Re: [CentOS-docs] Short postgrey guide?
Ned Slider wrote: Could we add the following image: http://wiki.centos.org/HowTos/postgrey?action=AttachFiledo=gettarget=postgrey-en.png Thanks Alain - nice image and explains the concept well. Any objections to adding it from anyone? Please go ahead and add it. It looks clear enough to me. btw, I just decimated your article with loads of other info that people might find interesting. All of that came from my head, so if someone can technically proof read it once would be appreciated. - KB ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-announce] CESA-2007:1176 Important CentOS 5 i386 autofs Update
CentOS Errata and Security Advisory 2007:1176 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2007-1176.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 003005a1904e2d7b86c7e78752ae91b6 autofs-5.0.1-0.rc2.55.el5.2.i386.rpm Source: dbed45d348006960ac0976c68e01fa46 autofs-5.0.1-0.rc2.55.el5.2.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
RE: [CentOS] LIMITING NUMBER OF KERNEL VERSIONS RETAINED
Subject: [CentOS] LIMITING NUMBER OF KERNEL VERSIONS RETAINED Hi Some time ago there was a discussion on the above subject. I have scanned the past few month's mailing list archives and cannot find the relevant mail(s). Could somebody please repost the solution or point me at the correct resource. I would also appreciate advice on how to do this on a RHEL4 server being updated with up2date. Is it safe just to delete the old kernel and initrd files from the boot partition and the grub conf file? TIA ChrisG Chris I dunno answer to limit kernels retained. No, simple deletion is not a good idea. What we do is this rpm -qa | grep kernel Then we use yum to remove the ones we do not need yum remove kernel-whatever-version-etc and/or other items as necessary - rh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 35, Issue 5
Send CentOS-announce mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2007:1130-04: Moderate CentOS 2 i386 squid security update (John Newbigin) 2. CESA-2008:0028-04: Low CentOS 2 i386 tzdata enhancement update (John Newbigin) 3. CESA-2008:0003-05: Moderate CentOS 2 i386 e2fsprogs security update (John Newbigin) 4. CESA-2008:0032-03: Important CentOS 2 i386libxml2 security update (John Newbigin) 5. CEEA-2008:0001 CentOS 5 i386 fontconfig Update (Karanbir Singh) 6. CEEA-2008:0001 CentOS 5 x86_64 fontconfig Update (Karanbir Singh) 7. CESA-2008:0003 Moderate CentOS 5 i386 e2fsprogs Update (Karanbir Singh) 8. CESA-2008:0003 Moderate CentOS 5 x86_64 e2fsprogs Update (Karanbir Singh) 9. CESA-2008:0032 Important CentOS 5 x86_64 libxml2 Update (Karanbir Singh) 10. CESA-2008:0032 Important CentOS 5 i386 libxml2Update (Karanbir Singh) 11. CESA-2008:0002 Critical CentOS 5 i386 tog-pegasus Update (Karanbir Singh) 12. CESA-2008:0002 Critical CentOS 5 x86_64 tog-pegasus Update (Karanbir Singh) 13. CESA-2008:0038 Moderate CentOS 5 x86_64 postgresql Update (Karanbir Singh) 14. CESA-2008:0038 Moderate CentOS 5 i386 postgresql Update (Karanbir Singh) -- Message: 1 Date: Sun, 13 Jan 2008 13:19:55 +1100 From: John Newbigin [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2007:1130-04: Moderate CentOS 2 i386 squid security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed The following errata for CentOS-2 have been built and uploaded to the centos mirror: RHSA-2007:1130-04 Moderate: squid security update Files available: squid-2.4.STABLE7-1.21as.11.i386.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin Computer Systems Officer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin -- Message: 2 Date: Sun, 13 Jan 2008 13:21:30 +1100 From: John Newbigin [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0028-04: Low CentOS 2 i386 tzdata enhancement update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed The following errata for CentOS-2 have been built and uploaded to the centos mirror: RHEA-2008:0028-04 tzdata enhancement update Files available: tzdata-2007k-1.el2_1.noarch.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin Computer Systems Officer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin -- Message: 3 Date: Sun, 13 Jan 2008 13:23:09 +1100 From: John Newbigin [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0003-05: Moderate CentOS 2 i386 e2fsprogs security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed The following errata for CentOS-2 have been built and uploaded to the centos mirror: RHSA-2008:0003-05 Moderate: e2fsprogs security update Files available: e2fsprogs-1.26-1.73.i386.rpm e2fsprogs-devel-1.26-1.73.i386.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin Computer Systems Officer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin -- Message: 4 Date: Sun, 13 Jan 2008 13:24:38 +1100 From: John Newbigin [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0032-03: Important CentOS 2 i386 libxml2 security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed The following errata for CentOS-2 have been built and uploaded to the centos mirror:
Re: [CentOS] LIMITING NUMBER OF KERNEL VERSIONS RETAINED
Some time ago there was a discussion on the above subject. I have scanned the past few month's mailing list archives and cannot find the relevant mail(s). Could somebody please repost the solution or point me at the correct resource. What you want is: # yum instal yum-utils followed by: # package-cleanup --oldkernels [--count=x] where x defaults to 2 (i.e., keep two older kernels). Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Starting Udev
Hi just rebooted my centos server with a zaptel TDM400 card in one of the PCI slots when the card is in the machine hangs at Starting udev using either 2.6.18-53.1.4.e15 or 2.6.18-53.e15 kernels, has anyone come acroos this problem before if so how did you fix it Thanks in advance for any help Ronn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Missing autofs update for C5?
Hi, the last released autofs update for Centos 5 is version autofs-5.0.1-0.rc2.55.el5.1. On 2007-12-20 upstream released version autofs-5.0.1-0.rc2.55.el5.2. As several other updates were released in the meantime maybe the autofs update has been overlooked? Best regards, Bernd. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LIMITING NUMBER OF KERNEL VERSIONS RETAINED
Could somebody please repost the solution or point me at the correct resource. I would also appreciate advice on how to do this on a RHEL4 server being updated with up2date. Is it safe just to delete the old kernel and initrd files from the boot partition and the grub conf file? Unless you are really hurting for disk space on your boot partition, it is safe to leave the extra kernel images there. If the clutter on your grub menu bothers you, you can simply delete them from the grub.conf file so they don't show up. I generally keep 2-3 older kernel images around just in case newly installed ones won't boot for some reason. Alfred gave some good advice for keeping this neat 'n tidy with the yum-utils package-cleanup command. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LIMITING NUMBER OF KERNEL VERSIONS RETAINED
On Sunday 13 January 2008 08:14:39 Alfred von Campe wrote: Some time ago there was a discussion on the above subject. I have scanned the past few month's mailing list archives and cannot find the relevant mail(s). Could somebody please repost the solution or point me at the correct resource. What you want is: # yum instal yum-utils Of course you'll handle the typo and type yum install yum-utils (for those who are too literal for their own good : ) followed by: # package-cleanup --oldkernels [--count=x] where x defaults to 2 (i.e., keep two older kernels). Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Bobby ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Fri, 11 Jan 2008 04:05:56 -0600 Johnny Hughes [EMAIL PROTECTED] wrote: Santa Claus wrote: Hi When (some) expected rpm package for the upgrade php to version 5.2.5(CentOS4) ? Who knows? ummm ... the answer is probably never. Red Hat offers a RHWAS ... that has a php5 for EL4. The version of php in there (and in our CentOSPlus repo) is php-5.1.6 ... it might go higher than that, but I doubt it will go to 5.2.x. If it does go there in RHWAS, it will also go there in CentOSPlus, but I would not hold my breath :-D Thanks, Johnny Hughes My question would be, good god...why? There are a ton of security holes in php5. From experience one of the holes I'm painfully aware of is php-cli which installs by default with the rest of php5. Mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] PHP 5.2.5 when ?
Hi Thanks to all who responded. But I repeat the question: how to upgrade CentOS4 to PHP 5.2.5 correctly? 1. download form php.net + make ... etc. 2. or go search rpms/rpm in private repositories ? -- wbr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing autofs update for C5?
Bernd Bartmann wrote: Hi, the last released autofs update for Centos 5 is version autofs-5.0.1-0.rc2.55.el5.1. On 2007-12-20 upstream released version autofs-5.0.1-0.rc2.55.el5.2. As several other updates were released in the meantime maybe the autofs update has been overlooked? I am investigating this issue right now. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LIMITING NUMBER OF KERNEL VERSIONS RETAINED - CLOSED
Bart Schaefer wrote: On 1/13/08, Alfred von Campe [EMAIL PROTECTED] wrote: What you want is: # yum instal yum-utils followed by: # package-cleanup --oldkernels [--count=x] where x defaults to 2 (i.e., keep two older kernels). I recently discovered that if you have both the uniprocessor and SMP kernel packages installed, which I believe is the default behavior, then package-cleanup won't remove the SMP packages. I had to rpm -e those myself. Maybe there's some other reason that it missed those ... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Thanks for the quick replies everybody, I will follow Alfred's suggestion. ChrisG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing autofs update for C5?
Karanbir Singh wrote: the last released autofs update for Centos 5 is version autofs-5.0.1-0.rc2.55.el5.1. On 2007-12-20 upstream released version autofs-5.0.1-0.rc2.55.el5.2. As several other updates were released in the meantime maybe the autofs update has been overlooked? I am investigating this issue right now. I've pushed the package manually for now, as I continue to investigate why that one update was not pushed. Apologies for the delay in getting this one. Over the next couple of days, I will verify all our tracking setup to make sure this sort of a thing does not happen again. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Jan 13, 2008 1:53 PM, Santa Claus [EMAIL PROTECTED] wrote: Thanks to all who responded. But I repeat the question: how to upgrade CentOS4 to PHP 5.2.5 correctly? There is no correct method for this, there are only less wrong ways to do it. 1. download form php.net + make ... etc. No. This method is not advisable at all, because it circumvents the package management of the system. This point stands for every distro with a package manager, not just centos. 2. or go search rpms/rpm in private repositories You can go this route, however if you do, you'll have to seek some of your support from them, as well as trusting them for security updates, and proper building. I would really not recommend moving to php 5.25 at all. If you're absolutely dead set on poking the tiger with this particular pointy stick, you can get the packages from the atomic rocket turtle repository (no I am not making up that name). -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can TFTPD run in a chroot jail?
Eric B. wrote: Hi, I've been struggling with this problem for the last couple of hours and am nowhere near solving the problem. I am trying to run a tftp server in a chroot jail. Now perhaps I am being paranoid, but I would like to have it launched from within its own jail even if it supposedly does a chroot itself and runs with a parameterizable user. there is only one chroot under unix (you can't chroot from the shell then in the daemon). If a service implements chroot correctly, then it is better to use it (because it can load the necessary stuff before, so you don't need to copy a whole system to the jail). I downloaded the atftp-server package and tried to set up my own tftpd jail. I copied over the linked libs to the proper place, the /etc/passwd, /etc/groups, /etc/hosts, /etc/nsswitch.conf, /etc/resolv, /etc/services files. I even created the dev/null device and set up syslog to read from the jail/dev/log device. However, I can't seem to launch it from within the jail. It works fine when I try from the regular prompt, but when I try to launch from within the jail, I doesn't want to start: [EMAIL PROTECTED] tftpd]# /usr/sbin/chroot /chroot/tftpd/ /usr/sbin/atftpd --daemon --no-fork in /var/log/messages: Jan 12 23:09:02 apollo atftpd[17479]: atftpd: udp/tftp, unknown service So it apparently is unable to read my /chroot/tftpd/etc/services file. If I set the port number manually: [EMAIL PROTECTED] tftpd]# /usr/sbin/chroot /chroot/tftpd/ /usr/sbin/atftpd --daemon --no-fork --port 69 -user eric.eric Jan 12 23:16:05 apollo atftpd[17556]: atftpd: can't change identity to eric.eric, exiting. I know the tftpd daemon is able to read the /chroot/tftpd/etc/ directory as it is properly reading my /etc/localtime file (if i remove /etc/localtime the logged timestamp changes). Can anyone point me in the right direction as to things to try? I've tried everything I can think of, and even then some things, but just can't figure it out... Thanks! Eric ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Sun, 13 Jan 2008 at 8:03am, Mark Weaver wrote On Fri, 11 Jan 2008 04:05:56 -0600 Johnny Hughes [EMAIL PROTECTED] wrote: ummm ... the answer is probably never. Red Hat offers a RHWAS ... that has a php5 for EL4. The version of php in there (and in our CentOSPlus repo) is php-5.1.6 ... it might go higher than that, but I doubt it will go to 5.2.x. If it does go there in RHWAS, it will also go there in CentOSPlus, but I would not hold my breath :-D My question would be, good god...why? There are a ton of security holes in php5. From experience one of the holes I'm painfully aware of is php-cli which installs by default with the rest of php5. Even an exteremely brief search of the archives of this list would turn up tons of similar questions, and the same answer every time -- Red Hat backports security fixes to the stable version of packages in their Enterprise distro. That's why, e.g., for it's entire 5 year supported life, RHEL5 will be based on kernel 2.6.18. However the base kernel will be heavily patched for security, driver upgrades, and new hardware support. They treat all packages (including PHP) similarly. -- Joshua Baker-LePain QB3 Shared Cluster Sysadmin UCSF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing autofs update for C5?
On Jan 13, 2008 8:07 PM, Karanbir Singh wrote: Karanbir Singh wrote: I've pushed the package manually for now, as I continue to investigate why that one update was not pushed. Apologies for the delay in getting this one. Over the next couple of days, I will verify all our tracking setup to make sure this sort of a thing does not happen again. Thanks a lot for your hard work Karanbir! Would it be possible to get some more information about how the update creation / pushing process actually works, e.g. a lot of updates are released by upstream at the same time for RHEL4 and RHEL5, but not for Centos 4 and Centos5? Best regards, Bernd. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing autofs update for C5?
Bernd Bartmann wrote: Thanks a lot for your hard work Karanbir! Would it be possible to get some more information about how the update creation / pushing process actually works, e.g. a lot of updates are released by upstream at the same time for RHEL4 and RHEL5, but not for Centos 4 and Centos5? Upstream builds all their packages using a single system ( afaik ), and it goes through a qa process and is released at the same time. However, centos has typically had an independent buildprocess for each Arch / Release and different people have managed each process ( which is why you will find update notifications come from different people for different Arch/Release ). The reason for this has been that we never really had all the Arch capacity at one place and we work out of different timezones. So each person responsible for their targets did the work independently. Also some of the arch's like the s390 on CentOS-3 and 4 are built using emulators. Which means that updates can sometimes lag days behind i386. And it was decided at the time to not hold i386 up waiting for s390 to catchup. With CentOS-5, the entire build process is consolidated into one process, and as we add more arch's they will all come from the same process ( which is why you will notice that all centos-5 updates are pushed at the same time ). The emails announcing the update are still sent multiple times ( one for each Arch ) - since people have filters in place to only receive the update notifications they want. Starting with CentOS-4.4, it also uses the same process ( i386 and x86_64 ) as CentOS-5, but not for the other Arch's. Pasi - the maintainer for ia64 and s390 on CentOS-3 and 4 prefers not to change things at this juncture. Its my job to keep stuff ticking over in CentOS-5 land, so the fact that this autofs update was stuck, is completely my fault! Btw, there is an OpenOffice.org update that is also pending, and should be out by Monday midday UTC. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
Even an exteremely brief search of the archives of this list would turn up tons of similar questions, and the same answer every time -- Red Hat backports security fixes to the stable version of packages in their Enterprise distro. That's why, e.g., for it's entire 5 year supported life, RHEL5 will be based on kernel 2.6.18. However the base kernel will be heavily patched for security, driver upgrades, and new hardware support. They treat all packages (including PHP) similarly. Red Hat now supports RHEL for 7 years after the release of each version. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 5.1 and HP DL145 G2 SATA server configured with Raid
I have a task to set this up, but don't have access to it until I finally I am needed to do it. If anyone is familiar with this server, do you know if the motherboard based raid is software based (I can't find any real pointer at hp's site)? If so, I suppose it would be better to install CentOS and setup raid inside of Linux. Given that I have never used anything but hardware raid, what should I expect if the primary disc fails? I suppose it would only be a problem once it reboots and the motherboard bios sits and waits to boot the dead disc? Using a real raid hba isn't possible as the only two expansion slots will be full. Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Sun, 13 Jan 2008 14:25:36 -0500 (EST) Joshua Baker-LePain [EMAIL PROTECTED] wrote: On Sun, 13 Jan 2008 at 8:03am, Mark Weaver wrote On Fri, 11 Jan 2008 04:05:56 -0600 Johnny Hughes [EMAIL PROTECTED] wrote: ummm ... the answer is probably never. Red Hat offers a RHWAS ... that has a php5 for EL4. The version of php in there (and in our CentOSPlus repo) is php-5.1.6 ... it might go higher than that, but I doubt it will go to 5.2.x. If it does go there in RHWAS, it will also go there in CentOSPlus, but I would not hold my breath :-D My question would be, good god...why? There are a ton of security holes in php5. From experience one of the holes I'm painfully aware of is php-cli which installs by default with the rest of php5. Even an exteremely brief search of the archives of this list would turn up tons of similar questions, and the same answer every time -- Red Hat backports security fixes to the stable version of packages in their Enterprise distro. That's why, e.g., for it's entire 5 year supported life, RHEL5 will be based on kernel 2.6.18. However the base kernel will be heavily patched for security, driver upgrades, and new hardware support. They treat all packages (including PHP) similarly. those patches didn't do much for keeping one of my systems from being breached via php. from the looks of the web server logs as well as the messages log file that's where they got in. being the anul sort I am I first thought they'd breached the system through ssh, but that wasn't the case. Mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
Mark Weaver wrote: those patches didn't do much for keeping one of my systems from being breached via php. from the looks of the web server logs as well as the messages log file that's where they got in. I am still waiting for you to post some demonstrate-able exploit in the distro supplied php packages. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Out of disk space at 2 GB?
On Sun, 13 Jan 2008, Sean Carolan wrote: Scott Ehrlich wrote: On an ext3 filesystem, what would cause the system to claim it is out of disk space for a program writing information to disk, when df -h shows ample GB available and the file is being written to local disk rather than an nfs-mounted filesystem? Are you out of inodes?? df -i to see Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Sun, Jan 13, 2008 at 02:14:04PM -0500, Mark Weaver wrote: those patches didn't do much for keeping one of my systems from being breached via php. from the looks of the web server logs as well as the messages log file that's where they got in. being the anul sort I am I first thought they'd breached the system through ssh, but that wasn't the case. I'd be willing to bet it was an application-specific hole that was utilized to breach your system. Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Mon, 14 Jan 2008 00:15:27 + Karanbir Singh [EMAIL PROTECTED] wrote: Mark Weaver wrote: those patches didn't do much for keeping one of my systems from being breached via php. from the looks of the web server logs as well as the messages log file that's where they got in. I am still waiting for you to post some demonstrate-able exploit in the distro supplied php packages. - KB while I understand why you'd like proof of concept for the exploit it's not something I'd post on a public mailing list. Not to mention the exploit was trashed when I reloaded the system. At the time it didn't seem expedient for to save that which killed my server for posterity. Mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Sun, 13 Jan 2008 16:25:15 -0800 Ray Van Dolson [EMAIL PROTECTED] wrote: On Sun, Jan 13, 2008 at 02:14:04PM -0500, Mark Weaver wrote: those patches didn't do much for keeping one of my systems from being breached via php. from the looks of the web server logs as well as the messages log file that's where they got in. being the anul sort I am I first thought they'd breached the system through ssh, but that wasn't the case. I'd be willing to bet it was an application-specific hole that was utilized to breach your system. Ray That's always a possibility, but to my knowledge it wasn't anything I was aware of at the time, and since I do most of my app development in Perl it wasn't anything I personally wrote. The only other apps that were on the system at the time was a php web site and forum. php-cli was part of the problem; i.e. the weakness that made the exploit possible. I personally can think of no reason at all for php-cli. Mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fedora Frog (Nice to have tool to mange multiple repo)
On Sun, 13 Jan 2008 23:20:08 +0530 Count Of Dracula [EMAIL PROTECTED] wrote: Hello, While doing usual search on sf.net I came across this nice little utility Fedora Frog to mange packages from multiple repositores.Though it is written for Fedora it can be used for CentOS as well. http://sourceforge.net/projects/fedorafrog Isn't this the same thing that YumEx does? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
Mark Weaver wrote: The only other apps that were on the system at the time was a php web site and forum. --- Heh. Yep, those PHP web forums have a squeaky clean track record. *rolling eyes* ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: writing upside down :)
On Wed, 09 Jan 2008 11:01:04 +0800 Christopher Chan [EMAIL PROTECTED] wrote: ˙ʇsod snoıʌǝɹd ǝɥʇ uı ƃuıʇsod ɯoʇʇoq ɹoɟ sǝıƃolodɐ ǝɹǝɔuıs ʎɯ ʇdǝɔɔɐ ǝsɐǝld ˙ʇsod ɯoʇʇoq ʇou ʇsnɯ ǝuo 'uʍop ǝpısdn ƃuıʇsod uǝɥʍ ˙ʇɥƃıɹ ǝɹɐ noʎ what really screws with my head is that I can read this stuff upside down! Mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: writing upside down :)
On Tue, 8 Jan 2008 22:32:09 -0500 (EST) Marko A. Jennings [EMAIL PROTECTED] wrote: Please take your excitement somewhere else. This list is definitely not an appropriate venue for it. ___ nsoh... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Mon, 14 Jan 2008 02:31:28 + Karanbir Singh [EMAIL PROTECTED] wrote: Mark Weaver wrote: while I understand why you'd like proof of concept for the exploit it's not something I'd post on a public mailing list. Not to mention the exploit was trashed when I reloaded the system. At the time it didn't seem expedient for to save that which killed my server for posterity. [EMAIL PROTECTED] is where I'd expect you to post that to. Also, if you dont know what you are fixing, you dont have anything to benchmark against 5.2.5 either. As has already been pointed out in the thread, its highly likely that if the exploit was via a php app, its going to be an app specific exploit. Reloading that is going to bring that right back. Selinux normally helps prevent situations like this. - KB ah, yes... SELinux... Well, that was actually on the system at the time of the second breach. Getting the apps existing on the web server to play nicely in that environment was quite a trick, but they managed to breach a second time anyway. If I can find any remaining information from that time I'll post as you've suggested. Mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Sun, 13 Jan 2008 21:22:20 -0500 Chris Mauritz [EMAIL PROTECTED] wrote: Mark Weaver wrote: The only other apps that were on the system at the time was a php web site and forum. --- Heh. Yep, those PHP web forums have a squeaky clean track record. *rolling eyes* yeah... and the one that was possibly part of the problem is now gone. I never restored it from backup after the second breach. The perps were trying after the second reload, but since that web site wasn't restored and running on the web server they weren't able to get in. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: writing upside down :)
Mark Weaver wrote: On Wed, 09 Jan 2008 11:01:04 +0800 Christopher Chan [EMAIL PROTECTED] wrote: ˙ʇsod snoıʌǝɹd ǝɥʇ uı ƃuıʇsod ɯoʇʇoq ɹoɟ sǝıƃolodɐ ǝɹǝɔuıs ʎɯ ʇdǝɔɔɐ ǝsɐǝld ˙ʇsod ɯoʇʇoq ʇou ʇsnɯ ǝuo 'uʍop ǝpısdn ƃuıʇsod uǝɥʍ ˙ʇɥƃıɹ ǝɹɐ noʎ what really screws with my head is that I can read this stuff upside down! ROTFL. There was a report on how the brain can adapt itself in processing whatever images it gets through the eyes on slashdot. Below is a link i believe to a case of a person who wore lens that inverted images and after some time (days? weeks?) he was able to ride on a motorcycle with them... http://www.springerlink.com/index/V1N204085088K888.pdf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Starting Udev
robert boardman wrote: just rebooted my centos server with a zaptel TDM400 card in one of the PCI slots try the zaptel / asterisk lists perhaps ? - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
Mark Weaver wrote: yeah... and the one that was possibly part of the problem is now gone. I never restored it from backup after the second breach. The perps were trying after the second reload, but since that web site wasn't restored and running on the web server they weren't able to get in. now would also be a good time to plumb in remotelogging :D I recommend rsyslog! -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Jan 13, 2008 9:59 PM, Karanbir Singh [EMAIL PROTECTED] wrote: I recommend rsyslog! Well okay, now you've drawn me out! I've been playing with rsyslog recently in the hopes of creating the 'one monitoring server to rule them all' with logging, nagios, ibm director, etc. It seems the fedora/rh folks made a very good decision in making rsyslog the default logger in fedora 8, but it works equally well in centos5 as a drop in replacement for the sysklogd logger. In addition to the usual logging you get by default in centos, rsyslog also allows for log templating, regex filtering, alerts, tcp and udp delivery, logging to database (mysql, but soon postgres) and sane multi-host log handling. It's a very good competitor to syslog-ng, without any of the dual licensing bits. It'll also soon have native ssl handling for secure log transfer. It's very sexy. I second Karanbir's recommendation to take a look at rsyslog. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Can TFTPD run in a chroot jail?
I've been struggling with this problem for the last couple of hours and am nowhere near solving the problem. I am trying to run a tftp server in a chroot jail. Now perhaps I am being paranoid, but I would like to have it launched from within its own jail even if it supposedly does a chroot itself and runs with a parameterizable user. there is only one chroot under unix (you can't chroot from the shell then in the daemon). If a service implements chroot correctly, then it is better to use it (because it can load the necessary stuff before, so you don't need to copy a whole system to the jail). Thanks for the info. I looked through the code and realized that it doesn't actually chroot at all; just runs with a parameterizable user/group. After scouring a little more, I found out I needed the /lib/libnss_* libraries. In my particular case, it was the /lib/libnss_files.so.* lib that are used by NSS (Name Service Switch) to read the /etc/passwd, group and services files. Thanks! Eric ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] What libs req'd to resolve DNS within a chroot jail?
Hi, I've been working at getting a tftp server up an running in a chroot jail, and I have finally succeed getting almost everything working. The server itself works fine, however, it is implemented as a tcpwrapper application (ie: in.tftpd) and I am having trouble getting it to resolve DNS names. I copied my /etc/hosts.allow and /etc/hosts.deny in my chroot/etc folder, however, they only work properly if I provide IP addresses. If I use FQDN, they fail. For instance, in hosts.allow: in.tfptd:192.168.1.101allow works fine But the following fails in.tftptd:eric.test.comallow I'm assuming I am missing a library/libraries in my chroot jail, but am not sure which ones. I've got all the libs req'd by ldd, but I am guessing there is something else that I am missing. Any suggestions? Thanks! Eric ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
Jim Perrin wrote: without any of the dual licensing bits. It'll also soon have native ssl handling for secure log transfer. It's very sexy. I second Karanbir's recommendation to take a look at rsyslog. am in the process of bringing that into centosplus :D -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Mon, 14 Jan 2008 02:59:38 + Karanbir Singh [EMAIL PROTECTED] wrote: Mark Weaver wrote: yeah... and the one that was possibly part of the problem is now gone. I never restored it from backup after the second breach. The perps were trying after the second reload, but since that web site wasn't restored and running on the web server they weren't able to get in. now would also be a good time to plumb in remotelogging :D I recommend rsyslog! Indeed! hadn't thought of that before, but the packages have just finished downloading. :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
On Sun, 13 Jan 2008 22:19:51 -0500 Jim Perrin [EMAIL PROTECTED] wrote: On Jan 13, 2008 9:59 PM, Karanbir Singh [EMAIL PROTECTED] wrote: I recommend rsyslog! Well okay, now you've drawn me out! I've been playing with rsyslog recently in the hopes of creating the 'one monitoring server to rule them all' with logging, nagios, ibm director, etc. It seems the fedora/rh folks made a very good decision in making rsyslog the default logger in fedora 8, but it works equally well in centos5 as a drop in replacement for the sysklogd logger. In addition to the usual logging you get by default in centos, rsyslog also allows for log templating, regex filtering, alerts, tcp and udp delivery, logging to database (mysql, but soon postgres) and sane multi-host log handling. It's a very good competitor to syslog-ng, without any of the dual licensing bits. It'll also soon have native ssl handling for secure log transfer. It's very sexy. I second Karanbir's recommendation to take a look at rsyslog. grin already downloaded. going to transfer to the web server and start reading through the setup docs as soon as Iron Eagle is over. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find switch to find files of a certain size?
Am Sonntag, den 13.01.2008, 10:16 +0700 schrieb Fajar Priyanto: On Thursday 10 January 2008 23:21:55 [EMAIL PROTECTED] wrote: Is there a switch in find (or some other command besides find) that'll let you find files larger than a specified size? My file system is 88% full and I'd like to see where the biggest space hoggers are. I also found this on the net: du /path/to/anywhere/* -hs | grep [0-9]M | sort -rn | head -20 This only shows you usage for directories less than 1GB. (and more than 1MB) To see all: du /path/to/anywhere/* -s | sort -rn | head -20 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
Jim Perrin wrote: On Jan 13, 2008 1:53 PM, Santa Claus [EMAIL PROTECTED] wrote: Thanks to all who responded. But I repeat the question: how to upgrade CentOS4 to PHP 5.2.5 correctly? There is no correct method for this, there are only less wrong ways to do it. 1. download form php.net + make ... etc. No. This method is not advisable at all, because it circumvents the package management of the system. This point stands for every distro with a package manager, not just centos. I think 'make' to something like '/opt/php-5.2.5' would be less wrong. At least that is where i keep my 'make'd apps. Suggestions? -- Regards, Anup Shukla ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos