[CentOS-announce] CESA-2007:0848 Important CentOS 3 i386 openoffice.org - security update
CentOS Errata and Security Advisory CESA-2007:0848 openoffice.org security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2007-0848.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/openoffice.org-1.1.2-40.2.0.EL3.i386.rpm updates/i386/RPMS/openoffice.org-i18n-1.1.2-40.2.0.EL3.i386.rpm updates/i386/RPMS/openoffice.org-libs-1.1.2-40.2.0.EL3.i386.rpm source: updates/SRPMS/openoffice.org-1.1.2-40.2.0.EL3.src.rpm You may update your CentOS-3 i386 installations by running the command: yum update openoffice.org\* Tru -- Tru Huynh (CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpreBGLA6Xj2.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2007:0848 Important CentOS 3 x86_64 openoffice.org - security update
CentOS Errata and Security Advisory CESA-2007:0848 openoffice.org security update for CentOS 3 x86_64: https://rhn.redhat.com/errata/RHSA-2007-0848.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/openoffice.org-1.1.2-40.2.0.EL3.i386.rpm updates/x86_64/RPMS/openoffice.org-i18n-1.1.2-40.2.0.EL3.i386.rpm updates/x86_64/RPMS/openoffice.org-libs-1.1.2-40.2.0.EL3.i386.rpm source: updates/SRPMS/openoffice.org-1.1.2-40.2.0.EL3.src.rpm You may update your CentOS-3 x86_64 installations by running the command: yum update openoffice.org\* Tru -- Tru Huynh (CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpHvbyiJOeAl.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS] openoffice 2.3 on centos 4.5
On Mon, 17 Sep 2007 21:30:53 -0500 [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have it running on a fully updated CentOS 4 machine and it seems to be okay. I've only used the writer portion for a few documents though. I've been fairly absent from that laptop today. Where did you get it? Is this an rpm? Built from source?... -- Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] 3Ware 9550SX and latency/system responsiveness
Feizhou wrote: Is there any way to tell the card to forget about not having a BBU and behave as if it did? Short of modifying the code...I do not know of any. Well, I've now got BBUs on order for the three identical machines to see if that does anything to improve matters - I'll report back when I've fitted them. A glance through the 2.26.05.007 driver code shows no references to the BBU, so the different code paths (with BBU and without) must be in the firmware itself. If your card is on a PCI riser try running it plugged directly in the slot (if you can) and see if that helps. He said his card is directly plugged in. Doh, problem with the long threads, one forgets everything that was mentioned earlier unless they re-read the whole thread again. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Ware 9550SX and latency/system responsiveness
Is there any way to tell the card to forget about not having a BBU and behave as if it did? Short of modifying the code...I do not know of any. Well, I've now got BBUs on order for the three identical machines to see if that does anything to improve matters - I'll report back when I've fitted them. A glance through the 2.26.05.007 driver code shows no references to the BBU, so the different code paths (with BBU and without) must be in the firmware itself. If your card is on a PCI riser try running it plugged directly in the slot (if you can) and see if that helps. He said his card is directly plugged in. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: yum kernel update problem
Chuck Campbell wrote: I ran the yum update, which updated the kernel along with other things. When it ran, it removed my install kernel (2.6.18-8.el5xen). I now have 2.6.18-8.1.8.el5xen and 2.6.18-8.1.10.el5xen. The 2.6.18-8.1.8.el5xen kernel still works fine, but the 2.6.18-8.1.10.el5xen kernel does NOT see my raid devices. I noticed this issue as well, let me look and workout exactly why that happened. More info on this shortly, but on bugs.centos.org I have a couple of questions: Why did it remove my perfectly functioning install kernel? How can I stop it from doing this? This is behaviuor in yum. Fixed in next yum release, which is due out in a few days. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] program to monitor USB keys
I wrote a small program to monitor keyboards found on /dev/input/event* It works great but I always get EAGAIN from my read() function. google says this is normal when open() is used and O_NONBLOCK mode. I know this is slightly offtopic but I was wondering if the centos gurus that also program know anything about this. My goal was to not be eating CPU cycles with a small program that just monitors key presses. With EAGAIN always coming in the process though small keeps waking up. Or perhaps there is another way to do this that I am not aware of. Thanks for any tips. Jerry #include stdio.h #include errno.h #include fcntl.h #include signal.h #include unistd.h #include string.h #include stdlib.h #include sys/stat.h #include linux/input.h #include smsignal.h struct _msgnet_keycode { int keycode_value; char *keycode_str; int send_to_server; // .X will also send to server example: .4 says function 4 }; struct _msgnet_keycode msgnet_keycode[] = { {96, KP_ENTER, 1}, // Keypad Enter Enter MUST be the first entry {28, KP_ENTER, 1}, // Keypad Enter USB {14, KP_BackSpace, 1}, // Keypad BS {55, KP_Multiply, 1}, // Keypad * {98, KP_Divide, 1}, // Keypad / {78, KP_Plus, 1}, // Keypad + {74, KP_Minus, 1}, // Keypad - {83, KP_Period, 0}, // Keypad . {73, KP_9, 0}, // Keypad 9 {72, KP_8, 0}, // Keypad 8 {71, KP_7, 0}, // Keypad 7 {77, KP_6, 0}, // Keypad 6 {76, KP_5, 0}, // Keypad 5 {75, KP_4, 0}, // Keypad 4 {81, KP_3, 0}, // Keypad 3 {80, KP_2, 0}, // Keypad 2 {79, KP_1, 0}, // Keypad 1 {82, KP_0, 0}, // Keypad 0 {0, NULL} }; static int key_debug = 0; static int key_timeout = 0; /* incomplete command found so add KP_Enter and submit key presses */ static char keypad_buffer[200] = ; #define FALSE (0) #define TRUE(1) / ** int main(int argc, char *argv[]) ** / int main(int argc, char *argv[]) { int i; int fd; int bytes_read; int keycode; int done = FALSE; int any_keyboards; char *ptr; char *ptr_comma; #define MAX_KEY_WATCH (10) int fd[MAX_KEY_WATCH]; char input_name[200]; while(1) { done = FALSE; any_keyboards = FALSE; /* open all /dev/input/event devices */ for(i = 0; i MAX_KEY_WATCH; i++) { sprintf(input_name, /dev/input/event%d, i); fd[i] = open(input_name, O_RDONLY | O_NONBLOCK); if(fd[i] = 0) { ioctl(fd[i], EVIOCGNAME (sizeof (input_name)), input_name); if(strstr(input_name, Keyboard) || strstr(input_name, 1241:1203)) // Belkin keyboard { printf(Reading from (%d) %s\n, i, input_name); any_keyboards = TRUE; } else { close(fd[i]); fd[i] = -1; } } } if(any_keyboards == FALSE) { /* no keyboards found so sleep and try again */ sleep(10); } while(any_keyboards done == FALSE) { int bytes_read; struct input_event event_keys[64]; for(i = 0; i MAX_KEY_WATCH; i++) { if(fd[i] = 0) { bytes_read = read(fd[i], event_keys, sizeof(event_keys)); if(bytes_read 0) { /* there is a down event */ /* there is a UP event */ /* there is a
[CentOS] dual boot w/WinXP
Hi folks, I've been asked advice in an area that I'm not well versed and am hoping for some help. Having read a recent thread where booting to anaconda's kickstart wiped a partition table unexpectedly (to the user...it did what it was configured to do), I'm following the 'measure twice, cut once' rule and asking if this is possible and if so, what is best practice: I have a working WinXP SP2 workstation with an unused partition on the primary HDD. I'd like for the unused area to be used for dual booting CentOS5 but am not sure what needs to be done (if anything) to the config file for kickstart prior to booting with CD1 in the drive. Any suggestions or pointers to docs I may have missed are greatly appreciated. Best regards, ~Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Postfix Questions
I've been running sendmail since the beginning of my online time. 1. Did I see that postfix can run sendmail milters? 2. If so, did I read that postfix can run these separately for inbound vs. outbound? 3. Can it run like a rbl blacklist on inbound and not outbound? 4. If the above is true, does this require separate configurations of postfix or is it already set to allow this out of the box? My reasoning... I've added a few milters which has drastically cut spam due to the extra time spent at the smtp level. For instance, running spamassassin takes a couple or few seconds. This bit of delay does in fact seem to stop many of the slamming spambots sort of like the design of milter-greylist. Except, I don't have to send a temp fail. So, this is a good thing. The negative is it also takes longer for my users to send mail as it is processed the same way during outgoing. Also, we run the SpamHaus blacklist. This works pretty good for inbound, but from time to time one of our hosting clients winds up on the blocklist because they are on a dynamic IP and someone else has recently used it for spamming. One could argue that my client should then go remove their IP from the blacklist to better insure their email actually makes it through any other level of spam filtering on other ISPs. But, that's a rosey concept! So, I would prefer to do it at the smtp level inbound so I can actually reject that mail while not having the embarrassing blocking going on with our users. Yes, this might sound like a double standard, but we do not provide connection service so only very rarely (never so far) does any virus actually send spam through our systems from client applications and I do actually monitor email all the time and stop any spamming immediately. Thanks for any input. John Hinton who still keeps eyeballing postfix but is so comfortable with sendmail ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] cups 1.3 on Centos5?
Hello, Does anyone have cups v1.3.1 running on Centos5? If so, i'd like to roll my own srpm and install it. I'm currently running 1.2.x and want to update to 1.3.1 as it has a bug fix that i need. Any help appreciated. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] program to monitor USB keys
On Tue, Sep 18, 2007 at 01:41:32PM -0400, Jerry Geis alleged: I wrote a small program to monitor keyboards found on /dev/input/event* It works great but I always get EAGAIN from my read() function. google says this is normal when open() is used and O_NONBLOCK mode. Correct. EAGAIN is how you distinguish between a real error, and a normal nonblocking return. I know this is slightly offtopic but I was wondering if the centos gurus that also program know anything about this. My goal was to not be eating CPU cycles with a small program that just monitors key presses. With EAGAIN always coming in the process though small keeps waking up. Or perhaps there is another way to do this that I am not aware of. Typically, one opens the file or files and passes the file descriptors to select(2) or poll(2) to determine when they are ready for reading or writing. select(2) and poll(2) can do a neat idle for you. pgp1Z396MgGV2.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: dual boot w/WinXP
Ray Leventhal spake the following on 9/18/2007 11:42 AM: Hi folks, I've been asked advice in an area that I'm not well versed and am hoping for some help. Having read a recent thread where booting to anaconda's kickstart wiped a partition table unexpectedly (to the user...it did what it was configured to do), I'm following the 'measure twice, cut once' rule and asking if this is possible and if so, what is best practice: I have a working WinXP SP2 workstation with an unused partition on the primary HDD. I'd like for the unused area to be used for dual booting CentOS5 but am not sure what needs to be done (if anything) to the config file for kickstart prior to booting with CD1 in the drive. Any suggestions or pointers to docs I may have missed are greatly appreciated. Best regards, ~Ray I wouldn't bother setting up a kickstart file for a one off install. A kickstart install is usually for repetitive many systems alike installs, like a corporate desktop setup with many workstations, or a cluster of servers. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Postfix Questions
John Hinton spake the following on 9/18/2007 12:00 PM: I've been running sendmail since the beginning of my online time. 1. Did I see that postfix can run sendmail milters? 2. If so, did I read that postfix can run these separately for inbound vs. outbound? 3. Can it run like a rbl blacklist on inbound and not outbound? 4. If the above is true, does this require separate configurations of postfix or is it already set to allow this out of the box? My reasoning... I've added a few milters which has drastically cut spam due to the extra time spent at the smtp level. For instance, running spamassassin takes a couple or few seconds. This bit of delay does in fact seem to stop many of the slamming spambots sort of like the design of milter-greylist. Except, I don't have to send a temp fail. So, this is a good thing. The negative is it also takes longer for my users to send mail as it is processed the same way during outgoing. You should be able to exempt your outgoing mail from the milters. Also, we run the SpamHaus blacklist. This works pretty good for inbound, but from time to time one of our hosting clients winds up on the blocklist because they are on a dynamic IP and someone else has recently used it for spamming. If your client is on a dynamic IP, then since you are hosting them that would put you on dynamic IP's. So if you are hosting them, and they are on dynamic IP, you are responsible if they end up on a blacklist, since you have ultimate control of the IP space you host. One could argue that my client should then go remove their IP from the blacklist to better insure their email actually makes it through any other level of spam filtering on other ISPs. But, that's a rosey concept! So, I would prefer to do it at the smtp level inbound so I can actually reject that mail while not having the embarrassing blocking going on with our users. Yes, this might sound like a double standard, but we do not provide connection service so only very rarely (never so far) does any virus actually send spam through our systems from client applications and I do actually monitor email all the time and stop any spamming immediately. Thanks for any input. John Hinton who still keeps eyeballing postfix but is so comfortable with sendmail -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: dual boot w/WinXP
snip I have a working WinXP SP2 workstation with an unused partition on the primary HDD. I'd like for the unused area to be used for dual booting CentOS5 but am not sure what needs to be done (if anything) to the config file for kickstart prior to booting with CD1 in the drive. Any suggestions or pointers to docs I may have missed are greatly appreciated. Best regards, ~Ray I wouldn't bother setting up a kickstart file for a one off install. A kickstart install is usually for repetitive many systems alike installs, like a corporate desktop setup with many workstations, or a cluster of servers. Hi Scott, Thanks.. I'm forever getting terminology wrong :) So, am I to understand that booting on a WinXP system from CentOS5 CD will not damage the existing partition table? What I'd like is to install CentOS on that errant partition, then add the bootloader to the MBR. Thanks, ~Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: cups 1.3 on Centos5?
Dave spake the following on 9/18/2007 12:06 PM: Hello, Does anyone have cups v1.3.1 running on Centos5? If so, i'd like to roll my own srpm and install it. I'm currently running 1.2.x and want to update to 1.3.1 as it has a bug fix that i need. Any help appreciated. Thanks. Dave. Fedora 7 only has Cups 1.12.10. It's going to have to be a roll your own. You might get lucky by starting with the Fedora 7 source rpm and grafting in the 1.3.1 source. Build and test (and pray). -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] i cant find centos 4.4
On Tue, 2007-09-18 at 16:29 -0400, Blackburn, Marvin wrote: Cant find this version. Can some point me in the right direction. I suppose that the valid reason you'll invoke is 'i have a driver disk built for rhel4u4 and then i really need CentOS 4.4' ... Ok, here it is : http://vault.centos.org But don't forget that on the first `yum update` you'll automatically jump to 4.5 ... -- Fabian Arrotin [EMAIL PROTECTED] Solution ? echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq' | dc signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] i cant find centos 4.4
Thanks! BUt the real reason is that the developer wants the environment to be as close as possible to the rhel 4.4. Thanks for the heads up on the yum. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fabian Arrotin Sent: Tuesday, September 18, 2007 4:40 PM To: CentOS mailing list Subject: Re: [CentOS] i cant find centos 4.4 On Tue, 2007-09-18 at 16:29 -0400, Blackburn, Marvin wrote: Cant find this version. Can some point me in the right direction. I suppose that the valid reason you'll invoke is 'i have a driver disk built for rhel4u4 and then i really need CentOS 4.4' ... Ok, here it is : http://vault.centos.org But don't forget that on the first `yum update` you'll automatically jump to 4.5 ... -- Fabian Arrotin [EMAIL PROTECTED] Solution ? echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq' | dc smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] i cant find centos 4.4
Blackburn, Marvin wrote: Thanks! BUt the real reason is that the developer wants the environment to be as close as possible to the rhel 4.4. Thanks for the heads up on the yum. as soon as said RHEL 4.4 system does an `up2date -u`, it will be 4.5+ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] i cant find centos 4.4
On 9/18/07, Blackburn, Marvin [EMAIL PROTECTED] wrote: Thanks! BUt the real reason is that the developer wants the environment to be as close as possible to the rhel 4.4. You might remind your developer about security updates. RHEL 4.4 is no longer supported by RH as update 5 is current. It's RHEL 4, plus updates all updates to this point. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cups 1.3 on Centos5?
On 9/18/07, Dave [EMAIL PROTECTED] wrote: Hello, Does anyone have cups v1.3.1 running on Centos5? If so, i'd like to roll my own srpm and install it. I'm currently running 1.2.x and want to update to 1.3.1 as it has a bug fix that i need. Any help appreciated. Thanks. Dave. Have you filed this bug anywhere with either CentOS or RHEL? -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] i cant find centos 4.4
You have a very valid point about security. It's a constant battle. However, RH still does support all versions of 4. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Perrin Sent: Tuesday, September 18, 2007 4:52 PM To: CentOS mailing list Subject: Re: [CentOS] i cant find centos 4.4 On 9/18/07, Blackburn, Marvin [EMAIL PROTECTED] wrote: Thanks! BUt the real reason is that the developer wants the environment to be as close as possible to the rhel 4.4. You might remind your developer about security updates. RHEL 4.4 is no longer supported by RH as update 5 is current. It's RHEL 4, plus updates all updates to this point. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Application icons don't appear in taskbar at bottom of display - they disappear out of bottom right corner!
Running CentOS 4.4 and something drastic appears to have happened with my display setup - application icons no longer appear in taskbar at bottom of display (when minimized) but disappear off bottom right-hand corner. So it's difficult to multi-task because I have to keep re- opening applications - can anybody suggest what I need to reconfigure please because I can't find any obvious display setting which will cure this problem - thanks. Andy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] i cant find centos 4.4
On Tue, 2007-09-18 at 16:58 -0400, Blackburn, Marvin wrote: You have a very valid point about security. It's a constant battle. However, RH still does support all versions of 4. snip You might remind your developer about security updates. RHEL 4.4 is no longer supported by RH as update 5 is current. It's RHEL 4, plus updates all updates to this point. As noted by Jim , RH still support version 4, but with updates applied to u5 so 4.5 ... -- Fabian Arrotin [EMAIL PROTECTED] Solution ? echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq' | dc signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: i cant find centos 4.4
Blackburn, Marvin spake the following on 9/18/2007 1:58 PM: You have a very valid point about security. It's a constant battle. However, RH still does support all versions of 4. There is no all versions of 4. There is just 4. The rest is just the point in time at which they spin the updates into new CD images. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] i cant find centos 4.4
On Tue, Sep 18, 2007 at 04:46:11PM -0400, Blackburn, Marvin wrote: BUt the real reason is that the developer wants the environment to be as close as possible to the rhel 4.4. If possible, that developer needs to be stopped. Although RHEL 5 is apparently going to work that way, there is no such thing as RHEL 4.4 -- only RHEL 4 update 4, which is *supplanted* by update 5. -- Matthew Miller [EMAIL PROTECTED] http://mattdm.org/ Boston University Linux -- http://linux.bu.edu/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] filtering ssh regardless of the port
Not going to happen for telnet -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Sr. Consultant10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bazy Sent: Tuesday, September 18, 2007 16:23 To: CentOS mailing list Subject: [CentOS] filtering ssh regardless of the port -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello gentlemen and lady's, I am trying to filter ssh traffic regardless of the port the connection is opened on. I want to do the same for rlogin and telnet. I know it would be easier to use a proxy server and only allow users to access the web... but it's more complicated... they also need other ports open... and they use public IP addresses. Is there any way that I can do it with iptables without having to patch the kernel and iptables with l7-filter.sourceforge.net? Thank you for your time. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8DOe7nEMcIvWOSIRAuQNAJ9+0iQZf0GFEioN/6vRuCHxz7+6TACgharb j9rK16LXwIudeBj/oryLXNI= =650a -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] filtering ssh regardless of the port
Bazy wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello gentlemen and lady's, I am trying to filter ssh traffic regardless of the port the connection is opened on. I want to do the same for rlogin and telnet. I know it would be easier to use a proxy server and only allow users to access the web... but it's more complicated... they also need other ports open... and they use public IP addresses. Is there any way that I can do it with iptables without having to patch the kernel and iptables with l7-filter.sourceforge.net? Thank you for your time. What you are looking for is a way to filter by protocol signature and I do not think that functionality is in netfilter yet. Best bet is to just allow the connections to well knows ports or if it needs to run over another port define that explicitly. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Server Virtualization
I work for a school in a New Zealand university and we are wanting to implement Server Virtualization for both CentOS and Windows systems. Keep in mind virtualization software is moving pretty quickly. 8 months ago Xen didn't migrate fully virtual hosts, now it does. In 5 years the rediculous pricing structure for Virtualization technology will be gone and virtulization will be a commodity where all you pay for are accelorating drivers and managment tools. If you check the virtualization page on wikipedia http://en.wikipedia.org/wiki/Virtualization#Virtualization_examples you'll see a bunch of the questions you should ask to figure out your reasons for going virtual. Try to rank the features you know will help you frequently, and the stuff that's just WOW! Moving a running server is so cool!. Try to avoid cool stuff for cool stuffs sake. Live host migrations are great if you have dynamic workloads or for the occasion you need to take a physical machine down for firmware/hardware updates during buisness hours, but think of how often you are going to use it and what impact downtimes might have. From my own research it seems that VMWare or Xen are really the two major products to be considered, are there any others I should be considering ? Take a peak at KVM (http://kvm.qumranet.com/kvmwiki/Guest_Support_Status). Might not be ready for primetime, but it is pretty favored by the kernel maintainers for simplicty and cleanliness so it's likely to end up going further than Xen. Do you really think the hypervisors and managment software isn't going to endup in hardware? If it's Enterprise Level Support and performance you pretty much have to go with VMware. Realistically, for most companies and workloads way to many things are tagged as Requiring Enterprise Class, and you can get away with Xen and KVM. The free VMWare Server (aka GSX) is a completely different beast from VMWare ESX, performs pretty terribly, and is almost worthless for production servers. ESX is amazing, and I'd recommend it if you have the money, but I it's like 3K every 2 sockets and needs a san to be very useful. You can quickly rack up 50 grand in hardware and licensing just to get off the ground. If I had the time, I'd like to try using Xen with an OpenSolaris ZFS iSCSI target as shared storage, but alas I do not have that time. Is anyone running Linux Guest O/S's inside a Windows host ?? And if so can you share your reasons for this? I've done for people I work with because cygwin is too much of a moving target, or to test that their code compiles and works on both platforms. I also sniffed alot of glue when I was younger. Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Segmentation fault YUM
umair shakil wrote: Well, what should be the solution of this problem when i faced the problem reinstall the application, but havenot find the exact solution??? firstly, I am going to ignore all your emails from here on that are top posted. secondly, file a bugreport with a reproducer case at http://bugs.centos.org/ and we can look see. I personally have no such issue on any of my machines. -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] reading vmcore files
I have several RHEL AS 4 systems, and when we get a vmcore, I would like to view them in my centos box.. How can I do that? Is that even possible? Thanks! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix Questions
John Hinton wrote: I've been running sendmail since the beginning of my online time. 1. Did I see that postfix can run sendmail milters? Yes but different version with varying levels of milter support. 2. If so, did I read that postfix can run these separately for inbound vs. outbound? Yes you can apply separate rules for incoming and outgoing emails if they come from separate ips or ports. 3. Can it run like a rbl blacklist on inbound and not outbound? Yes. 4. If the above is true, does this require separate configurations of postfix or is it already set to allow this out of the box? You will need to configure postfix appropriately. My reasoning... I've added a few milters which has drastically cut spam due to the extra time spent at the smtp level. For instance, running spamassassin takes a couple or few seconds. This bit of delay does in fact seem to stop many of the slamming spambots sort of like the design of milter-greylist. Except, I don't have to send a temp fail. So, this is a good thing. The negative is it also takes longer for my users to send mail as it is processed the same way during outgoing. I do not know what level of milter support is required by your milters so you may want to check them out. The latest versions of postfix will have more complete support. Also, we run the SpamHaus blacklist. This works pretty good for inbound, but from time to time one of our hosting clients winds up on the blocklist because they are on a dynamic IP and someone else has recently used it for spamming. One could argue that my client should then go remove their IP from the blacklist to better insure their email actually makes it through any other level of spam filtering on other ISPs. But, that's a rosey concept! So, I would prefer to do it at the smtp level inbound so I can actually reject that mail while not having the embarrassing blocking going on with our users. Yes, this might sound like a double standard, but we do not provide connection service so only very rarely (never so far) does any virus actually send spam through our systems from client applications and I do actually monitor email all the time and stop any spamming immediately. Sure, just make sure they use port 587 and are only allowed to have their email relayed after authentication and disable filtering rules for port 587. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rebuilding rpmdevtools from epel5 SRC has fc7 dependent
hello, I'm suprised that an SRC.RPM from the rhel5 repo needs a file from FC7. I grabbed rpmdevtools from http://download.fedora.redhat.com/pub/epel/5/ it rebuilds fine as EL5, but when I go to install it, it requires a version of rpm-build higher than the C5 base version (4.4.2-37) - grab dependencies - $ rpm -qpR rpmdevtools-6.1-0.1.noarch.rpm ... config(rpmdevtools) = 6.1-0.1 cpio diffutils fakeroot ... perl(File::Spec) perl(File::Temp) perl(FileHandle) perl(Getopt::Long) perl(strict) redhat-rpm-config rpm-build = 4.4.2.1 rpm-python rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 rpmlib(VersionedDependencies) = 3.0.3-1 ... - end snip --- I reverted to the lower version 5.3.xxx and it works fine. -- Mark - Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rebuilding rpmdevtools from epel5 SRC has fc7 dependent
On 9/18/07, mark pryor [EMAIL PROTECTED] wrote: hello, I'm suprised that an SRC.RPM from the rhel5 repo needs a file from FC7. Did you file this as a bug with EPEL? -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] How to mount a remote file system to another linux box
Hi, I have applied traffic shaping on firewall running CentOS 4.5. eth1 is the device where I have done traffic shaping. I am now running some monitoring tools such as polltc and tc-graph.pl. They generate graphs. These graphs are updated every 10 seconds. They have been saved on the firewall it self. To view thsese graphs, I have to enable apache on firewall it self. But I do not need to run apache on firewall as I will have to open port 80. I only have opened port 22 to the WORLD. I want to go that way. I have a web server running CentOS 4.4 @ LAN. I can view those graphs via this web server , if I can mount those graphs to this web server. my firewall has 3 nics. eth2 is 192.168.101.254 connected to the LAN. my web server @ LAN is 192.168.101.35 How can I achieve this ? Hope to hear from you. -- Thank you Indunil Jayasooriya ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos