[CentOS] LUX repo

[Steve Clark via CentOS]

Hi List,

does anyone use the lux repo. I needed
perl-Mail-POP3Client-2.19-5.el7.noarch.rpm except for el8, it was in epel for 
el7
only place I found it was at

repo.iotti.biz/CentOS/8/noarch/perl-Mail-POP3Client-2.19-1.el8.lux.noarch.rpm

Thanks,
Steve
Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] log4j cve

[Steve Clark via CentOS]

On 12/14/21 8:07 AM, Steve Meier wrote:

Hello Steve,

Am 2021-12-14 13:42, schrieb Steve Clark via CentOS:


Hi List,

I see on CentOS 7 it has log4j-1.2.17...
Is ok 2 use. I know the CVE was against 2.0 fwd but not knowing if
something was backported to 1.2 ?

Thanks,
Steve



log4j Version 1.2 is definitely *NOT* OK to use.

The Apache website https://logging.apache.org/log4j/1.2/ says:
"On August 5, 2015 the Logging Services Project Management Committee
 announced that Log4j 1.x had reached end of life."

There is already an unpatched CVE from 2019 for log4j 1.2.

It's really time to upgrade.

Kind regards,
  Steve



This is the standard version that comes with CentOS 7 and is the latest 
available as of a yum update just now.
log4j-1.2.17-16.el7_4.noarch

--
Stephen Clark
NetWolves Managed Services, LLC.
Sr. Applications Architect

Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] log4j cve

[Steve Clark via CentOS]

Hi List,

I see on CentOS 7 it has log4j-1.2.17...
Is ok 2 use. I know the CVE was against 2.0 fwd but not knowing if something 
was backported to 1.2 ?

Thanks,
Steve
--
Stephen Clark
NetWolves Managed Services, LLC.
Sr. Applications Architect

Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 8

[Steve Clark via CentOS]

On 4/9/21 11:31 AM, Johnny Hughes wrote:

On 4/9/21 5:18 AM, Steve Clark via CentOS wrote:


On 4/8/21 3:50 PM, Tony Schreiner wrote:

On Thu, Apr 8, 2021 at 2:33 PM Nicolas Kovacs
<mailto:i...@microlinux.fr><mailto:i...@microlinux.fr><mailto:i...@microlinux.fr>
 wrote:



Le 08/04/2021 à 18:58, Steve Clark via CentOS a écrit :


How do I allow root log in on GDM.



tl;dr: you don't.

Log in as a non-root user, and when you do need root, either open up a
terminal
and use 'su -' or (even better) setup your user by making your user a
member of
the wheel group and then use sudo.

Logging in to a GUI as root is *BAD* practice.

Cheers,

Niki





That said - you can do it, by clicking on "Not listed?" and typing root
into the user field.

Yes I have done that and it immediately comes back to the login screen,
I know I am typing the
correct passwd, because if I botch the passwd I get a message to that
effect.






I would not recommend ever using the GUI as the root user .. it creates
keys and items that are very dangerous. (gnome key rings, etc)

You should be able to 'su -' , then use visudo to create a sudo account
for your user.  You can even NOPASSWD your user for using sudo (you may
or may not want to do that .. if someone gains access to your local
account, they could then sudo with no passwd).

But, i have never, ever logged in as root on a GUI account directly on a
machine that I cared about or was keeping live .. just advise, do with
it what you will.


___
CentOS mailing list
CentOS@centos.org<mailto:CentOS@centos.org>
https://lists.centos.org/mailman/listinfo/centos


Turns out that as the intial user I was put into the wheel group so I am able 
to login and run firewall-config which what this
was about.

--
Stephen Clark
NetWolves Managed Services, LLC.
Sr. Applications Architect
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com<mailto:steve.cl...@netwolves.com>
http://www.netwolves.com

Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 8

[Steve Clark via CentOS]

On 4/8/21 3:50 PM, Tony Schreiner wrote:

On Thu, Apr 8, 2021 at 2:33 PM Nicolas Kovacs 
<mailto:i...@microlinux.fr> wrote:



Le 08/04/2021 à 18:58, Steve Clark via CentOS a écrit :


How do I allow root log in on GDM.



tl;dr: you don't.

Log in as a non-root user, and when you do need root, either open up a
terminal
and use 'su -' or (even better) setup your user by making your user a
member of
the wheel group and then use sudo.

Logging in to a GUI as root is *BAD* practice.

Cheers,

Niki





That said - you can do it, by clicking on "Not listed?" and typing root
into the user field.

Yes I have done that and it immediately comes back to the login screen, I know 
I am typing the
correct passwd, because if I botch the passwd I get a message to that effect.


___
CentOS mailing list
CentOS@centos.org<mailto:CentOS@centos.org>
https://lists.centos.org/mailman/listinfo/centos



--
Stephen Clark
NetWolves Managed Services, LLC.
Sr. Applications Architect
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com<mailto:steve.cl...@netwolves.com>
http://www.netwolves.com

Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 8

[Steve Clark via CentOS]

Hello,

How do I allow root log in on GDM.
The only people that have access are admins - so I am not worried about
someone screwing things up.

Thanks,

--
Stephen Clark

Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] vnc kde emacs redraw issue

[Steve Clark]

On 03/18/2020 10:15 AM, Jyrki Tikka wrote:

On Wed, 2020-03-18 at 09:28 -0400, Steve Clark wrote:

On 03/18/2020 09:19 AM, Jyrki Tikka wrote:

On Wed, 2020-03-18 at 07:31 -0400, Steve Clark wrote:

Does anyone have access to the following that could help me with
the
issue I am having trying to
use kdrc with vnc and emacs.
VNC redraw issues with emacs on KDE
https://access.redhat.com/solutions/1585893



There is a workaround:

1. Initiate the VNC session, click on shadow man (start)
 -> under search box type in 'desktop' select 'Desktop Effects'
2. Window 'Desktop Effects - KDE Control Module' will appear under
  General Tab, select option "Enable desktop effects at startup"
 which is under Activation
3. Disable (uncheck) all the options under 'Simple effect setup'
 and under "All Effects"
4. Close the vnc session and reboot the RHEL7 box (vnc server)
5. Initiate a new vnc session

<(*) Jyrki

___
CentOS mailing list
CentOS@centos.org

https://lists.centos.org/mailman/listinfo/centos



Thanks but I don't have desktop effects enabled.

--
Stephen Clark

Well, that was all that the Red Hat solution had to offer.

<(*) Jyrki


Thanks, I appreciate the response.


--
Stephen Clark

Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] vnc kde emacs redraw issue

[Steve Clark]

On 03/18/2020 09:19 AM, Jyrki Tikka wrote:

On Wed, 2020-03-18 at 07:31 -0400, Steve Clark wrote:

Does anyone have access to the following that could help me with the
issue I am having trying to
use kdrc with vnc and emacs.
VNC redraw issues with emacs on KDE
https://access.redhat.com/solutions/1585893


There is a workaround:

1. Initiate the VNC session, click on shadow man (start)
-> under search box type in 'desktop' select 'Desktop Effects'
2. Window 'Desktop Effects - KDE Control Module' will appear under
 General Tab, select option "Enable desktop effects at startup"
which is under Activation
3. Disable (uncheck) all the options under 'Simple effect setup'
and under "All Effects"
4. Close the vnc session and reboot the RHEL7 box (vnc server)
5. Initiate a new vnc session

<(*) Jyrki

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Thanks but I don't have desktop effects enabled.

--
Stephen Clark

Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] vnc kde emacs redraw issue

[Steve Clark]

Does anyone have access to the following that could help me with the issue I am 
having trying to
use kdrc with vnc and emacs.
VNC redraw issues with emacs on KDE
https://access.redhat.com/solutions/1585893

I can't access the portal since I am using CentOS.

--
Stephen Clark

Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Monitor email for office365.com with fetchmail

[Steve Clark]

On 02/13/2020 11:40 AM, Jerry Geis wrote:

I am trying to use fetchmail to monitor box in office365.com.
Its not working.

Is there a "better" way to monitor and inbox ?

I have verified all the ports are open, using 993, using ssl, using
sslproto SSL3 etc..

Anyone done this ? Got it working.

I basically have:
machine outlook.office365.com
login myuser@mydomain
password mypassword

fetchmail --ssl --sslproto SSL3 --smtpname X -u X outlook.office365.com

Thanks,

jerry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



This is what I am using to fetch to my local linux system and then have 
thunderbird fetch from dovecot.
poll outlook.office365.com timeout 60 protocol imap
username "username" there with password "password" is "mylocalname" here
folder inbox,"Junk Email"
fetchall

--
Stephen Clark
NetWolves Managed Services, LLC.
Sr. Applications Architect
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com

Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need info on adobe flash player plugin 32 for CentOS7

[Steve Clark]

On 01/16/2020 03:30 PM, Chris Adams wrote:
> Once upon a time, Kay Schenk  said:
>> I kept getting messages that my old Flash Player 31 was obsolete so
>> I went in search of an update.
> Adobe stopped releasing Flash for Linux a while back.  IIRC the only
> "supported" Flash on Linux is distributed as a part of Google Chrome
> (and that's going away sometime soon too, Chrome on all platforms will
> no longer support Flash).
>
Don't know about C7 but I just yum updated my C6 system.
adobe-linux-x86_64 | 2.9 kB 00:00

Resolving Dependencies
--> Running transaction check
---> Package flash-plugin.x86_64 0:32.0.0.255-release will be updated
---> Package flash-plugin.x86_64 0:32.0.0.314-release will be an update
--> Finished Dependency Resolution


Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] firefox update

[Steve Clark]

Any idea when firefox-68.4.1 will be available?

Thanks,


Email Confidentiality Notice: The information contained in this transmission 
may contain privileged and confidential and/or protected health information 
(PHI) and may be subject to protection under the law, including the Health 
Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This 
transmission is intended for the sole use of the individual or entity to whom 
it is addressed. If you are not the intended recipient, you are notified that 
any use, dissemination, distribution, printing or copying of this transmission 
is strictly prohibited and may subject you to criminal or civil penalties. If 
you have received this transmission in error, please contact the sender 
immediately and delete this email and any attachments from any computer. Vaso 
Corporation and its subsidiary companies are not responsible for data leaks 
that result from email messages received that contain privileged and 
confidential and/or protected health information (PHI).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7.6 kickstart error

[Steve Clark]

On 03/06/2019 07:12 AM, isdtor wrote:
> I am testing a CentOS 7.6 kickstart installation. After kickstart was 
> initiated,
> the installation stops at some point where a sort of table is printed under
> "Installation", and the item that fails is 4 - Software selection, Error
> checking software selection.
>
> I have checked /tmp/packaging.log and /tmp/anaconda.log, but cannot find any
> errors here that would prevent installation.
>
> Poor error messages, no usable lead for debug.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
Hi,

I have run into this - in my experience it means there is some dependency 
missing.
And you are correct trying to find the error is a PITA.

Steve


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] systemd

[Steve Clark]

On 01/09/2019 11:36 AM, Jonathan Billings wrote:
> On Wed, Jan 09, 2019 at 10:43:38AM -0500, Steve Clark wrote:
>> I am trying to understand what After= means in a unit file. Does it
>> mean after the specified target is up and operational or only that
>> the target has been started? 
>>
>> I have something that needs postgres but postgres needs to be
>> operational not just started. Sometimes it can take a bit for
>> postgres to become operational. 
> I believe that the postgresql service has Type=notify in it's service
> definition, which means that it will notify systemd when it is
> operational.  This means that if you have a service that has
> After=postgresql.service, systemd should wait until after the
> postgresql service notifies systemd that it is operational before your
> service will be started.
>
> If your service is starting and unable to connect to postgresql, then
> I would say that's a bug in postgresql -- it shouldn't be notifying
> systemd that it is operational until it actually is.
>
Hmm...
I don't see that in the postgresql.service file - this is CentOS Linux release 
7.5.1804 (Core)
postgresql-server-9.2.24-1.el7_5.x86_64

from /usr/lib/systemd/system/postgresql.service
...
[Service]
Type=forking

User=postgres
Group=postgres
...

Regards,
Steve
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] systemd

[Steve Clark]

Hi List,

I am trying to understand what After= means in a unit file. Does it mean after 
the specified target is up and operational or
only that the target has been started?

I have something that needs postgres but postgres needs to be operational not 
just started. Sometimes it can take a bit
for postgres to become operational.

Thanks,
Steve

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SFTP - Private/Public Authentication Keysets Beyond The First Set

[Steve Clark]

On 12/12/2018 03:32 PM, Steve Clark wrote:
> On 12/12/2018 03:28 PM, Gary Braatz wrote:
>> Thanks for responding so quickly!  No but I will try.  Are you saying the
>> first vendor connection worked because id_rsa and id_rsa.pub are the
>> defaults if not specified?  (I didn't use the -i flag for the first vendor.)
>>
>>
>> -Original Message-
>> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Steve Clark
>> Sent: Wednesday, December 12, 2018 2:23 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] SFTP - Private/Public Authentication Keysets Beyond
>> The First Set
>>
>> On 12/12/2018 03:13 PM, Gary Braatz wrote:
>>> I'm new to SFTP and using this mailing list was able to successfully
>> create
>>> my first Private/Public keyset for a vendor hosting the SFTP server (I'm
>> the
>>> client).  I created the keyset by typing this:
>>>
>>>  
>>>
>>> # ssh-keygen -t rsa
>>>
>>>  
>>>
>>> When asked for the password/passphrase I hit  and afterwards
>> "id_rsa"
>>> and "id_rsa.pub" were created in "/root/.ssh/".  I provided "id_rsa.pub"
>> to
>>> the vendor and when told they were ready I initiated an SFTP transfer.
>>> During the first connection I was asked for the vendor-provided password
>> and
>>> after entering it was successfully connected to the vendor's sftp server.
>>> During successive connections I was not again asked for the password.
>> This
>>> allowed me to create fully automated batch file transfers.my objective.
>>> Setting up my second vendor is not going as smoothly.
>>>
>>>  
>>>
>>> I did exactly the same thing for my second vendor with the exception of
>>> typing "rsa_vendor2" during keyset generation (I assumed I had to use a
>>> different name for the new keyset).
>>>
>>>  
>>>
>>> # ssh-keygen -t rsa_vendor2
>>>
>>>  
>>>
>>> Files "id_rsa_vendor2" and "id_rsa_vendor2.pub" were created in
>>> "/root/.ssh/" and I gave "id_rsa_vendor2.pub" to the second vendor.  I
>>> initiated the first connection with the second vendor and was asked for
>> the
>>> vendor-provided password which I entered and a successful connection was
>>> made.  The problem is unlike with the first vendor I am asked for the
>>> password every time I connect to the second vendor's server.  Because I am
>>> being asked for the password I am unable to create fully automated batch
>>> file transfers.
>>>
>>>  
>>>
>>> The second vendor is telling me they added the public key to their server
>> as
>>> required.  Did I miss a step or do something wrong on my end?  Was I
>> correct
>>> using a different name for the new keyset or would the new keyset
>>> information have been appended to the information already in id_rsa and
>>> id_rsa.pub for the first vendor?
>>>
>>>  
>>>
>>> Any help you can provide will be greatly appreciated.
>>>
>>>  
>>>
>>> ___
>>> CentOS mailing list
>>> CentOS@centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>>
>> Are using the -i flag in your invocation of sftp to the second vendor?
>> >From the sftp man page:
>>
>>  -i identity_file
>>  Selects the file from which the identity (private key) for
>> public key authentication is read.  This option
>>  is directly passed to ssh(1).
>>
> In my experience - Yes.
>
To expand on my response - generally there is system wide default ssh_config 
file in
/etc/ssh/ssh_config

and by default:
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Sr. Applications Architect 
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SFTP - Private/Public Authentication Keysets Beyond The First Set

[Steve Clark]

On 12/12/2018 03:28 PM, Gary Braatz wrote:
> Thanks for responding so quickly!  No but I will try.  Are you saying the
> first vendor connection worked because id_rsa and id_rsa.pub are the
> defaults if not specified?  (I didn't use the -i flag for the first vendor.)
>
>
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Steve Clark
> Sent: Wednesday, December 12, 2018 2:23 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] SFTP - Private/Public Authentication Keysets Beyond
> The First Set
>
> On 12/12/2018 03:13 PM, Gary Braatz wrote:
>> I'm new to SFTP and using this mailing list was able to successfully
> create
>> my first Private/Public keyset for a vendor hosting the SFTP server (I'm
> the
>> client).  I created the keyset by typing this:
>>
>>  
>>
>> # ssh-keygen -t rsa
>>
>>  
>>
>> When asked for the password/passphrase I hit  and afterwards
> "id_rsa"
>> and "id_rsa.pub" were created in "/root/.ssh/".  I provided "id_rsa.pub"
> to
>> the vendor and when told they were ready I initiated an SFTP transfer.
>> During the first connection I was asked for the vendor-provided password
> and
>> after entering it was successfully connected to the vendor's sftp server.
>> During successive connections I was not again asked for the password.
> This
>> allowed me to create fully automated batch file transfers.my objective.
>> Setting up my second vendor is not going as smoothly.
>>
>>  
>>
>> I did exactly the same thing for my second vendor with the exception of
>> typing "rsa_vendor2" during keyset generation (I assumed I had to use a
>> different name for the new keyset).
>>
>>  
>>
>> # ssh-keygen -t rsa_vendor2
>>
>>  
>>
>> Files "id_rsa_vendor2" and "id_rsa_vendor2.pub" were created in
>> "/root/.ssh/" and I gave "id_rsa_vendor2.pub" to the second vendor.  I
>> initiated the first connection with the second vendor and was asked for
> the
>> vendor-provided password which I entered and a successful connection was
>> made.  The problem is unlike with the first vendor I am asked for the
>> password every time I connect to the second vendor's server.  Because I am
>> being asked for the password I am unable to create fully automated batch
>> file transfers.
>>
>>  
>>
>> The second vendor is telling me they added the public key to their server
> as
>> required.  Did I miss a step or do something wrong on my end?  Was I
> correct
>> using a different name for the new keyset or would the new keyset
>> information have been appended to the information already in id_rsa and
>> id_rsa.pub for the first vendor?
>>
>>  
>>
>> Any help you can provide will be greatly appreciated.
>>
>>  
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> Are using the -i flag in your invocation of sftp to the second vendor?
> >From the sftp man page:
>
>  -i identity_file
>  Selects the file from which the identity (private key) for
> public key authentication is read.  This option
>  is directly passed to ssh(1).
>
In my experience - Yes.

-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Sr. Applications Architect 
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SFTP - Private/Public Authentication Keysets Beyond The First Set

[Steve Clark]

On 12/12/2018 03:13 PM, Gary Braatz wrote:
> I'm new to SFTP and using this mailing list was able to successfully create
> my first Private/Public keyset for a vendor hosting the SFTP server (I'm the
> client).  I created the keyset by typing this:
>
>  
>
> # ssh-keygen -t rsa
>
>  
>
> When asked for the password/passphrase I hit  and afterwards "id_rsa"
> and "id_rsa.pub" were created in "/root/.ssh/".  I provided "id_rsa.pub" to
> the vendor and when told they were ready I initiated an SFTP transfer.
> During the first connection I was asked for the vendor-provided password and
> after entering it was successfully connected to the vendor's sftp server.
> During successive connections I was not again asked for the password.  This
> allowed me to create fully automated batch file transfers.my objective.
> Setting up my second vendor is not going as smoothly.
>
>  
>
> I did exactly the same thing for my second vendor with the exception of
> typing "rsa_vendor2" during keyset generation (I assumed I had to use a
> different name for the new keyset).
>
>  
>
> # ssh-keygen -t rsa_vendor2
>
>  
>
> Files "id_rsa_vendor2" and "id_rsa_vendor2.pub" were created in
> "/root/.ssh/" and I gave "id_rsa_vendor2.pub" to the second vendor.  I
> initiated the first connection with the second vendor and was asked for the
> vendor-provided password which I entered and a successful connection was
> made.  The problem is unlike with the first vendor I am asked for the
> password every time I connect to the second vendor's server.  Because I am
> being asked for the password I am unable to create fully automated batch
> file transfers.
>
>  
>
> The second vendor is telling me they added the public key to their server as
> required.  Did I miss a step or do something wrong on my end?  Was I correct
> using a different name for the new keyset or would the new keyset
> information have been appended to the information already in id_rsa and
> id_rsa.pub for the first vendor?
>
>  
>
> Any help you can provide will be greatly appreciated.
>
>  
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
Are using the -i flag in your invocation of sftp to the second vendor?
>From the sftp man page:

 -i identity_file
 Selects the file from which the identity (private key) for public 
key authentication is read.  This option
 is directly passed to ssh(1).

-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Sr. Applications Architect 
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Custom ISO With Post Installation Scripts

[Steve Clark]

On 06/14/2018 01:24 PM, Earl A Ramirez wrote:
> On 11 June 2018 at 01:57, Prasad K  wrote:
>
>> If your distro is using systemd then rc.local will not get executed by
>> default.
>> Enable rc-local.service :  "systemctl enable rc-local.service".
>>
>>
> Thanks, Prasad
>
> I tried that and unfortunately, that service did not start after the server
> was rebooted; therefore the script was not called by
> systemd-rc-local-generator.
>
> Will continue to investigate and report back
>
Hmm...

I am doing this with a KS for C7 and my /etc/rc.d/rc.local script get executed 
just fine on
boot up without doing anything other than putting it in /etc/rc.d/

# ls -al /etc/rc.d/
total 72
drwxr-xr-x  10 root root   4096 May 18 07:37 .
drwxr-xr-x 121 root root  12288 Jun  8 08:19 ..
drwxr-xr-x   2 root root   4096 May 18 15:06 init.d
drwxr-xr-x   2 root root   4096 May 18 14:56 rc0.d
drwxr-xr-x   2 root root   4096 May 18 14:56 rc1.d
drwxr-xr-x   2 root root   4096 May 24 10:21 rc2.d
drwxr-xr-x   2 root root   4096 May 24 10:21 rc3.d
drwxr-xr-x   2 root root   4096 May 24 10:21 rc4.d
drwxr-xr-x   2 root root   4096 May 24 10:21 rc5.d
drwxr-xr-x   2 root root   4096 May 18 14:56 rc6.d
-rwxr-xr-x   1 root wheel 20080 May 18 09:14 rc.local


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Sr. Applications Architect 
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to prevent files and directories from being deleted?

[Steve Clark]

On 10/04/2017 08:39 AM, Mark Haney wrote:
> On 10/04/2017 08:22 AM, Gary Stainburn wrote:
>> On Wednesday 04 October 2017 12:54:44 Mark Haney wrote:
>>> Sorry, but if you have to use packages that don't originate from CentOS
>>> and they do that, then I wouldn't use them. Period.  I'd compile from
>>> source before I used something configured that way.
>> This perspective to some extent employs cutting your nose of dispite youre
>> face.  Before Packages were introduced, everyone compiled from source. That
>> was a pain, and a long process, especially when you had dependancies that you
>> also had to compile.  Packages eased this process but kept the dependancy
>> issue.
> If you think using non-standard packages that put /persistent/ items in 
> non-persistent locations like /var/run in production environments is far 
> more acceptable than compiling from source because of package management 
> 'benefits' then (to me anyway) you're lazy and dangerous with critical 
> data.  My statement still stands.  Let me be clear:
>
> THIS. IS. NOT. ACCEPTABLE.
>
> The fact you'd rather bandaid a problem (in production no less) than 
> follow proper standards or compile from source to avoid said bandaid 
> would be a fire-able offense in any IT shop I've ever worked at.
>> Package managers got round (mostly) both the dependancy problem and updating
>> too. The problem with package maintainers not keeping up to date shows that
>> this still isn't perfect.
>>
>> However, if you go back to compiling from source then you lose all of these
>> benefits.
>>
>> Thankfully I do not earn my keep by watering lawns.  I do not believe that
>> this is acceptable, but by the same token I have to earn my keep and that
>> involves having working production servers and services.
>>
>> I have managed to get round this problem in the past through manually doing
>> the same function as systemd-tmpfiles. It is a small price to pay to have a
>> working, (relatively) up to date server.
> The fact you find this acceptable means you're either the only 
> 'qualified' (and even that is subject to doubt) person there, or your 
> management is too ignorant to understand the danger.  I'm sorry, but in 
> no way is this acceptable for production level servers. I'm sure, if you 
> asked 100 IT people you'd get 100 to agree with me.  Being flippant with 
> production servers is never acceptable.
>
> Of course, most people refuse to listen to logic and reason because they 
> are convinced they are right despite evidence (and best practices over 
> 40+ years of Unix) to the contrary.
>
> I'll end this by saying, I hope the production servers you have don't 
> provide critical services that could jeopardize the lives of people.  
> I'd ask who you work for, to make sure I avoid them at all costs, but 
> I'm not sure I'd be told.
>
> Again, denying 40+ years of Unix design and  best practices because 
> you're too lazy to manage compiling from source to avoid denying those 
> practices is truly one of the most astonishing things I've ever seen in 
> the 25 years I've been in IT.
>
> Then again, maybe I'm old-fashioned when I expect to do something and do 
> it right rather than half-ass it.
>
Don't know how long you have been working with UNIX but there was no /var/run 
40 years ago!
http://www.rhyshaden.com/unix.htm

-- 
Stephen Clark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-announce Digest, Vol 146, Issue 5

[Steve Clark]

Sorry for the noise I found it.

On 04/21/2017 08:56 AM, Steve Clark wrote:
> Hi,
>
> Where is the source rpm for firefox-52 I can't seem to find it googling for 
> it.
>
> Thanks,
> Steve
>
> On 04/21/2017 08:00 AM, centos-announce-requ...@centos.org wrote:
>> Send CentOS-announce mailing list submissions to
>>  centos-annou...@centos.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>  https://lists.centos.org/mailman/listinfo/centos-announce
>> or, via email, send a message with subject or body 'help' to
>>  centos-announce-requ...@centos.org
>>
>> You can reach the person managing the list at
>>  centos-announce-ow...@centos.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of CentOS-announce digest..."
>>
>>
>> Today's Topics:
>>
>>1. CESA-2017:1100 Critical CentOS 6 nss-util  Security Update
>>   (Johnny Hughes)
>>2. CESA-2017:1100 Critical CentOS 6 nss Security  Update
>>   (Johnny Hughes)
>>3. CESA-2017:1105 Important CentOS 6 bind SecurityUpdate
>>   (Johnny Hughes)
>>4. CESA-2017:1104 Critical CentOS 6 firefox Security  Update
>>   (Johnny Hughes)
>>5. CESA-2017:1109 Moderate CentOS 6   java-1.8.0-openjdk Security
>>   Update (Johnny Hughes)
>>6. CESA-2017:1100 Critical CentOS 7 nss-util  Security Update
>>   (Johnny Hughes)
>>7. CESA-2017:1100 Critical CentOS 7 nss Security  Update
>>   (Johnny Hughes)
>>8. CESA-2017:1106 Critical CentOS 7 firefox Security  Update
>>   (Johnny Hughes)
>>9. CESA-2017:1108 Moderate CentOS 7   java-1.8.0-openjdk Security
>>   Update (Johnny Hughes)
>>
>>
>> --
>>
>> Message: 1
>> Date: Thu, 20 Apr 2017 22:43:59 +
>> From: Johnny Hughes <joh...@centos.org>
>> To: centos-annou...@centos.org
>> Subject: [CentOS-announce] CESA-2017:1100 Critical CentOS 6 nss-util
>>  Security Update
>> Message-ID: <20170420224359.ga40...@n04.lon1.karan.org>
>> Content-Type: text/plain; charset=us-ascii
>>
>>
>> CentOS Errata and Security Advisory 2017:1100 Critical
>>
>> Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1100.html
>>
>> The following updated files have been uploaded and are currently 
>> syncing to the mirrors: ( sha256sum Filename ) 
>>
>> i386:
>> 09d5ded637588ded6406eafe69a19b13d981a8bf945ada12894da1a0d21d376f  
>> nss-util-3.28.4-1.el6_9.i686.rpm
>> fcc501f2c221dab92c66ba05ee5ad80ad5894984a5423d7db58020165cc0b45b  
>> nss-util-devel-3.28.4-1.el6_9.i686.rpm
>>
>> x86_64:
>> 09d5ded637588ded6406eafe69a19b13d981a8bf945ada12894da1a0d21d376f  
>> nss-util-3.28.4-1.el6_9.i686.rpm
>> 62d946e014cfbfb7cc657a58295a8f27b11043f2136edf91126b3ff467400c85  
>> nss-util-3.28.4-1.el6_9.x86_64.rpm
>> fcc501f2c221dab92c66ba05ee5ad80ad5894984a5423d7db58020165cc0b45b  
>> nss-util-devel-3.28.4-1.el6_9.i686.rpm
>> 515fd89043687a0cf6f40271d36ebfb34d27bd8304d8027e70b168d110fb81d5  
>> nss-util-devel-3.28.4-1.el6_9.x86_64.rpm
>>
>> Source:
>> 0667ca1376b6eca9ae5b4b0c5745d5ae9801227458afe5c43fab9422908f8763  
>> nss-util-3.28.4-1.el6_9.src.rpm
>>
>>
>>
> \
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-announce Digest, Vol 146, Issue 5

[Steve Clark]

Hi,

Where is the source rpm for firefox-52 I can't seem to find it googling for it.

Thanks,
Steve

On 04/21/2017 08:00 AM, centos-announce-requ...@centos.org wrote:
> Send CentOS-announce mailing list submissions to
>   centos-annou...@centos.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>   https://lists.centos.org/mailman/listinfo/centos-announce
> or, via email, send a message with subject or body 'help' to
>   centos-announce-requ...@centos.org
>
> You can reach the person managing the list at
>   centos-announce-ow...@centos.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of CentOS-announce digest..."
>
>
> Today's Topics:
>
>1. CESA-2017:1100 Critical CentOS 6 nss-util   Security Update
>   (Johnny Hughes)
>2. CESA-2017:1100 Critical CentOS 6 nss Security   Update
>   (Johnny Hughes)
>3. CESA-2017:1105 Important CentOS 6 bind Security Update
>   (Johnny Hughes)
>4. CESA-2017:1104 Critical CentOS 6 firefox Security   Update
>   (Johnny Hughes)
>5. CESA-2017:1109 Moderate CentOS 6java-1.8.0-openjdk Security
>   Update (Johnny Hughes)
>6. CESA-2017:1100 Critical CentOS 7 nss-util   Security Update
>   (Johnny Hughes)
>7. CESA-2017:1100 Critical CentOS 7 nss Security   Update
>   (Johnny Hughes)
>8. CESA-2017:1106 Critical CentOS 7 firefox Security   Update
>   (Johnny Hughes)
>9. CESA-2017:1108 Moderate CentOS 7java-1.8.0-openjdk Security
>   Update (Johnny Hughes)
>
>
> --
>
> Message: 1
> Date: Thu, 20 Apr 2017 22:43:59 +
> From: Johnny Hughes 
> To: centos-annou...@centos.org
> Subject: [CentOS-announce] CESA-2017:1100 Critical CentOS 6 nss-util
>   Security Update
> Message-ID: <20170420224359.ga40...@n04.lon1.karan.org>
> Content-Type: text/plain; charset=us-ascii
>
>
> CentOS Errata and Security Advisory 2017:1100 Critical
>
> Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1100.html
>
> The following updated files have been uploaded and are currently 
> syncing to the mirrors: ( sha256sum Filename ) 
>
> i386:
> 09d5ded637588ded6406eafe69a19b13d981a8bf945ada12894da1a0d21d376f  
> nss-util-3.28.4-1.el6_9.i686.rpm
> fcc501f2c221dab92c66ba05ee5ad80ad5894984a5423d7db58020165cc0b45b  
> nss-util-devel-3.28.4-1.el6_9.i686.rpm
>
> x86_64:
> 09d5ded637588ded6406eafe69a19b13d981a8bf945ada12894da1a0d21d376f  
> nss-util-3.28.4-1.el6_9.i686.rpm
> 62d946e014cfbfb7cc657a58295a8f27b11043f2136edf91126b3ff467400c85  
> nss-util-3.28.4-1.el6_9.x86_64.rpm
> fcc501f2c221dab92c66ba05ee5ad80ad5894984a5423d7db58020165cc0b45b  
> nss-util-devel-3.28.4-1.el6_9.i686.rpm
> 515fd89043687a0cf6f40271d36ebfb34d27bd8304d8027e70b168d110fb81d5  
> nss-util-devel-3.28.4-1.el6_9.x86_64.rpm
>
> Source:
> 0667ca1376b6eca9ae5b4b0c5745d5ae9801227458afe5c43fab9422908f8763  
> nss-util-3.28.4-1.el6_9.src.rpm
>
>
>

\
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

[Steve Clark]

On 04/10/2017 05:17 PM, John R Pierce wrote:
> On 4/10/2017 1:57 PM, m.r...@5-cent.us wrote:
>> In what universe are those "consistant" device names, as opposed to
>> eth[0...]? And how could it help automated scripts that you can run on
>> *any*  system you're administering?
> if I have a Intel gigE interface and a Marvell 10g interfaces, which one 
> is eth0 and why?
>
> Say its Intel on eth0 and Marvell on eth1, if I then add another intel, 
> is the Marvell now eth2 ?
>
>
In my experience the new interface would be eth2, because the startup scripts 
create a mac binding to ethx name in the
/etc/udev/rules.d/70-persistent-net.rules file, so even if the intel is probed 
before the marvel the scripts rename them to keep
them in the original order.

Steve
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

[Steve Clark]

On 04/09/2017 04:30 AM, J Martin Rushton wrote:
> On 09/04/17 05:39, Anthony K wrote:
>> According to "Arthur Schopenhauer":
>>
>> "All truth passes through three stages.
>> First, it is ridiculed.
>> Second, it is violently opposed.
>> Third, it is accepted as being self-evident."
> All ideas, true or false, follow those stages, but one hopes that the
> false ones are eventually derided and toppled.
>
>
>> I must admit that I skipped through the first and second stages - I
>> never found creating init scripts a joy and instead opted to write my
>> own scripts that I launched via inittab.  As such, I welcomed the
>> simplicity systemd's service files without fuss.
>>
>> So, at which stage are you in w/ regards to adopting systemd?  Are you
>> still ridiculing it, violently opposed to it, or have you mellowed to it?
>>
> Accepting it as a fait accompli.  It makes life much harder for no
> obvious gain, but short of creating one's own distro we seem to be stuck
> with it.  To answer your question, a combination of proposition 1 and
> the first part of proposition 3.
>
> For those of us with (in my case) over 30 years in the industry, reading
> init scripts is trivial and at least we can see what is going on and fix
> problems quickly.  Some vague, poorly documented, data file which is
> interpreted by a black box is the sort of joy one expects from the
> murkier regions of Redmond not the sunnier climes of Carolina.
>
>
+1
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com


signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

[Steve Clark]

On 03/08/2017 07:39 AM, John Hodrien wrote:
> On Wed, 8 Mar 2017, Steve Clark wrote:
>
>> Yes it is really hard!
>>
>> ip address add 192.168.0.1/24 dev enp0s25
>> ip route add default via 192.168.0.254 dev enp0s25
>> echo nameserver 8.8.8.8 > /etc/resolv.conf
>> echo nameserver 8.8.4.4 >> /etc/resolv.conf
> This is still a deliberately trivial case, as already said, with no
> teaming/bonding/vlan type fun in the mix.
Let us have a vote - how many of us do teaming/bonding/vlans on our servers?
Our networking gear does that in our installation.

> You're free to disentangle yourself from the bits of CentOS you don't like,
> and there's nothing at all stopping you, but after a while what you're
> supporting isn't CentOS.  I realise this is only one little part of the whole,
> but still.
>
> jh
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

[Steve Clark]

On 03/08/2017 05:52 AM, John Hodrien wrote:
> On Wed, 8 Mar 2017, Giles Coochey wrote:
>
>> Not really, Redhat/Centos has a lot to offer, but for me, networking is a 
>> one-time configuration, and the best way to configure it is using something 
>> that falls within this principle:
>>
>> https://en.wikipedia.org/wiki/KISS_principle
>>
>> I'm not flaming NetworkManager, I'm just stating that for many (perhaps 
>> most), it is over-engineered for a server orientated distribution. I can run 
>> with the script above on 30 server instances, and it doesn't, as yet, break 
>> any of the other features of Centos that I enjoy.
> It means you're stuck in your own hand crafted niche.  Which is fine, but it's
> up to you to maintain the niche, or you find yourself using obsolete tools
> like ifconfig and route.
>
> I'd argue there's a gulf between keeping things simple and doing things your
> own way.
>
> jh

Yes it is really hard!

ip address add 192.168.0.1/24 dev enp0s25
ip route add default via 192.168.0.254 dev enp0s25
echo nameserver 8.8.8.8 > /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf




-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

[Steve Clark]

On 03/08/2017 05:43 AM, Giles Coochey wrote:
>
> On 08/03/17 10:38, John Hodrien wrote:
>> On Wed, 8 Mar 2017, Giles Coochey wrote:
>>
>>> ifconfig enp0s25 192.168.0.1 netmask 255.255.255.0
>>> route add default gw 192.168.0.254 enp0s25
>>> echo nameserver 8.8.8.8 > /etc/resolv.conf
>>> echo nameserver 8.8.4.4 >> /etc/resolv.conf
>> Oh okay, you really do want to back away from Redhat entirely. That's
>> entirely your choice.
>>
>> What you end up with if you take this approach widely is effectively
>> your own
>> linux distribution.
>>
> Not really, Redhat/Centos has a lot to offer, but for me, networking is 
> a one-time configuration, and the best way to configure it is using 
> something that falls within this principle:
I agree - they are trying to make it like windows, and when something doesn't 
work correctly you
have no clue what is going on in the black box!

> https://en.wikipedia.org/wiki/KISS_principle
>
> I'm not flaming NetworkManager, I'm just stating that for many (perhaps 
> most), it is over-engineered for a server orientated distribution. I can 
> run with the script above on 30 server instances, and it doesn't, as 
> yet, break any of the other features of Centos that I enjoy.
>


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Spotty internet connection

[Steve Clark]

On 02/03/2017 01:23 PM, Matt Garman wrote:

On Fri, Feb 3, 2017 at 12:08 PM, John R Pierce  wrote:

for Comcast/Xfinity, I'm using a Arris SB6183 that I got at Costco.   this
is a simple modem/bridge, so /my/ router behind it gets the public IP.

Note that some residential ISPs may not offer "naked" Internet, and/or
won't allow you to bring your own device (BYOD).  At least in my area,
there are only two options for residential Internet; cable-based via
Comcast, and DSL-based via AT  I used to routinely switch back and
forth between the two, to play them against each other for the best
rates.  However, I had to give up on AT because they stopped
offering a "naked" service.  That is, when I was using them, I had the
most basic DSL modem, that literally did nothing except provide me
with a public Internet IP and the service.  Last I talked to them, I
could only use their service with their fancy all-in-one devices, that
are both a DSL modem and gateway/router/wireless AP.  I already have
all that infrastructure in my house, and I trust my ability to manage
it more than I trust the blackbox firmware that AT provides.

Going from memory, that all-in-one DSL service did give me a public
IP, but the device itself implemented NATing, so it looked like I was
getting a private IP.  There *may* have been a way to remove most of
the functionality of the all-in-one device ("DMZ mode" or something
like that); it's been discussed pretty heavily on the DSLReports
Forums.  (But, either way, even ignoring the technical grievances with
their service, AT's prices are higher and speed tiers lower than
Comcast's.)

TL;DR: (1) some ISPs may not allow BYOD; (2) if it looks like your ISP
is giving you a private IP, dig a little deeper, it could simply
appear that way due to the way the ISP configures the assigned device.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



Thanks to all that replied. I had ran nmap against from the private side and 
saw it
had a service listening on port 80, so I pointed my browser at it and a webpage
came up. I looked like it was for setting up the "Wireless" because that is 
what the
menu button said, so I initially didn't investigate it until after I had sent 
my previous
message. Turns out it gives you full access to setting up port forwarding, DMZ, 
firewall, etc.
So it looks like I can use DMZ mode an be in business.

Regards,
Steve

PS Brighthouse/Spectrum in my area lets you BYOD from a pretty large list they 
have certified
on their network.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Spotty internet connection

[Steve Clark]

On 02/02/2017 10:12 PM, TE Dukes wrote:



-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Matt
Garman
Sent: Thursday, February 2, 2017 8:52 PM
To: CentOS mailing list
Subject: Re: [CentOS] Spotty internet connection

On Thu, Feb 2, 2017 at 7:13 PM, TE Dukes 
wrote:

Lately I have been getting slow  and partial page loads, server not
found, server timed out, etc.. Get knocked off ssh when accessing my
home server from work, etc. Its not the work connection because I
don't have problems accessing other sites, just here at home and my home

server.

Is there any kind of utility to check for failing hardware?

I have the exact same problems from time to time via Comcast.  Mine comes
and goes, and lately it hasn't been too bad.  But when it comes, it's down

for

very small amounts of time, maybe 30-90 seconds, which is just long enough
to be annoying, and make the service unusable.

When it was really bad (intermittent dropouts as described above, almost
every night during prime time, usually for several hours at a
time) I wrote a program to do constant pings to several servers at once.

If

you're interested, I'll see if I can find that script.  But, conceptually,

it ran

concurrent pings to several sites, and kept some stats on drops longer

than

some threshold.  Some tips on a program like this: use IP addresses,

rather

than hostnames, because ultimately using a hostname implicitly does a DNS
lookup, which likely requires Internet service to work.  I also did

several

servers at once, so I could prove it wasn't just the one site I was

pinging.

Included in the list of servers was also the nexthop device beyond my

house

(presumably Comcast's own router).  Use traceroute to figure out network
paths.

After running this for a while---before I called them with the

evidence---the

problem magically cleared up, and since then it's been infrequent enough
that I haven't felt the need to fire up the script again.  When it comes

to

residential Internet, I am quite cynical towards monopoly ISPs like

Comcast...

so maybe they saw the constant pings and knew I was building a solid case
and fixed the problem.  Or maybe enough people in my area complained of
similar problems and they actually felt uncharacteristically caring for a

second.

I haven't been there in a while, but in the past, I've gotten a lot of

utility out

of the DSLReports Forums[1].  There are private forums that will put you

in

direct contact with technical people at your ISP.
It can sometimes be a good way to side-step the general customer service
hotline and get in touch with an actual engineer rather than a script

reader.

Maybe not, but worst-case you're only out some time.
Also, you might post this same question to one of the public forums over
there, as there seems to be lots of knowledgeable/helpful people hanging
out there.  (Despite the name, it's not only about DSL, but consumer ISPs

in

general.)

[1] http://www.dslreports.com/forums/all


Thanks for the info.

I've seen that site before so I might check it out.

My router/modem has a log. Its loaded with errors I can't interpret. I
googled a portion of it and landed on TWC forums.

Missing BP Configuration Setting TLV

http://forums.timewarnercable.com/t5/Connectivity/Predictable-disconnects/td
-p/1016

Didn't see much of an answer.

Hopefully it's a temporary thing as it just started.  I don't think it's a
problem on my end, maybe, but doubt it. I'll give it another day or so.

Thanks!!

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Hi,

What kind of cable modem/gateway do you have? Just wondering because my 12 year 
old Toshiba finally
crapped out and Spectrum gave me a new one. Its and ARRIS TG1682G and it only 
gives me a private IP not
like the old one which gave me the public IP so I can't ssh to home from work 
anymore, so I am wondering
how you do it?

Thanks,
Steve

--

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] static linking

[Steve Clark]

Hello,

Can someone explain why a static library would make calls to dlopen?

openssl-static-1.0.1e-48.el6_8.3.x86_64

/usr/lib64/libcrypto.a

In trying to staticly link against the above I get

/usr/lib64/libcrypto.a(fips.o): In function `verify_checksums':
(.text+0x62b): undefined reference to `dlopen'

It didn't use to do this.

Thanks,
Steve
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disk near failure

[Steve Clark]

On 10/27/2016 09:43 AM, Alessandro Baggi wrote:

Il 27/10/2016 13:58, Leonard den Ottolander ha scritto:

Hi,

On Thu, 2016-10-27 at 11:25 +0200, Alessandro Baggi wrote:

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

That's the line you are looking for. Since your disk apparently does not
store an error log - not sure if that's something with SSDs in general
or just with this particular disk - you will always have to invoke

smartctl -t short /dev/sda

and then after the test has completed check the output of

smartctl -a /dev/sda

for that particular line. Shouldn't be too hard to put in a cron job,
just make sure the job waits long enough (more than 1 minute, make it 2
to be sure) with reading the output of smartctl -a after invoking
smartctl -t short.

Regards,
Leonard.



You can also use the service smartd and edit the smartd.conf file and it have 
it send you emails when a disk starts to fail.



thank you for suggestion.

Alessandro.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tcpdump loses lots of packets

[Steve Clark]

Hello,

I've found it is helpful to limit the length of the packet you are capturing by 
using
something like -s 256.

On 08/14/2016 06:04 PM, Anand Buddhdev wrote:

On 14/08/16 12:20, Anand Buddhdev wrote:

Hi folks,

I've discovered something. See below:


The packet rate is also not that high. From the sending side, this is
what I have:

# tcpreplay -i qtx:p1p1 5min.pcap

If I send packets without qtx, like this:

tcpreplay -i p1p1 5min.pcap

then tcpdump on the receiving box has no problem, and keeps up happily
with the queries, and receives all of them into the pcap file. It seems
like the qtx module is somehow interfering with the packet capture, but
I don't know how or why yet.

Anyway, for low packet rates, such as 20,000 q/s, qtx isn't necessary,
so I will not use it when I want to do packet captures.

Regards,
Anand
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall-config not functional

[Steve Clark]

On 06/07/2016 04:46 PM, Jonathan Billings wrote:

On Jun 7, 2016, at 13:03, Emmett Culley  wrote:

I can see no use case for NetwortManager on our systems.  All network 
connections are static.

There are a couple reasons I still use NetworkManager on servers, but one big 
one is that the 'network' service runs once, on boot.  If there is no network 
connection, your server's network connection will never come up until you log 
in at a console to fix it or reboot. With the speed of computers these days, 
our servers often boot up faster than the networking equipment after a power 
cut.

I must be missing something here, so the system comes up, ip(s) are assigned to 
the interface, routes, etc then sometime later the switch comes up and you
ssh in. Never been a problem for me.


--
Jonathan Billings
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FirewallD and FTP passive mode

[Steve Clark]

On 05/05/2016 09:15 AM, Marcin Trendota wrote:

Howdy

I'm trying to run FTP server behind firewall. And i can't enable passive
mode from the Internet. There are plenty howtos but there aren't many
with my combination.

For now i have configured port forwarding and ftp server itself.

On the router:
# firewall-cmd --list-all --zone=external
external (active)
   interfaces: enp3s1
   sources:
   services: openvpn ssh
   ports: 1194/tcp 2666/tcp 88/tcp
   masquerade: yes
   forward-ports: port=21:proto=tcp:toport=:toaddr=10.0.32.7
 port=10090-10100:proto=tcp:toport=:toaddr=10.0.32.7
 port=88:proto=tcp:toport=80:toaddr=10.0.32.23
   icmp-blocks:
   rich rules:

I also did:
# modprobe ip_conntrack_ftp ports=10090,10100


excerpt form vsftpd.conf on the FTP server:
pasv_enable=Yes
pasv_min_port=10090
pasv_max_port=10100
pasv_addr_resolve=Yes

Do you have pasv_addr set to the hostname of the server?
pasv_address
  Use this option to override the IP address that vsftpd will 
advertise in response to
  the PASV command. Provide a numeric IP address, unless 
pasv_addr_resolve is enabled,
  in which case you can provide a hostname which will be  DNS  
resolved  for  you  at
  startup.

  Default: (none - the address is taken from the incoming connected 
socket)


>From LAN or through VPN it works. But on the public address i can only
log in, cannot turn into passive mode:

Connected to ftp1.domain.com (xxx.xxx.xxx.xxx).
220 (vsFTPd 2.2.2)
Name (ftp1.domain.com:root): user
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,32,7,39,111).
ftp: connect: Connection timed out

Also this IP looks weird - shouldn't it be public IP?

What am i doing wrong?
TIA.




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (wa

[Steve Clark]

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (wa

[Steve Clark]

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (wa

[Steve Clark]

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Problems with scsi

[Steve Clark]

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Problems with scsi

[Steve Clark]

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Problems with scsi-target-utils when hosted on dom0 centos 7 xen box)))))

[Steve Clark]

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Problems with scsi-target-utils when hosted on dom0 centos 7 xen box))))

[Steve Clark]

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Out of Office. (was: Out of Office. (was: Out of Office. (was: Problems with scsi-target-utils when hosted on dom0 centos 7 xen box)))

[Steve Clark]

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Out of Office. (was: Out of Office. (was: Problems with scsi-target-utils when hosted on dom0 centos 7 xen box))

[Steve Clark]

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] www.centos.org/forums/

[Steve Clark]

Hi List,

Does anyone know why the above URL is still using TLS V1.0.

I can't connect to it unless I enable TLS V1.0 which I was under the impression 
that it should not be used
anymore.

Thanks for any enlightenment.

Steve
--

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] problem restoring ssl and vlc

[Steve Clark]

On 03/01/2016 10:24 PM, g wrote:

to pass time waiting for reply, went thru kde application launcher.

found this progs have no icon:

   cheese

   audit logs

   media player

   note pad
   regedit
   wineconfig
   winefile
   winehelp
   wine software uninstall
   wine wordpad

   audio cd extractor


running chkrootkit, shows

   Checking `amd'... not found
   Checking `biff'... not found
   Checking `fingerd'... not found
   Checking `inetd'... not found
   Checking `inetdconf'... not found
   Checking `identd'... not found
   Checking `named'... not found
   Checking `pop2'... not found
   Checking `pop3'... not found
   Checking `rlogind'... not found
   Checking `rshd'... not found
   Checking `timed'... not found
   Checking `rexedcs'... not found

can not say what was before now.



You can use rpm -v -V -a to check the validity of all your packages or
rpm -v -V pkgname to check a single package.

See the following link for details.
http://www.rpm.org/max-rpm/ch-rpm-verify.html

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] snat packet going out a bridge

[Steve Clark]

On 01/20/2016 04:21 PM, Gordon Messmer wrote:

On 01/20/2016 09:55 AM, Steve Clark wrote:

Any ideas?

IP forwarding needs to be enabled, and you also need rules in your
FORWARD chain to allow the packets.


Thanks, but  forwarding is turned on and my FW rules are empty.

Chain INPUT (policy ACCEPT 359K packets, 136M bytes)
 pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 55801 packets, 4736K bytes)
 pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 319K packets, 141M bytes)
 pkts bytes target prot opt in out source destination



--
Stephen Clark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] snat packet going out a bridge

[Steve Clark]

Hi List,

I am running into a problem where I have 2 interfaces bridged with and ip 
address assigned.

I have another interface in which traffic has ingress traffic that needs to go 
out the bridged interface.
I am trying unsuccessfully to SNAT the traffic leaving the bridge interface to 
its assigned address.

# brctl show xbrdg0
bridge name bridge id   STP enabled interfaces
xbrdg0  8000.000c297aa55f   no  eth0
eth1
# ip a s xbrdg0
11: xbrdg0:  mtu 1500 qdisc noqueue state 
UNKNOWN
link/ether 00:0c:29:7a:a5:5f brd ff:ff:ff:ff:ff:ff
inet 192.168.100.3/24 scope global xbrdg0

# ip a s eth5
7: eth5:  mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:7a:a5:7d brd ff:ff:ff:ff:ff:ff
inet 10.10.0.1/29 scope global eth5

default via 192.168.100.1 dev xbrdg0

So I want traffic coming in eth5 with 10.10.0.x addresses to be source natted 
to 192.168.100.3.
But my iptables nat statement never gets hit.

Chain POSTROUTING (policy ACCEPT 172 packets, 31384 bytes)
 pkts bytes target prot opt in out source   destination
0 0 SNAT   all  --  *  xbrdg0 0.0.0.0/00.0.0.0  
   to:192.168.100.3
   29  1933 MASQUERADE  all  --  *  tun+ 0.0.0.0/00.0.0.0/0

# ping -I 10.10.0.1 8.8.8.8

# tcpdump -nli xbrdg0 icmp or arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on xbrdg0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:52:06.914295 IP 10.10.0.1 > 8.8.8.8: ICMP echo request, id 38932, seq 1, 
length 64
12:52:07.914592 IP 10.10.0.1 > 8.8.8.8: ICMP echo request, id 38932, seq 2, 
length 64
12:52:08.914579 IP 10.10.0.1 > 8.8.8.8: ICMP echo request, id 38932, seq 3, 
length 64

Any ideas?

Thanks,
Steve

--
Stephen Clark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Steve Clark]

On 12/10/2015 05:33 PM, John R Pierce wrote:

On 12/10/2015 1:56 PM, m.r...@5-cent.us wrote:

As a lesser example, I just*adore*  the new ethernet names - NOT. Breaks
scripts, makes it all more difficult, not to mention*so*  much easier to
guess, when you've debugging a box and your organization has hardware from
many OEMs. What was wrong with eth0, or even em1?

when you have multiple adapters, perhaps different types (maybe 2 10gigE
and 2 1gigE?) which one is eth0 supposed to be?   BSD has always used
driver type in the network device names, and having dealt with device
confusions before, I understand why.




ethtool can easily tell you the capabilities of the device - you don't need 
magic names.

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Steve Clark]

On 12/09/2015 09:37 AM, Lamar Owen wrote:

On 12/09/2015 08:54 AM, James B. Byrne wrote:

So, the implication of your suggestion, if I understand it aright, is
that I should audit all of the communication forums in use by Fedora
developers and then point out whenever any of the many dozens or
hundreds of contributors introduces something that in my opinion may
impact a server installation.  

Am I correct?

Yeah, pretty much.  At least you have the ability to have some input
upstream, unlike with Windows.

Once it is in RHEL, it is simply *going* to be in CentOS, full stop.  If
you don't want it in CentOS, then it needs to be yelled about when it
appears in Fedora.  Yes, this is work.  But many are already doing this
work; it is those people whose voices are being heard; it is also some
of those people that are making dynamic networking happen (which is
useful for more than just laptops).

Hi,

I think saying that you can have some say as to what goes into Fedora is being 
a little
naive, look at systemd, many people complained about its inclusion but the 
powers to be
heard none of it, and the refrain I saw was if you don't like systemd then run 
something else.

Regards,
Steve



If you want your voice to be heard, you have to use your voice in the
venue where changes can happen.  Once it is in a particular major
version of CentOS, it is simply not going away (unless RHEL removes it).


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 6 and super jumbo frames

[Steve Clark]

On 11/09/2015 12:36 PM, Gordon Messmer wrote:

On 11/09/2015 08:34 AM, Steve Clark wrote:

Has anyone using CentOS 6 been able to successfully set an mtu larger
than 9710
on an interface.

Maximum frame size varies from implementation to implementation:
http://pages.uoregon.edu/joe/jumbo-clean-gear.html

It's also worth noting that that due to offloading features in modern
NICs, there's often very little benefit to large frames. Since you
*really* need all of the devices on any network segment to use the same
MTU, the best option might be to eliminate jumbo frames (and test the
impact of doing so in terms of throughput and CPU utilization).


Hi Gordon,

Thanks for the response.

The real issue relates to doing pcap on an interface that is
hooked to a span port. The super jumbo frames cause rx_long_length_errors: 
2701813
which show up in our monitoring software and the customer thinks there are 
error on his
network.

So I wanted to increase the mtu on the interface so these errors would not be 
reported.


--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] centos 6 and super jumbo frames

[Steve Clark]

Hi,

Has anyone using CentOS 6 been able to successfully set an mtu larger than 9710
on an interface.

I am seeing super jumbo frames with length > 1.
...
IP 10.79.4.53.64327 > 10.79.2.53.24294: Flags [.], seq 16060:29200, ack 1, win 
32767, length 13140
...

CentOS release 6.7 (Final)

Thanks,

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LVM hatred, was Re: /boot on a separate partition?

[Steve Clark]

On 06/25/2015 06:44 PM, Chris Murphy wrote:

Gordon Messmer gordon.messmer at gmail.com  Wed Jun 24 01:42:13 UTC 2015


I wondered the same thing, especially in the context of someone who
prefers virtual machines.  LV-backed VMs have *dramatically* better disk
performance than file-backed VMs.

I did a bunch of testing of Raw, qcow2, and LV backed VM storage circa
Fedora 19/20 and found very little difference. What mattered most was
the (libvirt) cache setting, accessible by virsh edit the xml config
or virt-manager through the GUI. There have been a lot of

Which setting did you find most effective?

optimizations in libvirt and qemu that make qcow2 files perform
comparable to LVs.

For migrating VMs, it's easier if they're a file. And qcow2 snapshots
are more practical than LVM (thick) snapshots. The thin snapshots are
quite good though they take a lot of familiarity with setting them up.




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LVM hatred, was Re: /boot on a separate partition?

[Steve Clark]

On 06/25/2015 11:03 AM, James B. Byrne wrote:

On Wed, June 24, 2015 16:11, Chuck Campbell wrote:

Is there an easy to follow howto for normal LVM administration
tasks. I get tired of googling every-time I have to do something
I don't remember how to do regarding LVM, so I usually just
don't bother with it at all.

I believe it has some benefit for my use cases, but I've been
reticent to use it, since the last time I got LVM problems, I
lost everything on the volume, and had to restore from backups
anyway. I suspect I shot myself in the foot, but I
still don't know for sure.


At the risk of some ridicule I suggest that you look at installing
Webmin.  It is a web based system administration tool that I find
invaluable.  The two most common complaints I encounter when I discuss
its merits are 'security' and 'transparency'.

The security issue is trivially dealt with. Install Webmin and
configure it to listen on 127.0.0.1 using its standard port TCP1.
Install Firefox on the same host and then run firefox from an 'ssh -Y'
session using the --noremote option.  If you are totally paranoid then
firewall TCP1 as well, configure Webmin to use https only, and
then only start the webmin service when you are performing
maintenance.

There are less draconian measures that are in my opinion equally
secure from a practical standpoint but I am sure that you can figure
those out on your own.

The transparency issue is really unanswerable.  There exists a school
of thought that if you are going to administer a Linux system (or OS
of the proponent's choice) then you should learn the command syntax of
every command that you are called upon to use.  This is the
one-and-only path to enlightenment.  Like upholding motherhood and
promoting the wholesomeness of apple-pie this sort of moralizing
really brooks no answer. You can guess my opinion on that line of
puritanism.

As you have painfully discovered, infrequently used utilities and
commands are difficult to deal with.  The process of learning, or
relearning, the correct arcana is particularly noisome given the
notorious inconsistency of syntaxes across different utilities and the
spotty coverage of up-to-date documentation.  Google can be a
dangerous guide given the wide variation of practice across differing
flavours of *nix and the widespread aversion to providing dates on
writings. In consequence I consign transparency arguments and their
proponents to the religious fanatic file.  Nothing personal but there
is no point in arguing belief systems.

If you want to get infrequently performed sysadmin tasks done reliably
and with a minimum of fuss use something like Webmin and get on with
the rest of your life.



That is fine until suddenly you find yourself without your crutch.

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] kernel-debuginfo

[Steve Clark]

Hi,

Even though I am not running a centos.plus kernel yum wants to install
the kernel-debuginfo for it.


# yum install --disablerepo=\* --enablerepo=base-debuginfo kernel-debuginfo
Loaded plugins: fastestmirror, refresh-packagekit
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
-- Running transaction check
--- Package kernel-debuginfo.x86_64 0:2.6.32-504.8.1.el6 will be updated
--- Package kernel-debuginfo.x86_64 0:2.6.32-504.16.2.el6.centos.plus will be 
an update
-- Processing Dependency: kernel-debuginfo-common-x86_64 = 
2.6.32-504.16.2.el6.centos.plus for package: 
kernel-debuginfo-2.6.32-504.16.2.el6.centos.plus.x86_64
-- Running transaction check
--- Package kernel-debuginfo-common-x86_64.x86_64 0:2.6.32-504.8.1.el6 will be 
updated
--- Package kernel-debuginfo-common-x86_64.x86_64 
0:2.6.32-504.16.2.el6.centos.plus will be an update
-- Finished Dependency Resolution

Dependencies Resolved

===
 PackageArch Version
Repository  Size
===
Updating:
 kernel-debuginfo   x86_64 2.6.32-504.16.2.el6.centos.plus
base-debuginfo 268 M
Updating for dependencies:
 kernel-debuginfo-common-x86_64 x86_64 2.6.32-504.16.2.el6.centos.plus
base-debuginfo  43 M

Transaction Summary
===
Upgrade   2 Package(s)
--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wireshark 1.12.4

[Steve Clark]

On 04/20/2015 05:07 PM, Warren Young wrote:

On Apr 20, 2015, at 2:03 PM, Steve Clark scl...@netwolves.com wrote:

Does anyone know where I could find wireshark-1.12.4 el6 rpm?

CentOS is not the OS for you if you wish to have the very latest releases of 
software.

The Wireshark project doesn’t provide Linux binaries, apparently since it’s 
already shipped by most every Linux distro.  CentOS 6 ships 1.8.10.

If you must have a newer feature than is available in 1.8, you’ll probably have 
to build it from source.
___


Thanks Warren, that is helpful.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] wireshark 1.12.4

[Steve Clark]

Hi,

Does anyone know where I could find wireshark-1.12.4 el6 rpm?

Thanks,

--
Stephen Clark






___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Laptop for CentOS

[Steve Clark]

On 04/15/2015 12:55 PM, Steve Clark wrote:

Hello,

Has anyone used the Dell M3800 (ubuntu) laptop to run CentOS 6.x? If so how did 
it work out?

Also does anyone have a fairly new laptop they are running CentOS 6.x on,  that 
they are happy
about? I am in the market for a new laptop and it must run CentOS 6.x.

Thanks,



Thanks to all that replied,

I am leaning towards the Dell M4800 mobile WS, it seems pretty impressive
and can be ordered with Either RHEL 6.4 $$$, or Ubuntu LTS (no $$$) so if I get
it I will go that route. Only question I still have is whether to go AMD 
FirePro 5100 (standard)
or a Nvidia option.

Any thoughts or experiences.

Thanks again.

--
Stephen Clark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Laptop for CentOS

[Steve Clark]

Hello,

Has anyone used the Dell M3800 (ubuntu) laptop to run CentOS 6.x? If so how did 
it work out?

Also does anyone have a fairly new laptop they are running CentOS 6.x on,  that 
they are happy
about? I am in the market for a new laptop and it must run CentOS 6.x.

Thanks,

--
Stephen Clark





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Laptop for CentOS

[Steve Clark]

On 04/15/2015 01:01 PM, Eero Volotinen wrote:

Hi,

Dell provides laptops with RHEL ws. Buy one of that kind ?

Some quick googles only turned up articles about RHEL on Dell Laptops
in 2012 - nothing with RHEL seems to be current only with Ubuntu 14.04 .

Eero

2015-04-15 19:55 GMT+03:00 Steve Clark scl...@netwolves.com:


Hello,

Has anyone used the Dell M3800 (ubuntu) laptop to run CentOS 6.x? If so
how did it work out?

Also does anyone have a fairly new laptop they are running CentOS 6.x on,
that they are happy
about? I am in the market for a new laptop and it must run CentOS 6.x.

Thanks,

--
Stephen Clark






--
Stephen Clark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] java-1.8.0-oracle

[Steve Clark]

Hi List,

I see that java-1.8 from Oracle is in RedHat but I don't find it in CentOS 
repos.

This update adds the java-1.8.0-oracle and related packages to Red Hat
Enterprise Linux 6. (BZ#1138845)

Am I missing something?

Thanks,
Steve

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help with routing question.

[Steve Clark]

Hi James,

Antonio is correct. The default address is used when the destination address
is not on a subnet that is on one of your local interfaces.

Any packet destined for an address on the 192.168.6.0/24 subnet will 
automatically be sent with a source
address of 192.168.6.1

Same with any packet destined for an address on the 216.185.71.0/24 subnet will 
be sent with a source
address of 216.185.71.1.

 The kernel uses the first address on an interface as the primary address. You 
can see this if you just
do ifconfig ifname, you will only see the first address you assign to the 
interface.

Hope this helps,
Steve

On 02/18/2015 12:51 PM, Antonio S. Martins Jr. wrote:

Hi James,

Simply remove the GATEWAY line from the eth0:192 interface config :D

Then you'll had only one default gateway. And the source IP to all unknown 
address
will be the routeable one.

Att.,

Antonio.

- James B. Byrne byrn...@harte-lyne.ca escreveu:


De: James B. Byrne byrn...@harte-lyne.ca
Para: centos@centos.org
Enviadas: Quarta-feira, 18 de Fevereiro de 2015 15:39:16 (GMT-0300) 
Auto-Detected
Assunto: [CentOS] Help with routing question.

CentOS-6.6

We have a host that has multiple IPv4 addresses aliased to eth0.
The
primary address is 216.185.71.x and the alias is 192.168.6.x.

This host connects to devices on both netblocks without problems.
Only default routing is used and it looks like this:

#ip route
192.168.6.0/24 dev eth0  proto kernel  scope link  src 192.168.6.x
216.185.71.0/24 dev eth0  proto kernel  scope link  src 216.185.71.x
169.254.0.0/16 dev eth0  scope link  metric 1002
default via 192.168.6.1 dev eth0  src 192.168.6.x
default via 216.185.71.1 dev eth0


When the system connects to internal systems via ssh it uses the src
216.185.71.x for devices on that netblock and 192.168.6.x for devices
on the other.

The problem is that when we try to establish an ssh connection
off-site to another netblock altogether the host uses 192.168.6.x as
the source and the destination gets the public side IP address of our
gateway router as the point of origin due to masquerading.

I have solved this by explicitly binding ssh to the public ipv4 when
connecting using the --bind=216.185.71.x parameter.  But I have two
questions I would like to find answers for

1. Why is ssh using the private IP in preference to the public IP
when
connecting to off-site addresses?

2. How does one configure the routing table on network startup to
specifically detail the route particular addresses are supposed to
take?


For diagnosis here are the ifcfg scripts used for both interfaces:

DEVICE=eth0
BOOTPROTO=static
BROADCAST=216.185.71.255
DNS1=216.185.71.33
GATEWAY=216.185.71.1
HWADDR=38:60:77:D5:AC:D8
IPADDR=216.185.71.x
IPV6INIT=yes
IPV6_AUTOCONF=yes
NETMASK=255.255.255.0
NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
UUID=0202e615-ce93-4fe1-833a-c11259afb850


DEVICE=eth0:192
BOOTPROTO=static
BROADCAST=192.168.6.255
GATEWAY=192.168.6.1
IPADDR=192.168.6.x
NETMASK=255.255.255.0
NM_CONTROLLED=no
ONPARENT=yes
TYPE=Ethernet


--
***  E-Mail is NOT a SECURE channel  ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte  Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

--
Esta mensagem foi verificada pelo sistema de antivirus e
  acredita-se estar livre de perigo.



--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] libguestfs-winsupport

[Steve Clark]

On 02/09/2015 09:34 AM, Robert Nichols wrote:

On 02/06/2015 07:56 AM, Steve Clark wrote:

Hello List,

Does anyone know why this is not available in CentOS 6.6. I found it in
a SL repo but not in CentOS.

I opened http://bugs.centos.org/view.php?id=8183 last Friday (Feb 6).
You can also use the one in the C6.5-updates vault repository.


Thanks!

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] libguestfs-winsupport

[Steve Clark]

Hello List,

Does anyone know why this is not available in CentOS 6.6. I found it in a SL 
repo but not in CentOS.

I found several CentOS Bugs one answered by JH 
http://bugs.centos.org/print_bug_page.php?bug_id=6822
saying it had been added to 6.5

2013-12-09 19:05JohnnyHughesResolutionopen = fixed

But it is still not available.

cat /etc/redhat-release
CentOS release 6.6 (Final)

yum repolist
repo idrepo name status
base   CentOS-6 - Base 6,518
cr CentOS-6 - CR 0
elrepo ELRepo.org Community Enterprise Linux 
Repository - el6  302
epel   Extra Packages for Enterprise Linux 6 - 
x86_64 11,148
extras CentOS-6 - Extras 36
gf Ghettoforge packages that won't overwrite 
core distro packages. 149
rpmforge   RHEL 6 - RPMforge.net - dag  
 4,718
updatesCentOS-6 - Updates 725

yum list all | grep libguestfs
libguestfs.x86_64 1:1.20.11-11.el6 @base
libguestfs-tools.x86_64 1:1.20.11-11.el6 @base
libguestfs-tools-c.x86_64 1:1.20.11-11.el6 @base
libguestfs-devel.x86_64 1:1.20.11-11.el6 base
libguestfs-java.x86_64 1:1.20.11-11.el6 base
libguestfs-java-devel.x86_64 1:1.20.11-11.el6 base
libguestfs-javadoc.x86_64 1:1.20.11-11.el6 base
ocaml-libguestfs.x86_64 1:1.20.11-11.el6 base
ocaml-libguestfs-devel.x86_64 1:1.20.11-11.el6 base
python-libguestfs.x86_64 1:1.20.11-11.el6 base
ruby-libguestfs.x86_64 1:1.20.11-11.el6 base
Fri Feb  6 08:55:15 EST 2015


--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.6 64-bit won't install on a 3 TB disk

[Steve Clark]

On 01/13/2015 12:47 PM, Gordon Messmer wrote:

I'm having an issue getting a C6.6 install to work on a 3 TB dual hard
drive system, raid 0. I'm hoping that someone here can help.

1: Is this system booting UEFI or BIOS?
2: Is the disk partitioned with MBR or GPT?
3: Is /boot on its own partition?

3TB drives are larger than MBR and BIOS properly support, so they're
only really expected to work on a system partitioned with GPT and

Not exactly true - they work fine with an MBR but you can access 2/3 of the 
drive.
Also it is not necessary to use UEFI to boot.

You can have a fakeout mbr that is used for a standard bios boot.

# fdisk -l

WARNING: GPT (GUID Partition Table) detected on '/dev/sda'! The util fdisk 
doesn't support GPT. Use GNU Parted.

Disk /dev/sda: 3000.6 GB, 3000592982016 bytes
255 heads, 63 sectors/track, 364801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk identifier: 0x

   Device Boot  Start End  Blocks   Id  System
/dev/sda1   1  267350  2147483647+  ee  GPT
Partition 1 does not start on physical sector boundary.
Tue Jan 13 12:55:21 EST 2015
P308771:~

# parted -l
Model: ATA WDC WD30EFRX-68E (scsi)
Disk /dev/sda: 3001GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt

Number  Start   End SizeFile system Name Flags
 1  1049kB  2097kB  1049kB  bbp  bios_grub
 2  2097kB  1002MB  1000MB  ext3primary
 3  1002MB  5002MB  3999MB  linux-swap(v1)  primary
 4  5002MB  3001GB  2996GB  ext4primary



booting via UEFI.  And in that case, /boot and /boot/efi need to be
individual partitions.



--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.6 64-bit won't install on a 3 TB disk

[Steve Clark]

On 01/13/2015 12:57 PM, Steve Clark wrote:

On 01/13/2015 12:47 PM, Gordon Messmer wrote:

I'm having an issue getting a C6.6 install to work on a 3 TB dual hard
drive system, raid 0. I'm hoping that someone here can help.

1: Is this system booting UEFI or BIOS?
2: Is the disk partitioned with MBR or GPT?
3: Is /boot on its own partition?

3TB drives are larger than MBR and BIOS properly support, so they're
only really expected to work on a system partitioned with GPT and

Not exactly true - they work fine with an MBR but you can access 2/3 of the 
drive.
Also it is not necessary to use UEFI to boot.

You can have a fakeout mbr that is used for a standard bios boot.

# fdisk -l

WARNING: GPT (GUID Partition Table) detected on '/dev/sda'! The util fdisk 
doesn't support GPT. Use GNU Parted.

Disk /dev/sda: 3000.6 GB, 3000592982016 bytes
255 heads, 63 sectors/track, 364801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk identifier: 0x

 Device Boot  Start End  Blocks   Id  System
/dev/sda1   1  267350  2147483647+  ee  GPT
Partition 1 does not start on physical sector boundary.
Tue Jan 13 12:55:21 EST 2015
P308771:~

# parted -l
Model: ATA WDC WD30EFRX-68E (scsi)
Disk /dev/sda: 3001GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt

Number  Start   End SizeFile system Name Flags
   1  1049kB  2097kB  1049kB  bbp  bios_grub
   2  2097kB  1002MB  1000MB  ext3primary
   3  1002MB  5002MB  3999MB  linux-swap(v1)  primary
   4  5002MB  3001GB  2996GB  ext4primary


In addition this is how we partition our 3TB drives for a bios boot using 
parted.
parted -s ${DRIVE} -- mklabel gpt \
mkpart bbp 1MB 2MB \
set 1 bios_grub on \
mkpart primary ext3 2MB 1002MB \
mkpart primary linux-swap 1002MB 5002MB \
mkpart primary ext2 5002MB -1


booting via UEFI.  And in that case, /boot and /boot/efi need to be
individual partitions.




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] reboot - is there a timeout on filesystem flush?

[Steve Clark]

On 01/07/2015 08:53 AM, Les Mikesell wrote:

On Wed, Jan 7, 2015 at 12:10 AM, Keith Keller
kkel...@wombat.san-francisco.ca.us wrote:

On 2015-01-07, Gordon Messmer gordon.mess...@gmail.com wrote:

Of course, the other possibility is simply that you've formatted your
own filesystems, and they have a maximum mount count or a check
interval.

If Les is having to run fsck manually, as he wrote in his OP, then this
is unlikely to be the cause of the issues he described in that post.
There must be some sort of errors on the filesystem that caused the
unattended fsck to exit nonzero.


Yes - the unattended fsck fails.   Personally, I'd prefer for the
default run to use '-y' in the first place.  It's not like I'm more
likely than fsck to know how to fix it and it is very inconvenient on
remote machines.   The recent case was an opennms system updating a
lot of rrd files, but I've also seen it on backuppc archives with lots
of files and lots of hard links.  Some of these have been on VMware
ESXi hosts where the physical host wasn't rebooted and the
controller/power not involved at all.  Eventually these will be
replaced with CentOS7 systems, probably using XFS but I don't know if
that will be better or worse.   It is mostly on aging hardware, so it
is possible that there are underlying controller issues.  I also see
some rare cases on similar machines where a filesystem will go
read-only with some scsi errors logged, but didn't look for that yet
in this case.


I know that I have seen it take 10 ot 15 minutes to sync a 7200 rpm 3 TB WD 
drive that had over
2 million rrd files being updated by ntopng when the system had 32GB of ram. 
The system is a
Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz but one cpu will in in constant IO wait 
state until the
sync finishes. I have never tried shutting it down when it was syncing though.

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Design changes are done in Fedora

[Steve Clark]

On 01/02/2015 07:49 PM, Warren Young wrote:

On Jan 1, 2015, at 2:15 PM, James B. Byrne byrn...@harte-lyne.ca wrote:


On Wed, December 31, 2014 12:03, Warren Young wrote:

So, cope with change.

Is one to infer from your mantra 'cope with change' that one is not supposed
to express any opinion whatsoever, ever, on any forum

No, it’s a reaction to those who apparently want nothing to change ever again.  
A lot of people are constitutionally unwilling to cope with the removal of 
their cheese:

 https://en.wikipedia.org/wiki/Who_Moved_My_Cheese%3F

Well, tough.  Either you’re part of the solution or you’re part of the 
precipitate.

Or something like that.

Well Linus doesn't agree with this in the Kernel - Here is a recent entry from 
linux-wireless

The people who are trying to deprecate the WEXT interfaces should put
the blame firmly where it belongs - on the people who thought that
we'll just ignore all old history.

Because people who think that we'll just redesign everything are
actually f*cking morons. Really.

There's a real reason the kernel has the no regression policy. And
that reason is that I'm not a moron.

History matter. Legacy uses matter.

  Linus

on the externalised
cost of changes made to software with no evident technical justification?

Yelling about it on the CentOS mailing list isn’t going to affect *anything*.

If you want to effect change, go join the Fedora development community.

I did not say go yell over the wall *at* the Fedora development community, I 
said go *join them*.  Get involved.  Put your code out into the marketplace of 
ideas as an alternative to the ideas currently being offered.  If you’ve truly 
got the best solution, you’ll start to move things in the direction you want 
them to go.

It’s not going to happen immediately, but in a do-ocracy, those who do things 
accrete ruling powers.

Or, you can go fork EL6 or whatever other “classic” distro that makes you 
happier.  That’s a lot more work and just adds to the fractiousness that’s part 
of the problem here, but if your ideas really are hot, you’ll cause another of 
the occasional shifts that happen in the Unix/Linux landscape.


We all cope with change until we die.  That is not a philosophy or program. It 
is an observation on the state of existence; and is no more useful than the 
observation that, eventually, we all die.

The conservative mindset (small “c”) doesn’t want to cope.  A lot of social 
progress happens only through generational turn-over.

I’d prefer that Linux keeps moving forward faster than generational speed.  
That means we cannot allow change to be delayed until those currently using the 
existing tech get done with their careers in tech.

Technology is a field for unabashed neophiles.

My definition of “technology” is the set of things that don’t work reliably 
yet.  Once a thing has been perfected, it stops being tech.  *Pencils* were 
once high-tech.  Computers?  We’re still working on that one.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Design changes are done in Fedora

[Steve Clark]

On 12/29/2014 09:04 PM, Warren Young wrote:

On Dec 29, 2014, at 4:03 PM, Les Mikesell lesmikes...@gmail.com wrote:


On Mon, Dec 29, 2014 at 3:03 PM, Warren Young w...@etr-usa.com wrote:

the world where you design, build, and deploy The System is disappearing fast.

Sure, if you don't care if you lose data, you can skip those steps.

How did you jump from incremental feature roll-outs to data loss?  There is no 
necessary connection there.

In fact, I’d say you have a bigger risk of data loss when moving between two 
systems released years apart than two systems released a month apart.  That’s a 
huge software market in its own right: legacy data conversion.

If your software is DBMS-backed and a new feature changes the schema, you can 
use one of the many available systems for managing schema versions.  Or, roll 
your own; it isn’t hard.

You test before rolling something to production, and you run backups so that if 
all else fails, you can roll back to the prior version.

None of this is revolutionary.  It’s just what you do, every day.


when it breaks it's not the developer answering
the phones if anyone answers at all.

Tech support calls shouldn’t go straight to the developers under any 
development model, short of sole proprietorship, and not even then, if you can 
get away with it.  There needs to be at least one layer of buffering in there: 
train up the secretary to some basic level of cluefulness, do everything via 
email, or even hire some dedicated support staff.

It simply costs too much to break a developer out of flow to allow a customer 
to ring a bell on a developer’s desk at will.


The world is moving toward incrementalism, where the first version of The 
System is the smallest thing that can possibly do anyone any good.  That is 
deployed ASAP, and is then built up incrementally over years.

That works if it was designed for rolling updates.  Most stuff isn’t,

Since we’re contrasting with waterfall development processes that may last many 
years, but not decades, I’d say the error has already been made if you’re still 
working with a waterfall-based methodology today.

The first strong cases for agile development processes were first made about 15 
years ago, so anything started 7 years ago (to use the OP’s example) was 
already disregarding a shift a full software generation old.


some stuff can't be.

Very little software must be developed in waterfall fashion.

Avionics systems and nuclear power plant control systems, for example.  Such 
systems make up a tiny fraction of all software produced.

A lot of commercial direct-to-consumer software also cannot be delivered 
incrementally, but only because the alternative messes with the upgrade 
treadmill business model.

Last time I checked, this sort of software only accounted for about ~5% of all 
software produced, and that fraction is likely dropping, with the moves toward 
cloud services, open source software, subscription software, and subsidized 
software.

The vast majority of software developed is in-house stuff, where the developers 
and the users *can* enter into an agile delivery cycle.

Where did you get the 5% from according to google there are

over 200 billion lines of existing COBOL code, much of it running mission-critical 
24/7 applications, it is simply too costly (in the short run) for many organizations to 
convert.

And what about Fortran, RPG etc.

Also how big is the outfit you work for? Sounds like you have no shortage of 
help, a lot of place don't have unlimited resources like you seem to have.


Instead of trying to go from 0 to 100 over the course of ~7 years, you deliver 
new functionality to production every 1-4 weeks, achieving 100% of the desired 
feature set over the course of years.

If you are, say, adding up dollars, how many times do you want that
functionality to change?

I’m not sure what you’re asking.

If you’re talking about a custom accounting system, the GAAP rules change 
several times a year in the US:

http://www.fasb.org/jsp/FASB/Page/SectionPagecid=1176156316498

The last formal standard put out by FASB was 2009, and they’re working on 
another version all the time.  Chances are good that if you start a new 7-year 
project, a new standard will be out before you finish.

If instead you’re talking about the cumulative cost of incremental change, it 
shouldn’t be much different than the cost of a single big-bang change covering 
the same period.

In fact, I’d bet the incremental changes are easier to adopt, since each change 
can be learned piecemeal.  A lot of what people are crying about with EL7 comes 
down to the fact that Red Hat is basically doing waterfall development: many 
years of cumulative change gets dumped on our HDDs in one big lump.

Compare a rolling release model like that of Cygwin or Ubuntu (not LTS).  
Something might break every few months, which sounds bad until you consider 
that the alternative is for *everything* to break at the same time, every 3-7 

[CentOS] ifcfg-br options

[Steve Clark]

Hi,

Does anyone know if there is an option for the ifcfg-br file that matches the
brctl setageing parameter?

I am using KVM and am running a DPI guest and need this parameter set to 0 to 
get
mirrored span port data to cross the bridge to the guest vnet device.

Thanks,

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ifcfg-br options

[Steve Clark]

On 12/30/2014 09:14 AM, Patrick Laimbock wrote:

Hi Steve,

On 30-12-14 14:32, Steve Clark wrote:

Hi,

Does anyone know if there is an option for the ifcfg-br file that
matches the
brctl setageing parameter?

I didn't see anything related in sysconfig.txt but there is
https://bugs.centos.org/view.php?id=4675

HTH,
Patrick



Hi Patrick,

I just checked the ifup-eth script on my CentOS 6.6 box and it already had the 
patch in it. Looks like I am all set.

Thanks,

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - httpd 2.2.29

[Steve Clark]

On 12/15/2014 05:51 AM, For@ll wrote:

Hi

I had a two repo for cento6 where I can download httpd 2.2.29,
(baseurl=http://centos.alt.ru/repository/centos/6/$basearch/) and
baseurl=http://mirror.fserver.ru/centos-repo/6/$basearch

For now this repo is not active, any other repo have 2.2.29 rpm which I
can add to my repo



Have you tried
http://ghettoforge.org/index.php/Main_Page

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fwd: Centos and logs

[Steve Clark]

On 11/18/2014 10:25 AM, zep wrote:

On 11/18/2014 10:03 AM, Alan Holt wrote:

Hello,

may be anyone familiar with some tool for viewing logs.
I mean web-interface based, simple solution.

you say 'servers': plural, which leads me to think you're doing
load balancing or otherwise have multiple servers which seems
like another layer to consider for your puzzle.


I have developers, and I can't give them access to my Centos servers, but
they want to see logs of Apache. I want to give them address like
172.17.17.21/logs and they will be able to watch logs of Apache in browser.

I was looking a lot for something like this, but didn't find.
Alex.

*UPD: *something very simple like phpMemcachedAdmin or familiar to this
Thank you.

I would consider something like splunk (or more likely one of the
free alternatives) and a setup like:

(users) ---public interface -- [webserver] -private interface --\
 -- for logs--[splunk/log collector](developers)

and make sure there are acls/firewall rules in place to just allow
your developers access (http logs may well include some data that
you don't want to get out to the public, like if someone implements a
cgi as a get instead of a post but has sensitive data included)


We are using loganalyzer from the same people that do rsyslog.

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Chromium browser for C6

[Steve Clark]

On 11/17/2014 11:49 AM, Johnny Hughes wrote:

On 11/17/2014 10:05 AM, Darr247 wrote:

On 17 November 2014 @15:19 zulu, Johnny Hughes wrote:

I (we, the CentOS Project) can not distribute flash

Is it because Adobe said no, or that you never actually asked?
Because I was OK'd to distribute FlashPlayer (both the ActiveX and
'other browser' Plugin versions) just by filling out a simple online
application.
https://www.adobe.com/cfusion/mmform/index.cfm?name=distribution_formpv=fp

Or is it because the CentOS Project *won't* distribute it because Adobe
doesn't release the source code?

Well, Red Hat had to take it out of their build.  And in this case the
issue is a combination problem with Adobe and Google.  Google has
permission to build and distribute flash as pepperflash in Chrome.

Red Hat asked and was told no for that combination in chromium.

Adobe's actual flash player no longer works on chromium .. only
pepperflash, built by Google.

And Google does not allow chromium builders to distribute that (well
they (Google) are only allowed to distribute it by Adobe).

So, the thing I would need to get permission to distribute is the
pepperflash.so which is built by Google, which I can not distribute.

So, this is much less a problem of no source code ... it is that I can't
build it, Adobe's no longer works, and no one but Google can distribute
pepperflash.so legally in the US.

Thanks,
Johnny Hughes



Slightly OT - Mozilla is building their own flash player using JS it is called 
shumway.

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] outside ssh connection from two different ISP's

[Steve Clark]

On 11/10/2014 05:38 PM, Jack Bailey wrote:

On 11/10/2014 2:11 PM, Frank Cox wrote:

I have both cable and dsl service.  The router attached to the cable service is 
192.168.0.1 and the router attached to the dsl service is 192.168.0.254.  I 
determine which service my computers communicate through by setting the gateway 
assignment to either of those addresses and it just works.

I can connect to my computers from the outside by port forwarding from my 
routers to the computer that I want to connect to.

However, the outside ssh connection works only if the computer's gateway 
assignment matches the router that I'm connecting to.  I suspect that I have to 
set up some sort of routing assignment to tell the computer to reply to the 
gateway that the ssh connection request came in on if it doesn't match the 
current gateway assignment, but I have no idea how to do that.


I also have two ISPs at home.  I have a Peplink to manage this now, but
before that I some commands in rc.local.  I had two networks and two
NICs on my workstation.  This used to work on CentOS 6.

##
# symetric routing   #
##

NIC1=eth0
IP1=192.168.1.6
GW1=192.168.1.1
NET1=192.168.1.0/24

NIC2=eth1
IP2=192.168.2.6
GW2=192.168.2.1
NET2=192.168.2.0/24

DEFGW=$GW2

cat  EOF  /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0   unspec
#
# local
#
#1  inr.ruhep

# symetric routing
101 T1
102 T2
EOF

# routing and default gateway for each interface
ip route add $NET1 dev $NIC1 src $IP1 table T1
ip route add default via $GW1 table T1
ip route add $NET2 dev $NIC2 src $IP2 table T2
ip route add default via $GW2 table T2

# regular routes
ip route add $NET1 dev $NIC1 src $IP1
ip route add $NET2 dev $NIC2 src $IP2

# preference for default route
route delete default
ip route add default via $DEFGW

# rules
ip rule add from $IP1 table T1
ip rule add from $IP2 table T2

# enable routing
echo 1  /proc/sys/net/ipv4/ip_forward

Good luck,
Jack



I can verify the above works just fine if all you want to be able to do is 
reach your system from
outside over either isp..

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] outside ssh connection from two different ISP's

[Steve Clark]

On 11/11/2014 12:44 PM, Les Mikesell wrote:

On Tue, Nov 11, 2014 at 11:32 AM, Frank Cox thea...@melvilletheatre.com wrote:

On Tue, 11 Nov 2014 10:12:58 -0600
Les Mikesell wrote:


I think that is a different scenario, though.  Since the subnet
addresses are the same for both routers, the OP must only have one
NIC

Yes.

Can you tell where the packets are getting lost?   Asymmetric routing
is supposed to work per the IP design, but Red Hat thinks they know
better and breaks it with their default settings:
https://access.redhat.com/solutions/53031

However, I thought that only applied to multiple NICs.   Can you tell
if packets are coming in from the non-default router and the response
sent to the default one?And if so, can you traceroute to the
address where the connection attempt is originating?


Natting is obviously involved on this end and if the incoming ssh session is 
originating thru a nat
then if the response packet doesn't have as a source what the original 
destination was the
nat on the ssh end won't be able to figure where the packet should go.

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] outside ssh connection from two different ISP's

[Steve Clark]

On 11/11/2014 02:15 PM, Les Mikesell wrote:

On Tue, Nov 11, 2014 at 12:55 PM, Steve Clark scl...@netwolves.com wrote:

On 11/11/2014 12:44 PM, Les Mikesell wrote:

On Tue, Nov 11, 2014 at 11:32 AM, Frank Cox thea...@melvilletheatre.com
wrote:

On Tue, 11 Nov 2014 10:12:58 -0600
Les Mikesell wrote:


I think that is a different scenario, though.  Since the subnet
addresses are the same for both routers, the OP must only have one
NIC

Yes.

Can you tell where the packets are getting lost?   Asymmetric routing
is supposed to work per the IP design, but Red Hat thinks they know
better and breaks it with their default settings:
https://access.redhat.com/solutions/53031

However, I thought that only applied to multiple NICs.   Can you tell
if packets are coming in from the non-default router and the response
sent to the default one?And if so, can you traceroute to the
address where the connection attempt is originating?


Natting is obviously involved on this end and if the incoming ssh session is
originating thru a nat
then if the response packet doesn't have as a source what the original
destination was the
nat on the ssh end won't be able to figure where the packet should go.

That makes sense.  The original target of the connection would be the
public side of the non-default gateway and it would reach the target
via port-forwarding, keeping the public source address.   The response
would go to the default router which would forward it on, but NAT to
its own public address.  Then when the response packet gets back to
the originating system it won't be associated with the originating
socket since it's source IP  won't match the initial target.   Or
maybe the other router drops it because the connection isn't
established and the response packet won't have a SYN.

I can't think of a handy fix for this without extra public addresses.
If you know a fixed IP address or range that would only be used for
this connection (e.g. to connect in and flip the default gateway if
the other one is down), you could add a static route for it.


Buy second NIC and then the original script Jack Baily provided would work.

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] automated smtp server check

[Steve Clark]

On 11/04/2014 02:49 PM, José María Terry Jiménez wrote:

El 04/11/14 a las 20:36, Frank Cox escribió:

I would like to set up a cron job to automatically check whether my mailserver 
and webserver are up, and tell me if they're not.

This script tells me if my webserver is up:

#!/bin/bash
wget -q --tries=10 --timeout=20 --spider http://melvilletheatre.com
if [[ $? -eq 0 ]]; then
  echo Online
else
  echo Offline
fi

How can I do the something similar with my mailserver?

Or if someone knows of an integrated tool that will monitor this in a better 
way (whatever that may be), I'm more than interested.


Hello

I use Nmap to test if a server up in a port:

$ nmap -p587 a.mail.server |grep -i 587

587/tcp open  submission

Or several ports:

$ nmap -p25,143,587 a.mail.server |grep -i open
25/tcp  open  smtp
143/tcp open  imap
587/tcp open  submission

If the server is working, the port is shown as open. You can parse it as
desired to message you as you want

Best
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


How about using nc with something like this:
No server listening at 10.0.129.71
$ nc 10.0.129.71 25  EOF
QUIT
EOF
$ echo $?
1



Server listening at localhost
$ nc localhost 25  EOF
QUIT
EOF
220 sclark66.netwolves.com ESMTP Sendmail 8.14.4/8.14.4; Tue, 4 Nov 2014 
15:03:22 -0500
221 2.0.0 sclark66.netwolves.com closing connection
$ echo $?
0



--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wow! Double wow!

[Steve Clark]

On 10/29/2014 10:02 AM, Beartooth wrote:

I'm running CentOS 6 (6.5 iirc) on my wife's machine, which I've
been updating pretty much every day. Today yum got 425 packages!

Somewhere a dam must have broken. Sometimes some of us don't
appreciate how much work the developers do.

Strength to their arms, and many heartfelt thanks!

+100

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] epel repo

[Steve Clark]

Hi,

Has anyone else had trouble trying to reach the epel repo. I can only get to it 
if
I change the https to http in the epel.repo file.


--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] epel repo

[Steve Clark]

On 10/23/2014 08:24 AM, Steve Clark wrote:

Hi,

Has anyone else had trouble trying to reach the epel repo. I can only get to it 
if
I change the https to http in the epel.repo file.



Figured it out - needed to update nss.

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.4 kernel panic on boot after upgrading kernel to 2.6.32-431.29.2

[Steve Clark]

On 10/14/2014 02:29 AM, Greg Lindahl wrote:

On Tue, Oct 14, 2014 at 09:26:41AM +0300, Mihamina Rakotomandimby wrote:

On 10/14/2014 09:19 AM, Greg Lindahl wrote:

Yeah: don't run random combinations of rpms and then ask the mailing
list for support.

If yum/rpm allowed him to just upgrade the core kernel witouh the whole
system, that means it should be possible to run with it.

That is so not the case!


I have been doing just that for years with CentOS 5 and CentOS 6 and never, 
ever had a problem
on a whole bunch of different hardware!


Please, be positive.

Uhuh. If you ask for advice, you will receive it.

-- greg

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 答复: turn bootable USB into bootable iso image

[Steve Clark]

On 10/11/2014 06:39 AM, 沈焕标 wrote:

I am sorry for my misunderstanding. And I thing you should try the command dd 
to create an ISO file. For example: dd if=/dev/sdX of=/xxx/xxx/xxx.iso... I hope you will 
make it..

Hi,

I have already tried that - it does not work.



Best wishes ---
---Bill Shen


发件人: aravind Jmailto:aravindkumar@gmail.com
发送时间: ‎2014/‎10/‎11 17:32
收件人: CentOS mailing listmailto:centos@centos.org
主题: Re: [CentOS] turn bootable USB into bootable iso image

On Oct 10, 2014 7:12 PM, Steve Clark scl...@netwolves.com wrote:

Hello List

I have a Bootable USB stick that we use to Boot our servers and then

install CentOS,

PostgreSQL and our SW thru a Kickstart script.

It works like a charm but now we are thinking of going Virtual and

prepping Virtual CentOS servers under VMware ESXi.

However, to have the same Boot and Install functionality I see no other

solution than Booting a VMware machine from an ISO.

So, what I would like to do is to take the Bootable USB and make it into

an ISO.

Any ideas?


Hi,

Not sure whether the following will work, but just a thought.

Create an .img file from the usb by doing a 'dd' from usb to .img file.
Then attach the .img file to the vm as a disk and then boot the vm from the
disk image to start regular kickstart installation.

Thanks  Regards,
Aravind
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd Adding Its Own Console To Linux Systems

[Steve Clark]

On 10/11/2014 08:07 AM, Marcelo Ricardo Leitner wrote:

On 09-10-2014 14:13, Les Mikesell wrote:

On Thu, Oct 9, 2014 at 11:51 AM, Steve Clark scl...@netwolves.com wrote:

What exactly does that mean - multi seat environments?

http://www.freedesktop.org/wiki/Software/systemd/multiseat/


Ok I read the information. So as I understand it you are going have a
computer that
has multiple graphics cards with multiple keyboards and multiple mice
divided into
seats. Really?

Where do I buy this computer?

It is much simpler to run remote X sessions over a network for
multiuser access  and probably not much more expensive if you use
older PCs as terminals.  You do have to boot something, but x2go or

You think that nobody on that project thought about this before?


freenx/NX are cross platform and have great remote performance.  I'm
surprised no one has made a mini-linux distro that boots straight to
x2go for this purpose, but if they have, I haven't found it.

It's not just remote X sessions. You want at least USB and audio
redirection and also a decent 3D performance.

We currently do that using spice for VMs, I don't know how feasible it
is to run it on a real hardware.

There are some good pro's on this setup:
- this installation is physically simpler than having 4 full computers
as it requires 1/4 of the wall plugs and network points
- no single point of failure (as in: 4 seats down is okay), if you
compare with ones using x2go and similar (application server)
- easily scalable: need more seats? buy 1 computer more, you have +4
seats, and you're good. No server needs to be re-evaluated.
- easier to maintain, as you maintain 1/4 of the systems you would
otherwise.
- very cost effective with commodity hardware, that everyone knows how
to deal with.
- vendor independent

And probably many others that I forgot :)

Not saying it's the best, though. Just saying that yes this is a good
project that is well plotted and has its audience.

Marcelo

Yes but you have to be physically close to the main cpu. What about 
distractions from other people sitting right next to you?
Playing music, etc.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] turn bootable USB into bootable iso image

[Steve Clark]

On 10/11/2014 05:32 AM, aravind J wrote:

On Oct 10, 2014 7:12 PM, Steve Clark scl...@netwolves.com wrote:

Hello List

I have a Bootable USB stick that we use to Boot our servers and then

install CentOS,

PostgreSQL and our SW thru a Kickstart script.

It works like a charm but now we are thinking of going Virtual and

prepping Virtual CentOS servers under VMware ESXi.

However, to have the same Boot and Install functionality I see no other

solution than Booting a VMware machine from an ISO.

So, what I would like to do is to take the Bootable USB and make it into

an ISO.

Any ideas?


Hi,

Not sure whether the following will work, but just a thought.

Create an .img file from the usb by doing a 'dd' from usb to .img file.
Then attach the .img file to the vm as a disk and then boot the vm from the
disk image to start regular kickstart installation.

Thanks  Regards,
Aravind
___


Hi Aravind,

That is an interesting idea.

Thanks,

--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] turn bootable USB into bootable iso image

[Steve Clark]

Hello List

I have a Bootable USB stick that we use to Boot our servers and then install 
CentOS,
PostgreSQL and our SW thru a Kickstart script.

It works like a charm but now we are thinking of going Virtual and prepping 
Virtual CentOS servers under VMware ESXi.

However, to have the same Boot and Install functionality I see no other 
solution than Booting a VMware machine from an ISO.

So, what I would like to do is to take the Bootable USB and make it into an ISO.

Any ideas?

Thanks,


--
Stephen Clark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 答复: turn bootable USB into bootable iso image

[Steve Clark]

On 10/10/2014 11:19 AM, 沈焕标 wrote:

ctrl-d to settings，than you can see the CDROM, choose to use the ISO image file.

Sent from my Windows Phone

发件人: Steve Clarkmailto:scl...@netwolves.com
发送时间: ‎2014/‎10/‎10 21:42
收件人: CentOS mailing listmailto:centos@centos.org
主题: [CentOS] turn bootable USB into bootable iso image

Hello List

I have a Bootable USB stick that we use to Boot our servers and then install 
CentOS,
PostgreSQL and our SW thru a Kickstart script.

It works like a charm but now we are thinking of going Virtual and prepping 
Virtual CentOS servers under VMware ESXi.

However, to have the same Boot and Install functionality I see no other 
solution than Booting a VMware machine from an ISO.

So, what I would like to do is to take the Bootable USB and make it into an ISO.

Any ideas?

Thanks,


--
Stephen Clark


I don't think you understood what I said.
I have a bootable usb key that I want to turn into a bootable iso image - not 
how to boot it.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd Adding Its Own Console To Linux Systems

[Steve Clark]

On 10/08/2014 07:39 PM, Jonathan Billings wrote:

On Oct 8, 2014, at 6:58 PM, Jonathan Billings billi...@negate.org wrote:

3.) better support multi-seat environments

Errr... I meant that moving it to userspace makes it easier to support 
multi-seat environments.

Hi Jonathan,

What exactly does that mean - multi seat environments?


--
Jonathan Billings billi...@negate.org


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




--
Stephen Clark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd Adding Its Own Console To Linux Systems

[Steve Clark]

On 10/09/2014 09:57 AM, Jonathan Billings wrote:

On Thu, Oct 09, 2014 at 07:12:50AM -0400, Steve Clark wrote:

Hi Jonathan,

What exactly does that mean - multi seat environments?

http://www.freedesktop.org/wiki/Software/systemd/multiseat/


Ok I read the information. So as I understand it you are going have a computer 
that
has multiple graphics cards with multiple keyboards and multiple mice divided 
into
seats. Really?

Where do I buy this computer?



--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd Adding Its Own Console To Linux Systems

[Steve Clark]

On 10/09/2014 01:13 PM, Les Mikesell wrote:

On Thu, Oct 9, 2014 at 11:51 AM, Steve Clark scl...@netwolves.com wrote:

What exactly does that mean - multi seat environments?

http://www.freedesktop.org/wiki/Software/systemd/multiseat/


Ok I read the information. So as I understand it you are going have a
computer that
has multiple graphics cards with multiple keyboards and multiple mice
divided into
seats. Really?

Where do I buy this computer?

It is much simpler to run remote X sessions over a network for
multiuser access  and probably not much more expensive if you use
older PCs as terminals.  You do have to boot something, but x2go or
freenx/NX are cross platform and have great remote performance.  I'm
surprised no one has made a mini-linux distro that boots straight to
x2go for this purpose, but if they have, I haven't found it.


Or a raspberry-pi for $50 if you don't have an old PC.


--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Systemd Adding Its Own Console To Linux Systems

[Steve Clark]

Anybody see this article on /.

--
Stephen Clark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd Adding Its Own Console To Linux Systems

[Steve Clark]

On 10/08/2014 02:22 PM, Digimer wrote:

On 08/10/14 02:18 PM, m.r...@5-cent.us wrote:

Marcelo Ricardo Leitner wrote:

On 08-10-2014 14:36, Les Mikesell wrote:

On Wed, Oct 8, 2014 at 12:22 PM, Robert Arkiletian rob...@gmail.com
wrote:

Just a heads up to those who haven't seen this yet. The main author of
systemd publicly wrote about being basically persecuted.

https://plus.google.com/u/0/+LennartPoetteringTheOneAndOnly/posts/J2TZrTvu7vd

But oddly, he didn't even mention that there would be a real simple
solution - just add backwards-compatible improvements instead of
actively wrecking the interfaces everyone else had depended on for
decades.

decades. That, by itself, already calls for an update, no?

Why? Do you ride a bicycle differently, or drive differently, than you did
say, 20 years ago? You went out and bought a recumbent, or an electric
car?

Airbags, ABS, Traction Control, ACE compatibility, stronger survival
space, better fuel economy, more comfortable...

But the basic operation staid the same - brake on left, gas on the right, gear 
shift lever, steering wheel, etc, etc.


There was much wailing a gnashing of teeth from purists when these
things came in. But it's not really driving! some would say. It lets
people be lazy! others would say. Many of those people still drive old
cars, such is their choice.

Today, overall, the roads are much safer. Change is good.




--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd Adding Its Own Console To Linux Systems

[Steve Clark]

On 10/08/2014 03:00 PM, John R Pierce wrote:

On 10/8/2014 11:29 AM, Les Mikesell wrote:

On Wed, Oct 8, 2014 at 1:22 PM, Digimerli...@alteeve.ca  wrote:

Airbags, ABS, Traction Control, ACE compatibility, stronger survival space,
better fuel economy, more comfortable...

I think I've forgotten what user interfaces these break.  Did they
take away the steering wheel to add them?

they took away the clutch pedal.

anyways, cars are not a good analogy to computers over the same time
scale, unless you want to go back to the days of the model T, where the
3 pedals operated clutch bands on a planetary transmission, and the
throttle and ignition timing were levers on the steering wheel, and the
brakes were a hand lever.

computers have evolved far faster than automobiles over the last 40
years that I've been in this industry.   maybe I should start whining
about lower case, and these damn interactive guis, after all hollerith
punchcards and batch processing was good enough in the 1970s!   Why, we
could get amazing stuff done with 8K words of core, and a 1000K word
hard disk.

Yes, wasn't it amazing how much could get done with so little resources. We ran 
our whole
college administration on an IBM-1130 with 8K of core and a 2.5mega byte 
removable drive.






--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openswan and klips ipsec stack

[Steve Clark]

On 10/06/2014 02:00 PM, Eero Volotinen wrote:

Hi List,

Is there easy way to get klips ipsec stack into centos 6? As it makes
firewalling ipsec traffic much easier..

Eero

Hi Eero,

If you are only concerned about firewalling incoming traffic why would you need 
more than:
-A INPUT -p udp -s peerip/32 --sport 500 -d yourip/32 --dport 500 -j ACCEPT
-A INPUT -p esp -s peerip/32 -d yourip/32 -j ACCEPT

--
Stephen Clark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openswan and klips ipsec stack

[Steve Clark]

On 10/06/2014 03:08 PM, Eero Volotinen wrote:

2014-10-06 22:02 GMT+03:00 Steve Clark scl...@netwolves.com:


On 10/06/2014 02:00 PM, Eero Volotinen wrote:


Hi List,

Is there easy way to get klips ipsec stack into centos 6? As it makes
firewalling ipsec traffic much easier..

Eero


Hi Eero,

If you are only concerned about firewalling incoming traffic why would you
need more than:
-A INPUT -p udp -s peerip/32 --sport 500 -d yourip/32 --dport 500 -j ACCEPT
-A INPUT -p esp -s peerip/32 -d yourip/32 -j ACCEPT



Also need to filter outgoing ipsec traffic and it's a bit complex on netkey
stack?

--

Hi Eero,

We are using ipsec-tools which is based on netkey. I am not sure I see the 
issue. Why wouldn't the
above rules work with those below:

-A OUTPUT -o ethx -p udp -s yourip/32 --sport 500 -d peerip/32 --dport 500 -j 
ACCEPT
-A OUTPUT -o ethx -p esp -s yourip/32 -d peerip/32 -j ACCEPT

If you only want the rules against a certain interface.



--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Critical update for bash released today.

[Steve Clark]

On 09/24/2014 12:11 PM, Johnny Hughes wrote:

On 09/24/2014 10:26 AM, Jim Perrin wrote:

You should 'yum update' as soon as possible to resolve this issue.


Here's why you should care:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/


Links to the centos updates:

CentOS-5:
http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html

CentOS-6:
http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html

CentOS-7:
http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html





For informational purposes:

https://access.redhat.com/articles/1200223


FYI: Update: 2014-09-25 03:10 UTC
This article has been updated today 9/25/14 - saying the original patch is not 
complete.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Critical update for bash released today.

[Steve Clark]

On 09/24/2014 12:11 PM, Johnny Hughes wrote:

On 09/24/2014 10:26 AM, Jim Perrin wrote:

You should 'yum update' as soon as possible to resolve this issue.


Here's why you should care:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/


Links to the centos updates:

CentOS-5:
http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html

CentOS-6:
http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html

CentOS-7:
http://lists.centos.org/pipermail/centos-announce/2014-September/020583.html





For informational purposes:

https://access.redhat.com/articles/1200223


FYI: Update: 2014-09-25 03:10 UTC
This article has been updated today 9/25/14 - saying the original patch is not 
complete.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NetworkManager

[Steve Clark]

On 08/22/2014 07:42 PM, Digimer wrote:
 On 22/08/14 07:07 PM, Les Mikesell wrote:
 On Fri, Aug 22, 2014 at 5:46 PM, Digimer li...@alteeve.ca wrote:
 To continue your analogy, should car companies have stopped changing
 after the 20s? I mean, the cars then got you were you needed to go, right?
 The point is to abstract an interface so you can make changes behind
 it without breaking the things already built around it.  You can
 always add things without breaking anything that already worked for
 your community of users.  If you didn't care about that yourself,
 you'd be recompiling a  gentoo weekly instead of being here.
 To echo John, this is a major release. It's where, when needed, things
 can change and break backwards compatibility. If a change like this
 happened as a y-stream release, sure, I'll grab my pitch fork along with
 you.

 It's not realistic to expect backwards compatibility to last forever.
 The sysv init stuff had a good long run, but it was time to change. Now,
 you're welcome to disagree with me (and the archives are littered
 already with this argument), but in the end, it changed. A major version
 was the right place to do it, and now it is done.

 So this brings me back to my original point... Unless you plan to wage a
 war against things like Network Manager, systemd or what have you in the
 faint home of reverting in the next major release, you don't have a lot
 of viable long term options.

 Learn the new ways or fade from relevance.

 I say this without passing judgment on the merits of the new or old
 ways, simply as a fact of life. Even if you did hold out hope for, say,
 RHEL 8 to return to the old ways, you will have a hard time avoiding
 EL7. It will almost certainly be adopted wide-scale and that will
 provide inertia.

NetworkManager is the window's world way of doing things for people that don't 
really understand
what is going on. I see no use for it immediately disable it. But it pains me 
to have to take the time.

-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 - Firewall always allows outgoing packets?

[Steve Clark]

On 08/08/2014 05:55 PM, Neil Aggarwal wrote:
 Hello all:

 I am looking at the documentation of the new firewalld service in CentOS 7.
 It looks like no matter what I configure with it, outgoing connections are
 still going to be allowed.  That does not seem very secure.

 I always set my servers to default policy of DROP for everything incoming
 and outgoing and then add rules to allow very specific traffic through.

 Is this possible using the new firewalld service or should I disable it and
 go back to using iptables?

 Thanks,
Neil

 --
 Neil Aggarwal, (972) 834-1565
 We lend money to investors to buy or refinance single family rent houses.
 No origination fees, quick approval, no credit check.

In my way of thinking I am always wary of being taken care of, especially 
when it comes to
internet security!

I like your philosophy of deny everything and selectively allow what YOU want.

My $.02

-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] el7: Thunderbird?

[Steve Clark]

On 07/19/2014 10:02 AM, Ned Slider wrote:
 On 19/07/14 13:25, Chris Pemberton wrote:
 On 07/18/2014 02:19 PM, Ned Slider wrote:
 I note EPEL has a thunderbird package but it seems very out of date at
 version 24.5.0. Version 24.6.0 was released 10 June, nearly 6 weeks ago,
 and fixed 3 critical security issues. Is this normal for EPEL to be so
 far behind on security updates?

 So what is everyone else using?
 I'm using the EPEL package for my personal laptop.  The odds of me
 getting bit by a 6 week old exploit are probably almost non-existent.
 The odds of me forgetting to keep a custom install of thunderbird
 updated outside of yum is very high.

 Yes, the power of a centralized packaging system where everything can be
 updated in one hit can not be understated.

 Firefox and Thunderbird do have a built in updating mechanism and are
 supposed to update themselves (this is disabled in packaged versions).
 I've no idea how well it currently works - I'll let you know when the
 next update comes out.
I am using the tarball for firefox and it notifies me when an update is 
available and
ask if I want to install it. If I say yes it downloads it untars it and starts 
it up. So far
it has worked great. I assume it is the same for thunderbird.

 I'm far from any kind of security expert, but here are two things I do
 to keep my browser/email client safe:

 1.  I only use gmail - as Google likes to scrub all of my data clean
 before they steal it

 2.  I install a custom hosts file ( http://someonewhocares.org/hosts/
 ).  This protects all applications in one swoop, not just the browser.

 Yes, great advice. There's another popular variant here:

 http://winhelp2002.mvps.org/hosts.htm

 I don't use any adblock browser/email plugins because I've never
 investigated where the list of re-directs are stored on the machine.
 Perhaps they are harmless... but it would be easy to place a few
 re-directs in there and get millions of machines to do bad things real fast.

 ~ Chris
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

[Steve Clark]

On 07/12/2014 11:08 AM, Lamar Owen wrote:
 [I wasn't going to reply; but after thinking about it for quite a while,
 there are a few points here that deserve just a bit of level-headed
 attention.]

 On 07/11/2014 10:53 AM, David G. Miller wrote:
 Les Mikesell lesmikesell@... writes:

 Or, if you want things to respawn, the original init handled that
 very nicely via inittab.
 Replying to Les' comment:  the original inittab respawn method is
 completely brain-dead, blindly respawning without any thought for what
 conditions might need to be checked, etc.

 Just pointing out one of several approaches to respawning a daemon without
 the overhead of systemd.
 Replying to David: So you'd prefer the overhead of cron plus shells plus
 a bit of arcane syntax?  When I first replied to this crontab line, I
 honestly thought you were being tongue-in-cheek.

 I have a similar sort of kluge in place, on a CentOS 6 system at a
 client, that uses the autossh package to hold open ssh reverse tunnels;
 reverse tunnels are great when the client's machine is behind a
 known-to-change-frequently dynamic address.
 I went with this approach since the problem is not
 with radvd or its init script but with my IPv6 tunnel provider.
 Sounds like something that systemd's concept of process dependencies
 could solve for you with an easier (and non-executable) syntax. Systemd
 provides an 'OnFailure' directive that allows you to do whatever you'd
 like upon failure of an particular 'unit.'  That sort of mechanism might
 allow you to implement the process equivalent of Cisco IOS' IP SLA's.
 (You could mount /etc (and /var) noexec and have /usr and friends
 mounted read-only, even.)

 I wanted
 something that didn't require modifying any of the installed bits.
 This is why sysadmin configs for systemd are in /etc and the OS-supplied
 configs are in /usr.  Your /etc 'units' to systemd will override the OS
 installed ones, and are all collected together in one well-defined and
 standard place.

 This
 approach also means that updates to radvd and friends don't overwrite my
 modifications.
 This is why sysadmin configs for systemd are in /etc and the OS-supplied
 configs are in /usr.  Your /etc 'units' for systemd will not be touched
 by the updates to the OS-supplied ones.


 Just playing with the IPv6 stuff so having it down for up
 to five minutes also isn't a problem.  The source of the problem goes away
 when my ISP provides IPv6 and I don't need to tunnel IPv6 in IPv4 anymore.
 If you can figure out IPv6 then systemd should be no sweat.

 I look at systemd as being yet another nuclear fly swatter.  Overkill for
 simple problems that can and should be be addressed at the problem without a
 sweeping, system level change.
 I have done all of the various init styles at various times, so I make
 this statement having 27 years of experience dealing with Unix-like
 systems (I won't bore anyone with the list): in my quick perusal of
 systemd and its documentation, I'm cautiously optimistic that maybe
 finally we have something that a sysadmin can really make sing.  Time
 will tell, of course, whether systemd actually addresses the core
 problems or not; we've already had one round of an init replacement,
 Upstart, that didn't succeed in fully addressing the core problems (but
 will be with us until 2020 as part of EL6).  And I always reserve the
 right to be wrong.

 But traditional SystemV init last appears in EL5, which, while it is
 still supported until 2017, is two major versions old at this point. And
 in case you missed the announcement from Red Hat, EL5.11 is the last
 minor version update of EL5, with subsequent updates being released as
 they come and not batched into point releases.  (I now know my last
 targeted version for IA64 rebuilding, which is good.as long as I can
 put in some automation to grab updates from then on).

Hi Lamar,

Having been working with UNIX like systems since 1985
my biggest complaint with systemd is it so intrusive, it wants to be everything 
which makes
it vulnerable to bugs and exploits - umm.. like Windoze!

My $.02

-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos