RE: [CentOS] harddisc or nfs based install

[Joseph L. Casale]

>I am just wondering if you might be experiencing a problem connected to
>the updated script language...some commands changed or deprecated...I
>know I went thru some of that at the advent of c5.0...just a thought

No problem (I always do PXE installs via http if I need to)...
It was just a question that came up in my RHCT course that was unanswered.

Thanks!
jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Personal Wiki for CentOS

[John R Pierce]

Joseph L. Casale wrote:

the only downside is that the default theme
is a bit crusty looking.


Got a pointer to a theme that's appealing?
  



big pile of them here...
http://wiki.splitbrain.org/wiki%3Atpl%3Atemplates
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] harddisc or nfs based install

[rado]

On Mon, 2008-07-21 at 21:34 -0700, Mark Pryor wrote: 
> 
> 
> --- On Mon, 7/21/08, Joseph L. Casale <[EMAIL PROTECTED]> wrote:
> 
> > From: Joseph L. Casale <[EMAIL PROTECTED]>
> > Subject: [CentOS] harddisc or nfs based install
> > To: "'CentOS mailing list'" 
> > Date: Monday, July 21, 2008, 6:57 PM
> > When choosing either of these methods and using an iso, how
> > does CentOS determine
> > the right iso file to mount? Is there an expected file name
> > format?
> 
> Joseph,
> 
> Say you have the iso: CentOS-5.2-x86_64-bin-DVD.iso  (4.6 GB)
> 
> that iso is too big for a vfat partition, so it should be downloaded to
> an ext3 type.
> 
> If you check the images folder (after mounting as iso9660)
> mount -t iso9660 ./CentOS-5.2-x86_64-bin-DVD.iso /mnt/nfs -o loop,ro
> 
> IOW check /mnt/nfs/images
> inside there are several mini-boot images: an boot.iso to burn to CD and 
> diskboot.img for a USB boot.
> 
> Using either, once you get to the prompt:
> >linux askmethod
> 
> it will bring up the menu for nfs or harddisk.
> 
> nfs
> 
> nfs has worked flawlessly for me. You need another box which has the iso
> mounted (shown above) and that mount point exported via nfs. Make sure the 
> box targetted for install has a common enough ethernet device which the boot 
> kernel supports and plug it in to your network. The installer will configure 
> it for dhcp.
> 
> You will need the IP address of the nfs server and its nfs mount point 
> (/mnt/nfs) to get the installer kicked off.
> 
> harddisk
> ---
> This method has not worked for me on C5, though on fedora it always worked.  
> To see for yourself, pick a neutral partition (ext3) like /data and put the 
> DVD iso in the root. If the iso is unique and the only possible C5 DVD iso, 
> then all you need to give the menu is the device name (/dev/sda3 or whatever 
> it is) -- the installer will do the smart thing and find the iso.
> 
> It will start to boot and the install will begin, but it will fail early in 
> the same spot -- IIRC, its the proposal/partition stage or immediately there 
> after. I've always given up on the harddisk method on C5. I would be very 
> happy to hear that others got it to work!
> 

I am just wondering if you might be experiencing a problem connected to
the updated script language...some commands changed or deprecated...I
know I went thru some of that at the advent of c5.0...just a thought

rado

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Personal Wiki for CentOS

[Joseph L. Casale]

>the only downside is that the default theme
>is a bit crusty looking.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

John,
Got a pointer to a theme that's appealing?
Thanks!
jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OCI

[Mad Unix]

any one used this method on CenTOS5 64bit

http://pecl.php.net/package/oci8
#pecl install oci8

On Mon, Jul 21, 2008 at 8:59 PM, Jay Leafey <[EMAIL PROTECTED]> wrote:

> I am a bit hesitant to suggest this, but Oracle has already built
> RHEL-compatible php packages, including php-OCI8.  You can find the files at
> http://oss.oracle.com/projects/php/, built for both RHEL 4u6 and RHEL 5u1.
>  The php-oci8 package depend on the Oracle Instant Client (also available as
> RPMs), which means you don't have to do a full Oracle install unless you
> need the actual database server.
>
> I have used them under CentOS 5u2 with good results, but be warned, they
> will be NOT supported by Red Hat, Oracle, or CentOS.
> --
> Jay Leafey - Memphis, TN
> [EMAIL PROTECTED]
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>


-- 
Your search - madunix - did not match any documents.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] harddisc or nfs based install

[Mark Pryor]

--- On Mon, 7/21/08, Joseph L. Casale <[EMAIL PROTECTED]> wrote:

> From: Joseph L. Casale <[EMAIL PROTECTED]>
> Subject: [CentOS] harddisc or nfs based install
> To: "'CentOS mailing list'" 
> Date: Monday, July 21, 2008, 6:57 PM
> When choosing either of these methods and using an iso, how
> does CentOS determine
> the right iso file to mount? Is there an expected file name
> format?

Joseph,

Say you have the iso: CentOS-5.2-x86_64-bin-DVD.iso  (4.6 GB)

that iso is too big for a vfat partition, so it should be downloaded to
an ext3 type.

If you check the images folder (after mounting as iso9660)
mount -t iso9660 ./CentOS-5.2-x86_64-bin-DVD.iso /mnt/nfs -o loop,ro

IOW check /mnt/nfs/images
inside there are several mini-boot images: an boot.iso to burn to CD and 
diskboot.img for a USB boot.

Using either, once you get to the prompt:
>linux askmethod

it will bring up the menu for nfs or harddisk.

nfs

nfs has worked flawlessly for me. You need another box which has the iso
mounted (shown above) and that mount point exported via nfs. Make sure the box 
targetted for install has a common enough ethernet device which the boot kernel 
supports and plug it in to your network. The installer will configure it for 
dhcp.

You will need the IP address of the nfs server and its nfs mount point 
(/mnt/nfs) to get the installer kicked off.

harddisk
---
This method has not worked for me on C5, though on fedora it always worked.  To 
see for yourself, pick a neutral partition (ext3) like /data and put the DVD 
iso in the root. If the iso is unique and the only possible C5 DVD iso, then 
all you need to give the menu is the device name (/dev/sda3 or whatever it is) 
-- the installer will do the smart thing and find the iso.

It will start to boot and the install will begin, but it will fail early in the 
same spot -- IIRC, its the proposal/partition stage or immediately there after. 
I've always given up on the harddisk method on C5. I would be very happy to 
hear that others got it to work!

-- 
Mark
http://www.tlviewer.org/centos  (my repo)


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Guy Boisvert]

Michael Gabriel wrote:


just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc None of these are
valid users. I know that I can block sshd all together with iptables but
that will not work for us. I did a little research on google and found
programs like sshguard and sshdfilter. Just wanted to know if anyone had
any experience with anything like these programs or have any other advice.
I really appreciate it.



I don't know if anybody on this list tried SPA (Single Packet 
Authorization):


http://www.linuxjournal.com/article/9565


As another person mentioned earlier, the idea of using VPN is very good.

I use pfSense and the VPN server inside gives the connecting user an 
address on a virtual subnet.  Each user is given a distinct fixed ip 
address.  Then it's easy to setup firewall rules based on what you allow 
the user to do.  I do 10 Mbps symmetric with a "recycled" 1U Dell 
PowerEdge 350 (PIII/800, 512 Megs RAM).  We do QoS (we have 1 WME 
Streaming Server, 1 Darwin Streaming On Demand Server, FTP, DNS, SMTP, 
etc).  The CPU usage is very low.  I love pfSense a lot.  The only thing 
i struggled a little was when i tried to authenticate the user with 
Active Directory (M$ IAS = RADIUS).  It works but i have yet to find a 
way to assign a fixed address to each user.  I can do this if i use 
pfSense integrated user manager (for VPN).


In another place, i use a CentOS box as a remote gateway using SSH.  I 
changed the SSH Port, use DenyHost, force SSH V2 and forbid password 
login (SSH Key login mandatory).  I even got a VBS script for our 
Winblows users that uses plink (member of the PuTTY Family) to connect, 
authenticate with keys and launch RDP Terminal to connect to the 
Winblows Terminal Server (all this automated).  The only prompt the user 
has is for entering his remote login name (the user must know it or the 
connection will be refused).


I did an installer (with Nullsoft's NSIS) so allowed Winblows users can 
install easily all this: The installer creates icons, protect SSH keys 
(NTFS Encryption), etc... The installer is protected by a password.



Hope this helped!


Guy Boisvert, ing.
IngTegration inc.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Bill Campbell]

On Mon, Jul 21, 2008, John R Pierce wrote:
> Bo Lynch wrote:
>> we have been looking at implementing OpenVPN to allow access to the
>> internal LAN. For a firewall, we basically have iptables with 2 nics doing
>> NAT. So would the OpenVPN server live inside of our private network and
>> just do some forwards with iptables on the firewall or would it be better
>> to implement it with by itself with 2 nics one on the public and one on
>> the private?
>
> openvpn uses a simple TCP socket for its transport, so sure, port  
> forwarding would work fine.or running it ON your firewall server, if  
> thats something which openvpn can run on (pfsense, any linux firewall, 
> etc).

Actually the public interface with OpenVPN is udp by default.  We
have been using it for a while now with a variety of clients,
Windows, Mac OS X, and other Linux boxen.

Bill
-- 
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186

A paranoid is a man who knows a little of what's going on.
-- William S. Burroughs
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /etc/hosts missing localhost?

[Bill Campbell]

On Mon, Jul 21, 2008, Jim Perrin wrote:
>On Mon, Jul 21, 2008 at 9:20 PM, Bill Campbell <[EMAIL PROTECTED]> wrote:
>> Is there any reason why /etc/hosts would be missing the line,
>> 127.0.0.1 localhost?
>
>Nope. It's there by default in some form or another.
>
>By default, it usually looks like this ->
>
>127.0.0.1   installname  localhost.localdomain  localhost
>::1  localhost6.localdomain6   localhost6
>
>If you don't have anything like this in your /etc/hosts, you either
>need to find a mirror and begin yelling at responsible parties, or
>stalk whomever else has root on this particular machine.

I guess I could yell at myself as I'm doing kickstart installs from
a local mirror.

I found the same thing on two CentOS 5.1 installs here, one on a
VMware VM, the other on real iron.  The wierd thing is that the
base VMware VM I have that I copy to create new VMs looks OK.
Now I'm going to have to poke around to see what's causing this
line to be deleted.

Bill
-- 
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186

The Income Tax has made more Liars out of American people than Golf has.
Will Rogers
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[John R Pierce]

Bo Lynch wrote:

we have been looking at implementing OpenVPN to allow access to the
internal LAN. For a firewall, we basically have iptables with 2 nics doing
NAT. So would the OpenVPN server live inside of our private network and
just do some forwards with iptables on the firewall or would it be better
to implement it with by itself with 2 nics one on the public and one on
the private?
  


openvpn uses a simple TCP socket for its transport, so sure, port 
forwarding would work fine.or running it ON your firewall server, if 
thats something which openvpn can run on (pfsense, any linux firewall, etc).



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Bo Lynch]

On Mon, July 21, 2008 6:47 pm, Bill Campbell wrote:
> On Tue, Jul 22, 2008, D Steward wrote:
>>On Mon, 2008-07-21 at 17:09 -0500, Tim Nelson wrote:
>>> When using denyhosts, you'll want to keep your IP's in hosts.allow so
>>> even if you're "banned" you can still get access. :-)
>>
>>Yup.
>>Unfortunately, my ISP's plan uses dynamic IPs, so I have to enter
>>various subnets to stay safe. :(
>
> If you do not allow password authentication and use good pass
> phrases on your identity, the only thing really gained by
> restricting on IP ranges is restricting the number of reject
> messages in your log files.  The fail2ban program does a nice job
> of limiting the number of rejection messages in the logs.
>
> Another possibility is to set up OpenVPN on your system, which
> authenticates on ssl certificates and works nicely even from
> dynamic IPs behind NAT.  Then you can ssh into the private LAN
> behind your firewall via OpenVPN.
>
> Bill
> --
> INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
> URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
> Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
> Fax:(206) 232-9186
>
> Foreign aid might be defined as a transfer from poor people in rich
> countries to rich people in poor countries -- Douglas Casey
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
Bill,

we have been looking at implementing OpenVPN to allow access to the
internal LAN. For a firewall, we basically have iptables with 2 nics doing
NAT. So would the OpenVPN server live inside of our private network and
just do some forwards with iptables on the firewall or would it be better
to implement it with by itself with 2 nics one on the public and one on
the private?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] harddisc or nfs based install

[Joseph L. Casale]

When choosing either of these methods and using an iso, how does CentOS 
determine
the right iso file to mount? Is there an expected file name format?

Thanks!
jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /etc/hosts missing localhost?

[Jim Perrin]

On Mon, Jul 21, 2008 at 9:20 PM, Bill Campbell <[EMAIL PROTECTED]> wrote:
> Is there any reason why /etc/hosts would be missing the line,
> 127.0.0.1 localhost?

Nope. It's there by default in some form or another.

By default, it usually looks like this ->

127.0.0.1   installname  localhost.localdomain  localhost
::1  localhost6.localdomain6   localhost6




If you don't have anything like this in your /etc/hosts, you either
need to find a mirror and begin yelling at responsible parties, or
stalk whomever else has root on this particular machine.

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /etc/hosts missing localhost?

[nate]

Bill Campbell wrote:
> Is there any reason why /etc/hosts would be missing the line,
> 127.0.0.1 localhost?

no.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] /etc/hosts missing localhost?

[Bill Campbell]

Is there any reason why /etc/hosts would be missing the line,
127.0.0.1 localhost?

I just spent an hour trying to figure out why I could not connect
to postgresql using ``psql -h ...'', finally figuring out that
the /etc/hosts file was the problem.

Bill
-- 
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186

To say that UNIX is doomed is pretty rabid, OS/2 will certainly play a role,
but you don't build a hundred million instructions per second multiprocessor
micro and then try to run it on OS/2.  I mean, get serious.
-- William Zachmann, International Data Corp
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Victor Padro]

Pfsense rules...in my humble opinion, does the job better than iptables. and
like John said it can be easily configured via web.

-- 
"It is human nature to think wisely and act in an absurd fashion."

"Todo el desorden del mundo proviene de las profesiones mal o mediocremente
servidas"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Personal Wiki for CentOS

[Robert Moskowitz]

Bowie Bailey wrote:

Joseph L. Casale wrote:
  

For ages I have been keeping docs and notes in Public Folders inside
an Exchange server 
and want to move this out to a more modern facility that allows
tagging and searching via 
a web interface for keywords so I can keep all my notes more
organized. 


Anyone have any personal recos for the slickest system to do this
with. Given the nature of my home setup, its routinely used to lab
stuff up so I would want something that can be easily migrated to a
new install if need be. 



I use MoinMoin.

http://moinmoin.wikiwikiweb.de/

And there is an rpm for in on rpmforge


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[John R Pierce]

nate wrote:

I don't like/use OpenBSD for anything other than firewalls. But I
do think as a firewall, pf really can't be beat, the configuration
for typical rules just 'flows'. IPTables by comparison is so cryptic.
(speaking as a past user of ipfwadm, ipfw, ipchains, iptables, pf,
and Cisco PIX, which is probably the worst of the ones I've used).
  


while I haven't personally used this, I've heard enough good things 
about it from folks I know and trust that I'll stick in a mention of 
pfSense...  pfSense is a turnkey BSD hybrid, which uses freeBSD's kernel 
with openBSD's pf, all wrapped up in a nice easy to use web interface 
(and you can still get into shell and manipulate the pf scripts directly). 


its optimized so it can run off as little as a 128MB flash card (CF).


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Robert Moskowitz]

Bo Lynch wrote:

just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc None of these are
valid users. I know that I can block sshd all together with iptables but
that will not work for us. I did a little research on google and found
programs like sshguard and sshdfilter. Just wanted to know if anyone had
any experience with anything like these programs or have any other advice.
I really appreciate it.
  

I have moved sshd to a different port number.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[nate]

D Steward wrote:

> Because I don't believe a solution such as fail2ban will scale (it can't
> be healthy having tens of thousands of IPs in iptables), I use denyhosts

Wherever possible I use layer 2 bridging OpenBSD firewalls in front of
my networks, I don't have a problem with brute force attacks but it
seems it can scale to tens of thousands of IPs without a problem. I'm
not sure if iptables has similar capabilities or not --

http://www.openbsd.org/faq/pf/tables.html

"[..]Lookups against a table are very fast and consume less memory and
processor time than lists. For this reason, a table is ideal for holding
a large group of addresses as the lookup time on a table holding 50,000
addresses is only slightly more than for one holding 50 addresses"

And the pf equivilent to the iptables throttling:

http://www.openbsd.org/faq/pf/filter.html

An example:

table  persist
block in quick from 

pass in on $ext_if proto tcp to $web_server \
port www flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload 
flush)

This does the following:

* Limits the maximum number of connections per source to 100
* Rate limits the number of connections to 15 in a 5 second span
* Puts the IP address of any host that breaks these limits into the
 table
* For any offending IP addresses, flush any states created by this rule.
---

I don't like/use OpenBSD for anything other than firewalls. But I
do think as a firewall, pf really can't be beat, the configuration
for typical rules just 'flows'. IPTables by comparison is so cryptic.
(speaking as a past user of ipfwadm, ipfw, ipchains, iptables, pf,
and Cisco PIX, which is probably the worst of the ones I've used).

I use linux pretty much everywhere else other than firewalls. Even
my preferred network gear - load balancers and switches run linux
(commercial variants).

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Bill Campbell]

On Tue, Jul 22, 2008, D Steward wrote:
>On Mon, 2008-07-21 at 17:09 -0500, Tim Nelson wrote:
>> When using denyhosts, you'll want to keep your IP's in hosts.allow so even 
>> if you're "banned" you can still get access. :-)
>
>Yup.
>Unfortunately, my ISP's plan uses dynamic IPs, so I have to enter
>various subnets to stay safe. :(

If you do not allow password authentication and use good pass
phrases on your identity, the only thing really gained by
restricting on IP ranges is restricting the number of reject
messages in your log files.  The fail2ban program does a nice job
of limiting the number of rejection messages in the logs.

Another possibility is to set up OpenVPN on your system, which
authenticates on ssl certificates and works nicely even from
dynamic IPs behind NAT.  Then you can ssh into the private LAN
behind your firewall via OpenVPN.

Bill
-- 
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186

Foreign aid might be defined as a transfer from poor people in rich
countries to rich people in poor countries -- Douglas Casey
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[D Steward]

On Mon, 2008-07-21 at 17:09 -0500, Tim Nelson wrote:
> When using denyhosts, you'll want to keep your IP's in hosts.allow so even if 
> you're "banned" you can still get access. :-)

Yup.
Unfortunately, my ISP's plan uses dynamic IPs, so I have to enter
various subnets to stay safe. :(

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Tim Nelson]

When using denyhosts, you'll want to keep your IP's in hosts.allow so even if 
you're "banned" you can still get access. :-)

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

- Original Message -
From: "D Steward" <[EMAIL PROTECTED]>
To: "CentOS mailing list" 
Sent: Monday, July 21, 2008 5:05:13 PM GMT -06:00 Guadalajara / Mexico City / 
Monterrey
Subject: Re: [CentOS] Ideas for stopping ssh brute force attacks

Just one other thing: if you use a script, you need to be careful you
don't accidentally ban your own IP (by entering a wrong password too
many times) when accessing a remote server. :/


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[D Steward]

Provided you have ssh set up to ensure that root cannot login directly
and/or keys instead of passwords must be used, you aren't in much danger
of being compromised.

To ensure the logs are mostly kept clean however, you need yet another
solution such as changing the port, port-knocking, or a script such as
fail2ban, denyhosts and blockhosts.

fail2ban is a script which writes blacklisted IPs to iptables then
denies them access to every service including ftp and http, not just
ssh.

Because I don't believe a solution such as fail2ban will scale (it can't
be healthy having tens of thousands of IPs in iptables), I use denyhosts
on my servers and have done so successfully for the past 12 months.
Denyhosts is a script which writes blacklisted IPs to hosts.deny,
preventing them from accessing ssh as well as any other service which
uses tcp wrappers. It has a truly wonderful feature where you can sync
your results with a central server to share IPs for banning. This means
my servers now have about 12000 IPs which are permanently blacklisted.
There are just two disadvantages with denyhosts: with a large number of
entries in hosts.deny, there is a noticeable delay (several seconds in
my case) when logging in with ssh. And you can only deny requests which
use tcp wrappers.

I've never used Blockhosts, but I believe it is similar to fail2ban, in
that it can disallow blacklisted IPs from accessing any service, not
just ssh.

Just one other thing: if you use a script, you need to be careful you
don't accidentally ban your own IP (by entering a wrong password too
many times) when accessing a remote server. :/

Whatever, you decided to use, the more security you have, the more
awkward it will be to access your own server/s.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nspluginwrapper included in CentOS 5.2 fails completely

[Lanny Marcus]

On Mon, Jul 21, 2008 at 4:01 PM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 21, 2008 at 2:18 PM, MHR <[EMAIL PROTECTED]> wrote:
>> I was wondering if anyone else had this problem.
>>
>> I run CentOS 5.2 x86_64 on my workstation at home.  Since 5.2 came out
>> with nepluginwrapper bundled into it, none of my plugins work.  I
>> thought it was just a problem with the flash plugin, but neither the
>> mplayerplug-in plugins nor the adobe acrobat reader plugin work,
>> either.
> 
> I am running the 32 bit kernel on my Desktop and I do *NOT* have that
> problem. Is that limited to the
> 64 bit kernel or to your box? After I did the huge update to CentOS
> 5.2, everything continued to work
> in Firefox 3.0. As I write this, I am listening on Streamaudio.com to
> KOOL 97.3 (KEAG-FM)
> in Anchorage, AK which uses mplayer.
>
> Possibly you should install the 32 bit version of Firefox and the Plug
> Ins, if they are not already
> installed?

http://wiki.centos.org/TipsAndTricks/MultimediaOnCentOS

I think everything on that page is 32 bit and I think I have read in
this ML that it is better to use
32 bit for multimedia stuff? Not sure if I remember that correctly
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nspluginwrapper included in CentOS 5.2 fails completely

[Stephen John Smoogen]

On Mon, Jul 21, 2008 at 3:22 PM, MHR <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 21, 2008 at 2:01 PM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
>> 
>> I am running the 32 bit kernel on my Desktop and I do *NOT* have that
>> problem.
>
> Of course not - nspluginwrapper is a 64-bit mozilla plugin that wraps
> 32-bit plugins so they'll work with a 64-bit browser.  :-)
>

Interesting... nspluginwrapper is also installed on my Fedora 9
system. I thought it was wrapping various flash stuff but that looks
like that is a different plugin.


>> Possibly you should install the 32 bit version of Firefox and the Plug
>> Ins, if they are not already installed?
>
> That's a possibility (except that I really do not like Firefox), I
> will try the 32-bit version of Seamonkey 1.1.11 and see if the problem
> that moved me to the 64-bit browser has been cleaned up (and to bitch
> about it long and loud if it is not! - not here, though... :-).
>
> mhr
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Les Bell]

"Lanny Marcus" <[EMAIL PROTECTED]> wrote:

>>
The above link is mostly dead. The data isn't there yet.
<<

I did a write-up on generating SSH keys on both Windows and Linux, along
with some additional tips on OpenSSH configuration. It's at
http://www.lesbell.com.au/Home.nsf/web/SSH+for+Server+Administration?OpenDocument
 if anyone needs it.

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
FreeWorldDialup: 800909


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Spiro Harvey, Knossos Networks Ltd]

iptables -N SSHSCAN
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN
iptables -A SSHSCAN -m recent --set --name SSH
iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 3 --name SSH
-j DROP


hey, this is awesome. we're currently filtering log files looking for 
multiple failed connections, then adding them to iptables for a few 
minutes. this is much cleaner. :)


thanks.

--
Spiro Harvey  Knossos Networks Ltd
021-295-1923www.knossos.net.nz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Les Bell]

"Bo Lynch" <[EMAIL PROTECTED]> wrote:

>>
Just wanted to know if anyone had any experience with anything like these
programs or have any other advice.
<<

No need for any add-ons. Just do two things:

1. Disable password logins. In /etc/ssh/sshd_config, add

PasswordAuthentication no

Now you will have to authenticate by private key, but that's always been
the best idea, anyway. Now the script kiddies can bang on your system all
day and they won't get anywhere.

2. If the bandwidth they're wasting continues to annoy you, then rate-limit
connections to the ssh port. Using the default firewall config in
/etc/sysconfig/iptables, add this:

# Rate limit connections to port 22 to slow SSH brute force attacks
-A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m limit --limit
1/minute
-A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
-A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update
--seconds 180 --hitcount 3 -j DROP

Then restart the iptables service. That'll slow them right down, if they
can even figure out what's going on.

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
FreeWorldDialup: 800909


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nspluginwrapper included in CentOS 5.2 fails completely

[Alexander Kirillov]

I run CentOS 5.2 x86_64 on my workstation at home.  Since 5.2 came out
with nepluginwrapper bundled into it, none of my plugins work.  I
thought it was just a problem with the flash plugin, but neither the
mplayerplug-in plugins nor the adobe acrobat reader plugin work,
either.


I have no problems with 32-bit flash and 64-bit mplayer plugins in 64-bit 
Firefox.
Haven't tried adobe acrobat yet.

For flash plugin to work with 64-bit browser you need to install
both x86_64 and i386 versions of nspluginwrapper with all the dependencies
and run mozilla-plugin-config -i

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Eucke]

Dan Carl wrote:

Just change the default port.
You can also limit the allowed nocks on door with iptables, but changing the
port is much eaieer.
Cleans up the logs real nice.
Dan
  


I'll second that.  Combining that with the SSH iptables entries to limit 
the number of attempts will help as well.  Those two actions will, 
effectively, make the brute force impossible.



--
Eucke


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nspluginwrapper included in CentOS 5.2 fails completely

[MHR]

On Mon, Jul 21, 2008 at 2:01 PM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
> 
> I am running the 32 bit kernel on my Desktop and I do *NOT* have that
> problem.

Of course not - nspluginwrapper is a 64-bit mozilla plugin that wraps
32-bit plugins so they'll work with a 64-bit browser.  :-)

> Possibly you should install the 32 bit version of Firefox and the Plug
> Ins, if they are not already installed?

That's a possibility (except that I really do not like Firefox), I
will try the 32-bit version of Seamonkey 1.1.11 and see if the problem
that moved me to the 64-bit browser has been cleaned up (and to bitch
about it long and loud if it is not! - not here, though... :-).

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Ideas for stopping ssh brute force attacks

[Bowie Bailey]

Bo Lynch wrote:
> just wanted to get some feedback from the community. Over the last few
> days I have noticed my web server and email box have attempted to
> ssh'd to using weird names like admin,appuser,nobody,etc None of
> these are valid users. I know that I can block sshd all together with
> iptables but that will not work for us. I did a little research on
> google and found programs like sshguard and sshdfilter. Just wanted
> to know if anyone had any experience with anything like these
> programs or have any other advice. I really appreciate it.

The simplest thing is to change the port.  I know it's "security through
obscurity", but it works well and can be used along with whatever other
security enhancements you care to use.

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Lanny Marcus]

On Mon, Jul 21, 2008 at 4:08 PM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 21, 2008 at 3:43 PM, Bo Lynch <[EMAIL PROTECTED]> wrote:
>> just wanted to get some feedback from the community. Over the last few
>> days I have noticed my web server and email box have attempted to ssh'd to
>> using weird names like admin,appuser,nobody,etc None of these are
>> valid users. I know that I can block sshd all together with iptables but
>> that will not work for us. I did a little research on google and found
>> programs like sshguard and sshdfilter. Just wanted to know if anyone had
>> any experience with anything like these programs or have any other advice.
>> I really appreciate it.
>
> Possibly begin by not allowing root access. Don't use passwords, use keys.
>
> http://wiki.centos.org/TipsAndTricks/SshTips/SshKeyAuthentication

The above link is mostly dead. The data isn't there yet.

http://wiki.centos.org/TipsAndTricks/BecomingRoot

if you can sudo into your servers, that might help.

Also, use a different port. Many ways to skin a cat.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Ned Slider]

Bo Lynch wrote:

just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc None of these are
valid users. I know that I can block sshd all together with iptables but
that will not work for us. I did a little research on google and found
programs like sshguard and sshdfilter. Just wanted to know if anyone had
any experience with anything like these programs or have any other advice.
I really appreciate it.



There's a page on the Wiki with a few suggestions for hardening SSH:

http://wiki.centos.org/HowTos/Network/SecuringSSH

There are a number of measures you can take and employing a few in 
combination is always a good idea. Strong passwords are a must as is 
disabling root logins. Firewalling and/or key-based authentication with 
passwords disabled are great where that is possible. Moving SSH to a 
non-standard port will certainly reduce your levels of background noise 
but doesn't necessarily make your setup inherently more secure.


My personal opinion is that there is enough there to work with without 
having to resort to 3rd party add-ons :)



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Rob Townley]

On Mon, Jul 21, 2008 at 4:11 PM, Dan Carl <[EMAIL PROTECTED]> wrote:

>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Behalf Of Bo Lynch
> > Sent: Monday, July 21, 2008 3:43 PM
> > To: centos@centos.org
> > Subject: [CentOS] Ideas for stopping ssh brute force attacks
> >
> >
> > just wanted to get some feedback from the community. Over the last few
> > days I have noticed my web server and email box have attempted to ssh'd
> to
> > using weird names like admin,appuser,nobody,etc None of these are
> > valid users. I know that I can block sshd all together with iptables but
> > that will not work for us. I did a little research on google and found
> > programs like sshguard and sshdfilter. Just wanted to know if anyone had
> > any experience with anything like these programs or have any other
> advice.
> > I really appreciate it.
> >
> > --
> > Bo Lynch
> >
> Just change the default port.
> You can also limit the allowed nocks on door with iptables, but changing
> the
> port is much eaieer.
> Cleans up the logs real nice.
> Dan
>
>
>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



PortKnocking - ports appear closed until the correct knock on the ports.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Ideas for stopping ssh brute force attacks

[Dan Carl]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Behalf Of Bo Lynch
> Sent: Monday, July 21, 2008 3:43 PM
> To: centos@centos.org
> Subject: [CentOS] Ideas for stopping ssh brute force attacks
>
>
> just wanted to get some feedback from the community. Over the last few
> days I have noticed my web server and email box have attempted to ssh'd to
> using weird names like admin,appuser,nobody,etc None of these are
> valid users. I know that I can block sshd all together with iptables but
> that will not work for us. I did a little research on google and found
> programs like sshguard and sshdfilter. Just wanted to know if anyone had
> any experience with anything like these programs or have any other advice.
> I really appreciate it.
>
> --
> Bo Lynch
>
Just change the default port.
You can also limit the allowed nocks on door with iptables, but changing the
port is much eaieer.
Cleans up the logs real nice.
Dan



> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Lanny Marcus]

On Mon, Jul 21, 2008 at 3:43 PM, Bo Lynch <[EMAIL PROTECTED]> wrote:
> just wanted to get some feedback from the community. Over the last few
> days I have noticed my web server and email box have attempted to ssh'd to
> using weird names like admin,appuser,nobody,etc None of these are
> valid users. I know that I can block sshd all together with iptables but
> that will not work for us. I did a little research on google and found
> programs like sshguard and sshdfilter. Just wanted to know if anyone had
> any experience with anything like these programs or have any other advice.
> I really appreciate it.

Possibly begin by not allowing root access. Don't use passwords, use keys.

http://wiki.centos.org/TipsAndTricks/SshTips/SshKeyAuthentication
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Max Hetrick]

Bo Lynch wrote:

just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc None of these are
valid users. I know that I can block sshd all together with iptables but
that will not work for us. I did a little research on google and found
programs like sshguard and sshdfilter. Just wanted to know if anyone had
any experience with anything like these programs or have any other advice.
I really appreciate it.


Perhaps some FAQs on SSH at the CentOS wiki will help you out too.

http://wiki.centos.org/HowTos/Network/SecuringSSH

Regards,
Max

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

[Michael Gabriel]

easiest way with centos board tools is iptable recent module ...

simply limit the amount of connections a host is allowed to the ssh port

iptables -N SSHSCAN
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN
iptables -A SSHSCAN -m recent --set --name SSH
iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 3 --name SSH
-j DROP

limits each host to 3 connections within 5 minutes. enough to make bots stop
and still not too annoying for users that mistype their password 3x3 times

On Mon, Jul 21, 2008 at 10:43 PM, Bo Lynch <[EMAIL PROTECTED]> wrote:

> just wanted to get some feedback from the community. Over the last few
> days I have noticed my web server and email box have attempted to ssh'd to
> using weird names like admin,appuser,nobody,etc None of these are
> valid users. I know that I can block sshd all together with iptables but
> that will not work for us. I did a little research on google and found
> programs like sshguard and sshdfilter. Just wanted to know if anyone had
> any experience with anything like these programs or have any other advice.
> I really appreciate it.
>
> --
> Bo Lynch
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nspluginwrapper included in CentOS 5.2 fails completely

[Lanny Marcus]

On Mon, Jul 21, 2008 at 2:18 PM, MHR <[EMAIL PROTECTED]> wrote:
> I was wondering if anyone else had this problem.
>
> I run CentOS 5.2 x86_64 on my workstation at home.  Since 5.2 came out
> with nepluginwrapper bundled into it, none of my plugins work.  I
> thought it was just a problem with the flash plugin, but neither the
> mplayerplug-in plugins nor the adobe acrobat reader plugin work,
> either.

I am running the 32 bit kernel on my Desktop and I do *NOT* have that
problem. Is that limited to the
64 bit kernel or to your box? After I did the huge update to CentOS
5.2, everything continued to work
in Firefox 3.0. As I write this, I am listening on Streamaudio.com to
KOOL 97.3 (KEAG-FM)
in Anchorage, AK which uses mplayer.

Possibly you should install the 32 bit version of Firefox and the Plug
Ins, if they are not already
installed?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Ideas for stopping ssh brute force attacks

[Lundgren, Andrew]

I have been using fail2ban to limit the attacks.  It works exactly as they 
advertise and I am happy with it.

--
Andrew

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Bo Lynch
> Sent: Monday, July 21, 2008 2:43 PM
> To: centos@centos.org
> Subject: [CentOS] Ideas for stopping ssh brute force attacks
>
> just wanted to get some feedback from the community. Over the last few
> days I have noticed my web server and email box have
> attempted to ssh'd to
> using weird names like admin,appuser,nobody,etc None of these are
> valid users. I know that I can block sshd all together with
> iptables but
> that will not work for us. I did a little research on google and found
> programs like sshguard and sshdfilter. Just wanted to know if
> anyone had
> any experience with anything like these programs or have any
> other advice.
> I really appreciate it.
>
> --
> Bo Lynch
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Ideas for stopping ssh brute force attacks

[Bo Lynch]

just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc None of these are
valid users. I know that I can block sshd all together with iptables but
that will not work for us. I did a little research on google and found
programs like sshguard and sshdfilter. Just wanted to know if anyone had
any experience with anything like these programs or have any other advice.
I really appreciate it.

--
Bo Lynch

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Personal Wiki for CentOS

[Bowie Bailey]

Joseph L. Casale wrote:
> For ages I have been keeping docs and notes in Public Folders inside
> an Exchange server 
> and want to move this out to a more modern facility that allows
> tagging and searching via 
> a web interface for keywords so I can keep all my notes more
> organized. 
> 
> Anyone have any personal recos for the slickest system to do this
> with. Given the nature of my home setup, its routinely used to lab
> stuff up so I would want something that can be easily migrated to a
> new install if need be. 

I use MoinMoin.

http://moinmoin.wikiwikiweb.de/

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] nspluginwrapper included in CentOS 5.2 fails completely

[MHR]

I was wondering if anyone else had this problem.

I run CentOS 5.2 x86_64 on my workstation at home.  Since 5.2 came out
with nepluginwrapper bundled into it, none of my plugins work.  I
thought it was just a problem with the flash plugin, but neither the
mplayerplug-in plugins nor the adobe acrobat reader plugin work,
either.

I have this problem both with the Seamonkey contributed 64-bit build
and my own (otherwise perfectly working) native build of the 2.01a
pre-release trunk build (which I have been using since January, with
occasional updates, the most recent being about a week ago).

I have not tried going back to the 32-bit release of Seamonkey,
although I suppose that's next.  I stopped using that when it kept
crashing when I tried to save a web page after having visited some
unknown threshold level of pages (i.e., it wouldn't do this on the
first or second web page, but somewhere down the line, a threshold was
crossed and it would crash fairly regularly).  In discussions with the
Mozilla folks, I concluded that the problem had something to do with
running the 32-bit release on my 64-bit OS.  Due to some peculiarity
in the 1.x Mozilla build process, I was never able to build a 64-bit
version of the 1.x releases, but I had no trouble running the L&G
not-yet-released revision, with occasional glitches from the bugs that
I ran into (and reported).

But, back to the point:

There are two major issues I have with the 5.2 bundled nspluginwrapper:

1) The nspluginwrapper program itself is gone, which makes it a little
(lot) harder to manage and troubleshoot the problems.

and, more importantly:

2) None of the 32-bit plugins that are supposed to be wrapped work.  Period.

Is this something I should report in bugzilla, at CentOS (and
upstream)?  I didn't see it in the bugs listed at CentOS.org.

Thanks.

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] copy

[Dan Carl]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mad Unix
Sent: Monday, July 21, 2008 11:14 AM
To: CentOS mailing list
Subject: Re: [CentOS] copy


>How would you do the 
>tar zcvf -  /usr/local/apache/htdocs | ssh [EMAIL PROTECTED] PROTECTED]> "cat > >/var/www/html/htdocs.tar.gz"

>with rsync and the to have it  in the crontab  to run everyday.

>Thanks

My suggestion:
Setup SSH to use keys.
Google ssh keys for explaination.
Read some of the many tutorials on rsync out there.

Tip: if you're going to run the script daily you should consider setting up a 
lock file.
By using a lock file you won't have to worry about the script completing before 
the next one starts.

If you're impatient email me and I'll give you a copy of the script I wrote.

PS
Please post questions in text format not html.

Dan







-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OCI

[Jay Leafey]

I am a bit hesitant to suggest this, but Oracle has already built 
RHEL-compatible php packages, including php-OCI8.  You can find the 
files at http://oss.oracle.com/projects/php/, built for both RHEL 4u6 
and RHEL 5u1.  The php-oci8 package depend on the Oracle Instant Client 
(also available as RPMs), which means you don't have to do a full Oracle 
install unless you need the actual database server.


I have used them under CentOS 5u2 with good results, but be warned, they 
will be NOT supported by Red Hat, Oracle, or CentOS.

--
Jay Leafey - Memphis, TN
[EMAIL PROTECTED]


smime.p7s
Description: S/MIME Cryptographic Signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ps to pdf

[William L. Maltby]

On Mon, 2008-07-21 at 12:38 -0400, Joshua Baker-LePain wrote:
> On Mon, 21 Jul 2008 at 9:35am, Craig White wrote
> 
> > I need a way to convert files that I save with Firefox as a 'print to
> > file' to 'pdf'
> >
> > I tried 'convert' but that rendered the text as graphics which grew the
> > file and wasn't what I wanted.
> >
> > How would someone accomplish this - or can I just print to a PDF?
> 
> Shockingly, there's ps2pdf...
> 

Even more shockingly, a *lot* of folks seem to have forgotten relatively
quick, but not painless due to excessive results returned, local ways to
discover a lot of this stuff. So a reminder may help folks out.

If you run makewhatis every once-in-awhile you can then use "man -k
" or, IIRC, apropos. I just ran a test using postscript as a
keyword and there were a few useful reminders in the exorbitant amount
of chaff returned.

HTH a lot of folks,
-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] perl module to parse httpd log on C5

[Mark Pryor]

hello,

Looking for alternative ideas to parse the combined Apache log:
   /var/log/httpd/access_log   (is how I named it)

What I've tried so far is a CPAN search, which pointed me to a recently
created module called ApacheLog::Parser

>From the C5 shell, I used something like this (heavily refined from how I 
>started)

  -- sh script -
#rpm --import http://download.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL
yum install ncftp --disablerepo=\* --enablerepo=epel
yum -y install perl-Test-Pod \
 perl-YAML \
 perl-Test-Pod-Coverage \
 perl-Class-Accessor \
 perl-IPC-Run \
 perl-Time-modules \
 perl-DateTime \
 perl-Date-Simple
perl -MCPAN -e 'install Class::Accessor::Classy' 
perl -MCPAN -e 'install Time::Piece'
perl -MCPAN -e 'install Date::Piece'
perl -MCPAN -e 'install File::Fu'
#  yum install perl-IPC-Run3
perl -MCPAN -e 'install Getopt::Helpful'
perl -MCPAN -e 'install ApacheLog::Parser'
-- end snip ---

the above worked on a fresh install of C5.2 with a LAMP setup.
CPAN asked for ncftp in its setup.

I must have tried 50-60 commands before I settled on the abbreviated version 
above.

As an exercise, I took a shot at using cpan2rpm to package the
tar.gz's into RPM's

the resulting RPM's are here: 
  http://www.tlviewer.org/fostats
they are signed with my RPM-GPG key
http://www.tlviewer.org/centos/RPM-GPG-KEY-mpryor.txt

-- 
Mark



  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OCI

[jleaver+centos]

Mad Unix wrote:

My Question is: How to build the OCI8 extension module for php5 under
CentOS5?


I've had some success using these instructions / rpms / srpms: 
http://freshrpms.net/docs/oracle/


Jacob Leaver
Sr Systems Administrator
ReachONE Internet
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ps to pdf

[Johnny Hughes]

Craig White wrote:

I need a way to convert files that I save with Firefox as a 'print to
file' to 'pdf'

I tried 'convert' but that rendered the text as graphics which grew the
file and wasn't what I wanted.

How would someone accomplish this - or can I just print to a PDF?



My firefox in centos-5 can "print-to-file" into a PDF right now ... I 
don't think I added anything to it to get that.




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: configuration request

[Lanny Marcus]

On Mon, Jul 21, 2008 at 7:45 AM, Sam Drinkard <[EMAIL PROTECTED]> wrote:
> Unfortunately, the ISP is sort of an independent outfit, and while they are
> not small in any sense of the word, their equipment room is stacked full of
> servers from floor to ceiling.  I'm not aware of any power related switches
> where one could ssh into a "box" and cycle the power for one server.

Can you ssh into your server and give it a reboot or shutdown -r
command? If you can do
that, you will not have such a problem with the Remote Reboot switch
frequently not
doing the job you need it to do for you. However, I think the Remote
Reboot is something
*very* nice to have, if you and your ISP can get it to work properly,
because you and your server are not in the same place. You should not
need to cycle
power to reboot the box and you said something about them unplugging your box
and then plugging it back in, which seems drastic. From that, I assume
it does not have a reset swtich
(our newer desktops lack that very nice feature) or even a Power Switch.

>It's also possible that the ACPI of the
> bios is partly to blame, but when I put the machine down there, I actually
> had maybe 2 hours, or the time it took to install CentOS on the drive and
> get the FS set up for the task.  Only later did I learn there was a problem
> remote rebooting.

After the update to CentOS 5.2 I had a very minor issue, where that
kernel wouldn't
boot, after shutting my desktop down and then powering it up. I added acpi=off
to the line for that kernel and the problem disappeared.

> I appreciate everyone's responses, and I suppose I'll just have to deal with
> the problems as they occur.  I've switched back to digest mode, as of this
> morning, so if you don't get any response from me till the day after, that
> is the reason.

I used to get the Digest mode, but then I was advised I was breaking
the threading
(probably if one has their MUA configured correctly that won't
happen), so now I get the
individual messages and I read them online.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OCI

[Johnny Hughes]

Mad Unix wrote:

My Question is: How to build the OCI8 extension module for php5 under
CentOS5?



You will need to rebuild the RPM with ociheaders installed and with the 
--with-oci8 switch ...


http://www.2question.com/demo/install_php_on_redhat_linux_with_10g.html





signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] recommended repo for php 5.2.3 +

[dnk]

On 21-Jul-08, at 10:35 AM, Johnny Hughes wrote:


dnk wrote:

Good day all,
I have been searching on google for the recommended repo for php  
5.2.3 + for centos... I saw at one point it was in the testing  
repo, but was pulled due to no one testing it.
Is there a recommended repo that people feel is safe for a CentOS  
5.x to get php 5.23 + ?
I know i can compile and install, but i like to keep as "vanilla"   
as possible.


The place I would recommend getting this from is:

http://www.jasonlitka.com/

repo for c5:
http://www.jasonlitka.com/media/EL5/

I have worked with Jason a couple times since MySQL stop releasing  
their tarballs publicly and I had to obtain and build MySQL for  
CentOS-4 plus via the MySQL Enterprise source tree.


I don't currently use his repo personally, but I have in the past  
and I do know that he is very knowledgeable and creates high  
quality, "Red Hat like" packages.  I have no problems recommending  
his repo for latest and greatest web stack with centos.


Thanks,
Johnny Hughes



Thanks for the confirmation Johnny. I was actually just installing his  
repo, as it did not seem to need the EPEL as the other repo I had  
found many referring to.


Dustin
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] where is printconf-tui on CENTOS 5.2 (migrate printer configuration)????

[Tru Huynh]

Hi (maybe?)

On Tue, Jul 22, 2008 at 01:35:12AM +0800, mcclnx mcc wrote:
> we are migrated CENTOS from 4.X to 5.2 on seperate DELL servers.  For printer 
> definition migrate on CENTOS 4.X , we can use following command:
> 
>     printconf-tui --Ximport < printers.xml
> 
> I can not find "printconf-tui" command on CENTOS 5.2.  Does anyone know how 
> to migrate printer configuration on CENTOS 5.2?
>

Waking up late? ;D
https://www.redhat.com/archives/rhelv5-list/2007-October/msg00187.html

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B


pgpWJUS3ipyNR.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] recommended repo for php 5.2.3 +

[Johnny Hughes]

dnk wrote:

Good day all,

I have been searching on google for the recommended repo for php 5.2.3 + 
for centos... I saw at one point it was in the testing repo, but was 
pulled due to no one testing it.


Is there a recommended repo that people feel is safe for a CentOS 5.x to 
get php 5.23 + ?


I know i can compile and install, but i like to keep as "vanilla"  as 
possible.




The place I would recommend getting this from is:

http://www.jasonlitka.com/

repo for c5:
http://www.jasonlitka.com/media/EL5/

I have worked with Jason a couple times since MySQL stop releasing their 
tarballs publicly and I had to obtain and build MySQL for CentOS-4 plus 
via the MySQL Enterprise source tree.


I don't currently use his repo personally, but I have in the past and I 
do know that he is very knowledgeable and creates high quality, "Red Hat 
like" packages.  I have no problems recommending his repo for latest and 
greatest web stack with centos.


Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] where is printconf-tui on CENTOS 5.2 (migrate printer configuration)????

[mcclnx mcc]

we are migrated CENTOS from 4.X to 5.2 on seperate DELL servers.  For printer 
definition migrate on CENTOS 4.X , we can use following command:

    printconf-tui --Ximport < printers.xml

I can not find "printconf-tui" command on CENTOS 5.2.  Does anyone know how to 
migrate printer configuration on CENTOS 5.2?


Thanks.



  
___
總會在某些時刻，突然想起舊情人？他 現在過得還好嗎？ 
http://sev.search.yahoo.net___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Load Average ~0.40 when idle

[Stephen John Smoogen]

On Mon, Jul 21, 2008 at 11:00 AM, listmail <[EMAIL PROTECTED]> wrote:
> On Mon, 21 Jul 2008 10:20:53 -0600, Stephen John Smoogen wrote
>> On Sun, Jul 20, 2008 at 4:52 PM, listmail <[EMAIL PROTECTED]> wrote:
> > > OK, I downloaded the CentOS 5.2 Live CD and booted from it. To eliminate
>> > load from the GUI, I forced the system into runlevel 3 and ran top.
>> > I see the same problem; the load average sits at about 0.40 continuously.
>> > This is with the ethernet drivers running, and it does not matter if the
>> > network cables are plugged in or not.
>> >
>>
>> Ok sorry for the wild goose chase earlier...
>>
>> 1. Check with the manufacturer or motherboard to see if this is a
>> known issue. Sometimes these items show up and are fixed with a BIOS
>> update.
>> 2. Check to see if you can pinpoint where the problem is coming
>> from... set up sar and iostat to see if there are excessive irq's on
>> one line or another. Run the system as a minimal OS when doing
>> this... nothing but init 1 if possible.
>> 3. Try Fedora 9 livecd and see if it still occurs. If it doesn't
>> then the problem was fixed in the main kernel between EL-5 and now. That
>> can help make it easier to track down for a bug in Red Hat's bugzilla.
>>
> I cannot find relevant support notes on either the Supermicro or Intel sites,
> but I'll send an email to Supermicro support to see if they know anything.
>
> I used vmstat to compare interrupt and context switch rates on a system
> with the issue and a system without the issue (older kernel). Both systems
> show an irq rate of about 1000/sec and cs rate of about 25/sec.
>
> The system that does not exhibit the problem is running 2.6.18-53.1.14.el5,
> so it seems to be something that has changed since that time frame
> (early CentOS 5.1, I think).
>

Does the non-affected system show the problem when you run livecd on
it? If not, i would try installing that kernel on your affected system
and see if the problem goes away for the time being.



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Load Average ~0.40 when idle

[listmail]

On Mon, 21 Jul 2008 10:20:53 -0600, Stephen John Smoogen wrote
> On Sun, Jul 20, 2008 at 4:52 PM, listmail <[EMAIL PROTECTED]> wrote:
 > OK, I downloaded the CentOS 5.2 Live CD and booted from it. To eliminate
> > load from the GUI, I forced the system into runlevel 3 and ran top.
> > I see the same problem; the load average sits at about 0.40 continuously.
> > This is with the ethernet drivers running, and it does not matter if the
> > network cables are plugged in or not.
> >
> 
> Ok sorry for the wild goose chase earlier...
> 
> 1. Check with the manufacturer or motherboard to see if this is a
> known issue. Sometimes these items show up and are fixed with a BIOS
> update.
> 2. Check to see if you can pinpoint where the problem is coming
> from... set up sar and iostat to see if there are excessive irq's on
> one line or another. Run the system as a minimal OS when doing 
> this... nothing but init 1 if possible.
> 3. Try Fedora 9 livecd and see if it still occurs. If it doesn't 
> then the problem was fixed in the main kernel between EL-5 and now. That
> can help make it easier to track down for a bug in Red Hat's bugzilla.
> 
I cannot find relevant support notes on either the Supermicro or Intel sites,
but I'll send an email to Supermicro support to see if they know anything.

I used vmstat to compare interrupt and context switch rates on a system
with the issue and a system without the issue (older kernel). Both systems
show an irq rate of about 1000/sec and cs rate of about 25/sec.

The system that does not exhibit the problem is running 2.6.18-53.1.14.el5,
so it seems to be something that has changed since that time frame
(early CentOS 5.1, I think).

Thanks,
--Bill
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kernels From CentOS Plus

[Bob Taylor]

On Sun, 2008-07-20 at 23:01 -0700, Akemi Yagi wrote:
> On Sun, Jul 20, 2008 at 10:39 PM, Bob Taylor <[EMAIL PROTECTED]> wrote:
> 
> > Centosplus's priority was 1. I had totally forgotten a special kernel
> > was in that repo and no, I don't have the kernel excluded in
> > base/updates. I have since increased the priority of all Centos repos
> > other than base to a number greater than 1.
> 
> I just wanted to make sure your keep 'updates' at 1.  That is,
> increase the priority of all Centos repos other than base AND
> updates...

OK. Base and updates are priority 1. The rest are greater than 1.

Thanks! 

> Your niece Akemi

Your uncle Bob
-- 
Bob Taylor

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] copy

[Bo Lynch]

On Mon, July 21, 2008 12:14 pm, Mad Unix wrote:
> How would you do the
> tar zcvf -  /usr/local/apache/htdocs | ssh [EMAIL PROTECTED]
> 
> "cat > /var/www/html/htdocs.tar.gz"
>
> with rsync and the to have it  in the crontab  to run everyday.
>
> Thanks
>
> On Mon, Jul 21, 2008 at 5:20 PM, Tom Brown <[EMAIL PROTECTED]> wrote:
>
>>
>>  I want to copy all the following files/folder/subfolders under
>>> /usr/local/apache/htdocs to a remote server within this directory
>>> /var/www/html/
>>> Am I correct with this command, or far away o
>>>
>>> tar zcvf -  /usr/local/apache/htdocs | ssh [EMAIL PROTECTED] >> [EMAIL PROTECTED]> "cat > /var/www/html/htdocs.tar.gz"
>>>
>>> Thanks
>>>
>>
>> rsync over ssh is good for network copies as it preserves permissions
>> nicely if you ask it
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
>
> --
> Your search - madunix - did not match any documents.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
If you want a simple rsync then you can do
rsync -av /usr/local/apache/htdocs/ -e [EMAIL PROTECTED]:/var/www/html/htdocs/

If you want to to compress it first then do

tar zcvf htdocs.tar.gz /usr/local/apache/htdocs
rsync -av /usr/local/apache/htdocs/htdocs.tar.gz -e
[EMAIL PROTECTED]:/var/www/html/htdocs/

Bo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ps to pdf

[Craig White]

On Mon, 2008-07-21 at 11:55 -0500, Robert wrote:
> 
> Craig White wrote:
> > I need a way to convert files that I save with Firefox as a 'print to
> > file' to 'pdf'
> >
> > I tried 'convert' but that rendered the text as graphics which grew the
> > file and wasn't what I wanted.
> >
> > How would someone accomplish this - or can I just print to a PDF?
> >   
> If it's already in your browser, Firefox 3.0.1 will print to either a ps 
> or a pdf.
> File -> print -> general ->  print to file and the output format (PDF or 
> Postscript) is to the right of the file name box.
> 
> BTW, FF3 has worked very well for me. Only problem I had was wading 
> through symlink hell, getting java set up.

gotcha...I haven't upgraded this particular production server to 5.2 yet
- motivation I guess.

Thanks

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ps to pdf

[Craig White]

On Mon, 2008-07-21 at 12:38 -0400, Joshua Baker-LePain wrote:
> On Mon, 21 Jul 2008 at 9:35am, Craig White wrote
> 
> > I need a way to convert files that I save with Firefox as a 'print to
> > file' to 'pdf'
> >
> > I tried 'convert' but that rendered the text as graphics which grew the
> > file and wasn't what I wanted.
> >
> > How would someone accomplish this - or can I just print to a PDF?
> 
> Shockingly, there's ps2pdf...

which is what I thought but I kept searching for pstopdf which didn't
work but there is pstops, etc.

:::blush:::

Thanks

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ps to pdf

[Robert]

Craig White wrote:

I need a way to convert files that I save with Firefox as a 'print to
file' to 'pdf'

I tried 'convert' but that rendered the text as graphics which grew the
file and wasn't what I wanted.

How would someone accomplish this - or can I just print to a PDF?
  
If it's already in your browser, Firefox 3.0.1 will print to either a ps 
or a pdf.
File -> print -> general ->  print to file and the output format (PDF or 
Postscript) is to the right of the file name box.


BTW, FF3 has worked very well for me. Only problem I had was wading 
through symlink hell, getting java set up.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Swatch monitor for inactivity?

[Sean Carolan]

>>Does anyone know if this is possible with the swatch program?
>
> I don't see how as swatch is looking for things that happen, not
> those that don't.

I figured as much.  Before I go and write my own, are there any
general purpose utilities that can simply monitor a log file for
inactivity?  In other words once logs stop being written I would like
my monitoring script to let me know about it or perform some action.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Swatch monitor for inactivity?

[Bill Campbell]

On Mon, Jul 21, 2008, Sean Carolan wrote:
>I would like to use swatch to tail a log file for "PageTurnEvent", and
>if this is not seen in the past 15 minutes then a restart script
>should be run.
>
>Does anyone know if this is possible with the swatch program?

I don't see how as swatch is looking for things that happen, not
those that don't.

We have all the systems we monitor check in using an xml-rpc call
to a central server every fifteen minutes, and that server has a
cron job that checks every fifteen minutes for systems that have
not checked in within the last 20 minutes.

Bill
-- 
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186

Our Foreign dealings are an Open Book, generally a Check Book.
Will Rogers
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ps to pdf

[dnk]

On 21-Jul-08, at 9:35 AM, Craig White wrote:


I need a way to convert files that I save with Firefox as a 'print to
file' to 'pdf'

I tried 'convert' but that rendered the text as graphics which grew  
the

file and wasn't what I wanted.

How would someone accomplish this - or can I just print to a PDF?

Craig




I have never used, but some i found quickly are:

CUPS-PDF is a PDF writer backend for CUPS. It is designed to produce  
PDF files in a heterogeneous network by providing a PDF printer on the  
central fileserver. It will convert files printed to its queue in CUPS  
to PDF and put them in a per-user-based directory structure. It can  
execute post-processing scripts, e.g. to allow mailing the results to  
the user.


Linux / Unix Command: ps2pdf
ps2pdf - Convert PostScript to PDF using ghostscript
ps2pdf12 - Convert PostScript to PDF 1.2 (Acrobat 3-and-later  
compatible) using ghostscript
ps2pdf13 - Convert PostScript to PDF 1.3 (Acrobat 4-and-later  
compatible) using ghostscript  SYNOPSISps2pdf [options...] (input. 
[e]ps|-) [output.pdf|-]

ps2pdf12 [options...] (input.[e]ps|-) [output.pdf|-]
ps2pdf13 [options...] (input.[e]ps|-) [output.pdf|-]  DESCRIPTIONThe  
ps2pdf scripts are work-alikes for nearly all the functionality (but  
not the user interface) of Adobe's Acrobat(TM) Distiller(TM) product:  
they convert PostScript files to Portable Document Format (PDF) files.

The three scripts differ as follows:

-ps2pdf12 will always produce PDF 1.2 output (Acrobat 3-and-later  
compatible).-ps2pdf13 will always produce PDF 1.3 output (Acrobat 4- 
and-later compatible).-ps2pdf per se currently produces PDF 1.2 output  
(Acrobat 3-and-later compatible). However, this may change in the  
future. If you care about the compatibility level of the output, use  
ps2pdf12 or ps2pdf13, or use the -dCompatibility=1.x switch in the  
command line.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ps to pdf

[nate]

Craig White wrote:
> I need a way to convert files that I save with Firefox as a 'print to
> file' to 'pdf'
>
> I tried 'convert' but that rendered the text as graphics which grew the
> file and wasn't what I wanted.
>
> How would someone accomplish this - or can I just print to a PDF?

ps2pdf

[EMAIL PROTECTED]:~]$ which ps2pdf
/usr/bin/ps2pdf
[EMAIL PROTECTED]:~]$ rpm -q -f /usr/bin/ps2pdf
ghostscript-7.07-33

I use it all the time

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ps to pdf

[Joshua Baker-LePain]

On Mon, 21 Jul 2008 at 9:35am, Craig White wrote


I need a way to convert files that I save with Firefox as a 'print to
file' to 'pdf'

I tried 'convert' but that rendered the text as graphics which grew the
file and wasn't what I wanted.

How would someone accomplish this - or can I just print to a PDF?


Shockingly, there's ps2pdf...

--
Joshua Baker-LePain
QB3 Shared Cluster Sysadmin
UCSF
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] ps to pdf

[Craig White]

I need a way to convert files that I save with Firefox as a 'print to
file' to 'pdf'

I tried 'convert' but that rendered the text as graphics which grew the
file and wasn't what I wanted.

How would someone accomplish this - or can I just print to a PDF?

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Memory for crash kernel

[Scott Silva]

on 7-21-2008 5:56 AM Mad Unix spake the following:



On Mon, Jul 21, 2008 at 2:42 PM, Tru Huynh 
<[EMAIL PROTECTED] 
> wrote:


On Mon, Jul 21, 2008 at 02:33:30PM +0200, Mad Unix wrote:
 > when I run dmesg PE2950 Dell Server I see the following line
 >
 > Linux version 2.6.18-92.1.6.el5
([EMAIL PROTECTED]
)
(gcc
...
 > Memory for crash kernel (0x0 to 0x0) notwithin permissible range
 >
^^^
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.1
...
During the boot process you may see the message "Memory for crash
kernel (0x0
to 0x0) notwithin permissible range" appear. This message comes from
the new
kdump infrastructure. It is a harmless message and can be safely
ignored.

Please search at least the wiki before posting questions...
and bottom post ;)


> Thanks

Bottom post means to "post at the bottom", or lower region of the screen as 
opposed to top posting, or the very irritating upper region of the screen. I 
fixed it this time for you.  ;-D




--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Load Average ~0.40 when idle

[Stephen John Smoogen]

On Sun, Jul 20, 2008 at 4:52 PM, listmail <[EMAIL PROTECTED]> wrote:
> On Sat, 19 Jul 2008 21:56:45 -0700, John R Pierce wrote
>> Stephen John Smoogen wrote:
>> > On Sat, Jul 19, 2008 at 2:48 PM, listmail <[EMAIL PROTECTED]> wrote:
>> >
>> >> I am running CentOS 5 on a dual-dual-core Intel machine, and I am seeing
>> >> a load average of between 0.35 and 0.50 while the machine is idle, i.e.
>> >> no processes appear to be running.
>> >
>> > Download the livecd and boot using it. See if the load average still
>> > occurs. Check to see if you have any traffic occuring on the network
>> > from the system. [I had a box that was kernel trojaned that had a load
>> > average all the time when it was on the wire and did not when it
>> > didn't. The kernel trojan was looking for a particular bit of traffic
>> > that would open up its backdoor to.]
>> >
>>
>> its been ages since i've had to do this, but in years past, rkhunter
>> was really good at finding rootkits like this.   worst case, you put
>> it on alive CD and run it from there.
>>
> OK, I downloaded the CentOS 5.2 Live CD and booted from it. To eliminate
> load from the GUI, I forced the system into runlevel 3 and ran top.
> I see the same problem; the load average sits at about 0.40 continuously.
> This is with the ethernet drivers running, and it does not matter if the
> network cables are plugged in or not.
>

Ok sorry for the wild goose chase earlier...

1. Check with the manufacturer or motherboard to see if this is a
known issue. Sometimes these items show up and are fixed with a BIOS
update.
2. Check to see if you can pinpoint where the problem is coming
from... set up sar and iostat to see if there are excessive irq's on
one line or another. Run the system as a minimal OS when doing this...
nothing but init 1 if possible.
3. Try Fedora 9 livecd and see if it still occurs. If it doesn't then
the problem was fixed in the main kernel between EL-5 and now. That
can help make it easier to track down for a bug in Red Hat's bugzilla.


> In my mind, that pretty much eliminates the possibility of a rootkit, unless
> one was delivered with the Live CD. :-)  So it looks like this is a bug
> in either the Intel GLAN driver, or some other kernel timing issue. If anyone
> can suggest where this bug should be reported and is likely to be addressed,
> please let me know. I don't know myself who would be the correct party to
> notify.
>
> Thanks to everyone who responded and helped me track this one down. I'm not
> sure if should roll back to CentOS 5.0, or just try to live with this bug
> until the maintainers address it, but at least I have some idea of what's
> wrong.
>
> Thanks,
> --Bill
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OCI

[Mad Unix]

My Question is: How to build the OCI8 extension module for php5 under
CentOS5?

Thanks
On Mon, Jul 21, 2008 at 1:47 PM, Mad Unix <[EMAIL PROTECTED]> wrote:

> We do have 2xDB on the System One for the Core based on Oracle10g and the
> rivate one based for MySQL
> normally I do Apache Install and php from the source and bind it Oracle10g
> OCI
> This time i installed Apache/MySQL through yum install 
>
> Thanks
>
>
> On Mon, Jul 21, 2008 at 1:01 PM, Jim Perrin <[EMAIL PROTECTED]> wrote:
>
>> On Mon, Jul 21, 2008 at 5:37 AM, Mad Unix <[EMAIL PROTECTED]> wrote:
>> > Am running centos5 , I want to compile my apache  with php to support
>> the
>> > following
>> >
>> > './configure' '--with-apxs2=/usr/local/apache/bin/apxs'
>> > '--with-mysql=/usr/local/mysql' '--with-zlib-dir=/usr/lib/'
>> > '--enable-versioning' '--enable-track-vars=yes'
>> > '--enable-url-includes--enable-sysvshm=yes' '--enable-sysvsem=yes'
>> > '--with-gettext' '--enable-mbstring' '--enable-ftp' '--enable-calendar'
>> > '--with-config-file-path=/etc'
>> '--with-oci8=/u01/app/oracle/product/10g/db'
>> > '--enable-soap' '--with-gd' '--enable-xml' '--with-xml'
>> '--enable-sysvsem'
>> > '--enable-sysvshm' '--enable-sysvmsg' '--with-regex=system' '--with-png'
>> > '--with-ttf=/usr/lib' '--with-freetype=/usr/lib' '--enable-sigchild'
>> > '--with-openssl' '--with-iconv'
>>
>>
>> Okay, If I'm reading this right, you built a separate apache apart
>> from the one shipped in the distro, as well as a separate mysql. Is
>> this correct? Why did you do this? Also, why install mysql at all if
>> you're using oracle?
>>
>>
>>
>>
>>
>> --
>> During times of universal deceit, telling the truth becomes a
>> revolutionary act.
>> George Orwell
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
>
> --
> Your search - madunix - did not match any documents.
>



-- 
Your search - madunix - did not match any documents.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Load Average ~0.40 when idle

[listmail]

On Mon, 21 Jul 2008 08:06:54 -0400, William Warren wrote
> the issue occurs even on a live cd so the machine's software load 
> isn't suspect.  It's the nics.
> 
It sure does look like it. I submitted a bug to the CentOS bug tracker,
so hopefully someone better equipped than I to resolve this can duplicate
the issue.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] copy

[Mad Unix]

How would you do the
tar zcvf -  /usr/local/apache/htdocs | ssh [EMAIL PROTECTED] 
"cat > /var/www/html/htdocs.tar.gz"

with rsync and the to have it  in the crontab  to run everyday.

Thanks

On Mon, Jul 21, 2008 at 5:20 PM, Tom Brown <[EMAIL PROTECTED]> wrote:

>
>  I want to copy all the following files/folder/subfolders under
>> /usr/local/apache/htdocs to a remote server within this directory
>> /var/www/html/
>> Am I correct with this command, or far away o
>>
>> tar zcvf -  /usr/local/apache/htdocs | ssh [EMAIL PROTECTED] > [EMAIL PROTECTED]> "cat > /var/www/html/htdocs.tar.gz"
>>
>> Thanks
>>
>
> rsync over ssh is good for network copies as it preserves permissions
> nicely if you ask it
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Your search - madunix - did not match any documents.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] recommended repo for php 5.2.3 +

[dnk]

Good day all,

I have been searching on google for the recommended repo for php 5.2.3  
+ for centos... I saw at one point it was in the testing repo, but was  
pulled due to no one testing it.


Is there a recommended repo that people feel is safe for a CentOS 5.x  
to get php 5.23 + ?


I know i can compile and install, but i like to keep as "vanilla"  as  
possible.


Thanks in advance.

Dustin
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Boot from iso file (xen)

[Sergio Belkin]

Hi,

I don't remember how to boot from iso file. My current config file is:

name = "devel"
uuid = "4223e2e8-a3a7-91a7-aabf-e7b9f6f8a4a8"
maxmem = 256
memory = 256
vcpus = 1
boot= "d"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
vfb = [ "type=vnc,vncunused=1,keymap=en-us" ]
disk = [ "phy:/dev/xen/devel,xvda,w", 'file:/tmp/mindi.iso,hdc:cdrom,r' ]
vif = [ "mac=00:16:3e:19:63:7f,bridge=xenbr0" ]
cdrom = "/tmp/mindi.iso"

EOF

Please, could you help me about it? I use Centos 5 + xen-3.0.3-41.el5_1.6.

Thanks in advance!!
-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to get additional packages? How secure is Yum?

[nate]

Manuel Reimer wrote:
> Hello,
>
> I'm coming from Slackware and I'm searching for another distribution to run
> on my desktop and in near future also on a server.
>
> The *top priority* for me is security!
>
> I've test-installed CentOS on one of my test systems. So far anything went
> OK. After trying a bit, I would like to ask some questions:
>
> - What is the suggested way to get *secure and trusted* additional packages?
> I don't want packages packaged by "someone" who doesn't have the required
> experience and who doesn't do the packaging on a dedicated "build host"
> which isn't used for anything else than building packages.

Security is pretty important for me too. For this, and other reasons
I never point yum to 3rd party repositories. I only run CentOS/RHEL
on servers. I run Debian on desktops(due to larger package selection
and still long release cycles for stable). And usually Ubuntu on
laptops(for more current hardware support).

With that in mind, the 3rd party packages I get I inspect the version
numbers by hand, and I build the source rpms myself, and install them
via RPM (not via yum). I use a lot of src rpms from Dag's site for
example. There aren't many 3rd party packages that are installed that
are remotely accessible, and my systems have only trusted local users.
Due to this I don't need to update the 3rd party packages very often
(some, such as perl modules I don't even update).

To-date anyways it has provided me with minimal hassle. There is some
extra work up front building packages, depending on the size of
your environment(mine is several hundred systems), the extra work is
well worth it.

If security is a top priority, and you really want to use CentOS/RHEL,
then don't use 3rd party packages, period. Otherwise I suggest you
find a distro that supports the applications you wish to run directly
or maintain them yourself.

And of course security/stability rarely means having the latest version.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] copy

[Tom Brown]

I want to copy all the following files/folder/subfolders under 
/usr/local/apache/htdocs to a remote server within this directory 
/var/www/html/

Am I correct with this command, or far away o

tar zcvf -  /usr/local/apache/htdocs | ssh [EMAIL PROTECTED] 
 "cat > /var/www/html/htdocs.tar.gz"


Thanks


rsync over ssh is good for network copies as it preserves permissions 
nicely if you ask it


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to get additional packages? How secure is Yum?

[Akemi Yagi]

On Mon, Jul 21, 2008 at 8:08 AM, Manuel Reimer <[EMAIL PROTECTED]> wrote:

> - My second question is about:
> http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html

Please read: http://planet.centos.org/

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How to get additional packages? How secure is Yum?

[Manuel Reimer]

Hello,

I'm coming from Slackware and I'm searching for another distribution to run on 
my desktop and in near future also on a server.

The *top priority* for me is security!

I've test-installed CentOS on one of my test systems. So far anything went OK. 
After trying a bit, I would like to ask some questions:

- What is the suggested way to get *secure and trusted* additional packages? I 
don't want packages packaged by "someone" who doesn't have the required 
experience and who doesn't do the packaging on a dedicated "build host" which 
isn't used for anything else than building packages.

I tried the Dag-Repository. Seems to be well done and as Dag is member of the 
CentOS-Staff, I think his packages are trustworthy. Unfortunately I'm unsure if 
they are secure. For example there is a Drupal package which is *out of date*! 
So there should either be an update or the package maybe should be removed at 
all as it is a security hole! Is there a repository available which only has 
that much packages as the maintainer is able to keep secure?

- My second question is about:
http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html

Yum also seems to affected, so a malicious mirror would be able to downgrade a 
package on a server where it's suggested to be *upgraded* to a patched version.

When will Yum be fixed and what is the suggested way to get Yum more secure?

Thanks in advance for any answers.

Yours

Manuel
-- 
()  ascii ribbon campaign - against html mail
/\- gegen HTML-Mail
answers as html mail will be deleted automatically!
Antworten als HTML-Mail werden automatisch gelöscht!

GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion!
http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] copy

[Bo Lynch]

On Mon, July 21, 2008 10:09 am, Mad Unix wrote:
> I want to copy all the following files/folder/subfolders under
> /usr/local/apache/htdocs to a remote server within this directory
> /var/www/html/
> Am I correct with this command, or far away o
>
> tar zcvf -  /usr/local/apache/htdocs | ssh [EMAIL PROTECTED] "cat >
> /var/www/html/htdocs.tar.gz"
>
> Thanks
>
> --
> Your search - madunix - did not match any documents.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
You can also do a scp -prC /usr/local/apache/htdocs/
[EMAIL PROTECTED]:/var/www/html/htdocs/ if you do not need to archive the
files.
Bo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: configuration request

[William L. Maltby]

On Mon, 2008-07-21 at 08:45 -0400, Sam Drinkard wrote:
> 

> the machine down there, I actually had maybe 2 hours, or the time it 
> took to install CentOS on the drive and get the FS set up for the task.  
> Only later did I learn there was a problem remote rebooting. 

Ahhh. That prompts a possible solution. I would guess that you didn't
have time to see if it had a BIOS upgrade available. From watching this
list of a long period, I note that many ACPI issues are resolved when a
BIOS upgrade is applied. I guess that manufacturers rush the stuff out
the door and then later some issues are found and fixes made available.

If you've not checked to see if there is a BIOS upgrade available, it
may be worthwhile. Even if it doesn't solve the occasional operational
issues, it may solve the reboot issues.

> 
> 

HTH
-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] copy

[Mad Unix]

I want to copy all the following files/folder/subfolders under
/usr/local/apache/htdocs to a remote server within this directory
/var/www/html/
Am I correct with this command, or far away o

tar zcvf -  /usr/local/apache/htdocs | ssh [EMAIL PROTECTED] "cat >
/var/www/html/htdocs.tar.gz"

Thanks

-- 
Your search - madunix - did not match any documents.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Swatch monitor for inactivity?

[Sean Carolan]

I would like to use swatch to tail a log file for "PageTurnEvent", and
if this is not seen in the past 15 minutes then a restart script
should be run.

Does anyone know if this is possible with the swatch program?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Memory for crash kernel

[Mad Unix]

Thanks

On Mon, Jul 21, 2008 at 2:42 PM, Tru Huynh <[EMAIL PROTECTED]> wrote:

> On Mon, Jul 21, 2008 at 02:33:30PM +0200, Mad Unix wrote:
> > when I run dmesg PE2950 Dell Server I see the following line
> >
> > Linux version 2.6.18-92.1.6.el5 ([EMAIL PROTECTED]) (gcc
> ...
> > Memory for crash kernel (0x0 to 0x0) notwithin permissible range
> >
> ^^^
> http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.1
> ...
> During the boot process you may see the message "Memory for crash kernel
> (0x0
> to 0x0) notwithin permissible range" appear. This message comes from the
> new
> kdump infrastructure. It is a harmless message and can be safely ignored.
>
> Please search at least the wiki before posting questions...
> and bottom post ;)
>
> Tru
> --
> Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>


-- 
Your search - madunix - did not match any documents.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: configuration request

[Sam Drinkard]

Unfortunately, the ISP is sort of an independent outfit, and while they 
are not small in any sense of the word, their equipment room is stacked 
full of servers from floor to ceiling.  I'm not aware of any power 
related switches where one could ssh into a "box" and cycle the power 
for one server.  I know I really should take this dual Xeon server here 
in my cave and move it downtown, but I miss having the horsepower when I 
need it, as I still dabble with numerical weather models, and it takes a 
lot of number crunching cpu cycles to accomplish that task.  It's also 
possible that the ACPI of the bios is partly to blame, but when I put 
the machine down there, I actually had maybe 2 hours, or the time it 
took to install CentOS on the drive and get the FS set up for the task.  
Only later did I learn there was a problem remote rebooting. 

I appreciate everyone's responses, and I suppose I'll just have to deal 
with the problems as they occur.  I've switched back to digest mode, as 
of this morning, so if you don't get any response from me till the day 
after, that is the reason.


Many thanks

Sam

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Memory for crash kernel

[Tru Huynh]

On Mon, Jul 21, 2008 at 02:33:30PM +0200, Mad Unix wrote:
> when I run dmesg PE2950 Dell Server I see the following line
> 
> Linux version 2.6.18-92.1.6.el5 ([EMAIL PROTECTED]) (gcc
...
> Memory for crash kernel (0x0 to 0x0) notwithin permissible range
> ^^^
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.1
...
During the boot process you may see the message "Memory for crash kernel (0x0
to 0x0) notwithin permissible range" appear. This message comes from the new
kdump infrastructure. It is a harmless message and can be safely ignored.

Please search at least the wiki before posting questions...
and bottom post ;)

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B


pgpRRl2QZApod.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Memory for crash kernel

[Matt Hyclak]

On Mon, Jul 21, 2008 at 02:33:30PM +0200, Mad Unix enlightened us:
> when I run dmesg PE2950 Dell Server I see the following line
> 
> Linux version 2.6.18-92.1.6.el5 ([EMAIL PROTECTED]) (gcc
> version 4.1.2 20071124 (Red Hat 4.1.2-42)) #1 SMP Wed J
> un 25 13:45:47 EDT 2008
> Command line: ro root=/dev/VolGroup00/LogVol00 rhgb quiet
> BIOS-provided physical RAM map:
>  BIOS-e820:  - 000a (usable)
>  BIOS-e820: 0010 - cfb5 (usable)
>  .
>  BIOS-e820: 0001 - 00023000 (usable)
> DMI 2.5 present.
> ACPI: RSDP (v002 DELL  ) @
> 0x000f21c0
> ACPI: XSDT (v001 DELL   PE_SC3   0x0001 DELL 0x0001) @
> 0x000f225c
> ACPI: FADT (v003 DELL   PE_SC3   0x0001 DELL 0x0001) @
> 0xcfb83524
> .000cfb6a974
> ACPI: EINJ (v001 DELL   PE_SC3   0x0001 DELL 0x0001) @
> 0xcfb6a9a4
> ACPI: TCPA (v001 DELL   PE_SC3   0x0001 DELL 0x0001) @
> 0xcfb834bc
> ACPI: DSDT (v001 DELL   PE_SC3   0x0001 INTL 0x20050624) @
> 0x
> No NUMA configuration found
> Faking a node at -00023000
> Bootmem setup node 0 -00023000
> Memory for crash kernel (0x0 to 0x0) notwithin permissible range
> ^^^
> 
> any input about this issue?

It's in the release notes.

Matt

-- 
Matt Hyclak
Systems and Operations 
Office of Information Technology
Ohio University
(740) 593-1222
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bind Firewall Rules

[John Hinton]

Johnny Hughes wrote:

John Hinton wrote:
OK, so does anybody have a good firewall rule solution for what we're 
supposed to be doing with bind these days? Obviously port 53 is no 
longer enough.




how do you mean?

opening port 53 in is still enough ... the outbound port is what is 
randomized


not sure what kind of problems you are encountering

I'm trying to pass the test on DNSstuff.com.

These are my firewall rules for bind

Accept If protocol is TCP and destination port is 53 and state of
connection is NEW
Accept If protocol is UDP and destination port is 53 and state of
connection is NEW

from my gui or

-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 53 --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 53 --state NEW -j
ACCEPT

from iptables.

I have upgraded bind, but when I remove this line from a config file,
bind will not restart.

query-source address * port 53;

From what I read, the above line is supposed to be removed. My tests
from outside states that I am vulnerable to cache injections.

"*Based on the results, a DNS server is vulnerable if:*
The IPs /AND/ the Query source ports match or the query IDs match.
Matching query source ports or query IDs make it easier to spoof fake
results to the DNS server, poisoning its cache."

The IDs in the testing change, but the port stays the same.

I read where the firewall rules need to be fixed due to this change, but
firewalls have never been my strong point. I have a pretty darned good
understanding of bind. but firewalls, not so much.

John




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
  



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Memory for crash kernel

[Mad Unix]

when I run dmesg PE2950 Dell Server I see the following line

Linux version 2.6.18-92.1.6.el5 ([EMAIL PROTECTED]) (gcc
version 4.1.2 20071124 (Red Hat 4.1.2-42)) #1 SMP Wed J
un 25 13:45:47 EDT 2008
Command line: ro root=/dev/VolGroup00/LogVol00 rhgb quiet
BIOS-provided physical RAM map:
 BIOS-e820:  - 000a (usable)
 BIOS-e820: 0010 - cfb5 (usable)
 .
 BIOS-e820: 0001 - 00023000 (usable)
DMI 2.5 present.
ACPI: RSDP (v002 DELL  ) @
0x000f21c0
ACPI: XSDT (v001 DELL   PE_SC3   0x0001 DELL 0x0001) @
0x000f225c
ACPI: FADT (v003 DELL   PE_SC3   0x0001 DELL 0x0001) @
0xcfb83524
.000cfb6a974
ACPI: EINJ (v001 DELL   PE_SC3   0x0001 DELL 0x0001) @
0xcfb6a9a4
ACPI: TCPA (v001 DELL   PE_SC3   0x0001 DELL 0x0001) @
0xcfb834bc
ACPI: DSDT (v001 DELL   PE_SC3   0x0001 INTL 0x20050624) @
0x
No NUMA configuration found
Faking a node at -00023000
Bootmem setup node 0 -00023000
Memory for crash kernel (0x0 to 0x0) notwithin permissible range
^^^

any input about this issue?

-- 
Your search - madunix - did not match any documents.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Load Average ~0.40 when idle

[William Warren]

the issue occurs even on a live cd so the machine's software load isn't 
suspect.  It's the nics.


Lorenzo Martínez Rodríguez wrote:

William Warren escribió:

post it on the centos bug tracker to start..:)

listmail wrote:

On Sat, 19 Jul 2008 21:56:45 -0700, John R Pierce wrote

Stephen John Smoogen wrote:
On Sat, Jul 19, 2008 at 2:48 PM, listmail <[EMAIL PROTECTED]> 
wrote:
 
I am running CentOS 5 on a dual-dual-core Intel machine, and I am 
seeing
a load average of between 0.35 and 0.50 while the machine is idle, 
i.e.

no processes appear to be running.

Download the livecd and boot using it. See if the load average still
occurs. Check to see if you have any traffic occuring on the network
from the system. [I had a box that was kernel trojaned that had a load
average all the time when it was on the wire and did not when it
didn't. The kernel trojan was looking for a particular bit of traffic
that would open up its backdoor to.]

its been ages since i've had to do this, but in years past, rkhunter 
was really good at finding rootkits like this.   worst case, you put 
it on alive CD and run it from there.



OK, I downloaded the CentOS 5.2 Live CD and booted from it. To eliminate
load from the GUI, I forced the system into runlevel 3 and ran top.
I see the same problem; the load average sits at about 0.40 
continuously.

This is with the ethernet drivers running, and it does not matter if the
network cables are plugged in or not.

In my mind, that pretty much eliminates the possibility of a rootkit, 
unless

one was delivered with the Live CD. :-)  So it looks like this is a bug
in either the Intel GLAN driver, or some other kernel timing issue. 
If anyone
can suggest where this bug should be reported and is likely to be 
addressed,
please let me know. I don't know myself who would be the correct 
party to

notify.

Thanks to everyone who responded and helped me track this one down. 
I'm not
sure if should roll back to CentOS 5.0, or just try to live with this 
bug
until the maintainers address it, but at least I have some idea of 
what's

wrong.

Thanks,
--Bill
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




Hello,

to try to find out if you have hidden processes I suggest you to try 
this: http://www.security-projects.com/?Unhide


I have cronned it every night in my server.

It works really good. rkhunter is very good tool too.

Try both and let us know.

Another issue: What is the proposal of the machine? is it a web server? 
mail server? dns server? Check that /etc/resolv.conf has the right 
information and check the routes to get  access to different nerworks 
too. If machine processor is idle, but the machine load is high, it 
could be because the processes queue is very big, but the machine 
processors could not be so overloaded.



Regards,



--
Registered Microsoft Partner

My "Foundation" verse:
Isa 54:17
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OCI

[Mad Unix]

We do have 2xDB on the System One for the Core based on Oracle10g and the
rivate one based for MySQL
normally I do Apache Install and php from the source and bind it Oracle10g
OCI
This time i installed Apache/MySQL through yum install 

Thanks

On Mon, Jul 21, 2008 at 1:01 PM, Jim Perrin <[EMAIL PROTECTED]> wrote:

> On Mon, Jul 21, 2008 at 5:37 AM, Mad Unix <[EMAIL PROTECTED]> wrote:
> > Am running centos5 , I want to compile my apache  with php to support the
> > following
> >
> > './configure' '--with-apxs2=/usr/local/apache/bin/apxs'
> > '--with-mysql=/usr/local/mysql' '--with-zlib-dir=/usr/lib/'
> > '--enable-versioning' '--enable-track-vars=yes'
> > '--enable-url-includes--enable-sysvshm=yes' '--enable-sysvsem=yes'
> > '--with-gettext' '--enable-mbstring' '--enable-ftp' '--enable-calendar'
> > '--with-config-file-path=/etc'
> '--with-oci8=/u01/app/oracle/product/10g/db'
> > '--enable-soap' '--with-gd' '--enable-xml' '--with-xml'
> '--enable-sysvsem'
> > '--enable-sysvshm' '--enable-sysvmsg' '--with-regex=system' '--with-png'
> > '--with-ttf=/usr/lib' '--with-freetype=/usr/lib' '--enable-sigchild'
> > '--with-openssl' '--with-iconv'
>
>
> Okay, If I'm reading this right, you built a separate apache apart
> from the one shipped in the distro, as well as a separate mysql. Is
> this correct? Why did you do this? Also, why install mysql at all if
> you're using oracle?
>
>
>
>
>
> --
> During times of universal deceit, telling the truth becomes a revolutionary
> act.
> George Orwell
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Your search - madunix - did not match any documents.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OCI

[Jim Perrin]

On Mon, Jul 21, 2008 at 5:37 AM, Mad Unix <[EMAIL PROTECTED]> wrote:
> Am running centos5 , I want to compile my apache  with php to support the
> following
>
> './configure' '--with-apxs2=/usr/local/apache/bin/apxs'
> '--with-mysql=/usr/local/mysql' '--with-zlib-dir=/usr/lib/'
> '--enable-versioning' '--enable-track-vars=yes'
> '--enable-url-includes--enable-sysvshm=yes' '--enable-sysvsem=yes'
> '--with-gettext' '--enable-mbstring' '--enable-ftp' '--enable-calendar'
> '--with-config-file-path=/etc' '--with-oci8=/u01/app/oracle/product/10g/db'
> '--enable-soap' '--with-gd' '--enable-xml' '--with-xml' '--enable-sysvsem'
> '--enable-sysvshm' '--enable-sysvmsg' '--with-regex=system' '--with-png'
> '--with-ttf=/usr/lib' '--with-freetype=/usr/lib' '--enable-sigchild'
> '--with-openssl' '--with-iconv'


Okay, If I'm reading this right, you built a separate apache apart
from the one shipped in the distro, as well as a separate mysql. Is
this correct? Why did you do this? Also, why install mysql at all if
you're using oracle?





-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] crontab for nobody

[Anne Wilson]

On Monday 21 July 2008 08:49:51 Mogens Kjaer wrote:
> Anne Wilson wrote:
> ...
>
> >>-rw--- 1 root root 0 Jul  7 16:07 /var/spool/cron/nobody
>
> ...
>
> > /var/log/yum.log shows nothing between 3rd and 11th June.
> >
> > Jun 03 16:04:30 Updated: commoncpp2.i386 1.6.2-1.el5.rf
> > Jun 11 17:33:22 Updated: clamav-db.i386 0.93.1-1.el5.rf
> > Jun 11 17:33:28 Updated: clamav.i386 0.93.1-1.el5.rf
> > Jun 11 17:33:29 Updated: clamd.i386 0.93.1-1.el5.rf
> >
> > The oldest /var/log/messages only goes back to June 22.
>
> The interesting date is July 7, not June.
>
Oops - sorry!  Caffeine starvation.

yum.log:
Jul 07 13:43:22 Updated: nspr - 4.7.1-1.el5.i386
Jul 07 13:43:33 Updated: nss - 3.12.0.3-1.el5.centos.i386
Jul 07 13:43:37 Updated: xulrunner - 1.9-1.el5.i386
Jul 07 13:43:47 Updated: devhelp - 0.12-17.el5.i386
Jul 07 13:43:49 Updated: nss-tools - 3.12.0.3-1.el5.centos.i386
Jul 07 13:43:54 Updated: firefox - 3.0-2.el5.centos.i386
Jul 07 13:44:02 Updated: yelp - 2.16.0-19.el5.i386
Jul 07 16:01:06 Installed: chkrootkit - 0.47-1.el5.rf.i386

I'll give the whole messages output if it helps, but here is a summary:

Freshclam completedd updates, clamd did a self-check and reload.
Jul  7 13:43:22 borg2 yum: Updated: nspr - 4.7.1-1.el5.i386
Jul  7 13:43:33 borg2 yum: Updated: nss - 3.12.0.3-1.el5.centos.i386
Jul  7 13:43:37 borg2 yum: Updated: xulrunner - 1.9-1.el5.i386
Jul  7 13:43:47 borg2 yum: Updated: devhelp - 0.12-17.el5.i386
Jul  7 13:43:49 borg2 yum: Updated: nss-tools - 3.12.0.3-1.el5.centos.i386
Jul  7 13:43:54 borg2 yum: Updated: firefox - 3.0-2.el5.centos.i386
Jul  7 13:44:02 borg2 yum: Updated: yelp - 2.16.0-19.el5.i386

Then some mount problems (nfs mounts)
Then another clamd self-check and freshclam update

and that's all.

Anne


signature.asc
Description: This is a digitally signed message part.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] OCI

[Mad Unix]

Am running centos5 , I want to compile my apache  with php to support the
following

'./configure' '--with-apxs2=/usr/local/apache/bin/apxs'
'--with-mysql=/usr/local/mysql' '--with-zlib-dir=/usr/lib/'
'--enable-versioning' '--enable-track-vars=yes'
'--enable-url-includes--enable-sysvshm=yes' '--enable-sysvsem=yes'
'--with-gettext' '--enable-mbstring' '--enable-ftp' '--enable-calendar'
'--with-config-file-path=/etc' '--with-oci8=/u01/app/oracle/product/10g/db'
'--enable-soap' '--with-gd' '--enable-xml' '--with-xml' '--enable-sysvsem'
'--enable-sysvshm' '--enable-sysvmsg' '--with-regex=system' '--with-png'
'--with-ttf=/usr/lib' '--with-freetype=/usr/lib' '--enable-sigchild'
'--with-openssl' '--with-iconv'


My current Config:

'./configure' '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--localstatedir=/var'
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--cache-file=../config.cache'
'--with-libdir=lib64' '--with-config-file-path=/etc'
'--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic'
'--disable-rpath' '--without-pear' '--with-bz2' '--with-curl'
'--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr'
'--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-gmp'
'--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png'
'--with-pspell' '--with-expat-dir=/usr' '--with-pcre-regex=/usr'
'--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp'
'--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem'
'--enable-sysvshm' '--enable-sysvmsg' '--enable-track-vars'
'--enable-trans-sid' '--enable-yp' '--enable-wddx' '--with-kerberos'
'--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr'
'--enable-memory-limit' '--enable-shmop' '--enable-calendar' '--enable-dbx'
'--enable-dio' '--with-mime-magic=/usr/share/file/magic.mime'
'--without-sqlite' '--with-libxml-dir=/usr' '--with-xml'
'--with-system-tzdata' '--with-apxs2=/usr/sbin/apxs' '--without-mysql'
'--without-gd' '--without-odbc' '--disable-dom' '--disable-dba'
'--without-unixODBC' '--disable-pdo' '--disable-xmlreader'
'--disable-xmlwriter'


How can I add the support of OCI8 to bind it with Oracle10g? since my Apache
server run with Oracle10g DB...
-- 
Your search - madunix - did not match any documents.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Load Average ~0.40 when idle

[Lorenzo Martínez Rodríguez]

William Warren escribió:

post it on the centos bug tracker to start..:)

listmail wrote:

On Sat, 19 Jul 2008 21:56:45 -0700, John R Pierce wrote

Stephen John Smoogen wrote:
On Sat, Jul 19, 2008 at 2:48 PM, listmail <[EMAIL PROTECTED]> 
wrote:
 
I am running CentOS 5 on a dual-dual-core Intel machine, and I am 
seeing
a load average of between 0.35 and 0.50 while the machine is idle, 
i.e.

no processes appear to be running.

Download the livecd and boot using it. See if the load average still
occurs. Check to see if you have any traffic occuring on the network
from the system. [I had a box that was kernel trojaned that had a load
average all the time when it was on the wire and did not when it
didn't. The kernel trojan was looking for a particular bit of traffic
that would open up its backdoor to.]

its been ages since i've had to do this, but in years past, rkhunter 
was really good at finding rootkits like this.   worst case, you put 
it on alive CD and run it from there.



OK, I downloaded the CentOS 5.2 Live CD and booted from it. To eliminate
load from the GUI, I forced the system into runlevel 3 and ran top.
I see the same problem; the load average sits at about 0.40 
continuously.

This is with the ethernet drivers running, and it does not matter if the
network cables are plugged in or not.

In my mind, that pretty much eliminates the possibility of a rootkit, 
unless

one was delivered with the Live CD. :-)  So it looks like this is a bug
in either the Intel GLAN driver, or some other kernel timing issue. 
If anyone
can suggest where this bug should be reported and is likely to be 
addressed,
please let me know. I don't know myself who would be the correct 
party to

notify.

Thanks to everyone who responded and helped me track this one down. 
I'm not
sure if should roll back to CentOS 5.0, or just try to live with this 
bug
until the maintainers address it, but at least I have some idea of 
what's

wrong.

Thanks,
--Bill
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




Hello,

to try to find out if you have hidden processes I suggest you to try 
this: http://www.security-projects.com/?Unhide


I have cronned it every night in my server.

It works really good. rkhunter is very good tool too.

Try both and let us know.

Another issue: What is the proposal of the machine? is it a web server? 
mail server? dns server? Check that /etc/resolv.conf has the right 
information and check the routes to get  access to different nerworks 
too. If machine processor is idle, but the machine load is high, it 
could be because the processes queue is very big, but the machine 
processors could not be so overloaded.



Regards,

--



Lorenzo Martínez Rodríguez
Consultor de seguridad informática


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] crontab for nobody

[Mogens Kjaer]

Anne Wilson wrote:
...

   -rw--- 1 root root 0 Jul  7 16:07 /var/spool/cron/nobody

...
/var/log/yum.log shows nothing between 3rd and 11th June.  


Jun 03 16:04:30 Updated: commoncpp2.i386 1.6.2-1.el5.rf
Jun 11 17:33:22 Updated: clamav-db.i386 0.93.1-1.el5.rf
Jun 11 17:33:28 Updated: clamav.i386 0.93.1-1.el5.rf
Jun 11 17:33:29 Updated: clamd.i386 0.93.1-1.el5.rf

The oldest /var/log/messages only goes back to June 22.


The interesting date is July 7, not June.

Mogens

--
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] crontab for nobody

[Anne Wilson]

On Sunday 20 July 2008 22:31:22 John Horne wrote:
> On Sun, 2008-07-20 at 22:04 +0100, Anne Wilson wrote:
> > On Sunday 20 July 2008 21:23:52 Stephen Harris wrote:
> > > What does
> > >   find /var/spool/cron -type f ! -size 0
> > > show?
> >
> > Does that mean 'not = size 0'?
>
> Yes.
>
> > I can't think of anything that explains this.  I have a 6-month-old
> > CentOS 5.2 install, with nothing out of the ordinary, as far as I can
> > recall.
>
> Your previous message showed:
>
>-rw--- 1 root root 0 Jul  7 16:07 /var/spool/cron/nobody
>
> This will be the last modification date/time, and possibly the creation
> date/time if the file was not modified at all. So something around July
> 7 presumably caused it. If you have the old /var/log/messages files from
> around that date, then looking through those might show something. As
> might a /var/log/yum.log file which could indicate if something was
> automatically installed.
>
>
>
/var/log/yum.log shows nothing between 3rd and 11th June.  

Jun 03 16:04:30 Updated: commoncpp2.i386 1.6.2-1.el5.rf
Jun 11 17:33:22 Updated: clamav-db.i386 0.93.1-1.el5.rf
Jun 11 17:33:28 Updated: clamav.i386 0.93.1-1.el5.rf
Jun 11 17:33:29 Updated: clamd.i386 0.93.1-1.el5.rf

The oldest /var/log/messages only goes back to June 22.

Anne


signature.asc
Description: This is a digitally signed message part.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] crontab for nobody

[Anne Wilson]

On Sunday 20 July 2008 22:32:49 John Horne wrote:
> On Sun, 2008-07-20 at 17:28 -0400, Stephen Harris wrote:
> > On Sun, Jul 20, 2008 at 10:04:00PM +0100, Anne Wilson wrote:
> > > I can't think of anything that explains this.  I have a 6-month-old
> > > CentOS 5.2 install, with nothing out of the ordinary, as far as I can
> > > recall.
> >
> > I doubt it; 5.2 hasn't been around for 6 months; the release announcement
> > for 5.2 is dated Jun 24;
> >   http://lists.centos.org/pipermail/centos-announce/2008-June/014999.html
> >
> > Could have been a 5.1 install
>
> Type in 'cat /etc/issue' to  see what it says.
>
CentOS release 5.2 (Final)
Kernel \r on an \m

Yes, I was inaccurate.  It would have been a 5.1 install, constantly updated.

Anne


signature.asc
Description: This is a digitally signed message part.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos