintains the links in /dev/disk/by-id/ for each of the iSCSI devices offered up to my workstation. Hope that helps somebody! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Oracle Instant Client 11g on CentOS 5 (32-bit) workaround
Paul Heinlein wrote: It'd be something to the effect of semanage fcontext -a -t textrel_shlib_t \ /usr/lib/oracle/11.1.0.1/client/lib/.*\.so.* or, less version-specific, semanage fcontext -a -t textrel_shlib_t \ /usr/lib/oracle/[0-9.]*/client/lib/.*\.so.* Double-plus good! That works a treat, and even takes care of the cases where I install some of the other related packages (devel, odbc, jdbc) after-the-fact. That one goes in the notebook! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Oracle Instant Client 11g on CentOS 5 (32-bit) workaround
I downloaded the RPMs from the Oracle web site (otn.oracle.com) and successfully installed them on my C5 box, but the sqlplus client software would not run properly. After a few iterations with sealert, I finally got a handle on what was happening. It turns out that most of the shared libraries Oracle installs need to have their SElinux file context modified to allow relocation. Here's the quick-and-dirty routine I use to repair this: find /usr/lib/oracle/11.1.0.1/client/lib -type f -name \*.so\* \ -exec chcon -t textrel_shlib_t {} \; Obviously you could get around this by disabling SElinux, but I really want to avoid that if possible. Now a quick question: does anybody know if there is any way to configure SElinux so that the context for these files won't be fixed by a restorecon operation on this directory? Thanks! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to export X displays
Alfred von Campe wrote: On Oct 10, 2007, at 10:09, Dag Wieers wrote: There is xrdp and I have packaged it for RPMforge, but I am not sure if it is completely usable. (ie. I haven't figured out how to use it and therefor I didn't make the proper sysv script etc...) On a somewhat related note, what is the best/easiest way to set up a CentOS system to be able to access an existing X desktop remotely (like Remote Desktop on Windows)? I have used VNC in the past, but I had to create a new VNC session. I want to be able to access my existing desktop remotely and not a separate VNC desktop. Can nx do this (I've heard about nx on this mailing list, but have not yet read any documentation)? Thanks, Alfred I generally use NX for the desktop, but when I have to share a desktop I use the VNC stuff provided by vino. Vino gives you the ability to connect to a running X desktop via VNC. All of this is integrated into CentOS 5 very nicely, just make sure you have installed the vino package and set the preferences from the menus as System-Preferences-Remote Desktop. (Note: this is Not Windows Remote Desktop Sharing!) Once you've got that set up, you can use vncviewer from realvnc (packaged as vnc in CentOS 5) to connect remotely. I usually do not open the VNC ports to the outside world but use the -via switch to vncviewer to tunnel the connection via SSH. To connect to the primary X server on homesystem.sample.com use something like this: vncviewer -via homesystem.sample.com locakhost:0 Vncviewer will start up an SSH tunnel for the appropriate port to the specified system and connect the viewer to it... quite slick! It's not as responsive as NX over a WAN connection, but on those occasions when I forget to log out of the console on my home system it is invaluable. Hope that helps! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bind 9 pharming security hole
Indunil Jayasooriya wrote: Hi, I am running bind on centOS5. I use RPM. Is there a patch ? Any idea to apply the patch? From rpm -q --changelog bind-libs-9.3.3-9.0.1.el5: * Thu Jul 19 2007 Adam Tkac atkac redhat com 30:9.3.3-9.0.1 - fixed cryptographically weak query id generator (CVE-2007-2926) If you are keeping up-to-date using yum you should have gotten this version today. -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Gnome Terminal and xterm problems
Matt Shields wrote: It shouldn't be dns because the session is already established and it now IP based. I don't believe ssh tries to keep resolving the IP again and again. No session doesn't come back ever. It just hangs permanently. -matt We were seeing something similar to this a while back, SSH sessions to or from outside our network were dropping after some period of no activity (which may not be your problem). Eventually we found that the Cisco PIX on our perimeter was set to kill idle sessions sessions after a certain period. We were able to resolve this by editing /etc/ssh/sshd_config and setting the ClientAliveInterval to a non-zero value. In our case we set it to 240, which caused a ClientAlive request packet to be sent every 4 minutes over the encrypted channel as the idle threshold on the PIX was set to 5 minutes. This resolved our issues, perhaps it might help with yours. Just a thought! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Madwifi just seems to work in Centos 5
The madwifi package from RPMForge contains all the needed bits for the Atheros chipsets. Into the bargain it uses the DKMS stuff to rebuild the modules when you install a new kernel, too, so no scrambling to install a new package to get your WiFi back. I'm using a similar setup, but trying NetworkManager to handle the heavy lifting, with excellent results. The laptop I'm using pretty much worked with no issues with a 3Com 3CRPAG175 and a Zyxel card, both Atheros-based. I've used it with no problems on AEP and WPA/WPA2 wireless LANs successfully. It was a pleasant surprise! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] help me
qsm wrote: hi guys... somebody can tell me how to export data from access to mysql. thnaks Depending on the version of Access database files you are trying to read, the MDB Tools project might be of interest. See http://mdbtools.sourceforge.net/ for more information. -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos