Re: [CentOS] Watchdog process?
Amos Shapira wrote: > Hello, > > Is there a generic built-in way on CentOS to overlook that a specific > process is alive and re-spawn it (or just run a configured command) > when it dies? > > I know how to script things so a parent will watch its child, but was > wondering whether there is something more readily available instead of > having to reinvent the wheel. > > The process must be controlled via a /etc/init.d/... script and should > be stop-able (it runs in a primary/stand-by configuration), so use of > "respawn" in inittab is not a solution. > > So far googl'ing for "watchdog" comes up with references about system > watchdog - which will reboot the system if the kernel appears to be > stuck. > > Thanks, > > --Amos > You might take a glance at daemontools: http://cr.yp.to/daemontools/faq.html The directory layout is a bit nonstandard, but it does what you're looking for. I believe SME Server (which is built on top of CentOS) makes use of this tool set... -Greg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
Spiro Harvey wrote: >> It's simpler for non-experts to change the postfix configuration than >> to change the sendmail configuration. So, why shouldn't he not >> suggest it? > > because it's stupid, lazy advice. > Will it not work? Will it make someone's brain rot and fall out? Could one switch to postfix and still remain a civil person? Would you be able to imagine the words "If you're tired of sendmail . . " at the beginning of my first post as perhaps an alternate theory to my intent? -- tkb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Watchdog process?
2008/12/11 Karanbir Singh <[EMAIL PROTECTED]>: > Amos Shapira wrote: >> Is there a generic built-in way on CentOS to overlook that a specific >> process is alive and re-spawn it (or just run a configured command) >> when it dies? > > Monit > > works well for me in a very diverse set of jobs and roles. Thanks! Obvious answer. I can't understand why I was stuck on looking for "watchdog" and not "monitor". I'll try to use monit for everything else on my system too. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
On Wed, Dec 10, 2008 at 4:32 PM, Kai Schaetzl <[EMAIL PROTECTED]> wrote: > > It's simpler for non-experts to change the postfix configuration than to > change the sendmail configuration. So, why shouldn't he not suggest it? > According to my reading of this, you're asking, "Why should he suggest it?" Is this not the opposite of what you meant? (Rhetorical - I think we understood you anyway :-) mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
On Thu, Dec 11, 2008, Spiro Harvey wrote: >> >> define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl >> >> MASQUERADE_AS(carolina.rr.com)dnl >> Or switch to postfix. I plunked "relayhost = >> smtp-server.roadrunner.com" into main.cf & away it went. > >why change software just because one configuration line is different? I've spent almost 20 years avoiding sendmail :-). Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Taking the State wherever found, striking into its history at any point, one sees no way to differentiate the activities of its founders, administrators, and beneficiaries from those of a professional-criminal class. -- Albert Jay Nock, Our Enemy, The State ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs slow?
On Wed, Dec 10, 2008, nate wrote: >John Kordash wrote: >>> 2.) Use TCP, UDP Transmits are often slow these days. (mount >>> option tcp) >> >> Hmm, care to share any references for this? I'd be reaching for NFS over >> TCP in a long-haul type environment, but would run it over UDP otherwise. > >At least in my case, both of the vendors I am using for high >performance NFS (BlueArc, and Exanet) have tcp as a best >practice. Exanet actually runs on top of CentOS 4.4 though >does not use the linux NFS stack. We started using tcp with nfs about five years ago, largely to cure a problem where a system running SuSE 9.0 Pro with multiple IP addresses on the NIC was responding to NFS UDP packets from one of the aliased IP addresses, not the primary. This caused NFS mounts by OS X clients to fail as they expected to get the UDP packets back from the same IP to which they sent. Using tcp naturally fixed this, and I never got around to figuring out why the replies were coming from the aliases IP address. We use NFS mounted home Maildir directories on a system with about 10,000 e-mail accounts, and a cluster of 4 machines handling incoming e-mail, with most of the postfix configuration files NFS mounted as well. These handle about 100,000 incoming messages a day without problems (a fair number of which are dropped without delivery after checking with spamassassin). There are about 182,000 IMAP/POP3 daily logins to check mail. Load averages are fairly low on all the systems, and the incoming mail queues rarely get over five messages with most of the delivery time being spamassassin checking using a central bayesian database. The central server that has all the home directories generally runs with a load average around 0.50 (a 4-year old SLES 9.2 system with a single Intel(R) Pentium(R) 4 CPU 3.00GHz, 2GB RAM with 7,200 RPM Seagate Barracuda SATA drives, hardly a high performance machine compared to what we're building today. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 There are three kinds of men. The ones that learn by reading. The few who learn by observation. The rest of them have to pee on the electric fence for themselves. -- Will Rogers ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Watchdog process?
Amos Shapira wrote:
> Is there a generic built-in way on CentOS to overlook that a specific
> process is alive and re-spawn it (or just run a configured command)
> when it dies?
Monit
works well for me in a very diverse set of jobs and roles.
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, [EMAIL PROTECTED]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Watchdog process?
Hello, Is there a generic built-in way on CentOS to overlook that a specific process is alive and re-spawn it (or just run a configured command) when it dies? I know how to script things so a parent will watch its child, but was wondering whether there is something more readily available instead of having to reinvent the wheel. The process must be controlled via a /etc/init.d/... script and should be stop-able (it runs in a primary/stand-by configuration), so use of "respawn" in inittab is not a solution. So far googl'ing for "watchdog" comes up with references about system watchdog - which will reboot the system if the kernel appears to be stuck. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Miredo 1.1.5
Karanbir Singh wrote: > Louis Lagendijk wrote: > > we dont use %rhel or %el5 in CentOS. You really want a %centos_ver in > there with either a 3 4 or 5 > > and yea, the %dist with ..el > > in the CentOS buildsystem the %dist gets set automatically. And since > the distro uses .el5 and .centos.el5 etc, you should not normally be > using that. You are better off adding a bit about your own tag. Eg: > Robert Moskowitz might use %dist .robm.el5 I ended up using .el5.rgm That made it like what I see with .el5.rf and .el5.kb! Now I have to figure out what happened on the F10 system that DID put fc10 (without me doing anything) in so I can make it .fc10.rgm... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
> It's simpler for non-experts to change the postfix configuration than > to change the sendmail configuration. So, why shouldn't he not > suggest it? because it's stupid, lazy advice. 1: it's easy for non-experts to edit the sendmail configuration too... as long as they're editing the mc file, not the cf. 2: changing software doesn't help solve the problem. 3: what if he has a bunch of milters or related programs that rely on sendmail? are they all available for postfix? what needs to be changed to match his current environment? have you thought about that? has anyone asked James that before recommending he changes his software? -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
on 12-10-2008 4:32 PM Kai Schaetzl spake the following: > Spiro Harvey wrote on Thu, 11 Dec 2008 11:33:24 +1300: > >> Let me do the math: zero, multiplied by zero, carry the zero... > > It's simpler for non-experts to change the postfix configuration than to > change the sendmail configuration. So, why shouldn't he not suggest it? > > Kai > But not simple for a non-expert to completely change MTA's, and learn new from scratch. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Miredo 1.1.5
Louis Lagendijk wrote:
we dont use %rhel or %el5 in CentOS. You really want a %centos_ver in
there with either a 3 4 or 5
and yea, the %dist with ..el
in the CentOS buildsystem the %dist gets set automatically. And since
the distro uses .el5 and .centos.el5 etc, you should not normally be
using that. You are better off adding a bit about your own tag. Eg:
Robert Moskowitz might use %dist .robm.el5
- KB
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, [EMAIL PROTECTED]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
Spiro Harvey wrote on Thu, 11 Dec 2008 11:33:24 +1300: > Let me do the math: zero, multiplied by zero, carry the zero... It's simpler for non-experts to change the postfix configuration than to change the sendmail configuration. So, why shouldn't he not suggest it? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] network driver needed at install time
Jerry Geis wrote: > I am wanting to use a motherboard that uses the 8111b reaktek chip. > http://wiki.centos.org/AdditionalResources/HardwareList/RealTekRTL8111b > This was great information. > > My question is now that I have a compiled module for centos 5.2 > is there any way I can include that module in a DVD or load the module > from USB > at the installation time??? > > I use kickstart and that needs to work over the network. > > Is there an easy way to load a network driver at install from USB or > something like that? > > Jerry > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > Hi, You will need to create a custom initrd that contains the updated modules that you want to use. Unfortunately it was some time ago since I had to do this so I cant give you clear instructions on how to go about doing this but there is lots of documentation on the web. The key thing you will need to remember is that you need to build the module for the same version of the kernel as used by the installer. Good Luck :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
> > why change software just because one configuration line is > > different? > Main point was the RR relay host works. So your solution is to change software? Wouldn't it be smarter to figure out what the problem actually is? Because as you say, the RR host doesn't appear to be the problem. So if he changed software, what are the chances that his problem will still exist? Pretty high I imagine. Even if it turns out the RR host *is* the problem, what would he achieve in changing software? Let me do the math: zero, multiplied by zero, carry the zero... -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs slow?
John Kordash wrote: >> 2.) Use TCP, UDP Transmits are often slow these days. (mount >> option tcp) > > Hmm, care to share any references for this? I'd be reaching for NFS over > TCP in a long-haul type environment, but would run it over UDP otherwise. At least in my case, both of the vendors I am using for high performance NFS (BlueArc, and Exanet) have tcp as a best practice. Exanet actually runs on top of CentOS 4.4 though does not use the linux NFS stack. These are the options I use for Exanet: rw,bg,hard,intr,tcp,nfsvers=3,timeo=2,retrans=10,rsize=32768,wsize=32768 These are the options I use for BlueArc: rw,bg,hard,intr,proto=tcp,nfsvers=3,timeo=600,rsize=32768,wsize=32768 Exanet is an active-active cluster, the BlueArcs are not configured in any sort of cluster. Planning on retiring the BlueArcs very soon as they are about to be end of life. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Miredo 1.1.5
On Wed, 2008-12-10 at 13:33 -0500, Robert Moskowitz wrote: > I found a src.rpm for 1.1.5-1 for fc8 (not rh8!). I was able to rebuild > it on my Centos build system. > > The rpms are identified as 1.1.5-1.i386.rpm, no el5 or other > identification was placed in the files. I don't see how to control this > when you rebuild from an existing src.rpm. Interestingly the fc8 > designation was lost. > > I also rebuild it on my fc10 system. It worked, and the rpms have fc10 > in their names. > > Don't know how well they will work. I will be trying them over the next > couple weeks. If anyone wants a copy, let me know > If you want the el5 in the name, a file /etc/rpm/macros.dist with the following content: > # dist macros. %rhel 5 %dist .el5 %el51 Louis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
Spiro Harvey wrote: > > why change software just because one configuration line is different? > Main point was the RR relay host works. -- tkb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Iptables Question
>Makes sense to me. Yea, I just don't know technically speaking where the -m mac should appear, in the POSTROUTING line, or the first FORWARD line. Ultimately I would only masq'ing to be done for this one device on port 443. >Is the host that you are wanting to bypass your proxy on the same segment as >the $LAN interface defined in your rulesets? It is, how comes? I could filter by ip instead of mac but this is easier and although a non issue really, more secure. Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Iptables Question
Makes sense to me. Is the host that you are wanting to bypass your proxy on the same segment as the $LAN interface defined in your rulesets? On Wed, Dec 10, 2008 at 1:22 PM, Joseph L. Casale <[EMAIL PROTECTED] > wrote: > I have a squid proxy running transparently, so in my firewall script > I run the following fairly early: > > iptables -A PREROUTING -t nat -i $LAN -p tcp -m multiport --dports 80,443 > -j REDIRECT --to-port 3128 > > This is a multihomed server so after this change the masquerading was > removed (as only web access on the lan side of this server was needed). > > I now need to masq cleanly one device so that it can bypass the squid > proxy. As order is important, would it be correct to put the following > _in front_ of the PREROUTING command above: > > iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE > iptables -A FORWARD -i $LAN -o $WAN -m mac --mac-source -m state > --state NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 443 -j ACCEPT > iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j > ACCEPT > > Where is the best place to filter for the mac in this scenario? I am hoping > anything w/o this mac will skip the whole masq setup and enter the > PREROUTING > command below, resulting in the traffic being proxied through squid. > > Thanks! > jlc > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Thx Joshua Gimer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs slow?
On Wed, Dec 10, 2008 at 12:06 PM, Davide Cittaro <[EMAIL PROTECTED]> wrote: > Thanks to all, I will double check either nfs server and client > options... > > d What is the kernel version of your CentOS? Some earlier version is known to have an issue with NFS (client). For example: http://bugs.centos.org/view.php?id=2635 Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
James Pifer wrote: > I've tried adding these lines to my sendmailmc and rebuilding it, but > then nothing routes, not even local. > > define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl > MASQUERADE_AS(carolina.rr.com)dnl > FEATURE(`allmasquerade')dnl > FEATURE(`masquerade_envelope')dnl > why are you using MASQUERADE_AS ?!? you should be able to do this with just the SMART_HOST line. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is 4GB memory the 64bit switch tipping point?
MHR wrote: > > I think you meant nspluginwrapper - ndiswrapper is for Window$ drivers > to run in Linux. d'oh! brain segfault :) -- Florin Andrei http://florin.myip.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
> >> define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl > >> MASQUERADE_AS(carolina.rr.com)dnl > Or switch to postfix. I plunked "relayhost = > smtp-server.roadrunner.com" into main.cf & away it went. why change software just because one configuration line is different? -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Iptables Question
I have a squid proxy running transparently, so in my firewall script I run the following fairly early: iptables -A PREROUTING -t nat -i $LAN -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 3128 This is a multihomed server so after this change the masquerading was removed (as only web access on the lan side of this server was needed). I now need to masq cleanly one device so that it can bypass the squid proxy. As order is important, would it be correct to put the following _in front_ of the PREROUTING command above: iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE iptables -A FORWARD -i $LAN -o $WAN -m mac --mac-source -m state --state NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 443 -j ACCEPT iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT Where is the best place to filter for the mac in this scenario? I am hoping anything w/o this mac will skip the whole masq setup and enter the PREROUTING command below, resulting in the traffic being proxied through squid. Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs slow?
Am Mittwoch, den 10.12.2008, 15:01 -0500 schrieb John Kordash:
> > 2.) Use TCP, UDP Transmits are often slow these days. (mount
> > option tcp)
>
One Key Fact for UDP being much faster then TCP was
a.) The Lack of performant Hardware
(CPU Time was expensive and should not be shared for IO/Interrupts)
b.) The Lack of a performant Networkhardware
(Modern Hardware does offload TCP Flow to the Adapter, uses Jumbo uses
Jumbo Frames and so on, so the main argument for generating the TCP
Overhead is gone.)
Nowadays you most often have Gigabit Ethernet Cards and can use Jumbo
Frames with TCP. This often results in higher throughput rates.
On a High Performance Maschine NFS over TCP has the ability to have
somethling like Flow Control which helps when the Server is 1Gbit+ and
the Client only 100Mbit :) Or the other side around.
For us Jumboframes and TCP was the way to go.
> Hmm, care to share any references for this?
> I'd be reaching for NFS over TCP in a long-haul type environment,
> but would run it over UDP otherwise.
>
> -John
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
--
Stefan HeldVI has only 2 Modes:
obi unixkiste org The first one is for beeping all the time,
FreeNode: foo_bar the second destroys the text.
---
Fedora Ambassador: http://fedoraproject.org/wiki/StefanHeld
---
perl -e'map{print pack c,($|++?1:13)+ord,select$,,$,,$,,$|}split//,ESEL.$/'
---
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs slow?
Thanks to all, I will double check either nfs server and client options... d On Dec 10, 2008, at 9:01 PM, John Kordash wrote: >> 2.) Use TCP, UDP Transmits are often slow these days. (mount >> option tcp) > > Hmm, care to share any references for this? I'd be reaching for NFS > over TCP in a long-haul type environment, but would run it over UDP > otherwise. > > -John > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos Davide Cittaro [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
Scott Silva wrote: > on 12-10-2008 8:02 AM James Pifer spake the following: >> On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote: >>> Thanks to all. For now I've stopped it using iptables. I tried stopping >>> it at my router without success, yet another reason to replace it! I >>> will also report it to [EMAIL PROTECTED] >>> >> My issues have gotten worse. Apparently over the last few days my ip >> address has gotten blacklisted. No idea why. Even though I have a >> commercial class cable modem service, my ip is residential because it >> comes to my house. But I've been running my mail server for several >> years and never had an issue. >> >> I've tried adding these lines to my sendmailmc and rebuilding it, but >> then nothing routes, not even local. >> >> define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl >> MASQUERADE_AS(carolina.rr.com)dnl >> FEATURE(`allmasquerade')dnl >> FEATURE(`masquerade_envelope')dnl >> >> Now I'm using mailertable and that appears to be working. >> >> I'm not even sure this message with get to this list. Seems like I >> haven't received any centos list mail in a while. I have on my other >> lists though. >> >> Any help is appreciated. >> >> Thanks, >> James > I think all the masquerade options are causing your problems. Just set the > proper smarthost and restore the other options to what they were and then > test. > Or switch to postfix. I plunked "relayhost = smtp-server.roadrunner.com" into main.cf & away it went. -- tkb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs slow?
> 2.) Use TCP, UDP Transmits are often slow these days. (mount > option tcp) Hmm, care to share any references for this? I'd be reaching for NFS over TCP in a long-haul type environment, but would run it over UDP otherwise. -John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
on 12-10-2008 8:02 AM James Pifer spake the following: > On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote: >> Thanks to all. For now I've stopped it using iptables. I tried stopping >> it at my router without success, yet another reason to replace it! I >> will also report it to [EMAIL PROTECTED] >> > > My issues have gotten worse. Apparently over the last few days my ip > address has gotten blacklisted. No idea why. Even though I have a > commercial class cable modem service, my ip is residential because it > comes to my house. But I've been running my mail server for several > years and never had an issue. > > I've tried adding these lines to my sendmailmc and rebuilding it, but > then nothing routes, not even local. > > define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl > MASQUERADE_AS(carolina.rr.com)dnl > FEATURE(`allmasquerade')dnl > FEATURE(`masquerade_envelope')dnl > > Now I'm using mailertable and that appears to be working. > > I'm not even sure this message with get to this list. Seems like I > haven't received any centos list mail in a while. I have on my other > lists though. > > Any help is appreciated. > > Thanks, > James I think all the masquerade options are causing your problems. Just set the proper smarthost and restore the other options to what they were and then test. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] bind specific ip address to iscsi target
Hi all,
I have setup a centos5.2 server (full updated) to serve iscsi disks
using scsi-target-utils package. This server has two network adapters,
one for remote administration and another to serve iscsi disk. How can I
bind iscsi target service to only one ip address??
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs slow?
Am Mittwoch, den 10.12.2008, 20:07 +0100 schrieb Davide Cittaro:
> Hi all, I'm migrating from Gentoo to CentOS... I'm experiencing a
> rather low performance in NFS r/w (as client).
I am not the Linux Expert when it comes to the nfs implementation,
but you should try two things:
1.) Nail Linux to use nfs v3 (imho mount option nfsvers=3)
2.) Use TCP, UDP Transmits are often slow these days. (mount option tcp)
> NFS server is solaris (which exports zfs volumes via nfs). The very
> same exports were mounted with the same parameters (auto,nosuid,exec)
> on gentoo and centos server (bot x86_64)... It happens that centos is
> 5-10 times slower either in read and write operations... Ok, I'll try
> to tune rsize and wsize, but does anybody have an hint on this low
> performance?
>
Maybe gentoo uses v3 per default. We have made great improvements at our
site with these mount options.
--
Stefan HeldVI has only 2 Modes:
obi unixkiste org The first one is for beeping all the time,
FreeNode: foo_bar the second destroys the text.
---
Fedora Ambassador: http://fedoraproject.org/wiki/StefanHeld
---
perl -e'map{print pack c,($|++?1:13)+ord,select$,,$,,$,,$|}split//,ESEL.$/'
---
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs slow?
On Dec 10, 2008, at 8:14 PM, Russell Miller wrote: Have you tried these measurements against a native Linux NFS server? It might be a good data point to find out if this only happens against Solaris. Actually not, but I've tested other OS as client. Nothing compares to centos :-( I suspect there's something dealing with file permissions and owners... bah... However, it could be none of the above, and be degraded ZFS performance that the NFS protocol is exacerbating. Have you run network dumps? As far as other clients show better performances (close to network bandwidth limit) I guess Solaris is not the issue... Thanks d Davide Cittaro [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
James Pifer wrote on Wed, 10 Dec 2008 13:26:53 -0500: > Anyway, I tried setting up smarthost and was not able to get it to work, You should then contact their support. It got to work. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
On Wed, Dec 10, 2008 at 12:40 PM, Ned Slider <[EMAIL PROTECTED]> wrote: > Bill Campbell wrote: >> Your IP address, 70.62.90.185, is listed on zen.spamhaus.org, and >> you can probably go to their web site to see why it's listed. > It's listed on zen.spamhaus.org because it's in pbl.spamhaus.org which > is a policy blocklist: > > http://www.spamhaus.org/pbl/query/PBL238253 > > Time Warner Cable/Road Runner's policy is not to permit outbound email > for this IP address range. > > There is no indication your server has been compromised or abused, just > that Time Warner Cable/Road Runner have decided you shouldn't be running > a mail server on that IP address range. > > Sspamhaus.org is a hugely popular list so this is going to be a big > problem for you. Spamhaus for sure is hugely popular. My web hosting ISP (OLM in CT) started using it and I was having problems using SMTP, because the Dynamic IP's we were getting from our local ISP were frequently listed on Spamhaus. I gave up and began using Gmail. No problems sending email now. :-) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs slow?
On Wed, Dec 10, 2008 at 11:07 AM, Davide Cittaro <[EMAIL PROTECTED]> wrote: > Hi all, I'm migrating from Gentoo to CentOS... I'm experiencing a > rather low performance in NFS r/w (as client). > NFS server is solaris (which exports zfs volumes via nfs). The very > same exports were mounted with the same parameters (auto,nosuid,exec) > on gentoo and centos server (bot x86_64)... It happens that centos is > 5-10 times slower either in read and write operations... Ok, I'll try > to tune rsize and wsize, but does anybody have an hint on this low > performance? > We've seen similar results, but only to specific types of servers. For example, we have an Onstor/XIV system that is showing 90MB/S throughput, but an acopia switch in front of it showing much degraded throughput. Have you tried these measurements against a native Linux NFS server? It might be a good data point to find out if this only happens against Solaris. However, it could be none of the above, and be degraded ZFS performance that the NFS protocol is exacerbating. Have you run network dumps? --Russell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Miredo 1.1.5
Robert Moskowitz wrote:
> Ray Van Dolson wrote:
>
>> On Wed, Dec 10, 2008 at 01:33:39PM -0500, Robert Moskowitz wrote:
>>
>>
>>> I found a src.rpm for 1.1.5-1 for fc8 (not rh8!). I was able to rebuild
>>> it on my Centos build system.
>>>
>>> The rpms are identified as 1.1.5-1.i386.rpm, no el5 or other
>>> identification was placed in the files. I don't see how to control this
>>> when you rebuild from an existing src.rpm. Interestingly the fc8
>>> designation was lost.
>>>
>>> I also rebuild it on my fc10 system. It worked, and the rpms have fc10
>>> in their names.
>>>
>>> Don't know how well they will work. I will be trying them over the next
>>> couple weeks. If anyone wants a copy, let me know
>>>
>>>
>>>
>> Look inside the .spec file. The Release line should contain a dist tag
>> as follows:
>>
>> Release:1%{?dist}
>>
>> The "1" will vary of course.
>>
>> Then, when you build, just define the dist flag to be what you like:
>>
>> % rpmbuild --define 'dist .el5' .spec
>>
>
> OK. I am almost getting it.
>
> I did a: rpmbuild --rebuild miredo.1.1.5-1.fc8.src.rpm
>
> In otherwords, I did not even bother to open up the src rpm. I hope that
> won't cause too much of an issue with what was built on Centos!
>
> So do I then do:
>
>
> rpmbuild --define 'dist .el5' --rebuild miredo.1.1.5-1.fc8.src.rpm
So I tried it and it works. At least it built the rpms with the .el5
string included (actually I used .el5.rgm so I would know it is mine).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adding RAM
On Wed, Dec 10, 2008 at 8:11 AM, Matt <[EMAIL PROTECTED]> wrote: > > echo 'deadline' > /sys/block/sda/queue/scheduler > -bash: /sys/block/sda/queue/scheduler: No such file or directory > > ls -l /sys/block/sda/queue/ > total 0 > drwxr-xr-x 2 root root0 Dec 8 17:45 iosched > -r--r--r-- 1 root root 4096 Dec 10 10:10 max_hw_sectors_kb > -rw-r--r-- 1 root root 4096 Dec 10 10:10 max_sectors_kb > -rw-r--r-- 1 root root 4096 Dec 10 10:10 nr_requests > -rw-r--r-- 1 root root 4096 Dec 10 10:10 read_ahead_kb > > No go. > What is in /sys/block/sda/queue/iosched? Or you could do a find /sys/block -name scheduler to see if the file exists at all. Don't give up so soon. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] nfs slow?
Hi all, I'm migrating from Gentoo to CentOS... I'm experiencing a rather low performance in NFS r/w (as client). NFS server is solaris (which exports zfs volumes via nfs). The very same exports were mounted with the same parameters (auto,nosuid,exec) on gentoo and centos server (bot x86_64)... It happens that centos is 5-10 times slower either in read and write operations... Ok, I'll try to tune rsize and wsize, but does anybody have an hint on this low performance? Thanks d Davide Cittaro [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adding RAM
On Wed, Dec 10, 2008 at 9:25 AM, John <[EMAIL PROTECTED]> wrote: > > Like this: > > kernel /vmlinuz-2.6.9-78.0.8.ELsmp ro root=/dev/VolGroup00/LogVol00 > elevater=deadline > The above should be all on one line. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Miredo 1.1.5
Ray Van Dolson wrote:
> On Wed, Dec 10, 2008 at 01:33:39PM -0500, Robert Moskowitz wrote:
>
>> I found a src.rpm for 1.1.5-1 for fc8 (not rh8!). I was able to rebuild
>> it on my Centos build system.
>>
>> The rpms are identified as 1.1.5-1.i386.rpm, no el5 or other
>> identification was placed in the files. I don't see how to control this
>> when you rebuild from an existing src.rpm. Interestingly the fc8
>> designation was lost.
>>
>> I also rebuild it on my fc10 system. It worked, and the rpms have fc10
>> in their names.
>>
>> Don't know how well they will work. I will be trying them over the next
>> couple weeks. If anyone wants a copy, let me know
>>
>>
>
> Look inside the .spec file. The Release line should contain a dist tag
> as follows:
>
> Release:1%{?dist}
>
> The "1" will vary of course.
>
> Then, when you build, just define the dist flag to be what you like:
>
> % rpmbuild --define 'dist .el5' .spec
OK. I am almost getting it.
I did a: rpmbuild --rebuild miredo.1.1.5-1.fc8.src.rpm
In otherwords, I did not even bother to open up the src rpm. I hope that
won't cause too much of an issue with what was built on Centos!
So do I then do:
rpmbuild --define 'dist .el5' --rebuild miredo.1.1.5-1.fc8.src.rpm
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fedora 9 domU on CentOS 5.2 dom0 - very unstable?
Am Mittwoch, den 10.12.2008, 08:49 +0100 schrieb Dirk H. Schulz:
> I am running a Fedora 9 domU on CentOS 5.2 dom0, and it is quite
> unreliable. Every few days I have the following phenomenon:
So do i.
But for me, everything works like a charm.
[EMAIL PROTECTED] ~]# uname -a
Linux xen.unixkiste.org 2.6.18-92.1.13.el5xen
Fedora release 9 (Sulphur)
Kernel 2.6.25.3-2.fc9.i686.xen on an i686 (/dev/hvc0)
Yes, i should reboot to a newer kernel. :)
--
Stefan HeldVI has only 2 Modes:
obi unixkiste org The first one is for beeping all the time,
FreeNode: foo_bar the second destroys the text.
---
Fedora Ambassador: http://fedoraproject.org/wiki/StefanHeld
---
perl -e'map{print pack c,($|++?1:13)+ord,select$,,$,,$,,$|}split//,ESEL.$/'
---
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
on 12-10-2008 9:16 AM Bill Campbell spake the following: > On Wed, Dec 10, 2008, James Pifer wrote: >> On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote: >>> Thanks to all. For now I've stopped it using iptables. I tried stopping >>> it at my router without success, yet another reason to replace it! I >>> will also report it to [EMAIL PROTECTED] >>> >> My issues have gotten worse. Apparently over the last few days my ip >> address has gotten blacklisted. No idea why. Even though I have a >> commercial class cable modem service, my ip is residential because it >> comes to my house. But I've been running my mail server for several >> years and never had an issue. > > Your IP address, 70.62.90.185, is listed on zen.spamhaus.org, and > you can probably go to their web site to see why it's listed. This address is on the PBL because Time Warner says it shouldn't be sending e-mail. He will have to use roadrunners smarthost, and see if they allow it. If they consider it a residential account, their AUP probably bans running any servers anyway, so he will have to deal with them. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Miredo 1.1.5
On Wed, Dec 10, 2008 at 01:33:39PM -0500, Robert Moskowitz wrote:
> I found a src.rpm for 1.1.5-1 for fc8 (not rh8!). I was able to rebuild
> it on my Centos build system.
>
> The rpms are identified as 1.1.5-1.i386.rpm, no el5 or other
> identification was placed in the files. I don't see how to control this
> when you rebuild from an existing src.rpm. Interestingly the fc8
> designation was lost.
>
> I also rebuild it on my fc10 system. It worked, and the rpms have fc10
> in their names.
>
> Don't know how well they will work. I will be trying them over the next
> couple weeks. If anyone wants a copy, let me know
>
Look inside the .spec file. The Release line should contain a dist tag
as follows:
Release:1%{?dist}
The "1" will vary of course.
Then, when you build, just define the dist flag to be what you like:
% rpmbuild --define 'dist .el5' .spec
Ray
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Miredo 1.1.5
I found a src.rpm for 1.1.5-1 for fc8 (not rh8!). I was able to rebuild it on my Centos build system. The rpms are identified as 1.1.5-1.i386.rpm, no el5 or other identification was placed in the files. I don't see how to control this when you rebuild from an existing src.rpm. Interestingly the fc8 designation was lost. I also rebuild it on my fc10 system. It worked, and the rpms have fc10 in their names. Don't know how well they will work. I will be trying them over the next couple weeks. If anyone wants a copy, let me know ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
Bill Campbell wrote on Wed, 10 Dec 2008 09:16:58 -0800: > Your IP address, 70.62.90.185, is listed on zen.spamhaus.org, and > you can probably go to their web site to see why it's listed. Well, it's not his fault: http://www.spamhaus.org/pbl/query/PBL238253 Roadrunner is not meant for mailservers. I have been blocking them already for years. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
> so, using a roadrunner mail server as a "smarthost" is the only viable > choice > I looked at it too. On PBL. So it's possible that Time Warner just recently updated the list or something? Anyway, I tried setting up smarthost and was not able to get it to work, but I was successful setting up mailertable for .com, .net, and .org so these are being relayed through time warner's mail server. That should cover most of it. I'm watching my maillog today and I don't see anything out of the ordinary. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cannot mount samba shares
On Wed, 2008-12-10 at 19:16 +0100, Ralph Angenendt wrote: > Ralph Angenendt wrote: > > Hmmm. I haven't tried if "force user" breaks in the same way. > > Wow, that doesn't break. Let me see if I can live with the consequences. > //ethans27/SAN1 /mnt/SAN1 cifs user,uid=500,rw,suid,username=nobody,password=nobody 0 0 Ok uid, username, password, really does not get used. It is by passes with the forcing of the users and groups. Mainly it's for detail. But I promise I spent two days on trying to get this working right and this is the only way it would work and integrate with Windows also. The solution I was given by a long time Unix admin was use NFS and forget it but I could not do that. Also in your linux client try the fstab entry with the correct user setting you need and uid and password. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cannot mount samba shares
Ralph Angenendt wrote: > Hmmm. I haven't tried if "force user" breaks in the same way. Wow, that doesn't break. Let me see if I can live with the consequences. Cheers, Ralph pgpLsk2xE2UfD.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cannot mount samba shares
John wrote: > No offense but LOL same problem I had with Linux clients. Here is what I did; > The only way I got this to work is add the mount entry to fstab.. auto-mount > would not work right it would end up hanging the Linux client. > //ethans27/SAN1 /mnt/SAN1 cifs > user,uid=500,rw,suid,username=nobody,password=nobody 0 0 Obviously (?) I don't really want to give the nobody account a password (or even enable it). This was not my design decision. > BTW I'm forcing the use of a specific user in my smb.conf file. I see > you have force group but you may have to include the force users=. > One irritating thing I come to find out is the directoru perms have to > coexist with whats in your smb.conf. Hmmm. I haven't tried if "force user" breaks in the same way. Ralph pgpvoLv9w8HBa.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
On Wed, Dec 10, 2008, John R Pierce wrote: >Ned Slider wrote: >> Bill Campbell wrote: >> >>> Your IP address, 70.62.90.185, is listed on zen.spamhaus.org, and >>> you can probably go to their web site to see why it's listed. >>> >> >> It's listed on zen.spamhaus.org because it's in pbl.spamhaus.org which >> is a policy blocklist: >> >> http://www.spamhaus.org/pbl/query/PBL238253 >> >> Time Warner Cable/Road Runner's policy is not to permit outbound email >> for this IP address range. > >so, using a roadrunner mail server as a "smarthost" is the only viable >choice Or some other server where they are willing to whitelist that address. We do this for several of our customers who are on networks that have delivery problems of one kind or another, usually on a port other that 25 to get around outgoing blocks or automatic redirection to a broadband provider's server. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Currencies do not float, they sink at different rates. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
Ned Slider wrote: > Bill Campbell wrote: > >> Your IP address, 70.62.90.185, is listed on zen.spamhaus.org, and >> you can probably go to their web site to see why it's listed. >> > > It's listed on zen.spamhaus.org because it's in pbl.spamhaus.org which > is a policy blocklist: > > http://www.spamhaus.org/pbl/query/PBL238253 > > Time Warner Cable/Road Runner's policy is not to permit outbound email > for this IP address range. > so, using a roadrunner mail server as a "smarthost" is the only viable choice ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
Bill Campbell wrote: > On Wed, Dec 10, 2008, James Pifer wrote: >> My issues have gotten worse. Apparently over the last few days my ip >> address has gotten blacklisted. No idea why. Even though I have a >> commercial class cable modem service, my ip is residential because it >> comes to my house. But I've been running my mail server for several >> years and never had an issue. > > Your IP address, 70.62.90.185, is listed on zen.spamhaus.org, and > you can probably go to their web site to see why it's listed. > It's listed on zen.spamhaus.org because it's in pbl.spamhaus.org which is a policy blocklist: http://www.spamhaus.org/pbl/query/PBL238253 Time Warner Cable/Road Runner's policy is not to permit outbound email for this IP address range. There is no indication your server has been compromised or abused, just that Time Warner Cable/Road Runner have decided you shouldn't be running a mail server on that IP address range. Sspamhaus.org is a hugely popular list so this is going to be a big problem for you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
> I have see quite a few cases where spam is sent from webmail > accounts (mostly squirrelmail) by crackers who get access via > weak passwords found by imap/pop probes as you described. > > It's been my experience in the 15 years we have been doing > support for regional ISPs that well over 50% of their user's > passwords are easily cracked, and that getting the users to use > good passwords is difficult to say the least. Seen that too. Spammers must send out millions of messages to make any money. One good solution is ratelimiting at the MTA. Exim allows you to setup limits on the number of recipients a given IP can send messages to in a given time period. Squirrelmail has a plugin that does the same. That way if they break in to an account but can only send a few hundred messages a day its not worth there time. Less likely to get the server blacklisted as well. Its also good to configure Squirrelmail not to allow them to alter the return email address on the Squirrelmail account. Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adding RAM
On Wed, 2008-12-10 at 10:56 -0600, Matt wrote: > > Yes follow up to previous mail. That would be correct for those two. My > > opinions do not change however, I just saw the mail where it did not > > work because he has V4.x and needs to use grub.conf. > > In grub.conf I have this: > > --- > #boot=/dev/sda > default=0 > timeout=5 > splashimage=(hd0,0)/grub/splash.xpm.gz > hiddenmenu > title CentOS (2.6.9-78.0.8.ELsmp) > root (hd0,0) > kernel /vmlinuz-2.6.9-78.0.8.ELsmp ro root=/dev/VolGroup00/LogVol00 > initrd /initrd-2.6.9-78.0.8.ELsmp.img > title CentOS (2.6.9-78.0.8.EL) > root (hd0,0) > kernel /vmlinuz-2.6.9-78.0.8.EL ro root=/dev/VolGroup00/LogVol00 > initrd /initrd-2.6.9-78.0.8.EL.img > --- > > I just add elevator=deadline above default or something? Like this: kernel /vmlinuz-2.6.9-78.0.8.ELsmp ro root=/dev/VolGroup00/LogVol00 elevater=deadline And this change will be for System Wide. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cannot mount samba shares
On Wed, 2008-12-10 at 17:50 +0100, Ralph Angenendt wrote: > Hi, > > quick(?) question: Has anybody seen that problem below? More important > question: Did anybody solve that? > > This is my smb.conf (well, only the most important parts): > > [global] > workgroup = FOOBAR > server string = My Server > map to guest = Bad User > preferred master = No > local master = No > domain master = No > dns proxy = No > > [on3] > comment = Audio-Video-Imports > path = /local/mir/import/on3 > force group = users > read only = No > create mask = 0664 > directory mask = 0775 > guest ok = Yes > > The path has: > > drwxrwxr-x 3 mir users 4096 10. Dez 16:35 /local/mir/import/on3/ > > Meaning: group users and user mir are allowed to write in there. Works > fine from windows clients. Guest user gets mapped to "nobody". > > Doesn't work from linux: > > [EMAIL PROTECTED] ~]# mount -t cifs -o user=nobody,guest //mir-qs/on3 > /mnt/tmp/ > mount error 13 = Permission denied > Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) > > [EMAIL PROTECTED]:~# uname -a ; rpm -q samba > Linux mir-qs.br.de 2.6.9-78.0.8.ELsmp #1 SMP Wed Nov 19 20:05:04 EST > 2008 i686 i686 i386 GNU/Linux > samba-3.0.28-0.el4.9.i386 > > Machine is up to date. > > Error message on the server is > > make_connection: connection to on3 denied due to security descriptor. > > Googling around led me to the belief that someone fooled around with > srvmgr.exe from a windows machine and that I should remove > /var/cache/samba/share_info.tdb and restart samba. Which doesn't work. > > Now if I take out the "force group = users" everything works as > expected. Except that I cannot write in this share - nobody isn't in the > group users. > > I don't want to add nobody to the group users, nor can I go and change > anything on that server regarding users and groups in the file system. > > Ah yes, smbclient works fine, but I really do not want to use that > either. No offense but LOL same problem I had with Linux clients. Here is what I did; The only way I got this to work is add the mount entry to fstab.. auto-mount would not work right it would end up hanging the Linux client. //ethans27/SAN1 /mnt/SAN1 cifs user,uid=500,rw,suid,username=nobody,password=nobody 0 0 BTW I'm forcing the use of a specific user in my smb.conf file. I see you have force group but you may have to include the force users=. One irritating thing I come to find out is the directoru perms have to coexist with whats in your smb.conf. [EMAIL PROTECTED] ~]# rpm -q samba samba-3.0.28-1.el5_2.1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
On Wed, Dec 10, 2008, James Pifer wrote: >On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote: >> Thanks to all. For now I've stopped it using iptables. I tried stopping >> it at my router without success, yet another reason to replace it! I >> will also report it to [EMAIL PROTECTED] >> > >My issues have gotten worse. Apparently over the last few days my ip >address has gotten blacklisted. No idea why. Even though I have a >commercial class cable modem service, my ip is residential because it >comes to my house. But I've been running my mail server for several >years and never had an issue. Your IP address, 70.62.90.185, is listed on zen.spamhaus.org, and you can probably go to their web site to see why it's listed. I have see quite a few cases where spam is sent from webmail accounts (mostly squirrelmail) by crackers who get access via weak passwords found by imap/pop probes as you described. It's been my experience in the 15 years we have been doing support for regional ISPs that well over 50% of their user's passwords are easily cracked, and that getting the users to use good passwords is difficult to say the least. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Never blame a legislative body for not doing something. When they do nothing, that don't hurt anybody. When they do something is when they become dangerous. -- Will Rogers ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
On Wed, 10 Dec 2008 12:02:22 -0500 John Hinton wrote: > If you are being blacklisted, email is almost certainly coming out of > your server which contains spam. Depending on the lists, it could be > spewing a lot. Not necessarily. I had one helluva time getting my mailserver off of the SORBS dynamic IP blacklist. Regardless of the fact that it is and has always been on a static IP address and it returns the word "static" in a reverse lookup, and it's always lived in a static netblock issued by my ISP, it took me well over a year of dealing with everyone under the sun (except for the SORBS people themselves, who appear to be impossible to contact and ignore all help and support requests sent though their website) to get off of that list. So SORBS, at least, is a problem and I've lost faith in their blacklist to help me sort spam from legitimate email. On the other hand, if the OP's blacklisting has just now started and it wasn't that way before, then I agree that he likely does have a local problem. -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com DRY CLEANER BUSINESS FOR SALE ~ http://www.canadadrycleanerforsale.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Figured it out - Re: What is Judy?
Robert Moskowitz wrote: > Mark Belanger wrote: > >> Robert Moskowitz wrote: >> >> >>> I am trying to build Miredo 1.1.5 >>> (http://www.remlab.net/miredo/devel.shtml.en) >>> >>> I have followed the rpmbuild instructions from: >>> http://www.owlriver.com/tips/non-root/, and have the miredo source in >>> ~/build/miredo-1.1.5. >>> >>> I run ./configure (as the INSTALL text file tells me to do) and get the >>> error: >>> >>> checking for Judy.h usablity... no >>> checking for Judy.h presence... no >>> checking for Judy.h... no >>> configure: WARING: If you don't care about scalability, re-run configure >>> with ' --without-Judy'. >>> configure: error: Required Judy dynamic arrays library missing. >>> >>> >> Is it this? >> http://judy.sourceforge.net/ >> > > That looks like it, and if your Miredo relay had to support lots of > clients, I can see where this would be critical. > > For my own test use, I don't need it. But if I am going to build this > for eventual larger usage, I had better get with the program. Thing is > it looks like just a c library. After I download it, where do I put it? Well I bit, and downloaded it. Turned out to be rather straightforward to install. So onwards! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] network driver needed at install time
I am wanting to use a motherboard that uses the 8111b reaktek chip. http://wiki.centos.org/AdditionalResources/HardwareList/RealTekRTL8111b This was great information. My question is now that I have a compiled module for centos 5.2 is there any way I can include that module in a DVD or load the module from USB at the installation time??? I use kickstart and that needs to work over the network. Is there an easy way to load a network driver at install from USB or something like that? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adding RAM
> Yes follow up to previous mail. That would be correct for those two. My > opinions do not change however, I just saw the mail where it did not > work because he has V4.x and needs to use grub.conf. In grub.conf I have this: --- #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.9-78.0.8.ELsmp) root (hd0,0) kernel /vmlinuz-2.6.9-78.0.8.ELsmp ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.9-78.0.8.ELsmp.img title CentOS (2.6.9-78.0.8.EL) root (hd0,0) kernel /vmlinuz-2.6.9-78.0.8.EL ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.9-78.0.8.EL.img --- I just add elevator=deadline above default or something? Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
James Pifer wrote: > On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote: > >> Thanks to all. For now I've stopped it using iptables. I tried stopping >> it at my router without success, yet another reason to replace it! I >> will also report it to [EMAIL PROTECTED] >> >> > > My issues have gotten worse. Apparently over the last few days my ip > address has gotten blacklisted. No idea why. Even though I have a > commercial class cable modem service, my ip is residential because it > comes to my house. But I've been running my mail server for several > years and never had an issue. > > I've tried adding these lines to my sendmailmc and rebuilding it, but > then nothing routes, not even local. > > define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl > MASQUERADE_AS(carolina.rr.com)dnl > FEATURE(`allmasquerade')dnl > FEATURE(`masquerade_envelope')dnl > > Now I'm using mailertable and that appears to be working. > > I'm not even sure this message with get to this list. Seems like I > haven't received any centos list mail in a while. I have on my other > lists though. > > Any help is appreciated. > > Thanks, > James > James, Are you using bounce instead of reject anywhere on the system? If so, they can bounce their spam to anyone off of your server... also a common tactic. Also, things like mailforms on the server with autoresponders can also be a source of abuse. If they autorespond with the message input included, it's just a matter of using the email address you want to spam in that form. If the form doesn't have some good checks and balances, like Captcha, it's wide open for abuse by bots. Even captcha needs to be tough as they are using OCR to bust through easy to read captcha images. If you are being blacklisted, email is almost certainly coming out of your server which contains spam. Depending on the lists, it could be spewing a lot. You may wish to have postmaster and abuse addresses open on that system and actually look at them... These are RFCs that should be followed anyway... as to whether or not you read them.. But I do watch the postmaster email for 'quantity changes'. If it rises suddenly, somebody is playing. Good luck, John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 driver for Marvell Yukon 88E8042 PCI-E Fast Ethernet controller (SOLVED)
On Wed, Dec 10, 2008 at 8:28 AM, Stephen Harris <[EMAIL PROTECTED]> wrote: > On Wed, Dec 10, 2008 at 08:12:01AM -0800, Akemi Yagi wrote: > >> >> http://centos.toracat.org/ajb/sk98lin/ > >> Yes, Alan wanted to reach as many users as we can , so I helped a bit >> with spreading the words. I looked at my web log and was astonished >> by the number of visitors and downloads. > > Does this module work with CentOS 4.7? The binary RPM appears to put it into > a different tree > /lib/modules/2.6.18-92.el5 > /lib/modules/2.6.18-92.el5/extra > /lib/modules/2.6.18-92.el5/extra/sk98lin > /lib/modules/2.6.18-92.el5/extra/sk98lin/sk98lin.ko No, the binary is for CentOS-5 only. I mentioned this somewhere but if you did not see it, I apologize for not making it clear in this thread. Alan is now working on providing the CentOS-4 version of the same driver. Give him (us) a bit of time. I will make an announcement when it is finally ready. Alan, I think we need to create subdirectories like SRPMS, i386 and x86_64 on the server. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Cannot mount samba shares
Hi, quick(?) question: Has anybody seen that problem below? More important question: Did anybody solve that? This is my smb.conf (well, only the most important parts): [global] workgroup = FOOBAR server string = My Server map to guest = Bad User preferred master = No local master = No domain master = No dns proxy = No [on3] comment = Audio-Video-Imports path = /local/mir/import/on3 force group = users read only = No create mask = 0664 directory mask = 0775 guest ok = Yes The path has: drwxrwxr-x 3 mir users 4096 10. Dez 16:35 /local/mir/import/on3/ Meaning: group users and user mir are allowed to write in there. Works fine from windows clients. Guest user gets mapped to "nobody". Doesn't work from linux: [EMAIL PROTECTED] ~]# mount -t cifs -o user=nobody,guest //mir-qs/on3 /mnt/tmp/ mount error 13 = Permission denied Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) [EMAIL PROTECTED]:~# uname -a ; rpm -q samba Linux mir-qs.br.de 2.6.9-78.0.8.ELsmp #1 SMP Wed Nov 19 20:05:04 EST 2008 i686 i686 i386 GNU/Linux samba-3.0.28-0.el4.9.i386 Machine is up to date. Error message on the server is make_connection: connection to on3 denied due to security descriptor. Googling around led me to the belief that someone fooled around with srvmgr.exe from a windows machine and that I should remove /var/cache/samba/share_info.tdb and restart samba. Which doesn't work. Now if I take out the "force group = users" everything works as expected. Except that I cannot write in this share - nobody isn't in the group users. I don't want to add nobody to the group users, nor can I go and change anything on that server regarding users and groups in the file system. Ah yes, smbclient works fine, but I really do not want to use that either. Cheers, Ralph pgpegRAjBjbEj.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adding RAM
On Wed, 2008-12-10 at 17:02 +0100, Peter Kjellstrom wrote: > On Wednesday 10 December 2008, John wrote: > > On Tue, 2008-12-09 at 12:07 -0500, Ross Walker wrote: > > > On Dec 9, 2008, at 10:59 AM, Matt <[EMAIL PROTECTED]> wrote: > > > Setting scheduler is global in C4 it can be set as a kernel option > > > with a scheduler=deadline in grub. > > > >>> > > > >>> Is that an alias for "elevator=deadline" (which I know works)? > > > >> > > > >> No that was me forgetting the option name. > > > >> > > > >> Thanks Peter, it's elevator= not scheduler= > > > > > > > > Does this mean I need to add "elevator=deadline" to grub.conf? Is > > > > there a way to make the change without rebooting? > > > > > > I'm afraid not, so possibly a late night or weekend event with the > > > option for a mid day reboot to recover if things turn out badly. > > > > > > Virtualize things and you can minimize downtime with snapshots. > > > > [EMAIL PROTECTED] ~]# cat /sys/block/hda/queue/scheduler > > noop anticipatory deadline [cfq] > > The Schedular is CFQ and can be changed on the fly to whatever Block > > Device you want it. > ... > > [EMAIL PROTECTED] ~]# echo 'deadline' > /sys/block/hda/queue/scheduler > > [EMAIL PROTECTED] ~]# cat /sys/block/hda/queue/scheduler > > noop anticipatory [deadline] cfq -- Changed to Deadline. > > ...this is correct on CentOS-5. On CentOS-4 you need to do it via grub and a > reboot. Yes follow up to previous mail. That would be correct for those two. My opinions do not change however, I just saw the mail where it did not work because he has V4.x and needs to use grub.conf. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
Ned Slider wrote: > Chris Boyd wrote: > >> You can keep compromised accounts from logging in via ssh with the >> "AllowUsers" option in your /etc/ssh/sshd_config file. Add that >> option followed by a list of user names that you want to be able to >> log in, ex: >> >> # Only let Fred Guru and Joe Admin in, block anyone >> # else even if they have a valid password. >> AllowUsers fred joe >> >> And you should also set "PermitRootLogin no" while you are in >> sshd_config. >> >> Be sure to do a "service sshd restart" after you change the file, and >> do a test login _before_ you log out of your current session. Saves >> cursing and late night drives to remote servers in case sshd barfs >> somehow :-) >> >> --Chris >> >> > > Nice tip - AllowUsers added to the Wiki page on securing SSH: > > http://wiki.centos.org/HowTos/Network/SecuringSSH > > Thanks! > > Ned > > I don't have many clients that actually need or use ssh. I control it via hosts.allow and hosts.deny For instance. cat hosts.deny # # hosts.denyThis file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! sshd : ALL cat hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # sshd : 192.555.555. : allow sshd : 192.555.55.555 : allow sshd : localhost : allow Of course the IP addresses have been changed to protect the.. In hosts.allow, the first line is an example of opening sshd to any IP address in that class C The second line, an example to specific IP addresses and the third to localhost (and I don't remember why I needed to add that but it was an internal program) John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adding RAM
On Wed, 2008-12-10 at 17:02 +0100, Peter Kjellstrom wrote: > On Wednesday 10 December 2008, John wrote: > > On Tue, 2008-12-09 at 12:07 -0500, Ross Walker wrote: > > > On Dec 9, 2008, at 10:59 AM, Matt <[EMAIL PROTECTED]> wrote: > > > Setting scheduler is global in C4 it can be set as a kernel option > > > with a scheduler=deadline in grub. > > > >>> > > > >>> Is that an alias for "elevator=deadline" (which I know works)? > > > >> > > > >> No that was me forgetting the option name. > > > >> > > > >> Thanks Peter, it's elevator= not scheduler= > > > > > > > > Does this mean I need to add "elevator=deadline" to grub.conf? Is > > > > there a way to make the change without rebooting? > > > > > > I'm afraid not, so possibly a late night or weekend event with the > > > option for a mid day reboot to recover if things turn out badly. > > > > > > Virtualize things and you can minimize downtime with snapshots. > > > > [EMAIL PROTECTED] ~]# cat /sys/block/hda/queue/scheduler > > noop anticipatory deadline [cfq] > > The Schedular is CFQ and can be changed on the fly to whatever Block > > Device you want it. > ... > > [EMAIL PROTECTED] ~]# echo 'deadline' > /sys/block/hda/queue/scheduler > > [EMAIL PROTECTED] ~]# cat /sys/block/hda/queue/scheduler > > noop anticipatory [deadline] cfq -- Changed to Deadline. > > ...this is correct on CentOS-5. On CentOS-4 you need to do it via grub and a > reboot. Errr,,, It can done on any 2.6 kernel system. See the Kbase Knowledge Section at kbase.redhat.com. If he chooses to do it in grub the correct way is elevator=deadline. I know this to be fact because I my self have a 4.x system with high I/O with samba and use rc.local to change it upon boot. My personal opinion of this OPs thread is that RAM is not going to help in no way possible. What chipset, north and south bridge does the server have? One thing I've never understood is why admins want to throw ram at a problem that does not exist. It seems to me the solution is always through some ram in it??? That is from experiance and my opinion. There is more to it than just that. JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 driver for Marvell Yukon 88E8042 PCI-E Fast Ethernet controller (SOLVED)
On Wed, Dec 10, 2008 at 08:12:01AM -0800, Akemi Yagi wrote: > >> http://centos.toracat.org/ajb/sk98lin/ > Yes, Alan wanted to reach as many users as we can , so I helped a bit > with spreading the words. I looked at my web log and was astonished > by the number of visitors and downloads. Does this module work with CentOS 4.7? The binary RPM appears to put it into a different tree /lib/modules/2.6.18-92.el5 /lib/modules/2.6.18-92.el5/extra /lib/modules/2.6.18-92.el5/extra/sk98lin /lib/modules/2.6.18-92.el5/extra/sk98lin/sk98lin.ko The source RPM fails with dependency issues; it looks for kernel-devel-i386 but the package is just kernel-devel [root]/usr/src/redhat/SPECS% rpmbuild sk98lin-kmod.spec error: Failed build dependencies: kernel-devel-i386 = 2.6.9-78.0.8.EL is needed by sk98lin-10.70.1.3-1.i386 [root]/usr/src/redhat/SPECS % rpm -qa | grep kernel-devel kernel-devel-2.6.9-78.0.8.EL -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
>> Thanks to all. For now I've stopped it using iptables. I tried stopping >> it at my router without success, yet another reason to replace it! I >> will also report it to [EMAIL PROTECTED] >> > > My issues have gotten worse. Apparently over the last few days my ip > address has gotten blacklisted. No idea why. Even though I have a > commercial class cable modem service, my ip is residential because it > comes to my house. But I've been running my mail server for several > years and never had an issue. > > I've tried adding these lines to my sendmailmc and rebuilding it, but > then nothing routes, not even local. > > define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl > MASQUERADE_AS(carolina.rr.com)dnl > FEATURE(`allmasquerade')dnl > FEATURE(`masquerade_envelope')dnl > > Now I'm using mailertable and that appears to be working. > > I'm not even sure this message with get to this list. Seems like I > haven't received any centos list mail in a while. I have on my other > lists though. My guess is there trying to brute force POP3 passwords so they can use authenticated SMTP on your server to send SPAM. Common tactic. What are you using for a MTA? What about webmail? Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 driver for Marvell Yukon 88E8042 PCI-E Fast Ethernet controller (SOLVED)
On Wed, Dec 10, 2008 at 5:39 AM, Kurt Hansen <[EMAIL PROTECTED]> wrote: > Akemi Yagi wrote: >> On Wed, Dec 10, 2008 at 12:15 AM, Vnpenguin <[EMAIL PROTECTED]> wrote: >> Thank you for the note. Then, the OP can go directly to: >> >> http://centos.toracat.org/ajb/sk98lin/ >> >> and install the driver from there (thanks to Alan for building them). >> These kmods are not kernel version specific, so will survive kernel >> updates. >> > It's mentioned in this thread, too: > > http://www.centos.org/modules/newbb/viewtopic.php?topic_id=17422&forum=39 > > Akemi, looks like you answered this question a bunch within the past 24 > hours! :-) Thank you! > > Special thanks to Alan Bartlett for building this kmod! It works for me, > including over a kernel upgrade. Yes, Alan wanted to reach as many users as we can , so I helped a bit with spreading the words. I looked at my web log and was astonished by the number of visitors and downloads. Thanks again for reporting back with your success note. Akemi / toracat ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adding RAM
> The Schedular is CFQ and can be changed on the fly to whatever Block > Device you want it. It does not matter what load the system is under. > Changing to Deadline on his specific block device will improve the I/O > of the system unless it really being hammered. Keep in mind these > changes will be gone on Reboot. You can put these in rc.local to > activate at boot time. Substitute "hda" for your device. This does not > work on iscsi or SAN mounts. > > [EMAIL PROTECTED] ~]# echo 'deadline' > /sys/block/hda/queue/scheduler > [EMAIL PROTECTED] ~]# cat /sys/block/hda/queue/scheduler > noop anticipatory [deadline] cfq -- Changed to Deadline. echo 'deadline' > /sys/block/sda/queue/scheduler -bash: /sys/block/sda/queue/scheduler: No such file or directory ls -l /sys/block/sda/queue/ total 0 drwxr-xr-x 2 root root0 Dec 8 17:45 iosched -r--r--r-- 1 root root 4096 Dec 10 10:10 max_hw_sectors_kb -rw-r--r-- 1 root root 4096 Dec 10 10:10 max_sectors_kb -rw-r--r-- 1 root root 4096 Dec 10 10:10 nr_requests -rw-r--r-- 1 root root 4096 Dec 10 10:10 read_ahead_kb No go. Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote: > Thanks to all. For now I've stopped it using iptables. I tried stopping > it at my router without success, yet another reason to replace it! I > will also report it to [EMAIL PROTECTED] > My issues have gotten worse. Apparently over the last few days my ip address has gotten blacklisted. No idea why. Even though I have a commercial class cable modem service, my ip is residential because it comes to my house. But I've been running my mail server for several years and never had an issue. I've tried adding these lines to my sendmailmc and rebuilding it, but then nothing routes, not even local. define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl MASQUERADE_AS(carolina.rr.com)dnl FEATURE(`allmasquerade')dnl FEATURE(`masquerade_envelope')dnl Now I'm using mailertable and that appears to be working. I'm not even sure this message with get to this list. Seems like I haven't received any centos list mail in a while. I have on my other lists though. Any help is appreciated. Thanks, James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adding RAM
On Wednesday 10 December 2008, John wrote: > On Tue, 2008-12-09 at 12:07 -0500, Ross Walker wrote: > > On Dec 9, 2008, at 10:59 AM, Matt <[EMAIL PROTECTED]> wrote: > > Setting scheduler is global in C4 it can be set as a kernel option > > with a scheduler=deadline in grub. > > >>> > > >>> Is that an alias for "elevator=deadline" (which I know works)? > > >> > > >> No that was me forgetting the option name. > > >> > > >> Thanks Peter, it's elevator= not scheduler= > > > > > > Does this mean I need to add "elevator=deadline" to grub.conf? Is > > > there a way to make the change without rebooting? > > > > I'm afraid not, so possibly a late night or weekend event with the > > option for a mid day reboot to recover if things turn out badly. > > > > Virtualize things and you can minimize downtime with snapshots. > > [EMAIL PROTECTED] ~]# cat /sys/block/hda/queue/scheduler > noop anticipatory deadline [cfq] > The Schedular is CFQ and can be changed on the fly to whatever Block > Device you want it. ... > [EMAIL PROTECTED] ~]# echo 'deadline' > /sys/block/hda/queue/scheduler > [EMAIL PROTECTED] ~]# cat /sys/block/hda/queue/scheduler > noop anticipatory [deadline] cfq -- Changed to Deadline. ...this is correct on CentOS-5. On CentOS-4 you need to do it via grub and a reboot. /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adding RAM
On Tue, 2008-12-09 at 12:07 -0500, Ross Walker wrote: > On Dec 9, 2008, at 10:59 AM, Matt <[EMAIL PROTECTED]> wrote: > > Setting scheduler is global in C4 it can be set as a kernel option > with a scheduler=deadline in grub. > >>> > >>> Is that an alias for "elevator=deadline" (which I know works)? > >> > >> No that was me forgetting the option name. > >> > >> Thanks Peter, it's elevator= not scheduler= > > > > Does this mean I need to add "elevator=deadline" to grub.conf? Is > > there a way to make the change without rebooting? > > I'm afraid not, so possibly a late night or weekend event with the > option for a mid day reboot to recover if things turn out badly. > > Virtualize things and you can minimize downtime with snapshots. [EMAIL PROTECTED] ~]# cat /sys/block/hda/queue/scheduler noop anticipatory deadline [cfq] The Schedular is CFQ and can be changed on the fly to whatever Block Device you want it. It does not matter what load the system is under. Changing to Deadline on his specific block device will improve the I/O of the system unless it really being hammered. Keep in mind these changes will be gone on Reboot. You can put these in rc.local to activate at boot time. Substitute "hda" for your device. This does not work on iscsi or SAN mounts. [EMAIL PROTECTED] ~]# echo 'deadline' > /sys/block/hda/queue/scheduler [EMAIL PROTECTED] ~]# cat /sys/block/hda/queue/scheduler noop anticipatory [deadline] cfq -- Changed to Deadline. JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adobe plugin for firefox
On Wed, 2008-12-10 at 10:30 -0500, Bo Lynch wrote: > > Ok. I can open PDFs from the web. We use squirrelmail for email and when > trying to open a pdf within email I only get the save option. Sorry for > the confusion I just assumed it was like this out on the internet as well. NP. Glad you got it solved. You might want to post a [SOLVED] reply to help others in the future. > Bo > -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adobe plugin for firefox
On Wed, 2008-12-10 at 10:29 -0500, John wrote: > > > All of my settings look good in FF. Adobe plugin is enabled. Under apps I > > have tried setting it to always ask, adobe, and the default evince. If I > > open a local pdf in FF this will open. However if I attempt to open off of > > the internet then I am always prompted to save file. Open is not an > > option. > > Thanks > > Bo Lynch > > Go to Fire Fox prefs | applications | then find | PDF Document | Set it > to Use Adobe Reader in FF. He s/b good there, that's one of the 1st things I suggested he check (not as specif as you, just check all those settings). IIRC, he has that set already. Mine says "PDF file" and says "acroread". > > JohnStanley > -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adobe plugin for firefox
On Wed, December 10, 2008 10:24 am, William L. Maltby wrote: > > On Wed, 2008-12-10 at 10:11 -0500, Bo Lynch wrote: >> >> On Tue, December 9, 2008 4:54 pm, William L. Maltby wrote: >> > >> > > >> > Just an FYI: since I hadn't checked recently, I did an open file in FF >> > and picked a local PDF. All work. I could read it, save copy, etc. >> > >> >> >> > >> > -- >> >> All of my settings look good in FF. Adobe plugin is enabled. Under apps >> I >> have tried setting it to always ask, adobe, and the default evince. If I >> open a local pdf in FF this will open. However if I attempt to open off >> of >> the internet then I am always prompted to save file. Open is not an >> option. > > Can you post a link? I'll give it a try and see what happens. > >> Thanks >> Bo Lynch >> > > -- > Bill > Ok. I can open PDFs from the web. We use squirrelmail for email and when trying to open a pdf within email I only get the save option. Sorry for the confusion I just assumed it was like this out on the internet as well. Bo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What is Judy?
Mark Belanger wrote: > Robert Moskowitz wrote: > >> I am trying to build Miredo 1.1.5 >> (http://www.remlab.net/miredo/devel.shtml.en) >> >> I have followed the rpmbuild instructions from: >> http://www.owlriver.com/tips/non-root/, and have the miredo source in >> ~/build/miredo-1.1.5. >> >> I run ./configure (as the INSTALL text file tells me to do) and get the >> error: >> >> checking for Judy.h usablity... no >> checking for Judy.h presence... no >> checking for Judy.h... no >> configure: WARING: If you don't care about scalability, re-run configure >> with ' --without-Judy'. >> configure: error: Required Judy dynamic arrays library missing. >> > > Is it this? > http://judy.sourceforge.net/ That looks like it, and if your Miredo relay had to support lots of clients, I can see where this would be critical. For my own test use, I don't need it. But if I am going to build this for eventual larger usage, I had better get with the program. Thing is it looks like just a c library. After I download it, where do I put it? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adobe plugin for firefox
On Wed, 2008-12-10 at 10:11 -0500, Bo Lynch wrote: > > On Tue, December 9, 2008 4:54 pm, William L. Maltby wrote: > > > > On Tue, 2008-12-09 at 16:46 -0500, William L. Maltby wrote: > >> > > > >> With all this, when I click on a PDF, all works as expected. Can you > >> provide the link you're having problems with? Most of my downloads are > >> at a site that starts the process with a jave application, so I don't > >> often just click a regular PDF url. > > > > Just an FYI: since I hadn't checked recently, I did an open file in FF > > and picked a local PDF. All work. I could read it, save copy, etc. > > > >> > > > > -- > > All of my settings look good in FF. Adobe plugin is enabled. Under apps I > have tried setting it to always ask, adobe, and the default evince. If I > open a local pdf in FF this will open. However if I attempt to open off of > the internet then I am always prompted to save file. Open is not an > option. > Thanks > Bo Lynch Go to Fire Fox prefs | applications | then find | PDF Document | Set it to Use Adobe Reader in FF. JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adobe plugin for firefox
On Wed, 2008-12-10 at 10:11 -0500, Bo Lynch wrote: > > On Tue, December 9, 2008 4:54 pm, William L. Maltby wrote: > > > > > > Just an FYI: since I hadn't checked recently, I did an open file in FF > > and picked a local PDF. All work. I could read it, save copy, etc. > > > >> > > > > -- > > All of my settings look good in FF. Adobe plugin is enabled. Under apps I > have tried setting it to always ask, adobe, and the default evince. If I > open a local pdf in FF this will open. However if I attempt to open off of > the internet then I am always prompted to save file. Open is not an > option. Can you post a link? I'll give it a try and see what happens. > Thanks > Bo Lynch > -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adobe plugin for firefox
On Tue, December 9, 2008 4:54 pm, William L. Maltby wrote: > > On Tue, 2008-12-09 at 16:46 -0500, William L. Maltby wrote: >> > >> With all this, when I click on a PDF, all works as expected. Can you >> provide the link you're having problems with? Most of my downloads are >> at a site that starts the process with a jave application, so I don't >> often just click a regular PDF url. > > Just an FYI: since I hadn't checked recently, I did an open file in FF > and picked a local PDF. All work. I could read it, save copy, etc. > >> > > -- All of my settings look good in FF. Adobe plugin is enabled. Under apps I have tried setting it to always ask, adobe, and the default evince. If I open a local pdf in FF this will open. However if I attempt to open off of the internet then I am always prompted to save file. Open is not an option. Thanks Bo Lynch ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What is Judy?
Robert Moskowitz wrote: > I am trying to build Miredo 1.1.5 > (http://www.remlab.net/miredo/devel.shtml.en) > > I have followed the rpmbuild instructions from: > http://www.owlriver.com/tips/non-root/, and have the miredo source in > ~/build/miredo-1.1.5. > > I run ./configure (as the INSTALL text file tells me to do) and get the > error: > > checking for Judy.h usablity... no > checking for Judy.h presence... no > checking for Judy.h... no > configure: WARING: If you don't care about scalability, re-run configure > with ' --without-Judy'. > configure: error: Required Judy dynamic arrays library missing. Is it this? http://judy.sourceforge.net/ -Mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] What is Judy?
I am trying to build Miredo 1.1.5 (http://www.remlab.net/miredo/devel.shtml.en) I have followed the rpmbuild instructions from: http://www.owlriver.com/tips/non-root/, and have the miredo source in ~/build/miredo-1.1.5. I run ./configure (as the INSTALL text file tells me to do) and get the error: checking for Judy.h usablity... no checking for Judy.h presence... no checking for Judy.h... no configure: WARING: If you don't care about scalability, re-run configure with ' --without-Judy'. configure: error: Required Judy dynamic arrays library missing. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 driver for Marvell Yukon 88E8042 PCI-E Fast Ethernet controller (SOLVED)
Akemi Yagi wrote: > On Wed, Dec 10, 2008 at 12:15 AM, Vnpenguin <[EMAIL PROTECTED]> wrote: > >> On Wed, Dec 10, 2008 at 7:05 AM, Akemi Yagi <[EMAIL PROTECTED]> wrote: >> >>> If the 88E8042 shares the same driver as 88E8056, check out this forum >>> thread: >>> >>> http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=12895&forum=40 >>> >>> Scroll down to note #5 and get the kABI tracking kmod-sk98lin package. >>> There will be no need to rebuild the driver for each kernel update. >>> >> Yes, the driver sk98lin works fine for me, under 5.2 >> > > Thank you for the note. Then, the OP can go directly to: > > http://centos.toracat.org/ajb/sk98lin/ > > and install the driver from there (thanks to Alan for building them). > These kmods are not kernel version specific, so will survive kernel > updates. > It's mentioned in this thread, too: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=17422&forum=39 Akemi, looks like you answered this question a bunch within the past 24 hours! :-) Thank you! Special thanks to Alan Bartlett for building this kmod! It works for me, including over a kernel upgrade. Thanks! Kurt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] squidGuard-simple.cgi display fields
>I assume that based on your last message to the list of "is there >another way to handle redirects other than installing an Apache >server" and now this, there is no other way? > >I only ask because I am now setting up squid in my spare time and this >is the next task to handle? Yea, it doesn't look like you can. Squidguard is pretty simple compared to squidproxy itself... I am pretty sure squidproxy can do what squidguard can but I don't think it would be as easy to maintain as I presume all the blacklists would have to be in the one conf file. Too bad... Let me know you how you make out! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 driver for Marvell Yukon 88E8042 PCI-E Fast Ethernet controller
HI, Joseph L. Casale wrote: >> I can't find a Linux driver for it except one that appears to require me >> to recompile a custom kernel. I find it on the Marvell website: >> >> http://www.marvell.com/drivers/search.do >> > > No, you make a module with that downlaod. I also have the unfortunate luck > to have a few systems with various Marvell nics and they aren't as good as > Intel IMHO. > > It's pretty simple, check the readme out. > > Thanks! I had tried that and got an error when the install.sh tried to test the module it built. It then gave me instructions for doing it manually; those instructions were for compiling the driver into the kernel, I believe. Maybe the module was fine and just the testing procedure was off. In any case, the sk98lin mentioned later in this thread worked. Take care, Kurt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
2008/12/9 James Pifer <[EMAIL PROTECTED]>: > I was looking at my maillog and it looks like someone is trying to get > into my pop3 server. > > Dec 9 15:28:54 mailserver dovecot: pop3-login: Aborted login: user=, > method=PLAIN, rip=:::66.167.184.203, lip=:::192.168.1.2 Do you really need pop3 exposed in the internet? You better open it only on localhost, and use a ssh channel to access it. Do not use ssh password authentication, but keys. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 driver for Marvell Yukon 88E8042 PCI-E Fast Ethernet controller
On Wed, Dec 10, 2008 at 12:15 AM, Vnpenguin <[EMAIL PROTECTED]> wrote: > On Wed, Dec 10, 2008 at 7:05 AM, Akemi Yagi <[EMAIL PROTECTED]> wrote: >> >> If the 88E8042 shares the same driver as 88E8056, check out this forum >> thread: >> >> http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=12895&forum=40 >> >> Scroll down to note #5 and get the kABI tracking kmod-sk98lin package. >> There will be no need to rebuild the driver for each kernel update. > > Yes, the driver sk98lin works fine for me, under 5.2 Thank you for the note. Then, the OP can go directly to: http://centos.toracat.org/ajb/sk98lin/ and install the driver from there (thanks to Alan for building them). These kmods are not kernel version specific, so will survive kernel updates. Akemi / toracat ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 4.7 httpd error messages
Dirk H. Schulz wrote: > This does not look like httpd errors. These are missing > MIBs, presumably > you have installed and (mis)configured NetSNMP. > > Dirk That is from /var/log/httpd/error_log I have not installed and misconfigured NetSNMP Regards, Vandaman. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 4.7 httpd error messages
This does not look like httpd errors. These are missing MIBs, presumably you have installed and (mis)configured NetSNMP. Dirk --On 10. Dezember 2008 09:50:28 + Vandaman <[EMAIL PROTECTED]> wrote: > I have the following error messages on a CentOS server. > Googling did not identify the error. > > [Wed Dec 10 09:22:02 2008] [notice] caught SIGTERM, shutting down > No log handling enabled - turning on stderr logging > Cannot find module (IP-MIB): At line 0 in (none) > Cannot find module (IF-MIB): At line 0 in (none) > Cannot find module (TCP-MIB): At line 0 in (none) > Cannot find module (UDP-MIB): At line 0 in (none) > Cannot find module (HOST-RESOURCES-MIB): At line 0 in (none) > Cannot find module (SNMPv2-MIB): At line 0 in (none) > Cannot find module (SNMPv2-SMI): At line 0 in (none) > Cannot find module (NOTIFICATION-LOG-MIB): At line 0 in (none) > Cannot find module (UCD-SNMP-MIB): At line 0 in (none) > Cannot find module (UCD-DEMO-MIB): At line 0 in (none) > Cannot find module (SNMP-TARGET-MIB): At line 0 in (none) > Cannot find module (NET-SNMP-AGENT-MIB): At line 0 in (none) > Cannot find module (HOST-RESOURCES-TYPES): At line 0 in (none) > Cannot find module (UCD-DISKIO-MIB): At line 0 in (none) > Cannot find module (LM-SENSORS-MIB): At line 0 in (none) > Cannot find module (DISMAN-EVENT-MIB): At line 0 in (none) > Cannot find module (IPV6-ICMP-MIB): At line 0 in (none) > Cannot find module (IPV6-MIB): At line 0 in (none) > Cannot find module (IPV6-TCP-MIB): At line 0 in (none) > Cannot find module (IPV6-UDP-MIB): At line 0 in (none) > Cannot find module (SNMP-VIEW-BASED-ACM-MIB): At line 0 in (none) > Cannot find module (SNMP-COMMUNITY-MIB): At line 0 in (none) > Cannot find module (UCD-DLMOD-MIB): At line 0 in (none) > Cannot find module (SNMP-FRAMEWORK-MIB): At line 0 in (none) > Cannot find module (SNMP-MPD-MIB): At line 0 in (none) > Cannot find module (SNMP-USER-BASED-SM-MIB): At line 0 in (none) > Cannot find module (SNMP-NOTIFICATION-MIB): At line 0 in (none) > Cannot find module (SNMPv2-TM): At line 0 in (none) > > > Regards, > Vandaman. > > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 4.7 httpd error messages
I have the following error messages on a CentOS server. Googling did not identify the error. [Wed Dec 10 09:22:02 2008] [notice] caught SIGTERM, shutting down No log handling enabled - turning on stderr logging Cannot find module (IP-MIB): At line 0 in (none) Cannot find module (IF-MIB): At line 0 in (none) Cannot find module (TCP-MIB): At line 0 in (none) Cannot find module (UDP-MIB): At line 0 in (none) Cannot find module (HOST-RESOURCES-MIB): At line 0 in (none) Cannot find module (SNMPv2-MIB): At line 0 in (none) Cannot find module (SNMPv2-SMI): At line 0 in (none) Cannot find module (NOTIFICATION-LOG-MIB): At line 0 in (none) Cannot find module (UCD-SNMP-MIB): At line 0 in (none) Cannot find module (UCD-DEMO-MIB): At line 0 in (none) Cannot find module (SNMP-TARGET-MIB): At line 0 in (none) Cannot find module (NET-SNMP-AGENT-MIB): At line 0 in (none) Cannot find module (HOST-RESOURCES-TYPES): At line 0 in (none) Cannot find module (UCD-DISKIO-MIB): At line 0 in (none) Cannot find module (LM-SENSORS-MIB): At line 0 in (none) Cannot find module (DISMAN-EVENT-MIB): At line 0 in (none) Cannot find module (IPV6-ICMP-MIB): At line 0 in (none) Cannot find module (IPV6-MIB): At line 0 in (none) Cannot find module (IPV6-TCP-MIB): At line 0 in (none) Cannot find module (IPV6-UDP-MIB): At line 0 in (none) Cannot find module (SNMP-VIEW-BASED-ACM-MIB): At line 0 in (none) Cannot find module (SNMP-COMMUNITY-MIB): At line 0 in (none) Cannot find module (UCD-DLMOD-MIB): At line 0 in (none) Cannot find module (SNMP-FRAMEWORK-MIB): At line 0 in (none) Cannot find module (SNMP-MPD-MIB): At line 0 in (none) Cannot find module (SNMP-USER-BASED-SM-MIB): At line 0 in (none) Cannot find module (SNMP-NOTIFICATION-MIB): At line 0 in (none) Cannot find module (SNMPv2-TM): At line 0 in (none) Regards, Vandaman. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vsftpd and SElinux
Thanks, Filipe, that has lead me to exactly what I was looking for. Dirk --On 9. Dezember 2008 17:18:30 -0500 Filipe Brandenburger <[EMAIL PROTECTED]> wrote: > Hi, > > On Tue, Dec 9, 2008 at 15:02, Dirk H. Schulz <[EMAIL PROTECTED]> > wrote: >> I have configured vsftpd with virtual users for webserver users (that >> means, a virtual users chrooted home is the document root of a virtual >> host in apache). That works fine so far - as long as SElinux ist not >> enforcing. > > Look at "man ftpd_selinux". > > HTH, > Filipe > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos -- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -- Technik vom Feinsten - und das nötige Tuning ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 driver for Marvell Yukon 88E8042 PCI-E Fast Ethernet controller
On Wed, Dec 10, 2008 at 7:05 AM, Akemi Yagi <[EMAIL PROTECTED]> wrote: > > If the 88E8042 shares the same driver as 88E8056, check out this forum thread: > > http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=12895&forum=40 > > Scroll down to note #5 and get the kABI tracking kmod-sk98lin package. > There will be no need to rebuild the driver for each kernel update. > Yes, the driver sk98lin works fine for me, under 5.2 -- http://vnoss.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
