Re: [CentOS] tape drive

[John R Pierce]

Pitshou Asingalembi wrote:

the hp smart array 6400 controller.




thats a raid controller.   are you sure it supports plain scsi devices 
like tape?many raid controllers are disk only, and for things like 
tape drives, you need a seperate plain scsi port.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tape drive

[Mogens Kjaer]

Pitshou Asingalembi wrote:

the hp smart array 6400 controller.


Using the cciss driver?

yum install kernel-doc

Read /usr/share/doc/kernel-doc-2.6.18/Documentation/cciss.txt

There's a section on how to enable the tape drive.

Mogens
--
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tape drive

[nate]

Pitshou Asingalembi wrote:
> the hp smart array 6400 controller.

It's usually not a good idea to connect a tape drive to a
raid controller. The 6400 is made to be connected to something
like a MSA20/MSA30 (JBOD SCSI shelf)

Send the output of the command 'dmesg'.

But I think you need to get another SCSI card to connect the
tape drive to.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tape drive

[Pitshou Asingalembi]

the hp smart array 6400 controller.



--- En date de : Ven 11.7.08, nate <[EMAIL PROTECTED]> a écrit :

De: nate <[EMAIL PROTECTED]>
Objet: Re: [CentOS] tape drive
À: centos@centos.org
Date: Vendredi 11 Juillet 2008, 8h17

Pitshou Asingalembi wrote:
> yes,
> when the computer reboots, i saw the tape drive as device detected. but i
> can not use it when i log on

What kind of scsi controller exactly? send the output of 'dmesg'
as well.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


  
_ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XEN virtualization Problem

[js]

Gopinath Achari a écrit :

Hi,


I am trying to install windows XP on XEN. The Base operating 
system is
Centos 5.1 I used GUI tool Virtual Manager.

Once this Virtual manager is started is connected the XEN and QEMU.

i used new tab placed below to install a virtual OS ( ex. Winxp.)
 after passing through the wizard. i wizard option for the partition a
created a new 10 GB partition my case /dev/hda8 and then it asked the
location where the os image was kept.i created a .iso image using dd
command. then i specified the path where this iso image was kept in the
wizard. then i told next and then finish button . it opened one more
window and the installation of WinXP started. after some time it asked
for reboot and it rebooted then it is asking for Winxp OS cd. i inserted
into the DVD RW drive i mounted it but still its asking the same. please
help me out what to do. is there any addition packages to be installed
for recognizing the Cdrom or any other thing to be done. please guide
me. 


Regards,
Gopinath


  


Hello,

See http://kbase.redhat.com/faq/FAQ_108_10987.shtm


Regards


js.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tape drive

[nate]

Pitshou Asingalembi wrote:
> yes,
> when the computer reboots, i saw the tape drive as device detected. but i
> can not use it when i log on

What kind of scsi controller exactly? send the output of 'dmesg'
as well.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tape drive

[Pitshou Asingalembi]

yes,
when the computer reboots, i saw the tape drive as device detected. but i can 
not use it when i log on
--- En date de : Ven 11.7.08, nate <[EMAIL PROTECTED]> a écrit :

De: nate <[EMAIL PROTECTED]>
Objet: Re: [CentOS] tape drive
À: centos@centos.org
Date: Vendredi 11 Juillet 2008, 7h51

Pitshou Asingalembi wrote:
> cat /proc/scsi/scsi gave me only the HDD, the st module was loaded by
typing
> modprobe st  but i don't have the st file under /dev.

Doesn't matter if the st module is loaded or not. If it's a SCSI
tape drive, and if it's connected to your SCSI controller, and if
the SCSI driver for your SCSI controller is loaded, the tape drive
will show up as a SCSI device.

Does your SCSI controller have a BIOS? Does the tape drive show
up in the SCSI bios?

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


  
_ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] XEN virtualization Problem

[Gopinath Achari]

Hi,


I am trying to install windows XP on XEN. The Base operating 
system is
Centos 5.1 I used GUI tool Virtual Manager.

Once this Virtual manager is started is connected the XEN and QEMU.

i used new tab placed below to install a virtual OS ( ex. Winxp.)
 after passing through the wizard. i wizard option for the partition a
created a new 10 GB partition my case /dev/hda8 and then it asked the
location where the os image was kept.i created a .iso image using dd
command. then i specified the path where this iso image was kept in the
wizard. then i told next and then finish button . it opened one more
window and the installation of WinXP started. after some time it asked
for reboot and it rebooted then it is asking for Winxp OS cd. i inserted
into the DVD RW drive i mounted it but still its asking the same. please
help me out what to do. is there any addition packages to be installed
for recognizing the Cdrom or any other thing to be done. please guide
me. 

Regards,
Gopinath


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tape drive

[nate]

Pitshou Asingalembi wrote:
> cat /proc/scsi/scsi gave me only the HDD, the st module was loaded by typing
> modprobe st  but i don't have the st file under /dev.

Doesn't matter if the st module is loaded or not. If it's a SCSI
tape drive, and if it's connected to your SCSI controller, and if
the SCSI driver for your SCSI controller is loaded, the tape drive
will show up as a SCSI device.

Does your SCSI controller have a BIOS? Does the tape drive show
up in the SCSI bios?

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tape drive

[Pitshou Asingalembi]

cat /proc/scsi/scsi gave me only the HDD, the st module was loaded by typing 
modprobe st  but i don't have the st file under /dev.

--- En date de : Ven 11.7.08, nate <[EMAIL PROTECTED]> a écrit :

De: nate <[EMAIL PROTECTED]>
Objet: Re: [CentOS] tape drive
À: centos@centos.org
Date: Vendredi 11 Juillet 2008, 4h18

Pitshou Asingalembi wrote:
> hi all,
> i want to use a compaq sdlt 320 under centos. the tape drive was already
> installed and after rebooting i was not able to see it(dmesg | grep tape
or
> dmesg | grep scsi). i add the correct module (modprobe st) but i'm not
able
> to use with mt. the st0 file is missing, can someone help to resolve this
> issue.

Do you see it in /proc/scsi/scsi ? If not then your scsi card isn't
seeing it or the driver for the scsi card isn't loaded or something.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


  
_ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Iptables not blocking UDP port 53

[Robert Nichols]

Sean Carolan wrote:

Does the count field from "iptables -vnL RH-Firewall-1-INPUT" show
your REJECT rules being hit?


Yes, the rule gets hit and it returns an answer to the DNS query
anyway.  I saw it increment from 10 to 11 when I ran the query:

11   692 REJECT udp  --  *  *   10.100.1.1
0.0.0.0/0  udp dpt:53 reject-with icmp-port-unreachable


I seriously doubt that the response came from this machine since
the packet that hit that rule died right there.  Does the machine
that sent the request have a secondary DNS server configured?
The REJECT response would have resulted in an immediate query to
the next server.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] libc-client 2007 conflict when updating

[Kenneth Porter]

FYI for others who might encounter this.

I just did a yum update (C5.1) and after a very long download of packages I 
get a transaction test failure:


Transaction Check Error:
 file /usr/lib/libc-client.so.2007 from install of 
libc-client2007-2007b-1.el5 conflicts with file from package 
libc-client-2007-3


I just realized this is coming from a conflict with a custom build I made 
of that package so that I could install uw-imap-devel as a prereq for 
building an asterisk package.


It looks like I can just erase those two packages and the yum update should 
go through.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind9, SELinux, ServFail

[Meenoo Shivdasani]

On 7/10/08, Filipe Brandenburger <[EMAIL PROTECTED]> wrote:

> Did you update the "selinux-policy" package at the same time?

>  Well, I'm almost positive that is what you are missing.

Filipe,

You nailed it.  That was what I was missing.

Many thanks,

M
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[Filipe Brandenburger]

On Thu, Jul 10, 2008 at 10:42 PM, Robert Spangler
<[EMAIL PROTECTED]> wrote:
> Could you post /etc/sysconfig/iptables?

/etc/sysconfig/iptables doesn't necessarily reflect what is running
right now, and you can't include the counters with it.

An acceptable compromise would be posting the output of the
"iptables-save -c" command, which doesn't have the two issues above.

However, I still think that anyone handling firewalls on Linux using
iptables should be familiar with the output of "iptables -nvL" which
IMO is quite useful itself.

Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind9, SELinux, ServFail

[Filipe Brandenburger]

On Thu, Jul 10, 2008 at 10:39 PM, Meenoo Shivdasani <[EMAIL PROTECTED]> wrote:
> To be more accurate, I installed the patched version of BIND which
> randomizes the source port to address the latest DNS vulnerability.

Did you update the "selinux-policy" package at the same time?

On my system I have bind-9.3.4-6.0.1.P1.el5_2 and
selinux-policy-2.4.6-137.1.el5, both of them were signed at
approximately the same time, and were installed at approximately the
same time on my system, which tells me they most probably came from
the same update (it's easy to confirm that by looking at the
centos-announce mails).

Also:

$ rpm -q --changelog selinux-policy
* Tue Apr 29 2008 Dan Walsh <[EMAIL PROTECTED]> 2.4.6-137.1
- Allow named to bind to any udp port
Resolves: #451971
...

Well, I'm almost positive that is what you are missing.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[Robert Spangler]

On Thursday 10 July 2008 18:08, MHR wrote:

>  In following up on the rsh "problem" I was having earlier, I decided
>  to try out the suggestion Felipe sent about using
>  system-config-securitylevel-tui to open up ports 513 and 514, but that
>  doesn't seem to do the job, either.
>
>  # iptables -L
>  Chain INPUT (policy ACCEPT)
>  target prot opt source   destination
>  RH-Firewall-1-INPUT  all  --  anywhere anywhere

[snip]

I hate reading the firewall like this.
Could you post /etc/sysconfig/iptables?


-- 

Regards
Robert

Smile... it increases your face value!
Linux User #296285
http://counter.li.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind9, SELinux, ServFail

[Meenoo Shivdasani]

On 7/10/08, Meenoo Shivdasani <[EMAIL PROTECTED]> wrote:
> > SELinux is preventing BIND to open port UDP/16660. Did you configure
>  >  BIND to use that specific non-standard port?
>
>
> I installed the latest version of BIND which randomizes the source
>  port...do you think that's the problem?  If so, how do I get SELinux
>  to accept it?

To be more accurate, I installed the patched version of BIND which
randomizes the source port to address the latest DNS vulnerability.

M
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind9, SELinux, ServFail

[Meenoo Shivdasani]

> SELinux is preventing BIND to open port UDP/16660. Did you configure
>  BIND to use that specific non-standard port?

I installed the latest version of BIND which randomizes the source
port...do you think that's the problem?  If so, how do I get SELinux
to accept it?

M
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[Filipe Brandenburger]

On Thu, Jul 10, 2008 at 9:53 PM, MHR <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] mrichter]$ rsh sushi ls
> sushi: Connection refused

Are you sure the daemons are up and listening on those ports? What
does "netstat -ltp" says on sushi?

Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind9, SELinux, ServFail

[Filipe Brandenburger]

On Thu, Jul 10, 2008 at 9:41 PM, Meenoo Shivdasani <[EMAIL PROTECTED]> wrote:
> type=AVC msg=audit(1215740151.446:796): avc:  denied  { name_bind }
> for  pid=21081 comm="named" src=16660
> scontext=root:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0
> tclass=udp_socket

SELinux is preventing BIND to open port UDP/16660. Did you configure
BIND to use that specific non-standard port?

Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /etc/pam.d/system-auth changes in update

[Toby Bluhm]

listmail wrote:

On Thu, 10 Jul 2008 16:31:44 +0200, Kai Schaetzl wrote
  

Filipe Brandenburger wrote on Wed, 9 Jul 2008 23:08:44 -0400:



The exact same question came up two weeks ago.
  

And the answers were confusing at least me ;-)



To me as well, having now read the thread. No one seems to know why the
changes were made, only that they *were* made. I'm still hoping that there
might be documentation on the impact of these changes.

Does anyone know, or have a link to, why system-auth was changed in the
most recent update to PAM?

  


It wasn't changed in 5.2 'cause it was that way in 5.1 - see 
http://lists.centos.org/pipermail/centos/2008-June/102152.html.


Since I didn't know the truth behind the system-auth "mystery" myself, 
here's some commands I ran:


yum groupinfo Base | grep -E "auth|pam"
rpm -q --whatrequires pam
rpm -q --whatrequires authconfig
rpm -qi firstboot-tui
rpm -qipl 
http://vault.centos.org/5.0/os/i386/CentOS/authconfig-5.3.12-2.el5.i386.rpm

rpm -qipl authconfig
man system-auth-ac
man authconfig



--
Toby Bluhm
Alltech Medical Systems America, Inc.
30825 Aurora Road Suite 100
Solon Ohio 44139
440-424-2240 ext203


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Kernel is not compiled with IPv6 support?

[Joseph L. Casale]

>What you probably mean is:
># echo "ifdown eth0 && ifup eth0" | at now

Yea, sorry :) Op would have figured that out rather fast after
nothing "useful" happened 

jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tape drive

[nate]

Pitshou Asingalembi wrote:
> hi all,
> i want to use a compaq sdlt 320 under centos. the tape drive was already
> installed and after rebooting i was not able to see it(dmesg | grep tape or
> dmesg | grep scsi). i add the correct module (modprobe st) but i'm not able
> to use with mt. the st0 file is missing, can someone help to resolve this
> issue.

Do you see it in /proc/scsi/scsi ? If not then your scsi card isn't
seeing it or the driver for the scsi card isn't loaded or something.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[MHR]

On Thu, Jul 10, 2008 at 6:43 PM, Spiro Harvey, Knossos Networks Ltd
<[EMAIL PROTECTED]> wrote:
>
> next you'll be telling me our internets shouldn't use tubes.
>

You're up to tubes?  Hippy freak!

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[MHR]

On Thu, Jul 10, 2008 at 6:29 PM, Filipe Brandenburger
<[EMAIL PROTECTED]> wrote:
>
> Try using "iptables -vL", it will show you how many packets have
> matched that rule. Then try to rsh or rlogin and see if the numbers
> change. That should give you a clue to whether it's working or not.
>

Before:

6   360 ACCEPT tcp  --  anyany anywhere
anywherestate NEW tcp dpt:login
0 0 ACCEPT tcp  --  anyany anywhere
anywherestate NEW tcp dpt:shell
  619 22772 REJECT all  --  anyany anywhere
anywherereject-with icmp-host-prohibited

[summarized to include only the relevant ports]

After:

6   360 ACCEPT tcp  --  anyany anywhere
anywherestate NEW tcp dpt:login
6   360 ACCEPT tcp  --  anyany anywhere
anywherestate NEW tcp dpt:shell
  619 22772 REJECT all  --  anyany anywhere
anywherereject-with icmp-host-prohibited

Interesting that the shell count went up to 6 and the reject count did
not change, but no login occurred:

[EMAIL PROTECTED] mrichter]$ rsh sushi ls
sushi: Connection refused

I might not have waited long enough for the reject count to go up -
just repeated the experiment and got this:

[before]
6   360 ACCEPT tcp  --  anyany anywhere
anywherestate NEW tcp dpt:login
6   360 ACCEPT tcp  --  anyany anywhere
anywherestate NEW tcp dpt:shell
  627 23044 REJECT all  --  anyany anywhere
anywherereject-with icmp-host-prohibited

[after]
6   360 ACCEPT tcp  --  anyany anywhere
anywherestate NEW tcp dpt:login
   12   720 ACCEPT tcp  --  anyany anywhere
anywherestate NEW tcp dpt:shell
  628 23072 REJECT all  --  anyany anywhere
anywherereject-with icmp-host-prohibited

But why is it still rejecting the login, or is it the placement of the lines?

> P.S.: Once again: although it's great that you are digging into the
> problem, using iptables, and learning a lot on the process, you should
> *REALLY* consider ditching rsh/rlogin and sticking to SSH. I would
> consider using rsh/rlogin instead of SSH today about the same as using
> gopher instead of the WWW these days (for those of you who still
> remember it).

Did that - this is just for my better understanding of the whole setup.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[Spiro Harvey, Knossos Networks Ltd]

P.S.: Once again: although it's great that you are digging into the
problem, using iptables, and learning a lot on the process, you should
*REALLY* consider ditching rsh/rlogin and sticking to SSH. I would
consider using rsh/rlogin instead of SSH today about the same as using
gopher instead of the WWW these days (for those of you who still
remember it).


what are you talking about? I'm writing a Tor wrapper that funnels all 
my http requests thru gopher for extra security. It's called Gor. And 
I'm writing it in GW-BASIC!


we don't need no steenkin new fangled tecnomologies.

next you'll be telling me our internets shouldn't use tubes.


--
Spiro Harvey  Knossos Networks Ltd
021-295-1923www.knossos.net.nz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind9, SELinux, ServFail

[Meenoo Shivdasani]

>  If it's SELinux related, have a look at /var/log/audit/audit.log, that
>  will tell you what is being blocked in SELinux. That would be a good
>  start. Let us know what you found there, then we might be able to help
>  you a little more.

That's a huge help -- didn't occur to me to look in audit.log -- that
said, I'm not entirely sure what SELinux is doing here (other than
denying the connection).  Or, to be more accurate, I don't understand
why it's denying the connection, therefore don't know how to make it
behave...

type=AVC msg=audit(1215740151.446:796): avc:  denied  { name_bind }
for  pid=21081 comm="named" src=16660
scontext=root:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=udp_socket

type=SYSCALL msg=audit(1215740151.446:796): arch=c03e syscall=49
success=no exit=-13 a0=1f a1=43c8ed40 a2=1c a3=43c8eb3c items=0 ppid=1
pid=21081 auid=0 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25
sgid=25 fsgid=25 tty=(none) ses=60 comm="named" exe="/usr/sbin/named"
subj=root:system_r:named_t:s0 key=(null)

Ideas & thoughts welcome...
Thanks,

M
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Ian Blackwell]

Lanny Marcus wrote:

[EMAIL PROTECTED] ~]# ssh ipcop.homelan:222
ssh: ipcop.homelan:222: Name or service not known
[EMAIL PROTECTED] ~]#
  

Try:-

   ssh -p 222 ipcop.homelan

Ian


smime.p7s
Description: S/MIME Cryptographic Signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] tape drive

[Pitshou Asingalembi]

hi all,
i want to use a compaq sdlt 320 under centos. the tape drive was already 
installed and after rebooting i was not able to see it(dmesg | grep tape or 
dmesg | grep scsi). i add the correct module (modprobe st) but i'm not able to 
use with mt. the st0 file is missing, can someone help to resolve this issue.

thanks
 


  
_ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[Filipe Brandenburger]

On Thu, Jul 10, 2008 at 6:08 PM, MHR <[EMAIL PROTECTED]> wrote:
> ACCEPT tcp  --  anywhere anywherestate NEW
> tcp dpt:login
> ACCEPT tcp  --  anywhere anywherestate NEW
> tcp dpt:shell

It seems right to me...

Try using "iptables -vL", it will show you how many packets have
matched that rule. Then try to rsh or rlogin and see if the numbers
change. That should give you a clue to whether it's working or not.

HTH,
Filipe


P.S.: Once again: although it's great that you are digging into the
problem, using iptables, and learning a lot on the process, you should
*REALLY* consider ditching rsh/rlogin and sticking to SSH. I would
consider using rsh/rlogin instead of SSH today about the same as using
gopher instead of the WWW these days (for those of you who still
remember it).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind9, SELinux, ServFail

[Filipe Brandenburger]

On Thu, Jul 10, 2008 at 7:22 PM, Meenoo Shivdasani <[EMAIL PROTECTED]> wrote:
> I'm running up against a problem that seems to be related to SELinux.
> Any ideas?

If it's SELinux related, have a look at /var/log/audit/audit.log, that
will tell you what is being blocked in SELinux. That would be a good
start. Let us know what you found there, then we might be able to help
you a little more.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kernel is not compiled with IPv6 support?

[Filipe Brandenburger]

On Thu, Jul 10, 2008 at 5:19 PM, Joseph L. Casale
<[EMAIL PROTECTED]> wrote:
> # echo ifdown eth0 && ifup eth0 | at now

What you probably mean is:
# echo "ifdown eth0 && ifup eth0" | at now

Otherwise it will run "echo", and then it will run "ifup eth0" piping
its output to "at".

I don't see what's the problem with just running this on the shell:
# ifdown eth0; ifup eth0

I haven't tested it (no machine where I can do that from here), but it
should work. In any case, I always use the ol' good "service network
restart", and so far it has always worked great for me.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Lanny Marcus]

On 7/10/08, Lanny Marcus <[EMAIL PROTECTED]> wrote:

>> your
>> ipcop should be a caching nameserver. If you have another address there it
>> will query to that server.
>
> Obviously, I need to change that, so I can run Setup from a terminal
> window, run the dig + trace command as you did from one of your IPCop
> boxes, etc. I just turned on SSH access in IPCop. It says it uses Port
> 222 which is non standard for SSH

Still not able to SSH into the IPCop box. Something wrong in the
syntax I tried or SSH didn't get turned on in the IPCop box, via the
web interface, as I thought? The sshd is running in my Desktop box.

[EMAIL PROTECTED] ~]# ssh ipcop.homelan:222
ssh: ipcop.homelan:222: Name or service not known
[EMAIL PROTECTED] ~]#
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Lanny Marcus]

On 7/10/08, Scott Silva <[EMAIL PROTECTED]> wrote:

> When you set up your connection to your provider, do you have a static
> address
> or dynamic?

Dynamic IP

> If static, you had to set your next step resolver in the config.
> If you are dynamic, you get what your provider sends with the dhcp request.
> Since you said you have an ipcop box for your router you should be able to
> ssh
> into it and run setup and change your nameserver setting to 127.0.0.1 and
> your
> ipcop should be a caching nameserver. If you have another address there it
> will query to that server.

I never tried to SSH into the IPCop box before. I've always connected
to it via the web interface. I tried to SSH into it, but apparently I
have that Blocked, in the IPCop configuration settings.

[EMAIL PROTECTED] ~]# ssh ipcop.homelan
ssh: connect to host ipcop.homelan port 22: Connection refused
[EMAIL PROTECTED] ~]#

Obviously, I need to change that, so I can run Setup from a terminal
window, run the dig + trace command as you did from one of your IPCop
boxes, etc. I just turned on SSH access in IPCop. It says it uses Port
222 which is non standard for SSH

I am looking at it from the web interface. Under DHCP, for the Green
Interface, for Primary DNS, it shows 192.168.10.1If I change that
to 127.0.0.1 I'm done?  Other than possibly needing to change a
configuration setting in the ADSL Modem, regarding DNS?  Thanks much!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Lanny Marcus]

On 7/10/08, Scott Silva <[EMAIL PROTECTED]> wrote:
> Do you want to install a complete router using CentOS?
> Is your ipcop box not adequate for your needs?

>From what you wrote to me in another reply, ipcop will do the job, as
soon as I can get into it and get it configured the way you said. That
will be MUCH easier and MUCH faster than me trying to set up a CentOS
box to do this.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: anything in CentOS 5.2 that uses opendns.com whenbrowsing web?

[Lanny Marcus]

On 7/10/08, Dennis McLeod <[EMAIL PROTECTED]> wrote:
> IPCOP here. Use it for Masq, dhcp, NAT, time, Transparent Webfiltering via
> URLFilter plugin (and automatic blacklist downloads) and banned internal MAC
> addresses (our inside machines) via advancedproxy plugin, and more.
> It's on our public access wifi network with a dedicated DSL connection. Been
> up for 2 years.
> It's on an old IBM Netvista SFF Celeron 900 with 512M of ram.
> I'm gonna build one at home, cause my kids are getting to the age
> Dennis

Great. I have IPCop running on a Pentium 233 MMX box with 64 MB of
RAM. It's our oldest box and it does the job for our house.  :-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.2 VMI support

[nate]

Ruslan Sivak wrote:

> Does it just require a kernel recompile?  Is there maybe one available
> somewhere?

No it requires changes to the kernel itself, changes which I don't think Red
Hat will introduce in a minor release as their current VM stuff is Xen based
which has it's own paravirtualization support in the existing kernel(pre
VMI). I read that Red Hat is moving towards KVM though, I don't have any
knowledge on that project, maybe it uses VMI as well.

> Would
> it give me improved disk access speed?

I doubt it. I'm planning on using it mainly so I can run a couple of NTP
servers in VMs. Even though it's still not officially supported my experience
shows that NTP *will never sync* in VMWare with normal virtualization. But
with VMI/paravirtualization I've had a ntp daemon synced for weeks so far. I
don't plan to use VMI for anything other then a couple bare bones VMs to run
NTP. Then the rest of the VMs will run ntpdate every minute against them,
and the non VMs will run ntp daemons and sync with them. The internal vmware
time sync(at least in ESX) doesn't work too well in my experience so I just
turn it off and use ntpdate instead.

Disk access speed is limited to the speed of the I/O subsystem. VMware has
recently demonstrated a ESX system being able to sustain 100,000 I/Os per
second (maxing out ~500 15k RPM disks), and that wasn't using
paravirtualization. If you can get 100k IOPS with normal virtualization...

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Lanny Marcus]

On 7/10/08, Scott Silva <[EMAIL PROTECTED]> wrote:

> When you set up your connection to your provider, do you have a static
> address
> or dynamic?

We get a dynamic IP address when we connect to ADSL.

>If static, you had to set your next step resolver in the config.
> If you are dynamic, you get what your provider sends with the dhcp request.
> Since you said you have an ipcop box for your router you should be able to
> ssh
> into it and run setup and change your nameserver setting to 127.0.0.1 and
> your
> ipcop should be a caching nameserver. If you have another address there it
> will query to that server.

I will try to SSH into the ipcop box. I've never tried to SSH into it.
I've always looked at it via the web interface.

> I just tried it from one of my ipcop boxes and got a query all the way to
> the
> root servers;
>
>   dig +trace gmail.com

I tried dig +trace from my Desktop and it didn't work.  Probably
because I'm behind the Firewall. If I can  SSH into the ipcop box I
will try dig +trace from there.

If I can get the above to work, I suspect I may also need to change
something in the configuration for the ADSL modem for DNS. Sounds like
a quick and easy way to do this!

I have my notes from when I installed IPCop on that box, last
September. The ADSL modem IP is 192.168.1.1 and the Red NIC IP is
192.168.1.2 and the Green NIC IP is 192.168.10.1and in the DHCP
Server Configuration Menu the Primary DNS is 192.168.10.1

Thanks much!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.2 VMI support

[Ruslan Sivak]

nate wrote:

Ruslan Sivak wrote:
  

I'm using VMWare Server 2 RC1 to on top of CentOS 5.2 x86_64 running a
CentOS 5.2 i386 guest.  I have enabled VMI in VMware, so I guess it
won't let me install if VMI wasn't available in the kernel?  How do I
know whether VMI is supported/enabled and what performance benefits can
I expect from it?  I'm still not getting full hard drive speeds (only
getting about 1/3 when using hdparm -t ).



I don't believe it is supported in CentOS 5.x.  I am using Fedora Core
8 for VMI support.

[EMAIL PROTECTED]:~]# dmesg  | grep -i vmi
VMI: Found VMware, Inc. Hypervisor OPROM, API version 3.0, ROM version 1.0
vmi: registering clock event vmi-timer. mult=7809995 shift=22
Booting paravirtualized kernel on vmi
vmi: registering clock source khz=1862048
Time: vmi-timer clocksource has been installed.

I suspect it will be in RHEL/CentOS 6.x

nate

_
Does it just require a kernel recompile?  Is there maybe one available 
somewhere? 


Would
it give me improved disk access speed? 


Russ
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Java Setup

[Clint Dilks]

R P Herrold wrote:

On Thu, 10 Jul 2008, Clint Dilks wrote:

I have been following the instructions here 
http://wiki.centos.org/HowTos/JavaOnCentOS but trying to modify them 
for jdk-6u7-linux-amd64.rpm but there doesn't see to be a compatible 
java-1.6.0-sun-compat-*.rpm. Does one exist ?


What's wrong with the java-1.4.2-gcj-compat? 
Thttp://wiki.centos.org/HowTos/JavaOnCentOShere is no dependency 
impediment of which I am aware.


My installation is maintained with the first part narrative ('A simple 
approach') at

http://wiki.centos.org/HowTos/JavaOnCentOS
http://www.trading-shim.org/faq/?java


I'll try a bump to U7 from Sun and see how it goes:
http://java.sun.com/javase/downloads/index.jsp
Java SE Development Kit 6u7
jdk-6u7-linux-x64-rpm.bin

and note any changes after the sig; hold on ... back ... no -- I see 
no Dependency or Requres" problem using java-1.4.2-gcj-compat with 
jdk-1.6.0_07-fcs



A side note: To Sun's credit, the adoption of the 'latest' link 
simmplifies matters, and I need to update my writeup's a bit ...


[EMAIL PROTECTED] java]$ pwd ; ls -l
/usr/java
total 16
lrwxrwxrwx 1 root root 16 Jul 10 13:17 default -> /usr/java/latest
drwxr-xr-x 9 root root 4096 Jul 10 13:18 jdk1.6.0_07
lrwxrwxrwx 1 root root 21 Jul 10 13:18 latest -> /usr/java/jdk1.6.0_07
[EMAIL PROTECTED] java]$


On a related side note, I see the following is still in the U7 License 
Agreement, which has been an impediment to CentOS inclusion of Sun's 
Java in the past:


(viii) You shall indemnify Sun for all damages
arising from your failure to comply
with the requirements of this Agreement.

Exposure to liability to an potential asserted violation, ('(vii) You 
may not include any third party software on the Media which is 
intended to be a replacement or substitute for the Software;', anyone? 
/me thinks of 'java-1.4.2-gcj-compat' which is a partial replacement, 
essentially be definition) without CentOS having had anyone step 
forward since the last time this question came up, offering to 'pay 
the freight' to indemnify the project against such liability.


-- Russ herrold


pre-bump:

[EMAIL PROTECTED] ~]$ rpm -qa \*java\*
sun-javadb-javadoc-10.3.1-4.1
sun-javadb-core-10.3.1-4.1
sun-javadb-demo-10.3.1-4.1
sun-javadb-docs-10.3.1-4.1
gcc-java-4.1.2-42.el5
sun-javadb-client-10.3.1-4.1
java-1.4.2-gcj-compat-1.4.2.0-40jpp.115
sun-javadb-common-10.3.1-4.1
[EMAIL PROTECTED] ~]$ rpm -q jdk --qf '%{arch}\n'
x86_64
[EMAIL PROTECTED] ~]$ rpm -q jdk
jdk-1.6.0_05-fcs
[EMAIL PROTECTED] ~]$

post-bump:

[EMAIL PROTECTED] java]$ rpm -q jdk ; rpm -q jdk --qf '%{arch}\n' ; \
rpm -qa \*java\*
jdk-1.6.0_07-fcs
x86_64
sun-javadb-common-10.3.1-4.1
sun-javadb-demo-10.3.1-4.1
sun-javadb-client-10.3.1-4.1
sun-javadb-javadoc-10.3.1-4.1
gcc-java-4.1.2-42.el5
java-1.4.2-gcj-compat-1.4.2.0-40jpp.115
sun-javadb-docs-10.3.1-4.1
sun-javadb-core-10.3.1-4.1
[EMAIL PROTECTED] java]$
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Hi Russ,

Firstly thank you for your reply, but I am obviously missing something. 
Yes the sun rpm installs and builds fine. But I have just tried with 
java-1.4.2-gcj-compat as you recommend and no change. So the 
alternatives is not configured as I expected


So under


 E. Sun JDK 1.6

Up to

chmod +x jdk-6u7-linux-x64-rpm.bin
./jdk-6u7-linux-x64-rpm.bin

Works as expected

But I couldn't work at what I should be using as an alternative to this line 
rpm -Uvh jdk-6u1-linux-i586.rpm java-1.6.0-sun-compat-1.6.0.01-1jpp.i586.rpm

as no appropriate java-1.6.0-sun-compat exists

So I just did  
rpm -Uvh jdk-6u7-linux-amd64.rpm


This left me in a situation where no Java related stuff is installed in 
alternatives.

so I did 
rm /usr/bin/java

/usr/sbin/alternatives --install /usr/bin/java java /usr/java/default/bin/java 1
rm /usr/bin/javac
/usr/sbin/alternatives --install /usr/bin/javac javac 
/usr/java/default/bin/javac 1

I then went and downloaded the jdk-1_5_0_15-linux-amd64.bin and 
installed that doing the similar process with alternatives.


After I read your e-mail I did a yum install java-1.4.2-gcj-compat

This has left me with the following setup as far as alternatives is 
concerned


+ 1 /usr/java/default/bin/java
2 /opt/jdk1.5.0_15/bin/java
* 3 /usr/lib/jvm/jre-1.4.2-gcj/bin/java

Is this likely to be fine or most likely gonig to cause me issues in the 
future ?


Anyway thank you for any incite you or others may offer.

Have a nice day :)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.2 VMI support

[nate]

Ruslan Sivak wrote:
> I'm using VMWare Server 2 RC1 to on top of CentOS 5.2 x86_64 running a
> CentOS 5.2 i386 guest.  I have enabled VMI in VMware, so I guess it
> won't let me install if VMI wasn't available in the kernel?  How do I
> know whether VMI is supported/enabled and what performance benefits can
> I expect from it?  I'm still not getting full hard drive speeds (only
> getting about 1/3 when using hdparm -t ).

I don't believe it is supported in CentOS 5.x.  I am using Fedora Core
8 for VMI support.

[EMAIL PROTECTED]:~]# dmesg  | grep -i vmi
VMI: Found VMware, Inc. Hypervisor OPROM, API version 3.0, ROM version 1.0
vmi: registering clock event vmi-timer. mult=7809995 shift=22
Booting paravirtualized kernel on vmi
vmi: registering clock source khz=1862048
Time: vmi-timer clocksource has been installed.

I suspect it will be in RHEL/CentOS 6.x

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kernel is not compiled with IPv6 support?

[Robert Moskowitz]

Joseph L. Casale wrote:

Since I was SSHed into the boxes, I could not test ifconfig (down then
up!).



Just so you know, you can do this type of thing even with SSH.
(I don't know what would of helped that situation, but for future ref...)

#echo ifdown eth0 && ifup eth0 | at now
  


Oh, neat. Didn't know how to do down and up in one command line without 
writing a script.



through ssh will work fine, and you will still be connected after :)
  
Not any real difference from doing a service network restart. When your 
interface goes down, SSH just waits until the interface comes up, and 
then you get all the messages that occurred between those two events. I 
am going to have to note this command for future use (it is kind of like 
an ifbounce command :) ).



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Evolution in CentOS 5.2

[Lanny Marcus]

On 7/9/08, MHR <[EMAIL PROTECTED]> wrote:
> On Wed, Jul 9, 2008 at 5:42 PM, nate <[EMAIL PROTECTED]> wrote:
>>
>> The next thing I suggest is stopping evolution, and killing all
>> evolution processes on the system and starting evolution again and
>> see if that fixes it.

I have killed Evolution and restarted it, many times, in the past few
weeks. The restarts don't do any good. There are intermittent problems
 with Evolution on GNOME.

> Well, it didn't /fix/ the problem, but it did restore the original
> behavior (error opening the contacts address book).

I've tried to add several contacts to the address book and they do not
get added, unless I go into  Contacts and add them as "new" contacts.
I do not remember this happening, before updating to CentOS 5.2.


> I've filed a bugzilla report against this with gnome, and, btw, also
> one for bug-buddy's refusal to submit bugzilla reports on gnome 2.16
> because it's "too old."

Great. I have encountered the same problems. I was getting the error
message that Evolution Calendar (which I never use) had crashed and
then when I said OK, Bug Buddy can submit the error, I too got the
message that Gnome is too old.

I am also getting delays, when I try to view an email in my Inbox,
where it says that it is "formatting" the mail. Long time before I can
view emails, at times.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] bind9, SELinux, ServFail

[Meenoo Shivdasani]

I just set up a CentOS 5.2 system with bind9 (9.3.4-6.0.1.P1.el5) and
I'm running up against a problem that seems to be related to SELinux.
If I set named_disable_trans to 1, everything works as expected, but
if I leave it enabled the server will only give me data for the zones
for which it is authoritative.  For external sites it returns a
ServFail error.  This is with nslookup and dig.

If I start named from the command line with the command "named -u
named", the server returns the expected response.

tcpdump shows that the server is querying itself and getting a
ServFail response.

I figure that I'm missing something really basic, but not sure what.

Debug logs show this:

FAIL:

clientmgr @0x2b491728c1d0: createclients
clientmgr @0x2b491728c1d0: recycle
.
.
.
fctx 0x2b49173153e0(www.google.com/A'): shutdown
client 192.168.213.111#33096: view internal: error

Succeed:

clientmgr @0x2b109771bd30: createclients
clientmgr @0x2b109771bd30: create new
.
.
.
res 0x2b109778cae0: dns_resolver_prime
res 0x2b109778cae0: priming
createfetch: . NS
fctx 0x2b109781e280(./NS'): create
fctx 0x2b109781e280(./NS'): join
fetch 0x2b109781e260 (fctx 0x2b109781e280(./NS)): created
dns_adb_createfind: found A for name 0x2b109780fa70 in db
fctx 0x2b109781e280(./NS'): start
res 0x2b109778cae0: dns_resolver_prime
fctx 0x2b109781e280(./NS'): try
fctx 0x2b109781e280(./NS'): cancelqueries
fctx 0x2b109781e280(./NS'): getaddresses
dns_adb_createfind: found  for name 0x2b109780fa70
.
.
.

Any ideas?
Thanks in advance,

M
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] OT: anything in CentOS 5.2 that uses opendns.com whenbrowsing web?

[Dennis McLeod]

IPCOP here. Use it for Masq, dhcp, NAT, time, Transparent Webfiltering via
URLFilter plugin (and automatic blacklist downloads) and banned internal MAC
addresses (our inside machines) via advancedproxy plugin, and more.
It's on our public access wifi network with a dedicated DSL connection. Been
up for 2 years.
It's on an old IBM Netvista SFF Celeron 900 with 512M of ram. 
I'm gonna build one at home, cause my kids are getting to the age
Dennis

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of William L. Maltby
> Sent: Thursday, July 10, 2008 3:49 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] OT: anything in CentOS 5.2 that uses 
> opendns.com whenbrowsing web?
> 
> 
> On Thu, 2008-07-10 at 15:39 -0500, Lanny Marcus wrote:
> > On 7/10/08, Victor Padro <[EMAIL PROTECTED]> wrote:
> > >
> 
> > I'm a Desktop user and Linux newbie. If I could use CentOS 
> (which can 
> > do almost anything, if one knows how to do it), to replace 
> our IPCop 
> > box, all I need it to do is: (a) Router, between the ADSL Modem and 
> > our Network Switch) (b) Masquerading, so we can share the Internet 
> > connection (we get a Dynamic IP address from our ISP) and 
> (c) Caching 
> > DNS Server, so we can discontinue using the DNS Servers at our ISP.
> 
> MY IPCop does all that. Dead easy to setup and configure. 
> Just read the docs (might have to go to the website and 
> downlod, I can't recall now).
> 
> I've been running it several years. I also have it do my time sync.
> 
> If you are a newbie, I would suggest first getting the IPCop 
> fully enabled to do the masquerading, DHCP service, NAT, time 
> service et al.
> Then if you still want to do a CentOS-based firewall, you'll 
> have a known good, tested and reliable firewal working while 
> you make your mistakes and test.
> 
> Another POV: why reinvent the wheel?
> 
> > If I knew how to configure that, properly, in CentOS 3.x or 
> 4.x, that 
> > would be my preferred choice. But, if it is much easier to add a 
> > Caching DNS Server to my IPCop box, or add a Caching DNS 
> Server to SME 
> > Server (based on CentOS), or, some other OS, that would be 
> better for 
> > me, a novice, to get up and running.
> > 
> > If I can get this running properly, I will add it to my 
> resume!:-)
> > 
> 
> --
> Bill
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[William L. Maltby]

On Thu, 2008-07-10 at 15:40 -0700, MHR wrote:
> On Thu, Jul 10, 2008 at 3:17 PM, Barry Brimer <[EMAIL PROTECTED]> wrote:
> > Quoting MHR <[EMAIL PROTECTED]>:
> >
> >>

> >> system-config-securitylevel-tui to open up ports 513 and 514, but that
> >> doesn't seem to do the job, either.
> >
> > I could be remembering this wrong, but I believe these are udp, not tcp.
> >
> > Barry
> 
> According to http://www.spirit.com/Resources/ports.html, the udp
> services on those ports are who and syslog

>From the authoritative /etc/services

:g/51[34]/p
login   513/tcp
who 513/udp whod
shell   514/tcp cmd # no passwords used
syslog  514/udp

Just thought you should know that you have this and /etc/protocols
locally so you don't have to trust some unknown website.

And it's faster to lookup locally, of course.

> 
> Thanks.
> 
> mhr
> 

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 5.2 VMI support

[Ruslan Sivak]

I'm using VMWare Server 2 RC1 to on top of CentOS 5.2 x86_64 running a 
CentOS 5.2 i386 guest.  I have enabled VMI in VMware, so I guess it 
won't let me install if VMI wasn't available in the kernel?  How do I 
know whether VMI is supported/enabled and what performance benefits can 
I expect from it?  I'm still not getting full hard drive speeds (only 
getting about 1/3 when using hdparm -t ). 


Russ
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[William L. Maltby]

On Thu, 2008-07-10 at 15:39 -0500, Lanny Marcus wrote:
> On 7/10/08, Victor Padro <[EMAIL PROTECTED]> wrote:
> >

> I'm a Desktop user and Linux newbie. If I could use CentOS (which can
> do almost anything, if one knows how to do it), to replace our IPCop
> box, all I need it to do is: (a) Router, between the ADSL Modem and
> our Network Switch) (b) Masquerading, so we can share the Internet
> connection (we get a Dynamic IP address from our ISP) and (c) Caching
> DNS Server, so we can discontinue using the DNS Servers at our ISP.

MY IPCop does all that. Dead easy to setup and configure. Just read the
docs (might have to go to the website and downlod, I can't recall now).

I've been running it several years. I also have it do my time sync.

If you are a newbie, I would suggest first getting the IPCop fully
enabled to do the masquerading, DHCP service, NAT, time service et al.
Then if you still want to do a CentOS-based firewall, you'll have a
known good, tested and reliable firewal working while you make your
mistakes and test.

Another POV: why reinvent the wheel?

> If I knew how to configure that, properly, in CentOS 3.x or 4.x, that
> would be my preferred choice. But, if it is much easier to add a
> Caching DNS Server to my IPCop box, or add a Caching DNS Server to SME
> Server (based on CentOS), or, some other OS, that would be better for
> me, a novice, to get up and running.
> 
> If I can get this running properly, I will add it to my resume!:-)
> 

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[MHR]

On Thu, Jul 10, 2008 at 3:17 PM, Barry Brimer <[EMAIL PROTECTED]> wrote:
> Quoting MHR <[EMAIL PROTECTED]>:
>
>> In following up on the rsh "problem" I was having earlier, I decided
>> to try out the suggestion Felipe sent about using
>> system-config-securitylevel-tui to open up ports 513 and 514, but that
>> doesn't seem to do the job, either.
>
> I could be remembering this wrong, but I believe these are udp, not tcp.
>
> Barry

According to http://www.spirit.com/Resources/ports.html, the udp
services on those ports are who and syslog

Thanks.

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Scott Silva]

on 7-10-2008 2:50 PM Lanny Marcus spake the following:

On 7/10/08, Scott Silva <[EMAIL PROTECTED]> wrote:


Bind as a caching nameserver is dead easy to install.
Just run "yum install caching-nameserver" and it will pull everything in.
Then "chkconfig named on & service named start"


Scott: Thanks! I just began a text file: "Caching DNS Server" and
copied the above into it. Questions: (a) Is caching-nameserver
completely standalone or do I need anything else with it? (Sound like
yum will install everything it needs)  (b) How to configure it? (c)
Easier for me to get that configured properly than dnscache from
djbdns? (d) If I do a minimal CentOS 3.x or  4.x install, would I do
the Routing & Masquerading with IPTables or something else? If I can
get this to work, on a CentOS box, that would be great. Lots of
questions!  Your time and help is much appreciated!   Lanny

Do you want to install a complete router using CentOS?
Is your ipcop box not adequate for your needs?



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[Barry Brimer]

Quoting MHR <[EMAIL PROTECTED]>:

> In following up on the rsh "problem" I was having earlier, I decided
> to try out the suggestion Felipe sent about using
> system-config-securitylevel-tui to open up ports 513 and 514, but that
> doesn't seem to do the job, either.

I could be remembering this wrong, but I believe these are udp, not tcp.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Understanding iptables

[MHR]

In following up on the rsh "problem" I was having earlier, I decided
to try out the suggestion Felipe sent about using
system-config-securitylevel-tui to open up ports 513 and 514, but that
doesn't seem to do the job, either.

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source   destination
RH-Firewall-1-INPUT  all  --  anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source   destination
RH-Firewall-1-INPUT  all  --  anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere
ACCEPT icmp --  anywhere anywhereicmp any
ACCEPT esp  --  anywhere anywhere
ACCEPT ah   --  anywhere anywhere
ACCEPT udp  --  anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp  --  anywhere anywhereudp dpt:ipp
ACCEPT tcp  --  anywhere anywheretcp dpt:ipp
ACCEPT all  --  anywhere anywherestate
RELATED,ESTABLISHED
ACCEPT tcp  --  anywhere anywherestate NEW
tcp dpt:login
ACCEPT tcp  --  anywhere anywherestate NEW
tcp dpt:shell
ACCEPT tcp  --  anywhere anywherestate NEW
tcp dpt:ssh
ACCEPT tcp  --  anywhere anywherestate NEW
tcp dpt:telnet
REJECT all  --  anywhere anywhere
reject-with icmp-host-prohibited

Shouldn't this work given the login and shell lines above?  Or do they
need to come before the ESTABLISHED line, too?

Thanks.

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Bill Campbell]

On Thu, Jul 10, 2008, Lanny Marcus wrote:
>On 7/10/08, Scott Silva <[EMAIL PROTECTED]> wrote:
>
>> Bind as a caching nameserver is dead easy to install.
>> Just run "yum install caching-nameserver" and it will pull everything in.
>> Then "chkconfig named on & service named start"
>
>Scott: Thanks! I just began a text file: "Caching DNS Server" and
>copied the above into it. Questions: (a) Is caching-nameserver
>completely standalone or do I need anything else with it? (Sound like
>yum will install everything it needs)  (b) How to configure it? (c)
>Easier for me to get that configured properly than dnscache from
>djbdns? (d) If I do a minimal CentOS 3.x or  4.x install, would I do
>the Routing & Masquerading with IPTables or something else? If I can
>get this to work, on a CentOS box, that would be great. Lots of
>questions!  Your time and help is much appreciated!   Lanny

If you configure BIND so it only listens on 127.0.0.1, it should
be fairly secure.

Bill
-- 
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186

Never blame a legislative body for not doing something.  When they do
nothing, that don't hurt anybody.  When they do something is when they
become dangerous. -- Will Rogers
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Scott Silva]

on 7-10-2008 2:32 PM Lanny Marcus spake the following:

On 7/10/08, Scott Silva <[EMAIL PROTECTED]> wrote:


Try dig +trace emcali.net
It should show all servers "your" query goes through.


Scott: Please note that I added ".co" (for Colombia)   emcali.net.co
 Is this showing which DNS Servers my DNS requests use, or, which DNS
Servers serve their web site?  Also note that when I tried "dig
+trace" or "dig trace" I got very abbreviated answers. Probably I
don't have the syntax correct. Question: Is there another command I
can use, to another web site (irs.gov  or something) that shows which
DNS Servers I am using, to get to that web site? My wife is
complaining, again, as I write this, so getting our own Caching DNS
Server, ASAP,  has become a priority. When Colombian women are mad...
:-)  TIA, Lanny

When you set up your connection to your provider, do you have a static address 
or dynamic? If static, you had to set your next step resolver in the config. 
If you are dynamic, you get what your provider sends with the dhcp request.
Since you said you have an ipcop box for your router you should be able to ssh 
into it and run setup and change your nameserver setting to 127.0.0.1 and your 
ipcop should be a caching nameserver. If you have another address there it 
will query to that server.


I just tried it from one of my ipcop boxes and got a query all the way to the 
root servers;


 dig +trace gmail.com

; <<>> DiG 9.3.4-P1 <<>> +trace gmail.com
;; global options:  printcmd
.   353305  IN  NS  E.ROOT-SERVERS.NET.
.   353305  IN  NS  F.ROOT-SERVERS.NET.
.   353305  IN  NS  G.ROOT-SERVERS.NET.
.   353305  IN  NS  H.ROOT-SERVERS.NET.
.   353305  IN  NS  I.ROOT-SERVERS.NET.
.   353305  IN  NS  J.ROOT-SERVERS.NET.
.   353305  IN  NS  K.ROOT-SERVERS.NET.
.   353305  IN  NS  L.ROOT-SERVERS.NET.
.   353305  IN  NS  M.ROOT-SERVERS.NET.
.   353305  IN  NS  A.ROOT-SERVERS.NET.
.   353305  IN  NS  B.ROOT-SERVERS.NET.
.   353305  IN  NS  C.ROOT-SERVERS.NET.
.   353305  IN  NS  D.ROOT-SERVERS.NET.
;; Received 376 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

com.172800  IN  NS  G.GTLD-SERVERS.NET.
com.172800  IN  NS  D.GTLD-SERVERS.NET.
com.172800  IN  NS  H.GTLD-SERVERS.NET.
com.172800  IN  NS  J.GTLD-SERVERS.NET.
com.172800  IN  NS  F.GTLD-SERVERS.NET.
com.172800  IN  NS  B.GTLD-SERVERS.NET.
com.172800  IN  NS  A.GTLD-SERVERS.NET.
com.172800  IN  NS  E.GTLD-SERVERS.NET.
com.172800  IN  NS  C.GTLD-SERVERS.NET.
com.172800  IN  NS  K.GTLD-SERVERS.NET.
com.172800  IN  NS  I.GTLD-SERVERS.NET.
com.172800  IN  NS  M.GTLD-SERVERS.NET.
com.172800  IN  NS  L.GTLD-SERVERS.NET.
;; Received 499 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 23 ms

gmail.com.  172800  IN  NS  ns1.google.com.
gmail.com.  172800  IN  NS  ns2.google.com.
gmail.com.  172800  IN  NS  ns3.google.com.
gmail.com.  172800  IN  NS  ns4.google.com.
;; Received 170 bytes from 192.42.93.30#53(G.GTLD-SERVERS.NET) in 22 ms

gmail.com.  60  IN  A   209.85.171.83
gmail.com.  60  IN  A   64.233.171.83
gmail.com.  60  IN  A   64.233.161.83
gmail.com.  345600  IN  NS  ns1.google.com.
gmail.com.  345600  IN  NS  ns2.google.com.
gmail.com.  345600  IN  NS  ns3.google.com.
gmail.com.  345600  IN  NS  ns4.google.com.
;; Received 218 bytes from 216.239.32.10#53(ns1.google.com) in 44 ms



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Lanny Marcus]

On 7/10/08, Scott Silva <[EMAIL PROTECTED]> wrote:

> Bind as a caching nameserver is dead easy to install.
> Just run "yum install caching-nameserver" and it will pull everything in.
> Then "chkconfig named on & service named start"

Scott: Thanks! I just began a text file: "Caching DNS Server" and
copied the above into it. Questions: (a) Is caching-nameserver
completely standalone or do I need anything else with it? (Sound like
yum will install everything it needs)  (b) How to configure it? (c)
Easier for me to get that configured properly than dnscache from
djbdns? (d) If I do a minimal CentOS 3.x or  4.x install, would I do
the Routing & Masquerading with IPTables or something else? If I can
get this to work, on a CentOS box, that would be great. Lots of
questions!  Your time and help is much appreciated!   Lanny
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Lanny Marcus]

On 7/10/08, Scott Silva <[EMAIL PROTECTED]> wrote:

> Try dig +trace emcali.net
> It should show all servers "your" query goes through.

Scott: Please note that I added ".co" (for Colombia)   emcali.net.co
 Is this showing which DNS Servers my DNS requests use, or, which DNS
Servers serve their web site?  Also note that when I tried "dig
+trace" or "dig trace" I got very abbreviated answers. Probably I
don't have the syntax correct. Question: Is there another command I
can use, to another web site (irs.gov  or something) that shows which
DNS Servers I am using, to get to that web site? My wife is
complaining, again, as I write this, so getting our own Caching DNS
Server, ASAP,  has become a priority. When Colombian women are mad...
:-)  TIA, Lanny

P.S.
The first time I tried to send this email, I ended up at opendns.com
instead of getting a response from Gmail.

[EMAIL PROTECTED] ~]$ dig emcali.net.co

; <<>> DiG 9.3.4-P1 <<>> emcali.net.co
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24430
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;emcali.net.co. IN  A

;; ANSWER SECTION:
emcali.net.co.  10800   IN  A   200.29.96.38

;; AUTHORITY SECTION:
emcali.net.co.  10800   IN  NS  dns1.emcali.net.co.
emcali.net.co.  10800   IN  NS  dns2.emcali.net.co.
emcali.net.co.  10800   IN  NS  dns3.emcali.net.co.

;; ADDITIONAL SECTION:
dns1.emcali.net.co. 10800   IN  A   200.29.96.22
dns2.emcali.net.co. 10800   IN  A   200.29.96.27
dns3.emcali.net.co. 10800   IN  A   200.29.104.22

;; Query time: 314 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Thu Jul 10 16:12:53 2008
;; MSG SIZE  rcvd: 152

[EMAIL PROTECTED] ~]$

[EMAIL PROTECTED] ~]$ dig trace emcali.net.co
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30304
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;trace. IN  A

;; Query time: 2 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Thu Jul 10 16:20:28 2008
;; MSG SIZE  rcvd: 23


; <<>> DiG 9.3.4-P1 <<>> trace emcali.net.co
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24706
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;emcali.net.co. IN  A

;; ANSWER SECTION:
emcali.net.co.  10346   IN  A   200.29.96.38

;; Query time: 1 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Thu Jul 10 16:20:28 2008
;; MSG SIZE  rcvd: 47

[EMAIL PROTECTED] ~]$


[EMAIL PROTECTED] ~]$ dig +trace emcali.net.co

; <<>> DiG 9.3.4-P1 <<>> +trace emcali.net.co
;; global options:  printcmd
.   0   IN  A   192.168.1.1
;; Received 33 bytes from 192.168.10.1#53(192.168.10.1) in 3 ms

[EMAIL PROTECTED] ~]$
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Kernel is not compiled with IPv6 support?

[Joseph L. Casale]

>Since I was SSHed into the boxes, I could not test ifconfig (down then
>up!).

Just so you know, you can do this type of thing even with SSH.
(I don't know what would of helped that situation, but for future ref...)

#echo ifdown eth0 && ifup eth0 | at now

through ssh will work fine, and you will still be connected after :)

jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Scott Silva]

on 7-10-2008 2:04 PM Lanny Marcus spake the following:

On 7/10/08, Lanny Marcus <[EMAIL PROTECTED]> wrote:


I think I saw a reference, in a thread yesterday, about not having a
package with "caching" in it's name, if one also has BIND installed. I
am going to try to locate that thread and find out about that package.
Possibly it can do what I need to do.


OK. I found it. Tru wrote this, in a thread yesterday:


If you have the caching-nameserver package, it's the expected behaviour:

 > /etc/named.conf is "owned" and labelled as "config file" for
caching-nameserver.
 > The regular bind/bind-chroot don't provide named.conf.
 >You should not install the caching-nameserver package if you are

indeed providing DNS services with bind...


I'm wondering if caching-nameserver will do the Caching DNS for me, if
I use CentOS 3.x or 4.x.   Also need the box to do Routing and
Masquerading.  Would that be done by IPTables?  Or, if I shoud use
dnscache, which is apparently much more secure than BIND, or something
else, that is easier for a newbie to get configured properly. TIA!
Lanny

Bind as a caching nameserver is dead easy to install.
Just run "yum install caching-nameserver" and it will pull everything in.
Then "chkconfig named on & service named start"

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Lanny Marcus]

On 7/10/08, Lanny Marcus <[EMAIL PROTECTED]> wrote:

> I think I saw a reference, in a thread yesterday, about not having a
> package with "caching" in it's name, if one also has BIND installed. I
> am going to try to locate that thread and find out about that package.
> Possibly it can do what I need to do.

OK. I found it. Tru wrote this, in a thread yesterday:

>If you have the caching-nameserver package, it's the expected behaviour:
 > /etc/named.conf is "owned" and labelled as "config file" for
caching-nameserver.
 > The regular bind/bind-chroot don't provide named.conf.
 >You should not install the caching-nameserver package if you are
> indeed providing DNS services with bind...

I'm wondering if caching-nameserver will do the Caching DNS for me, if
I use CentOS 3.x or 4.x.   Also need the box to do Routing and
Masquerading.  Would that be done by IPTables?  Or, if I shoud use
dnscache, which is apparently much more secure than BIND, or something
else, that is easier for a newbie to get configured properly. TIA!
Lanny
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kernel is not compiled with IPv6 support?

[Robert Moskowitz]

Sean Carolan wrote:

Yep. They are there. So what is the 'proper' method to get them out (other
than using VI and deleteing the lines?)?




I would comment them out and add another comment like this:

# Un-comment these to disable ipv6
#alias net-pf-10 off
#alias ipv6 off

You will need to reboot the server to enable the changes.  IIRC, ipv6
is not a module that you can load or unload anytime like a network or
sound card driver.

OK. This worked. Thanks!

Since I was SSHed into the boxes, I could not test ifconfig (down then 
up!). service network restart did not do the job, I had to reboot the 
boxes (one's my repo server the other a NAS, so both could be bounced).



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Scott Silva]

on 7-10-2008 1:55 PM Lanny Marcus spake the following:

On 7/10/08, Rob Townley <[EMAIL PROTECTED]> wrote:

why not use the dig command to query your isp dns system to see if
they forward requests to opendns.  By the way, OpenDNS is a great way
to help prevent phishing attacks.


Rob: What other parameters or arguments I should add onto the dig
command,  to see if they use opendns.com ? I don't see opendns.com in
the below, but probably that is not the correct dig command.

[EMAIL PROTECTED] ~]$ dig emcali.net

; <<>> DiG 9.3.4-P1 <<>> emcali.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41909
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;emcali.net.IN  A

;; ANSWER SECTION:
emcali.net. 3600IN  A   66.45.254.245
emcali.net. 3600IN  A   66.45.254.244

;; AUTHORITY SECTION:
emcali.net. 172800  IN  NS  ns3.hostingchange.net.
emcali.net. 172800  IN  NS  ns2.hostingchange.net.
emcali.net. 172800  IN  NS  ns1.hostingchange.net.

;; Query time: 1100 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Thu Jul 10 15:46:18 2008
;; MSG SIZE  rcvd: 128

[EMAIL PROTECTED] ~]$


Lastly, you should use this opp to create a opendns signon, this will
give you control over your dns request options.  You could block any
domain via dns quikly.


I will look at the opendns.com web site.  I just cannot imagine that
the Firefox browser is ending up at opendns.com (intermittently) on
it's own. It must be coming from the DNS we are using.  Thanks much!
Lanny

Try dig +trace emcali.net
It should show all servers "your" query goes through.

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Lanny Marcus]

On 7/10/08, Rob Townley <[EMAIL PROTECTED]> wrote:
> why not use the dig command to query your isp dns system to see if
> they forward requests to opendns.  By the way, OpenDNS is a great way
> to help prevent phishing attacks.

Rob: What other parameters or arguments I should add onto the dig
command,  to see if they use opendns.com ? I don't see opendns.com in
the below, but probably that is not the correct dig command.

[EMAIL PROTECTED] ~]$ dig emcali.net

; <<>> DiG 9.3.4-P1 <<>> emcali.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41909
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;emcali.net.IN  A

;; ANSWER SECTION:
emcali.net. 3600IN  A   66.45.254.245
emcali.net. 3600IN  A   66.45.254.244

;; AUTHORITY SECTION:
emcali.net. 172800  IN  NS  ns3.hostingchange.net.
emcali.net. 172800  IN  NS  ns2.hostingchange.net.
emcali.net. 172800  IN  NS  ns1.hostingchange.net.

;; Query time: 1100 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Thu Jul 10 15:46:18 2008
;; MSG SIZE  rcvd: 128

[EMAIL PROTECTED] ~]$

> Lastly, you should use this opp to create a opendns signon, this will
> give you control over your dns request options.  You could block any
> domain via dns quikly.

I will look at the opendns.com web site.  I just cannot imagine that
the Firefox browser is ending up at opendns.com (intermittently) on
it's own. It must be coming from the DNS we are using.  Thanks much!
Lanny
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] SOLVED Re: Problems with bind on 5.2

[Scott Silva]

on 7-8-2008 11:15 PM Robert - elists spake the following:

After digging for a bit at arin

Near as I can tell, it appears the authoritative dns servers for that
specific block are a lil messed up for the moment.

Not delegating something properly.

Tough to say without admin access to those machines.

If you check your netblock at ARIN whois, it says these two dns servers are
authoritive

OrgName:MCI Communications Services, Inc. d/b/a Verizon Business 
OrgID:  MCICS

Address:22001 Loudoun County Pkwy
City:   Ashburn
StateProv:  VA
PostalCode: 20147
Country:US

NetRange:   208.192.0.0 - 208.255.255.255 
CIDR:   208.192.0.0/10 
NetName:UUNET1996B

NetHandle:  NET-208-192-0-0-1
Parent: NET-208-0-0-0-0
NetType:Direct Allocation
NameServer: AUTH03.NS.UU.NET
NameServer: AUTH00.NS.UU.NET
Comment:ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:1996-05-08
Updated:2006-12-14

dig -x 208.252.226.222 @AUTH00.NS.UU.NET

; <<>> DiG 9.2.4 <<>> -x 208.252.226.222 @AUTH00.NS.UU.NET
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47733
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;222.226.252.208.in-addr.arpa.  IN  PTR

;; AUTHORITY SECTION:
226.252.208.in-addr.arpa. 21600 IN  NS  auth02.ns.uu.net.
226.252.208.in-addr.arpa. 21600 IN  NS  auth20.ns.wcom.com.

;; ADDITIONAL SECTION:
auth02.ns.uu.net.   3600IN  A   198.6.1.82

When you do a reverse dig at them, one of them will tell you that this ip is
authoritive

198.6.1.82 aka That ip is auth02.ns.uu.net

Auto03 returns squat...

dig -x 208.252.226.222 @AUTH03.NS.UU.NET

; <<>> DiG 9.2.4 <<>> -x 208.252.226.222 @AUTH03.NS.UU.NET
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32548
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;222.226.252.208.in-addr.arpa.  IN  PTR

;; AUTHORITY SECTION:
226.252.208.in-addr.arpa. 21600 IN  NS  auth02.ns.uu.net.
226.252.208.in-addr.arpa. 21600 IN  NS  auth20.ns.wcom.com.

So, maybe something is a lil broken in their in-addr.arpa land

Could be wrong though...

If you dig stuff at the IP address, it seems to at least try to work though

Something is not right imho

dig -x 208.252.226.222 @198.6.1.82

; <<>> DiG 9.2.4 <<>> -x 208.252.226.222 @198.6.1.82
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62935
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;222.226.252.208.in-addr.arpa.  IN  PTR

;; ANSWER SECTION:
222.226.252.208.in-addr.arpa. 21600 IN  CNAME
222.192.226.252.208.in-addr.arpa.

;; AUTHORITY SECTION:
192.226.252.208.in-addr.arpa. 21600 IN  NS  mail.sgvwater.com.

Best wishes...

- rh
Verizon had some automatic script that comments out your reverse DNS entries 
if it finds your server offline. I guess when the T1 line was out last weekend 
it hit and killed the entries in the main ip block.


Case closed... But I think I should have been notified of this change, as I 
already get a notice everytime the T1 goes offline.



Thanks for everyones help, as it is a lot easier to look at DNS from several 
locations.


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Iptables not blocking UDP port 53

[Sean Carolan]

> Are you running tcpdump on the same machine that is doing the filtering?
> You do realize that tcpdump sees the packets as they come from the
> interface and before they are passed to the filter rules, right?

I had forgotten this important piece of information.  Thank you for
pointing this out.  The packets still seem to be getting through to
the BIND daemon, however, because I can still query the box from the
Internet.

> Does the count field from "iptables -vnL RH-Firewall-1-INPUT" show
> your REJECT rules being hit?

Yes, the rule gets hit and it returns an answer to the DNS query
anyway.  I saw it increment from 10 to 11 when I ran the query:

11   692 REJECT udp  --  *  *   10.100.1.1
0.0.0.0/0  udp dpt:53 reject-with icmp-port-unreachable
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Kernel is not compiled with IPv6 support?

[Scott Silva]

on 7-10-2008 1:11 PM Robert Moskowitz spake the following:

Sean Carolan wrote:

CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support
 [  OK  ]
FATAL: Module off not found.
CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support



Try looking inside /etc/modprobe.conf for these lines:
alias net-pf-10 off
alias ipv6 off

If those are in there then ipv6 will be disabled at boot.
Yep. They are there. So what is the 'proper' method to get them out 
(other than using VI and deleteing the lines?)?

You can use joe, emacs, vi ... whatever editor you want.  ;-P



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

[Lanny Marcus]

On 7/10/08, Victor Padro <[EMAIL PROTECTED]> wrote:
> Hi there again...
> I just found this on my quest of DNS caching...
> http://isc.sans.org/diary.html?storyid=4687

Victor: I read that page and I sent the URL to the Supervisor in
Support at our ISP, hoping she will pass it along, to whoever is in
charge of their DNS Servers.

> Lanny: I think you can install CentOS 3.x, 4.x, and remotely perhaps CentOS
> 5.0 on a P3 like yours, I have a couple of Dells P3 running CentOS 3.9
> server edition and CentOS 5.0 (not connected to the outside world thought)
> which serves web sites locally and its been working without a hassle.

I'm a Desktop user and Linux newbie. If I could use CentOS (which can
do almost anything, if one knows how to do it), to replace our IPCop
box, all I need it to do is: (a) Router, between the ADSL Modem and
our Network Switch) (b) Masquerading, so we can share the Internet
connection (we get a Dynamic IP address from our ISP) and (c) Caching
DNS Server, so we can discontinue using the DNS Servers at our ISP.
If I knew how to configure that, properly, in CentOS 3.x or 4.x, that
would be my preferred choice. But, if it is much easier to add a
Caching DNS Server to my IPCop box, or add a Caching DNS Server to SME
Server (based on CentOS), or, some other OS, that would be better for
me, a novice, to get up and running.

If I can get this running properly, I will add it to my resume!:-)

> Telmex here is not very bad service...it's awful. :)

A man who works in my daughters school switched to TelMex (in Cali) a
few months ago. He got a package, for TV, phone, and Internet, and it
is saving him $. I think he was happy with it, at that time.

> But Internet via cablemodem it's worse...

We had Cable Modem Service, in Cali, for about 4 years, before we
built our new house.
I remember 2 or 3 times,  we were without Cable TV and Internet, or
without Internet, for about 2 weeks, each time. Our current ISP, the
major Cali phone company, with ADSL, is probably the best ISP we have
ever had, with the exception of this DNS problem.  My wife is in here
now and she is *complaining* about the SLOW DNS and I told her I am
going to ask on this mailing list, for the easiest thing I can
implement, so we have our own Caching DNS Server and only use the ISP
for connectivity.  We live in a rural subdivsion and I don't think
there are enough people living here yet to make it profitable for them
to install Cable TV here. Maybe in the future, or when TelMex comes to
our town. TelMex has lots of $ and they can do it, if they want to do
it.

Awhile ago, I tried to connect to another Secure (SSL, https://)
Server and I ended up again, with a warning, that the SSL Certificate
belonged to opendns.com The first time that happend, last week, it was
atirs.govthis time it was somewhere else.

I think I saw a reference, in a thread yesterday, about not having a
package with "caching" in it's name, if one also has BIND installed. I
am going to try to locate that thread and find out about that package.
Possibly it can do what I need to do.

Thanks much! Lanny
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kernel is not compiled with IPv6 support?

[Filipe Brandenburger]

On Thu, Jul 10, 2008 at 4:26 PM, Sean Carolan <[EMAIL PROTECTED]> wrote:
> You will need to reboot the server to enable the changes.  IIRC, ipv6
> is not a module that you can load or unload anytime like a network or
> sound card driver.

No, not at all. If you just try to "ifconfig" after commenting the
lines, the module should be loaded fine.

The only problem would be to unload the module once it's in use,
because for that you have to stop everything that is using it, which
is certainly trickier.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Iptables not blocking UDP port 53

[Robert Nichols]

Sean Carolan wrote:

I'm attempting to block access to port 53 from internet hosts for an
internal server.  This device is behind a gateway router so all
traffic appears to come from source ip 10.100.1.1.  Here are my
(non-working) iptables rules:

-A RH-Firewall-1-INPUT -s 10.100.1.1 -m tcp -p tcp --dport 53 -j REJECT
-A RH-Firewall-1-INPUT -s 10.100.1.1 -m udp -p udp --dport 53 -j REJECT

Further down the ruleset I have these rules to allow traffic from
everyone else.  If these rules are removed then nobody can make
queries, because of the final default REJECT rule.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

I have used tcpdump and confirmed that packets are in fact still
coming across from internet hosts.  What am I doing wrong?

[EMAIL PROTECTED]:~]$ sudo tcpdump -n udp port 53 | grep 10.100.1.1
tcpdump: listening on eth0
14:46:40.539995 10.100.1.1.60793 > 10.100.1.61.domain:  62011+ A?
server.domain.com. (32) (DF)


Are you running tcpdump on the same machine that is doing the filtering?
You do realize that tcpdump sees the packets as they come from the
interface and before they are passed to the filter rules, right?

Does the count field from "iptables -vnL RH-Firewall-1-INPUT" show
your REJECT rules being hit?

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kernel is not compiled with IPv6 support?

[Sean Carolan]

> Yep. They are there. So what is the 'proper' method to get them out (other
> than using VI and deleteing the lines?)?
>

I would comment them out and add another comment like this:

# Un-comment these to disable ipv6
#alias net-pf-10 off
#alias ipv6 off

You will need to reboot the server to enable the changes.  IIRC, ipv6
is not a module that you can load or unload anytime like a network or
sound card driver.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kernel is not compiled with IPv6 support?

[Robert Moskowitz]

Sean Carolan wrote:

CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support
 [  OK  ]
FATAL: Module off not found.
CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support



Try looking inside /etc/modprobe.conf for these lines:
alias net-pf-10 off
alias ipv6 off

If those are in there then ipv6 will be disabled at boot.
Yep. They are there. So what is the 'proper' method to get them out 
(other than using VI and deleteing the lines?)?



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] backuppc on CentOS 5

[Sean Carolan]

I've used the guide on mantic.org before, worked well for me:

http://www.mantic.org/wiki/Installing_BackupPC

We use BackupPC extensively where I work, once you get it settled down
and in a steady state it is invaluable.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kernel is not compiled with IPv6 support?

[Sean Carolan]

> CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support
>  [  OK  ]
> FATAL: Module off not found.
> CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support

Try looking inside /etc/modprobe.conf for these lines:
alias net-pf-10 off
alias ipv6 off

If those are in there then ipv6 will be disabled at boot.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /etc/pam.d/system-auth changes in update

[listmail]

On Thu, 10 Jul 2008 16:31:44 +0200, Kai Schaetzl wrote
> Filipe Brandenburger wrote on Wed, 9 Jul 2008 23:08:44 -0400:
> 
> > The exact same question came up two weeks ago.
> 
> And the answers were confusing at least me ;-)
> 
To me as well, having now read the thread. No one seems to know why the
changes were made, only that they *were* made. I'm still hoping that there
might be documentation on the impact of these changes.

Does anyone know, or have a link to, why system-auth was changed in the
most recent update to PAM?

TIA,
--Bill
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Iptables not blocking UDP port 53

[Sean Carolan]

I'm attempting to block access to port 53 from internet hosts for an
internal server.  This device is behind a gateway router so all
traffic appears to come from source ip 10.100.1.1.  Here are my
(non-working) iptables rules:

-A RH-Firewall-1-INPUT -s 10.100.1.1 -m tcp -p tcp --dport 53 -j REJECT
-A RH-Firewall-1-INPUT -s 10.100.1.1 -m udp -p udp --dport 53 -j REJECT

Further down the ruleset I have these rules to allow traffic from
everyone else.  If these rules are removed then nobody can make
queries, because of the final default REJECT rule.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

I have used tcpdump and confirmed that packets are in fact still
coming across from internet hosts.  What am I doing wrong?

[EMAIL PROTECTED]:~]$ sudo tcpdump -n udp port 53 | grep 10.100.1.1
tcpdump: listening on eth0
14:46:40.539995 10.100.1.1.60793 > 10.100.1.61.domain:  62011+ A?
server.domain.com. (32) (DF)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] redirecting when behind a firewall

[bruce]

Hi..

I know this isn't a centos/rhel/fedora issue... but i'm hopeful that someone
might have an answer!!!

thanks

VV

Got a bit of an issue here, that I can't seem to resolve.

I have a test domain on a dynamic service (dyndns.org). the test domain is
foo.gotdns.com, which i have pointing to my external cable/dsl address.
Here's my issue, I would really like to be able to have the external user be
able to see multiple websites which might be sitting on different physical
machines/apache servers within my network.

Behind the modem, I have a firewall which is set up to port-forward the
traffic to a machine with my network. So, for my example, the machine is dog
(192.168.1.52), and the "foo.gotdns.com" would point to the app on the
machine, based on the vhost setup in the dog httpd.conf file.

However, I would also like to have multiple external test sites/domains,
each of which might point back to sites on different internal servers. The
forwarding capability of the router only allows for all wan * (addresses) to
be forwarded to a given internal machine. At the same time, the
external/internal ports have to match.

So i don't have the ability to do something like "forward foo.gotdns.com to
machine1, and forward foo2.gotdns.com to machine2" which is exactly what i'm
trying to accomplish!!

I've been looking into using vhosts, and the redirect functionaility, but I
can't seem to get it to work, using the external domain name.

So. i'm trying to:
 -be able to access multiple test sites, on multiple servers
  from a browser external to my network
 -be able to access the same sites, from inside my network, using
  the local/internal namespace
 -be able to access the same sites, from inside my network, using
  the external namespace (testing purposes)

I've looked high/low for how to accomplish this with no real luck.

thanks

ps. I've seen others who've been looking for similar solutions, so this
would definitely help.

ps. I'm able to do a redirect from one server to another, if I restrict to
using internal addresses. Just can't get the external stuff to work..




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yaz and libyaz package for CentOS 5

[Siju George]

On Mon, Jul 7, 2008 at 10:19 PM, Akemi Yagi <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 7, 2008 at 9:37 AM, Siju George <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> Where do I get Yaz and libyaz package for CentOS 5?
>
> Try the EPEL repository.  See
> http://wiki.centos.org/AdditionalResources/Repositories for details
> (near the bottom).
>

Thanks a lot Akemi :-)
I got it working . it was for koha libriary software :-)

kind Regards

Siju
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bind update overwrites named.conf

[Chris Miller]

Tru Huynh wrote:

On Wed, Jul 09, 2008 at 08:42:12AM -0700, Chris Miller wrote:
I just had a customer's bind server lose all of it's local DNS records. 
Yum updated the bind packages this morning at ~6am, and replaced the 
original /etc/named.conf file, saving the old as named.conf.rpmsave. This 
seems like the opposite of what it should have done (i.e. save the new 
file as named.conf.rpmnew).

If you have the caching-nameserver package, it's the expected behaviour:

/etc/named.conf is "owned" and labelled as "config file" for caching-nameserver.

The regular bind/bind-chroot don't provide named.conf.
You should not install the caching-nameserver package if you are
indeed providing DNS services with bind...


Thanks! I wasn't aware of this package, and it was indeed at fault. 
Seems like the package should be named bind-caching-nameserver...


Chris
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Kernel is not compiled with IPv6 support?

[Robert Moskowitz]

How did I get this?

I am current on my 5.2 upgrades on this system.  Running kernel: 
2.6.18-92.1.6.el5


I did a service network restart and got:

Shutting down interface eth0:  [  OK  ]
Shutting down loopback interface:  [  OK  ]
FATAL: Module off not found.
CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support
Bringing up loopback interface:[  OK  ]
Bringing up interface eth0:  FATAL: Module off not found.
CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support
  [  OK  ]
FATAL: Module off not found.
CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support


/etc/sysconfig/network has:

NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=onlo.htt-consult.com


and /etc/sysconfig/network-scripts/ifcfg-eth0 has:

DEVICE=eth0
BOOTPROTO=none
HWADDR=00:50:8B:A1:FE:1C
ONBOOT=yes
DHCP_HOSTNAME=onlo.htt-consult.com
IPADDR=208.83.67.148
NETMASK=255.255.255.248
GATEWAY=208.83.67.145
TYPE=Ethernet
USERCTL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
PEERDNS=no

A system on this subnet is supposedly running radvd.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need help with awk one-liner

[Denis]

Sean Carolan wrote:

The awk output that was piped into to the sed command looks like this:

ajpv12://host1.domain.company.com:8008/root
ajpv12://host2.domain.company.com:8008/root
ajpv12://host3.domain.company.com:8008/root
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

  

for the sample data you gave the following worked for me:

gawk  -F/  '/:8008\/root/ {split($3,hostname,".") ; print hostname[1]}'  
urls


--
Denis Becker
Information Technology - Engineering
MN State Univ., Mankato
Mankato, MN
ph: 507-389-5617
fx: 507-389-5002

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

[MHR]

On Mon, Jul 7, 2008 at 4:05 PM, John R Pierce <[EMAIL PROTECTED]> wrote:
>
> man ssh-keygen
>

Unfortunately, as with most man pages, this gives the technical
details of how the command works, not so much how to use it in
context.

However, this 
(http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html)
is an excellent resource in addition - it explains the entire context
of exactly what to do.

Thanks (it works).

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] IPv6 static routing

[Robert Moskowitz]

So I do not want to run radvd on my public subnet (between the gateway 
and firewall).


I am trying to set up the firewall's public interface.  For now in 
ifcfg-eth0 I have the lines:



DEVICE=eth0
BOOTPROTO=static
HWADDR=00:40:F4:05:A8:F1
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6ADDR="2607:F4B8:3:1:0:40:F405:A8F1"
ONBOOT=yes

And in network I have:

NETWORKING=yes
NETWORKING_IPV6=yes
IPV6FORWARDING=yes
IPV6_DEFAULTGW="2607:F4B8:3:1:50:BA42:8249%eth0"

But when I restart network (service network restart) I get:

Bringing up interface eth0:  WARN : [ipv6_add_route] Unknown error
  [  OK  ]

and ip -6 route show dev eth0 generates:

2607:f4b8:3:1::/64  metric 256  expires 21333899sec mtu 1500 advmss 1440 
hoplimit 4294967295
fe80::/64  metric 256  expires 21333899sec mtu 1500 advmss 1440 hoplimit 
4294967295


What is missing?

I am using http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/ for some help.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can I automate random bytes generation for CENTOS 5.2?

[Tolun ARDAHANLI]

2008/7/10 Ralph Angenendt <[EMAIL PROTECTED] <[EMAIL PROTECTED]>
>:

> Tolun ARDAHANLI wrote:
> > It can be created every second... Cause we do not know when the users
> want
> > to create these own keys...
>
> Then they have to wait - or look why your system doesn't have a big
> enough entropy pool.
>
> What does cat /proc/sys/kernel/random/entropy_avail say?
>
it says only number which is  36

>
> You need a enough "randomness" to create gpg keys.
>
Yes!!! But how can do my server itself?

>
> Ralph
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>


-- 
Tolun ARDAHANLI
Bilgisayar Muhendisi
E-posta:[EMAIL PROTECTED]<[EMAIL PROTECTED]>
Icq:326600



Tolun ARDAHANLI
Computer Engineer
E-mail:[EMAIL PROTECTED] <[EMAIL PROTECTED]>
Icq:326600
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Java Setup

[R P Herrold]

On Thu, 10 Jul 2008, Clint Dilks wrote:

I have been following the instructions here 
http://wiki.centos.org/HowTos/JavaOnCentOS but trying to modify them for 
jdk-6u7-linux-amd64.rpm but there doesn't see to be a compatible 
java-1.6.0-sun-compat-*.rpm.Does one exist ?


What's wrong with the java-1.4.2-gcj-compat?  There is no 
dependency impediment of which I am aware.


My installation is maintained with the first part narrative 
('A simple approach') at

http://wiki.centos.org/HowTos/JavaOnCentOS
http://www.trading-shim.org/faq/?java


I'll try a bump to U7 from Sun and see how it goes:
http://java.sun.com/javase/downloads/index.jsp
Java SE Development Kit 6u7
jdk-6u7-linux-x64-rpm.bin

and note any changes after the sig; hold on ... back ... no -- 
I see no Dependency or Requres" problem using 
java-1.4.2-gcj-compat with jdk-1.6.0_07-fcs



A side note: To Sun's credit, the adoption of the 'latest' 
link simmplifies matters, and I need to update my writeup's a 
bit ...


[EMAIL PROTECTED] java]$ pwd ; ls -l
/usr/java
total 16
lrwxrwxrwx 1 root root   16 Jul 10 13:17 default -> /usr/java/latest
drwxr-xr-x 9 root root 4096 Jul 10 13:18 jdk1.6.0_07
lrwxrwxrwx 1 root root   21 Jul 10 13:18 latest -> /usr/java/jdk1.6.0_07
[EMAIL PROTECTED] java]$


On a related side note, I see the following is still in the U7 
License Agreement, which has been an impediment to CentOS 
inclusion of Sun's Java in the past:


(viii) You shall indemnify Sun for all damages
arising from your failure to comply
with the requirements of this Agreement.

Exposure to liability to an potential asserted violation, 
('(vii) You may not include any third party software on the 
Media which is intended to be a replacement or substitute for 
the Software;', anyone? /me thinks of 'java-1.4.2-gcj-compat' 
which is a partial replacement, essentially be definition) 
without CentOS having had anyone step forward since the last 
time this question came up, offering to 'pay the freight' to 
indemnify the project against such liability.


-- Russ herrold


pre-bump:

[EMAIL PROTECTED] ~]$ rpm -qa \*java\*
sun-javadb-javadoc-10.3.1-4.1
sun-javadb-core-10.3.1-4.1
sun-javadb-demo-10.3.1-4.1
sun-javadb-docs-10.3.1-4.1
gcc-java-4.1.2-42.el5
sun-javadb-client-10.3.1-4.1
java-1.4.2-gcj-compat-1.4.2.0-40jpp.115
sun-javadb-common-10.3.1-4.1
[EMAIL PROTECTED] ~]$ rpm -q jdk --qf '%{arch}\n'
x86_64
[EMAIL PROTECTED] ~]$ rpm -q jdk
jdk-1.6.0_05-fcs
[EMAIL PROTECTED] ~]$

post-bump:

[EMAIL PROTECTED] java]$ rpm -q jdk ; rpm -q jdk --qf '%{arch}\n' ;  \
rpm -qa \*java\*
jdk-1.6.0_07-fcs
x86_64
sun-javadb-common-10.3.1-4.1
sun-javadb-demo-10.3.1-4.1
sun-javadb-client-10.3.1-4.1
sun-javadb-javadoc-10.3.1-4.1
gcc-java-4.1.2-42.el5
java-1.4.2-gcj-compat-1.4.2.0-40jpp.115
sun-javadb-docs-10.3.1-4.1
sun-javadb-core-10.3.1-4.1
[EMAIL PROTECTED] java]$
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: CentOS Patch for http://www.kb.cert.org/vuls/id/800113

[Scott Silva]

on 7-10-2008 5:16 AM Sergio Belkin spake the following:

2008/7/9 Scott Silva <[EMAIL PROTECTED]>:

on 7-9-2008 1:08 PM John R Pierce spake the following:

Sean Carolan wrote:

Will there be a BIND patch available for this vulnerability, for CentOS
3.9?

http://www.kb.cert.org/vuls/id/800113


for that matter, how do I figure out what version(s) of Bind for CentOS 4
or 5 include fixes for this?  I'm getting a little lost poking around the
forums and KB and RHEL's own website is being remarkably obtuse for me
today.

This will test your server for the vulnerability;

dig +short porttest.dns-oarc.net TXT


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




Has anyone applied updates to bind in Centos 5.x? I'd want to know if
after that everything will be working well...

I have patched all my name servers. The only one I am having a problem with is 
an upstream reverse dns problem. But that was broken before the update.


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: can I use CentOS as a antivirus / spam filter / HTTP AV gateway?

[Scott Silva]

on 7-10-2008 3:23 AM Rudi Ahlers spake the following:

Johnny Hughes wrote:

Rudi Ahlers wrote:

Hi all

I've been thinking about using CentOS on a Dell R200 server and turn 
it into a firewall / network monitor / traffic shaper in our 
datacentre, instead of using a dedicated firewall device.


One of the devices that I have been looking at, with my limited 
budget, is the D-Link DFL 860 - 
http://www.netdefend.eu/Product.aspx?m=15&ref=DFL-860


It provides AV, SPI, VPN, DOS, P2P, etc protection. Most of this can 
be done with Linux as well, but I'm not 100% sure about the AV part.


How will I use / setup CentOS to check all traffic coming in & out 
(HTTP, SMTP, POP3, IMAP, etc) for virusses and clean them? We host 
both Windows & Linux servers, and I'm not too worried about the Linux 
servers, but Windows needs a lot of extra protection.




ssshhh!!!  Don't tell Trend Micro you are scanning for viruses at the 
gateway ... they don't like that term :-D


http://www.vnunet.com/vnunet/news/2219926/breakthrough-trend-micro-patent-barracuda 







___
  


Are you saying I'm not allowed todo this, and will be violating a patent 
right for building my own network level virus scanner / anti-virus gateway?


No... He is saying that Trend Micro won't like it, and will sue you for 
millions of dollars and your first born child!  ;-P



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Latest samaba updates

[John]

Remember this. It is going to work when set to Permisive regardless!! 


John

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of David G. Mackay
Sent: Wednesday, July 09, 2008 10:36 PM
To: CentOS mailing list
Subject: RE: [CentOS] Latest samaba updates


On Wed, 2008-07-09 at 02:33 -0400, John wrote:
> Did it give you a rpm.new.smb.config file on update of Samba? Users 
> file also? I would first check my Selinux file Permissions for Samba. 
> Then file permissions on the shared directories and also make sure 
> that they are replicating on the file in the directory.
> 
> My idea would be disable SE Linux then make sure all you permissions 
> are correct for the shares, then enable selinux. From you bug report 
> it looks like permision problems. Also you have new selinux options in 
> your smb.conf file, so check them out also.

The plot thickens.  I set selinux to permissive, and was able to log in from
the windows VM.  Next, I set up a new CentOS5.2 VM, and got samba going on
it.  Then I updated everything but the samba and selinux policy packages and
everything still worked.  Finally, I added the samba and selinux packages,
and everything worked as it should.  I have no idea what set of
circumstances led to the original failure.  I guess I'll just have to
reinstall Centos on the real iron.

Dave


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] 1st static IPv6 address

[Robert Moskowitz]

My ISP assigned prefix is: 2607:F4B8:3::/48

So I am building my internal IPv6 firewall/router/ etc. 

I want to have a static IPv6 address on its eth0 so that I can create 
static v6 routes to it from the gateway.  I add the following lines to 
ifcfg-eth0:


HWADDR=00:40:F4:05:A8:F1
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6ADDR="2607:F4B8:3:1"


if-up eth0 gets the error:

Error: an inet prefix is expected rather than "2607:F4B8:3:1/64".
ERROR: [ipv6_add_addr_on_device] Cannot add IPv6 address 
'2607:F4B8:3:1/64' on dev 'eth0'


What is missing? 
Why is it not building an address of 2607:F4B8:3:1:0:40:F405:A8F1 ?



I am reading:  
file:///usr/share/doc/initscripts-8.45.19.EL/sysconfig.txt for my 
'inspiration'.  Other sources are welcome...


OH, /etc/sysconfig/network does have the line:

NETWORKING_IPV6=yes


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] backuppc on CentOS 5

[dnk]

On 10-Jul-08, at 2:47 AM, Johnny Hughes wrote:

Not a exactly a guide, however there is a README.centos in the /usr/ 
share/docs/backuppc- dir that should tell you how to make  
it work :D



hey, that is a start

Thanks!

Dustin


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] what does "not found" mean in a DHCPRELEASE context?

[nate]

David Mackintosh wrote:

> Does anyone know what dhcpd (or the device) is trying to tell me with this
> message?


I believe it's saying the device was telling the server it didn't
want to use that IP anymore, and the server logged that it couldn't
find evidence that it leased that address out to that system in
the first place.

The second log entry would be the server seeing that it had leased that
IP out to the system and released it.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UTF-8 support in PCRE

[Ralph Angenendt]

Amitava Shee wrote:
> The issue is in CentOS 5. I ran the application successfully in Ubuntu 8.04.
> 
> 
> PCRE in CentOS does not have "unicode properties" enabled. 

So it's not utf-8 support which is missing.

> Is there a way to enable these options (without the usual ./configure make)?

Rebuild the src.rpm with the correct features enabled and/or file a bug
upstream at .

Ralph


pgpS1upK7ZrRe.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] what does "not found" mean in a DHCPRELEASE context?

[David Mackintosh]

I have a CentOS 4.6 server running dhcpd. One of my client devices (a
Panasonic KX-HCM280A camera) is trying to get a lease from that
server. I can see the device accept a lease (it is a reservation),
however it always releases the reservation after about 25 seconds: 

Jul 10 10:30:49 stargate dhcpd: DHCPDISCOVER from 00:80:f0:56:46:30 via eth0
Jul 10 10:30:49 stargate dhcpd: DHCPOFFER on 172.31.14.13 to 00:80:f0:56:46:30 
via eth0
Jul 10 10:30:49 stargate dhcpd: DHCPREQUEST for 172.31.14.13 (172.31.0.1) from 
00:80:f0:56:46:30 via eth0
Jul 10 10:30:49 stargate dhcpd: DHCPACK on 172.31.14.13 to 00:80:f0:56:46:30 
via eth0
Jul 10 10:31:16 stargate dhcpd: DHCPRELEASE of 172.31.14.13 from 
00:80:f0:56:46:30 via eth0 (not found)

If I remove the reservation and reset the camera, it does the same
thing with a dynamic lease; however in that case the message is 

Jul 3 09:48:05 stargate dhcpd: DHCPDISCOVER from 00:80:f0:56:46:30 via eth0
Jul 3 09:48:06 stargate dhcpd: DHCPOFFER on 172.31.9.91 to 00:80:f0:56:46:30 
via eth0
Jul 3 09:48:06 stargate dhcpd: DHCPREQUEST for 172.31.9.91 (172.31.0.1) from 
00:80:f0:56:46:30 via eth0
Jul 3 09:48:06 stargate dhcpd: DHCPACK on 172.31.9.91 to 00:80:f0:56:46:30 via 
eth0
Jul 3 09:48:19 stargate dhcpd: DHCPRELEASE of 172.31.9.91 from 
00:80:f0:56:46:30 via eth0 (found)

...ie "(found)" instead of "(not found)".

I should mention that I have several other cameras of the same type
which are working, so this is most assuredly a problem with the
camera itself, but I was still wondering: 

Does anyone know what dhcpd (or the device) is trying to tell me with this 
message?

-- 
 /\oo/\
/ /()\ \ David Mackintosh | 
 [EMAIL PROTECTED]  | http://www.xdroop.com


pgpGrWkTDOinP.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UTF-8 support in PCRE

[Kai Schaetzl]

Amitava Shee wrote on Wed, 9 Jul 2008 13:27:35 -0400:

> PCRE in CentOS does not have "unicode properties" enabled.

But that's different from what you claimed earlier!

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /etc/pam.d/system-auth changes in update

[Kai Schaetzl]

Filipe Brandenburger wrote on Wed, 9 Jul 2008 23:08:44 -0400:

> The exact same question came up two weeks ago.

And the answers were confusing at least me ;-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Slow HVM IO performance with newer kernels

[henry ritzlmayr]

Hi list.

I am testing CentOS 5.2 now. I experience much slower IO under HVM
Guests with the newer kernels, so I started some measurements.

DOM-0 is a fully upgraded CentOS 5.2. DOM-U is CentOS 5.0 not upgraded
at all for testing purposes. DOM-U sits on an LVM Volume. No other
services are running. Hardware was freshly rebooted every time. 

within DOM-0
dd if=/dev/vgpentanol/lvol2 of=/dev/null bs=1M count=1000
gives 134 MB/s

so thats the bare metal value.

within DOM-U
dd if=/dev/hda of=dev/null bs=1M count 1000
gives 

50 MB/s with DOM-0 kernel 2.6.18-53.1.19.el5xen
10 MB/s with DOM-0 kernel 2.6.18-92.1.1.el5xen
10 MB/s with DOM-0 kernel 2.6.18-92.1.6.el5xen

so there has been a drop to 20% of the performance within 2.6.18-53.
Any Ideas? 
The machine is a test system - so I am open to any changes in
configuration you might suggest. 

As a side note: A PV Guest gets 85 MB/s no matter which kernel. 

Henry

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can I automate random bytes generation for CENTOS 5.2?

[Ralph Angenendt]

Tolun ARDAHANLI wrote:
> It can be created every second... Cause we do not know when the users want
> to create these own keys...

Then they have to wait - or look why your system doesn't have a big
enough entropy pool.

What does cat /proc/sys/kernel/random/entropy_avail say?

You need a enough "randomness" to create gpg keys.

Ralph


pgpWRCS8f0MqA.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] can I use CentOS as a antivirus / spam filter / HTTP AV gateway?

[Rudi Ahlers]

John R Pierce wrote:

Rudi Ahlers wrote:

Hi all

I've been thinking about using CentOS on a Dell R200 server and turn 
it into a firewall / network monitor / traffic shaper in our 
datacentre, instead of using a dedicated firewall device.


One of the devices that I have been looking at, with my limited 
budget, is the D-Link DFL 860 - 
http://www.netdefend.eu/Product.aspx?m=15&ref=DFL-860


It provides AV, SPI, VPN, DOS, P2P, etc protection. Most of this can 
be done with Linux as well, but I'm not 100% sure about the AV part.


How will I use / setup CentOS to check all traffic coming in & out 
(HTTP, SMTP, POP3, IMAP, etc) for virusses and clean them? We host 
both Windows & Linux servers, and I'm not too worried about the Linux 
servers, but Windows needs a lot of extra protection.




well, pop/imap shouldn't need any virus scanning, that would be 
handled at the SMTP transfer layer, by something like MailScanner + 
ClamAV (I've used this combination), or spamassassin+clamav, and others.


http virus scanning can be done by using Squid as a transparent web 
proxy agent and squid plugins.  I've never attempted this myself, so I 
can't give you the exact recipe.

___


I'm actually looking todo this on the network layer, rather than the 
software layer. Is this possible with Linux?


--

Kind Regards
Rudi Ahlers
CEO, SoftDux

Web:   http://www.SoftDux.com
Check out my technical blog, http://blog.softdux.com for Linux or other 
technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: CentOS Patch for http://www.kb.cert.org/vuls/id/800113

[Sergio Belkin]

2008/7/9 Scott Silva <[EMAIL PROTECTED]>:
> on 7-9-2008 1:08 PM John R Pierce spake the following:
>>
>> Sean Carolan wrote:
>>>
>>> Will there be a BIND patch available for this vulnerability, for CentOS
>>> 3.9?
>>>
>>> http://www.kb.cert.org/vuls/id/800113
>>>
>>
>> for that matter, how do I figure out what version(s) of Bind for CentOS 4
>> or 5 include fixes for this?  I'm getting a little lost poking around the
>> forums and KB and RHEL's own website is being remarkably obtuse for me
>> today.
>
> This will test your server for the vulnerability;
>
> dig +short porttest.dns-oarc.net TXT
>
>
> --
> MailScanner is like deodorant...
> You hope everybody uses it, and
> you notice quickly if they don't
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Has anyone applied updates to bind in Centos 5.x? I'd want to know if
after that everything will be working well...

-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 41, Issue 5

[centos-announce-request]

Send CentOS-announce mailing list submissions to
[EMAIL PROTECTED]

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. Re: Bind Patch (Karanbir Singh)
   2. CESA-2008:0533 Important CentOS 3 ia64 bind - security update
  (Pasi Pirhonen)
   3. CESA-2008:0533 Important CentOS 3 s390(x) bind -  security
  update (Pasi Pirhonen)
   4. CESA-2008:0533 Important CentOS 4 ia64 bind - security update
  (Pasi Pirhonen)
   5. CESA-2008:0533 Important CentOS 4 s390(x) bind -  security
  update (Pasi Pirhonen)
   6. CESA-2008:0584 Important CentOS 3 ia64 pidgin -   security
  update (Pasi Pirhonen)
   7. CESA-2008:0584 Important CentOS 4 ia64 pidgin -   security
  update (Pasi Pirhonen)
   8. CESA-2008:0583 Important CentOS 4 ia64 openldap - security
  update (Pasi Pirhonen)
   9. CESA-2008:0584 Important CentOS 3 s390(x) pidgin  - security
  update (Pasi Pirhonen)
  10. CESA-2008:0584 Important CentOS 4 s390(x) pidgin  - security
  update (Pasi Pirhonen)
  11. CESA-2008:0583 Important CentOS 4 s390(x) openldap - security
  update (Pasi Pirhonen)
  12. CESA-2008:0584 Important CentOS 5 i386 pidgin Update
  (Karanbir Singh)
  13. CESA-2008:0584 Important CentOS 5 x86_64 pidgin   Update
  (Karanbir Singh)
  14. CESA-2008:0583 Important CentOS 5 i386 openldap   Update
  (Karanbir Singh)
  15. CESA-2008:0583 Important CentOS 5 x86_64 openldap Update
  (Karanbir Singh)


--

Message: 1
Date: Wed, 09 Jul 2008 13:06:16 +0100
From: Karanbir Singh <[EMAIL PROTECTED]>
Subject: [CentOS-announce] Re: Bind Patch
To: Edward Casteloes <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=UTF-8; format=flowed

read the announcement posted and the check the url in there.

Edward Casteloes wrote:
>
>
> Hi,
>
> I have seen that the 9.3.4 bind patch is available for Centos 5, does
> this patch rectify the big DNS issue that was just announced yesterday?
> The reason I ask is according to ISC they recommend updating to 9.3.5-P1
> http://www.isc.org/index.pl?/sw/bind/forgery-resilience.php . I am sure
> you are getting a lot of mail about this, but if you could advise it
> would be appreciated.
>
> Many Thanks,
>
> Ed
>
>
> *Edward Casteloes*
> Operations Manager
> Esendex Ltd
>
> T: +44 (0)115 852 5774
> F: +44 (0)115 852 5757
> Email: [EMAIL PROTECTED] 
> Web: www.esendex.com 
>
> Esendex: Every Message Matters
>
> *Confidentiality*: This e-mail (and any associated files) is intended
> only for the use of [EMAIL PROTECTED], [EMAIL PROTECTED] and
> may contain information that is confidential, subject to copyright or
> constitutes a trade secret. If you are not [EMAIL PROTECTED],
> [EMAIL PROTECTED] you are hereby notified that any disclosure,
> copying or distribution of this message, or files associated with this
> message, is strictly prohibited. If you have received this message in
> error, please notify us immediately by replying to the message and then
> delete it from your computer. Messages sent to and from us may be
> monitored. The views expressed in this message are those of the author
> Edward Casteloes and do not necessarily represent the views of Esendex Ltd.
> **
> *Security*: This e-mail and any attachments are believed to be free from
> any virus but it is the responsibility of the recipient to ensure this
> is so. E-mail is not a 100% secure communications medium. We recommend
> you observe this when e-mailing us.
> *Esendex Ltd* is a limited company registered in the UK, with company
> number 04217280 and having its registered office at 32a Stoney Street •
> Nottingham • NG1 1LL • United Kingdom.
> [v1.1 EN]



--

Message: 2
Date: Wed, 9 Jul 2008 18:32:38 +0300
From: Pasi Pirhonen <[EMAIL PROTECTED]>
Subject: [CentOS-announce] CESA-2008:0533 Important CentOS 3 ia64 bind
-   security update
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory 2008:0533

https://rhn.redhat.com/errata/RHSA-2008-0533.html

The following updated files have been uploaded and are currently
syncing to the mirrors:

ia64:
updates/ia64/RPMS/bind-9.2.4-22.el3.ia64.rpm
updates/ia64/RPMS/bind-chroot-9.2.4-22.el3.ia64.rpm
updates/ia64/RPMS/bind-devel-9.2.4-22.el3.ia64.rpm
updates/ia64/RPMS/bind-libs-9.2.4-22.el3.ia64.rpm
updates/ia64/RPMS/bind-utils-9.2.4-22.el3.ia64.rpm


-- 
Pasi Pirhonen - [EMAIL PROTECTED] -

Re: [CentOS] How can I automate random bytes generation for CENTOS 5.2?

[Tolun ARDAHANLI]

It can be created every second... Cause we do not know when the users want
to create these own keys...




-- 
Tolun ARDAHANLI
Bilgisayar Muhendisi
E-posta:[EMAIL PROTECTED]<[EMAIL PROTECTED]>
Icq:326600



Tolun ARDAHANLI
Computer Engineer
E-mail:[EMAIL PROTECTED] <[EMAIL PROTECTED]>
Icq:326600
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can I automate random bytes generation for CENTOS 5.2?

[Ralph Angenendt]

Tolun ARDAHANLI wrote:
> I want that every time the random bytes are prepared and waiting for use for
> gpg.

How often do you create a new gpg key?

And please trim your mails.

Ralph


pgpicJwrkKOb4.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos