Re: [CentOS-es] Duda 64/32
Te permite instalar y ejecutar aplicación hecha para 32b 2011/2/17 Normando Hall nh...@unixlan.com.ar Hola amigos de la lista. Tengo una duda y no comprendo muy bien. ¿Por qué cuando actualizo mi Centos 5.5 64b también instala versiones i386 de 32b en algunas librerías y programas? De hecho, en el raíz hay dos directorios lib: Un es /lib y el otro /lib64 Gracias Normando ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] nas
El mié, 16-02-2011 a las 18:58 -0500, Hector Cuadros Prosopio escribió: NAS es x IP : mount.cifs //ip -u usurio eso bastaria asi tengo yo mi NAS Me parece que te estas confundiendo de concepto. Una NAS es almacenamiento en red (Network Attached Storage), pero puede hablar varios protocolos (NFS, SMB, iSCSI, etc). Con mount.cifs le decis que lo monte usando el protocolo CIFS (aka SMB, el mismo que usa SaMBa). El 16 de febrero de 2011 15:11, el linuxero linuxerodep...@hotmail.comescribió: saludos, saben si habrá una aplicacion grafica en centos que sirva para conectarme a un nas , asi como lo tiene el yast de opensuse pero en centos Personalmente no me suena, pero mismamente lo podes hacer con el nautilus (el navegador de ficheros), poniendo en la barra de direcciones: smb://IP/nombre_de_la_carpeta_compartida O si usas NFS, lo mismo pero cambiando smb por nfs Espero que te sirva. Saludos, Andres ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Print Server
El jue, 17-02-2011 a las 12:10 -0500, Alexander Rojas Garcia escribió: Hola, Quiero montar un Print server en CentOS 4.8, para dos impresoras una EPSON TX-115 y una XEROX M15i, solo requiero que impriman. Proba lo que te digo mas abajo, pero si no te llega a funcionar, esta es la pagina para los drivers/compatibilidad de impresoras en Linux que va mejor: http://www.openprinting.org/printers Si el escáner puede funcionar también sería fantástico. Espero su ayuda, he consultado en la web, he instalado samba, el paquete de servidor con el Print server, pero nada más. El programa que estas buscando se llama CUPS. Se suele configurar a traves de una web, el tutorial mas o menos decente que encontre es este: http://www.howtoforge.com/ipp_based_print_server_cups Es bastante antiguo, del 2006, pero si mal no recuerdo no cambiaron tanto las cosas... Primero proba a entrar a http://localhost:631 y si no te deja, empeza con la movida del cupsd.conf Suerte! Saludos, Andres Cordialmente, Ing. Alexander Rojas Garcia Jefe de Sistemas AGRICOLA HIMALAYA S. A. *E-Mail: mailto:siste...@tehindu.com siste...@tehindu.com P Antes de imprimir este correo, piense si realmente es necesario hacerlo. NOTA CONFIDENCIAL: La información contenida en este E-mail es confidencial y sólo puede ser utilizada por el individuo o la compañía a la cual está dirigido. Si no es el receptor autorizado, cualquier retención, difusión, distribución o copia de este mensaje es prohibida y será sancionada por la ley. Si por error recibe este mensaje, favor reenviarlo y borrar el mensaje recibido inmediatamente. 2011© ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es - ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Duda 64/32
Gracias El 18/02/2011 10:05 a.m., Pcontreras escribió: Te permite instalar y ejecutar aplicación hecha para 32b 2011/2/17 Normando Hallnh...@unixlan.com.ar Hola amigos de la lista. Tengo una duda y no comprendo muy bien. ¿Por qué cuando actualizo mi Centos 5.5 64b también instala versiones i386 de 32b en algunas librerías y programas? De hecho, en el raíz hay dos directorios lib: Un es /lib y el otro /lib64 Gracias Normando ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] AUTO: Pablo Gonzalez is out of the office (returning 19/02/2011)
I am out of the office until 19/02/2011. I will be out of the office starting Friday 02/18/2011 and I will return on Thursday 03/10/2011 I will answer your e-Mails when I come back In case of being necessary, please contact Nicolas Riccardi (Nicolas Riccardi/Argentina/IBM) Thank you, Pablo Ariel Gonzalez Olivos II - Dr. Nicolás Repetto 3676 TIM - Server Provisioning - OSP/ESD (B1636CTL) Olivos - Buenos Aires Software Packager Argentina Integrated Technology Delivery, Technology Integration Management Phone: +54-11-4005-6359 | Tie Line: 5730-6359 e-mail: pgo...@ar.ibm.com Note: This is an automated response to your message Re: [CentOS-es] Duda 64/32 sent on 18/2/11 10:05:42. This is the only notification you will receive while this person is away. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Authentication Problems
No --James. (This email was sent from a mobile device) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.5 Java Process Death
Hi Cameron, On 18 February 2011 04:33, Cameron Kerr came...@humbledown.org wrote: On 17/02/2011, at 9:35 PM, Mathieu Baudier wrote: I've been running our apps as purely as I can (java -cp /path/to/libs/* path.to.the.App) and they're still being send SIGHUP signals for reasons I can't understand. I have only started in this thread, but your description of unexplainable SIGHUPs tweaked my memory from long ago, whereby it turned out to be bad memory. ... might be worth checking, stranger things have happened. Cheers, Cameron Thanks, but I've got these tests running on a couple of machines of different generations, so I've ruled out the hardware as being at fault. Martin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.5 Java Process Death
On 18 February 2011 09:49, Michael Gliwinski michael.gliwin...@henderson-group.com wrote: On Friday 18 Feb 2011 09:53:39 Martin Hewitt wrote: My command is something along the lines of: java -cp /path/to/shared/libs/*:/path/to/class/directory/ path.to.MyApp out.log 21 Does anyone have an idea as to why this process is closing when the SSH window that started it closes? Try adding 'nohup' before 'java'. Closing SSH session closes the shell which sends HUP to its children. I've just discovered this command, and have added it to the invocation. But, it is not your main problem is it? I mean the app wasn't always started manually from an interactive shell? You know, I've been debugging this for so long that I just can't remember. The processes are either started manually, or from a web trigger, which could cause the same behaviour if/when the web server worker thread is detroyed or renewed. -- Michael Gliwinski Henderson Group Information Services 9-11 Hightown Avenue, Newtownabby, BT36 4RT Phone: 028 9034 3319 ** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to the email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients, any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing client engagement leter or contract. If you have received this email in error please notify supp...@henderson-group.com John Henderson (Holdings) Ltd Registered office: 9 Hightown Avenue, Mallusk, County Antrim, Northern Ireland, BT36 4RT. Registered in Northern Ireland Registration Number NI010588 Vat No.: 814 6399 12 * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.5 Java Process Death
Martin Hewitt wrote: It's strange how one can wake up and suddenly notice a pattern... Looking through the straces, and the disconnect timestamps of the SSH sessions, it seems that the processes are dying as soon as, or shortly after the SSH session is closed. My command is something along the lines of: java -cp /path/to/shared/libs/*:/path/to/class/directory/ path.to.MyApp out.log 21 Does anyone have an idea as to why this process is closing when the SSH window that started it closes? snip Just for the sheer halibut*, try nohup java cmd It's been something like 10 years or more since I had to do that, but mark * I know, it's fishy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On 18/02/11 15:12, Larry Vaden wrote: On Fri, Feb 18, 2011 at 7:13 AM, Johnny Hughesjoh...@centos.org wrote: On 02/18/2011 02:26 AM, Pasi Kärkkäinen wrote: On Wed, Feb 16, 2011 at 07:15:32AM -0600, Johnny Hughes wrote: Red Hat still has not put several of the sources in their public tree either. So CentOS6 cannot be released, or even built completely before those missing src.rpms are released? Theoretically, it can not be built, so certainly not *released*, until we have all the SRPMS, no. If said SRPMS are on one of the release Source ISOs, then we have them available there, if they are not then we are stuck. Johnny, Doeshttp://ftp1.scientificlinux.org/linux/scientific/6rolling/source/SRPMS/vendor/ contain anything y'all need that you don't already have? No disrespect Larry, but pulling missing SRPM packages from Scientific Linux is not the answer. The answer lies in comparing those packages available on Red Hat's public ftp servers with those in the distro and filing bugs against the missing SRPM packages. Red hat are usually quick to respond to such issues. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Fri, Feb 18, 2011 at 09:50:23AM -0600, Larry Vaden wrote: I personally don't see how the RH team could have screwed up and omitted SRPMs from the manifest, but I certainly believe they did according to reports. At some point do you think perhaps you can learn how to trim replies to only that which is germane to the reply and not include all the cascade text and attributions which proceeded it as a courtesy to others on this list? It seems that nearly every release there are SRPMs that fail to make it to Redhat's public ftp server. It happens during releases and it happens for normal updates and is nothing new. It's simple human error, not a conspiracy to harm CentOS or any other rebuilding effort. Can you please keep the conspiracy nonsense to yourself? John -- Much of what looks like rudeness in hacker circles is not intended to give offense. Rather, it's the product of the direct, cut-through-the-bullshit communications style that is natural to people who are more concerned about solving problems than making others feel warm and fuzzy. http://www.tuxedo.org/~esr/faqs/smart-questions.html pgpSYXDQY6SBH.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On 02/18/2011 11:03 AM, John R. Dennison wrote: On Fri, Feb 18, 2011 at 09:50:23AM -0600, Larry Vaden wrote: I personally don't see how the RH team could have screwed up and omitted SRPMs from the manifest, but I certainly believe they did according to reports. At some point do you think perhaps you can learn how to trim replies to only that which is germane to the reply and not include all the cascade text and attributions which proceeded it as a courtesy to others on this list? It seems that nearly every release there are SRPMs that fail to make it to Redhat's public ftp server. It happens during releases and it happens for normal updates and is nothing new. It's simple human error, not a conspiracy to harm CentOS or any other rebuilding effort. Can you please keep the conspiracy nonsense to yourself? John I thought the big thing made about bottom posting is so you can see the whole thread. If you cut out a bunch then you might as well top post. -- Stephen Clark *NetWolves* Sr. Software Engineer III Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] nss_ldap: reconnected to LDAP server ldap://127.0.0.1
Hello, I have a problem that I'm really having trouble figuring out. I run CentOS Linux 5.5. I have three servers. All have been setup and running with LDAP authentication for a couple years with absolutely no problems. Unfortunately a couple weeks ago, we had a power outage. Ever since, I am having continuous problems with authentication to the server. I see in /var/log/messages nss_ldap: reconnected to LDAP server ldap://127.0.0.1 I did run a yum update that installed an update to ldap, however that did not fix the issue. I have seen a post mentioning changing 'nss_connect_policy persist' to 'nss_connect_policy oneshot'. However I don't see this setting in my server, and again, the server was working perfectly fine for years before the power outage. I'm really thinking that some file got corrupted and I just need to clean it out. Maybe a cache file somewhere? Following is ldap.conf file. Any suggestions? ldap.conf base dc=inside,dc=msi timelimit 120 bind_timelimit 120 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman rootbinddn cn=Manager,dc=inside,dc=msi nss_base_passwd ou=People,dc=inside,dc=msi nss_base_shadow ou=People,dc=inside,dc=msi nss_base_group ou=Group,dc=inside,dc=msi uri ldap://127.0.0.1 ldap://my.domain ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 /ldap.conf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
At Fri, 18 Feb 2011 12:06:50 -0500 CentOS mailing list centos@centos.org wrote: On 02/18/2011 11:03 AM, John R. Dennison wrote: On Fri, Feb 18, 2011 at 09:50:23AM -0600, Larry Vaden wrote: I personally don't see how the RH team could have screwed up and omitted SRPMs from the manifest, but I certainly believe they did according to reports. At some point do you think perhaps you can learn how to trim replies to only that which is germane to the reply and not include all the cascade text and attributions which proceeded it as a courtesy to others on this list? It seems that nearly every release there are SRPMs that fail to make it to Redhat's public ftp server. It happens during releases and it happens for normal updates and is nothing new. It's simple human error, not a conspiracy to harm CentOS or any other rebuilding effort. Can you please keep the conspiracy nonsense to yourself? John I thought the big thing made about bottom posting is so you can see the whole thread. If you cut out a bunch then you might as well top post. When you bottom post (really interleaved posting) you only include the relevant parts to what you are replying to. This is doable, since it thoes bits are *right there*. With top posting, you don't even see the rest of the thread -- it is all 'below the fold' (unless you have a very tall display screen or something). -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
centos-boun...@centos.org wrote: On 02/18/2011 11:03 AM, John R. Dennison wrote: On Fri, Feb 18, 2011 at 09:50:23AM -0600, Larry Vaden wrote: I personally don't see how the RH team could have ... a conspiracy to harm CentOS or any other rebuilding effort. Can you please keep the conspiracy nonsense to yourself? John I thought the big thing made about bottom posting is so you can see the whole thread. If you cut out a bunch then you might as well top post. Trimming nothing, so the reply isn't visible in the first page, is poor style. Trimming everything, so the reply has no context, is poor style. Blackberry and mobile devices (being bandwidth limited) are much more efficient if top-posting is used. Top-post vs bottom-post is a purely religious war; my value of $DIETY is chocolate .:. I don't care. I *did*, however, figure out how to make Microsoft Outlook default to bottom posting: == http://home.in.tum.de/~jain/software/outlook-quotefix/ == (love at first sight) -- Insert spiffy .sig here //me *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On 02/18/2011 04:35 PM, Johnny Hughes wrote: On 02/18/2011 09:29 AM, Ned Slider wrote: On 18/02/11 15:12, Larry Vaden wrote: On Fri, Feb 18, 2011 at 7:13 AM, Johnny Hughesjoh...@centos.org wrote: On 02/18/2011 02:26 AM, Pasi Kärkkäinen wrote: On Wed, Feb 16, 2011 at 07:15:32AM -0600, Johnny Hughes wrote: Red Hat still has not put several of the sources in their public tree either. So CentOS6 cannot be released, or even built completely before those missing src.rpms are released? Theoretically, it can not be built, so certainly not *released*, until we have all the SRPMS, no. If said SRPMS are on one of the release Source ISOs, then we have them available there, if they are not then we are stuck. Johnny, Doeshttp://ftp1.scientificlinux.org/linux/scientific/6rolling/source/SRPMS/vendor/ contain anything y'all need that you don't already have? No disrespect Larry, but pulling missing SRPM packages from Scientific Linux is not the answer. The answer lies in comparing those packages available on Red Hat's public ftp servers with those in the distro and filing bugs against the missing SRPM packages. Red hat are usually quick to respond to such issues. We have mad Red Hat aware of the missing SRPMS. we? funny... -- Levente Si vis pacem para bellum! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nss_ldap: reconnected to LDAP server ldap://127.0.0.1
On 2/18/2011 9:13 AM, Tim Alberts wrote: Hello, I have a problem that I'm really having trouble figuring out. I run CentOS Linux 5.5. I have three servers. All have been setup and running wi.. Update, using Webmin to restart the server, I see the following: Stopping slapd: [ OK ] Stopping slurpd: [ OK ] Checking configuration files for slapd: bdb_db_open: unclean shutdown detected; attempting recovery. bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered. config file testing succeeded [ OK ] Starting slapd: [ OK ] Starting slurpd: [ OK ] I've been reading that the recovery is supposed to be automatic. Unfortunately it seems to be a read-only mode. Anyone know why it is read-only mode? Anyone have a simple tutorial on running 'db_recover' command? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nss_ldap: reconnected to LDAP server ldap://127.0.0.1
Tim Alberts wrote: Hello, I have a problem that I'm really having trouble figuring out. I run CentOS Linux 5.5. I have three servers. All have been setup and running with LDAP authentication for a couple years with absolutely no problems. Unfortunately a couple weeks ago, we had a power outage. Ever since, I am having continuous problems with authentication to the server. I see in /var/log/messages snip Have you resynched everyone's timeclock? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nss_ldap: reconnected to LDAP server ldap://127.0.0.1
On 2/18/2011 10:13 AM, m.r...@5-cent.us wrote: Tim Alberts wrote: Hello, I have a problem... Unfortunately a couple weeks ago, we had a power outage. Ever since, I am having continuous problems with authentication to the server. I see in /var/log/messages snip Have you resynched everyone's timeclock? mark Thank you for your response. If your referring the computer system clock, they are all in sync. I'm not sure how that is related? I am running replication servers, but even services on the local host show continuous reconnect errors (apache, dovecot, vsftpd, etc). Or do I misunderstand your meaning? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Fri, Feb 18, 2011 at 14:13, Johnny Hughes joh...@centos.org wrote: On 02/18/2011 02:26 AM, Pasi Kärkkäinen wrote: On Wed, Feb 16, 2011 at 07:15:32AM -0600, Johnny Hughes wrote: Red Hat still has not put several of the sources in their public tree either. So CentOS6 cannot be released, or even built completely before those missing src.rpms are released? Theoretically, it can not be built, so certainly not *released*, until we have all the SRPMS, no. If said SRPMS are on one of the release Source ISOs, then we have them available there, if they are not then we are stuck. CentOS releases our source on exactly the same day as our binary files. We published scripts and RPMS on how we generate our build system, on how we check our binaries, on how we generate our ISOs. How is that not open? (See if you can get Red Hat or Oracle to tell you what they use as a build engine for their enterprise products ...) Can you send a link to the docs/scripts? This is something many people have been asking for. This directory contains a script that we use to build the Distribution, as well as the script we use to check a built RPM against a known binary RPM: http://mirror.centos.org/centos/4/build/distro/ We use mock to build our packages. There is a version of mock available in EPEL. The minimum build roots that CentOS uses are published here: http://dev.centos.org/centos/buildsys/ Johnny I really _really_ respect your former work on centos, but it seems you don't take part on the real rebuild nowadays (probably that's reason why you refer to rhel-4). The above is nothing, and nobody can rebuild based on those scripts and it's really far from the really required framework. and please don't ask me to why. just to mention some very basic thing where is the mock config files? and i can ask dozens of such questions (what is did previously and i'm the only only one who send detail description how to rebuild rhel-6... -- Levente Si vis pacem para bellum! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Fri, Feb 18, 2011 at 10:03 AM, John R. Dennison j...@gerdesas.com wrote: Can you please keep the conspiracy nonsense to yourself? John -- Much of what looks like rudeness in hacker circles is not intended to give offense. Rather, it's the product of the direct, cut-through-the-bullshit communications style that is natural to people who are more concerned about solving problems than making others feel warm and fuzzy. http://www.tuxedo.org/~esr/faqs/smart-questions.html As a List Mom wannabe, please follow the list guidelines at http://www.gweep.ca/~edmonds/usenet/ml-etiquette.html. When I see you practicing what you are preaching for a week or so, I'll consider your input once again. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nss_ldap: reconnected to LDAP server ldap://127.0.0.1
On 2/18/2011 10:11 AM, Tim Alberts wrote: Update, using Webmin to restart the server, I see the following: Stopping slapd: [ OK ] Stopping slurpd: [ OK ] Checking configuration files for slapd: bdb_db_open: unclean shutdown detected; attempting recovery. bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered. config file testing succeeded [ OK ] Starting slapd: [ OK ] Starting slurpd: [ OK ] I've been reading that the recovery is supposed to be automatic. Unfortunately it seems to be a read-only mode. Anyone know why it is read-only mode? Anyone have a simple tutorial on running 'db_recover' command? I found a helpful page: http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html approximately 2/3 down the page, section titled 'Notes: LDAP on Red Hat/Fedora distribution:' An example database recovery command as follows: /usr/sbin/slapd_db_recover -v -h /var/lib/ldap/stooges/ I have run this (twice now with ldap stopped) on all three servers and continue to have problems. Now I'm really lost as to what to do. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Recommendation for a Good Vulnerability Scanning Service?
Hi, Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). I got a free scan from https://www.hackerguardian.com/ and their scan reported a number of Fail results. I haven't checked them all yet but most seem to be things for which fixes were backported looong ago by The Upstream Vendor. I haven't spoken with the hackerguardian people yet but it would be nice if I could just say I'm using CentOS 5.5 and have them factor that into their report so that I can focus on any real issues. Are there vulnerability scanning services that are more or less sophisticated about this? Thanks, Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nss_ldap: reconnected to LDAP server ldap://127.0.0.1
Tim Alberts wrote: On 2/18/2011 10:13 AM, m.r...@5-cent.us wrote: Tim Alberts wrote: Hello, I have a problem... Unfortunately a couple weeks ago, we had a power outage. Ever since, I am having continuous problems with authentication to the server. I see in /var/log/messages snip Have you resynched everyone's timeclock? Thank you for your response. If your referring the computer system clock, they are all in sync. I'm not sure how that is related? I am running replication servers, but even services on the local host show continuous reconnect errors (apache, dovecot, vsftpd, etc). Or do I misunderstand your meaning? It does matter - if they're too far out of sync, too many seconds, authentication? authorization? will fail, at least for kerborous, using ldap or not. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
Enough. Larry Vaden seems to get his jollies by working at provoking flamewars and other irritations, while contributing actually nothing to the topic of the list. Wonder if, 16 or so years ago, his idea of fun was cascades of I love Mentos threads in newsgroups who he had no interest in. Anyway, listmaster, I vote to kick him off the list. mark, who already decided to delete pointless email from him Larry Vaden wrote: On Fri, Feb 18, 2011 at 10:03 AM, John R. Dennison j...@gerdesas.com wrote: Â Â Â Â Can you please keep the conspiracy nonsense to yourself? Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â John -- Much of what looks like rudeness in hacker circles is not intended to give offense. Rather, it's the product of the direct, cut-through-the-bullshit communications style that is natural to people who are more concerned about solving problems than making others feel warm and fuzzy. http://www.tuxedo.org/~esr/faqs/smart-questions.html As a List Mom wannabe, please follow the list guidelines at http://www.gweep.ca/~edmonds/usenet/ml-etiquette.html. When I see you practicing what you are preaching for a week or so, I'll consider your input once again. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
We use Qualys for PCI vulnerability scanning. Josh -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Michael B Allen Sent: Friday, February 18, 2011 1:20 PM To: centos@centos.org Subject: [CentOS] Recommendation for a Good Vulnerability Scanning Service? Hi, Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). I got a free scan from https://www.hackerguardian.com/ and their scan reported a number of Fail results. I haven't checked them all yet but most seem to be things for which fixes were backported looong ago by The Upstream Vendor. I haven't spoken with the hackerguardian people yet but it would be nice if I could just say I'm using CentOS 5.5 and have them factor that into their report so that I can focus on any real issues. Are there vulnerability scanning services that are more or less sophisticated about this? Thanks, Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
Hi, there, Michael B Allen wrote: Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). Sort of? ROTFL. You need a *serious* scan, commercially done AFAIK. The *minimum* qualifications, I believe, are a 60 or 63 item questionaire; for full PCI-DSS, it's something like 243 questions, and you need a full IT dept. I would *very* strongly recommmend that you talk to the bank or agency that's asking you for this, and ask them for recommendations. snip mark, who worked on a short term contract for Trustwave, who does that (and is a root CA, as well) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
What is really sad, if one searches Larry's name on Linked In, he appears to be the CEO Internet Texoma, Inc. I'd expect better behavior and conduct from someone who holds such a title... Enough. Larry Vaden seems to get his jollies by working at provoking flamewars and other irritations, while contributing actually nothing to the topic of the list. -- Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
Anyway, listmaster, I vote to kick him off the list. As others have already pointed out, by definition of the CentOS project this list is very vulnerable to trolling around releases of new versions. A troll (maybe not the right term, but that's what comes to my mind) just has to come and ask THE question (see subject of this thread) in order to start a flame war. So, a pragmatic idea could be to kick temporarily out anybody (him, you, me, ...) asking THE question until the actual release, and then authorize them again afterward (so that it is not too hard a punishment). Just an idea. (I don't care much myself, but I really feel sorry for the people who are currently spending their free time on the rebuild and have to endure this) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
Scot P. Floess wrote: What is really sad, if one searches Larry's name on Linked In, he appears to be the CEO Internet Texoma, Inc. I'd expect better behavior and conduct from someone who holds such a title... He's a manager! Probably wears a tie! PHB alert g mark Enough. Larry Vaden seems to get his jollies by working at provoking flamewars and other irritations, while contributing actually nothing to the topic of the list. -- Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Fri, Feb 18, 2011 at 02:50:38PM -0500, m.r...@5-cent.us wrote: Scot P. Floess wrote: What is really sad, if one searches Larry's name on Linked In, he appears to be the CEO Internet Texoma, Inc. I'd expect better behavior and conduct from someone who holds such a title... He's a manager! Probably wears a tie! PHB alert g mark Enough. Larry Vaden seems to get his jollies by working at provoking flamewars and other irritations, while contributing actually nothing to the topic of the list. In an industry where one-man companies are not uncommon, you learn to never read too much into titles. :) Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
Fair enough - not only am I the president, but I'm also a client too :D In all seriousness, I'd think representing his own company, he'd be more professional in that representation... In an industry where one-man companies are not uncommon, you learn to never read too much into titles. :) -- Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] request for a learning moment
On Fri, Feb 18, 2011 at 1:45 PM, Scot P. Floess sflo...@nc.rr.com wrote: I'd expect better behavior and conduct from someone who holds such a title... request for a learning moment Since beauty is in the eye of the beholder(s), please select my most egregious post(s) and let me know said post(s) so that I have the opportunity to better modify my behavior with the result that we can focus on the business at hand. /request for a learning moment kind regards/ldv/va...@texoma.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
Scot P. Floess wrote: Fair enough - not only am I the president, but I'm also a client too :D In all seriousness, I'd think representing his own company, he'd be more professional in that representation... Yup. There's a small ISP down on the Space Coast in FL, where I spoke to the owner a few times, and he was friendly, helpful, and understanding. *shrug* A good part of it comes down to who you are. But we're *way* OT, now, and I will not post any more to this thread. In an industry where one-man companies are not uncommon, you learn to never read too much into titles. :) -- Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare Good job at shortening your .sigfile, Scot. Thanks. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
On Fri, Feb 18, 2011 at 2:36 PM, m.r...@5-cent.us wrote: Hi, there, Michael B Allen wrote: Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). Sort of? ROTFL. You need a *serious* scan, commercially done AFAIK. Hi Mark, Hackerguiardian is a commercial service (it's actually COMODO CA Limited). Their scan looks thorough. Obviously they're just matching up version numbers with CVE notices but I have a feeling most of these guys are going to be doing the same thing. I was just hoping one would be more sophisticated about the fact that ALL of their Fail items I've checked so far are things that were backported or fixed by Redhat. The *minimum* qualifications, I believe, are a 60 or 63 item questionaire; for full PCI-DSS, it's something like 243 questions, and you need a full IT dept. Are you talking about the SAQC? I run all CC transactions through one CentOS VPS webserver (actually I have two servers that I periodically wipe out and alternate between every year or two). So I don't have POS terminals or any Windows PCs in the mix. We don't save any card holder data at all. So my SAQC was a breeze. I just had to add N/A for questions like the do you run anti-virus software and explain that everything goes through the one Linux machine for which no anti-virus software exists or is necessary. I would *very* strongly recommmend that you talk to the bank or agency that's asking you for this, and ask them for recommendations. If you mean my merchant account service, they claim to be the largest Authorized.Net reseller, they sanity checked my SAQC and thought I would be ready for approval as soon as I get a good scan. So trustwave and Qualys ... I'll check them out. Thanks, Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] request for a learning moment
Larry, Not to be a smart alec, painfully obvious='true' I'd say it ought to be self evident considering the flow of emails complaining about your posts /painfully On Fri, 18 Feb 2011, Larry Vaden wrote: On Fri, Feb 18, 2011 at 1:45 PM, Scot P. Floess sflo...@nc.rr.com wrote: I'd expect better behavior and conduct from someone who holds such a title... request for a learning moment Since beauty is in the eye of the beholder(s), please select my most egregious post(s) and let me know said post(s) so that I have the opportunity to better modify my behavior with the result that we can focus on the business at hand. /request for a learning moment kind regards/ldv/va...@texoma.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
on 14:20 Fri 18 Feb, Michael B Allen (iop...@gmail.com) wrote: Hi, Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). First: if you're headed down the compliance / certification route, you're going to want to go with a certified vendor / service provider for this. I got a free scan from https://www.hackerguardian.com/ and their scan reported a number of Fail results. I haven't checked them all yet but most seem to be things for which fixes were backported looong ago by The Upstream Vendor. You can also run your own scans as a preemptive measure -- nessus is probably the baseline tool, though I'd also be interested in what others people would recommend. I haven't spoken with the hackerguardian people yet but it would be nice if I could just say I'm using CentOS 5.5 and have them factor that into their report so that I can focus on any real issues. Are there vulnerability scanning services that are more or less sophisticated about this? I'd suggest you educate yourself on the PCI compliance issue, and query your prospective vendor(s) on what specific scans they run and/or how these are tuned to specific operating environments. I'd tend to suspect that vuln/pen testing is going to be based more on known vulnerabilities than your environment. -- Dr. Ed Morbius, Chief Scientist /| Robot Wrangler / Staff Psychologist| When you seek unlimited power Krell Power Systems Unlimited| Go to Krell! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Fri, 2011-02-18 at 14:50 -0500, m.r...@5-cent.us wrote: He's a manager! Probably wears a tie! PHB alert g The guy has problems. His only method of trying to deal with his problems, and getting away from the stress, is posting on here. He needs to seek professional help, medically and otherwise, to tackle his problems and try to resolve them or reduce the adverse effect his problems are having on his life. Once his problems are solved or significantly reduced he will be a different person - his behaviour on here will be noticeably different. Larry, please take my advice and get help or, at the very least, talk to someone about the matters troubling you. It is bad to hold everything inside you. Please share your problems with someone you can relate to. It is for your own benefit. Good luck. Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nss_ldap: reconnected to LDAP server ldap://127.0.0.1
On 18/02/11 10:11 AM, Tim Alberts wrote: Checking configuration files for slapd: bdb_db_open: unclean shutdown detected; attempting recovery. bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered. config file testing succeeded The LDAP database files are *very* sensitive to unclean shut downs. I'd keep multi-master redundant servers on separate power supplies if possible. Or at least a decent clean shut down off UPS power. It may be simplest to recover the databases from backup using the import scripts than attempt to recover an existing corrupted database. There is a section in the manual (can't find the link right away) that states if the servers go down hard then the databases will be corrupted and to restore from backup. Good luck, -pete -- Peter Brady Email: pdbr...@ans.com.au Home Page: http://www.simonplace.net/ Skype: pbrady77 Mobile: +61 410 490 797 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
On Fri, Feb 18, 2011 at 2:20 PM, Michael B Allen iop...@gmail.com wrote: Hi, Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). I got a free scan from https://www.hackerguardian.com/ and their scan reported a number of Fail results. I haven't checked them all yet but most seem to be things for which fixes were backported looong ago by The Upstream Vendor. I haven't spoken with the hackerguardian people yet but it would be nice if I could just say I'm using CentOS 5.5 and have them factor that into their report so that I can focus on any real issues. Are there vulnerability scanning services that are more or less sophisticated about this? Thanks, Mike I have used Applied Trust (http://www.appliedtrust.com/) and they are smart about their scans. They don't just check version numbers. I'm not sure if they do PCI compliance testing, so you'll have to do further research. They do use Nessus as part of the testing, but the goal of testing is not for you to find the holes and patch them, it's to have a report from someone else that says you did. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Friday, February 18, 2011 02:54:38 pm Ray Van Dolson wrote: In an industry where one-man companies are not uncommon, you learn to never read too much into titles. :) True enough. While my title is 'CIO' it probably should be 'IT Department' as I only have a consultant and a group of volunteers to help me out. But the title does open doors that other titles would not open, in those venues where such things count. Bob Hawkins at EMC calls me 'Mr. Make-Do' and I have been tempted to get some cards printed with that title on them On tech lists I find the title to be more of a negative, since the word 'suit' ends up being bandied about.the only time I wear a suit is when the occasion demands (like the Lieutenant Governor of North Carolina is visiting). Otherwise it's mostly 'business casual' and even jeans, depending upon what I'm doing that day. In any case, that's one reason I typically drop the .sig completely on this and other lists, unless the situation warrants. The problem with being essentially a one-man IT department (or a one or two or three man distribution release team) is that can create bottlenecks. And I've found that having help doesn't always reduce the workload or make the work go faster, and I'm sure Karanbir and Johnny and the others doing the release (you know who you are) would agree. Or, to pull out the standard computer science / information systems reference, read 'The Mythical Man-Month' and get enlightened. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
Dr. Ed Morbius wrote: on 14:20 Fri 18 Feb, Michael B Allen (iop...@gmail.com) wrote: Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). snip I'd suggest you educate yourself on the PCI compliance issue, and query your prospective vendor(s) on what specific scans they run and/or how these are tuned to specific operating environments. I'd tend to suspect that vuln/pen testing is going to be based more on known vulnerabilities than your environment. This is true: depending on how far you're going, the bank/agency will want human pen testing, too. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Fri, Feb 18, 2011 at 03:25:23PM -0500, Lamar Owen wrote: On Friday, February 18, 2011 02:54:38 pm Ray Van Dolson wrote: In an industry where one-man companies are not uncommon, you learn to never read too much into titles. :) True enough. While my title is 'CIO' it probably should be 'IT Department' as I only have a consultant and a group of volunteers to help me out. But the title does open doors that other titles would not open, in those venues where such things count. Bob Hawkins at EMC calls me 'Mr. Make-Do' and I have been tempted to get some cards printed with that title on them On tech lists I find the title to be more of a negative, since the word 'suit' ends up being bandied about.the only time I wear a suit is when the occasion demands (like the Lieutenant Governor of North Carolina is visiting). Otherwise it's mostly 'business casual' and even jeans, depending upon what I'm doing that day. In any case, that's one reason I typically drop the .sig completely on this and other lists, unless the situation warrants. The problem with being essentially a one-man IT department (or a one or two or three man distribution release team) is that can create bottlenecks. And I've found that having help doesn't always reduce the workload or make the work go faster, and I'm sure Karanbir and Johnny and the others doing the release (you know who you are) would agree. Or, to pull out the standard computer science / information systems reference, read 'The Mythical Man-Month' and get enlightened. You can change your .signature depending on who your audience is I guess. :) I was thinking of times when we've interviewed people for $DAYJOB who are applying for a SysAdmin spot (because that's what their skillset essentially was), but they list such things as VP of IT, CIO, etc on their resume because they were at a small shop. Obviously always exceptions but as you alluded to, know your audience is a good rule of thumb. Anyways, way off topic, but interesting discussion. Ray Undisputed (and sometimes Benevolent) Emperor of Ray's Linux Endeavors ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Fri, Feb 18, 2011 at 08:19:16PM +, Always Learning wrote: Larry, please take my advice and get help or, at the very least, talk to someone about the matters troubling you. It is bad to hold everything inside you. Please share your problems with someone you can relate to. It is for your own benefit. Simply... wow. You know, as much as I can't stand Vaden, and believe me when I say that instead of pulling him from a burning car wreck I'd likely instead pull up a chair and toast marshmallows, your post comes across as perhaps the most condescending tripe-filled post ever on this list. I'm not quite sure whether to congratulate you or ask you not to do it again. And this is a thread populated by condescension, including posts of Vaden's. In either case wow. John -- Which is more believable: In the beginning there was God, who created the universe, or in the beginning there was nothing, which exploded -- nog pgpwUxLUoB3GF.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
There are lots of people in similar circumstances to Larry. He has a recognised medical syndrome. People get problems. Some do not know how to effectively tackle their major problem so stress increases to a significant and detrimental extent. Often the person is never fully aware of high stress levels they have. Just because someone looks 'normal' it does not mean they are not in someway suffering. A good example is someone suffering from an incurable illness with a year to live. Can anyone really identity their significantly shorted lifespan just by looking at them in the street as they walk by? Diversions into irritating behaviour are a classic example of someone desperately trying to avoid thinking about, and therefore dealing with, a major problem. The reason they try to avoid thinking about the problem is the very high stress levels associated with that problem. It is too much for them to handle. The diversionary behaviour is a form of 'stress relief' and ultimately a cry for help. Larry is very likely curable. He just needs to talk confidentially and openly to someone who can begin to help him. Often a problem shared is a problem halved *and* the stress levels are lowered. Larry, I know you will read this, talk to a friend - Get help. With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On 02/18/2011 12:39 PM, Farkas Levente wrote: On Fri, Feb 18, 2011 at 14:13, Johnny Hughes joh...@centos.org wrote: On 02/18/2011 02:26 AM, Pasi Kärkkäinen wrote: On Wed, Feb 16, 2011 at 07:15:32AM -0600, Johnny Hughes wrote: Red Hat still has not put several of the sources in their public tree either. So CentOS6 cannot be released, or even built completely before those missing src.rpms are released? Theoretically, it can not be built, so certainly not *released*, until we have all the SRPMS, no. If said SRPMS are on one of the release Source ISOs, then we have them available there, if they are not then we are stuck. CentOS releases our source on exactly the same day as our binary files. We published scripts and RPMS on how we generate our build system, on how we check our binaries, on how we generate our ISOs. How is that not open? (See if you can get Red Hat or Oracle to tell you what they use as a build engine for their enterprise products ...) Can you send a link to the docs/scripts? This is something many people have been asking for. This directory contains a script that we use to build the Distribution, as well as the script we use to check a built RPM against a known binary RPM: http://mirror.centos.org/centos/4/build/distro/ We use mock to build our packages. There is a version of mock available in EPEL. The minimum build roots that CentOS uses are published here: http://dev.centos.org/centos/buildsys/ Johnny I really _really_ respect your former work on centos, but it seems you don't take part on the real rebuild nowadays (probably that's reason why you refer to rhel-4). The above is nothing, and nobody can rebuild based on those scripts and it's really far from the really required framework. and please don't ask me to why. just to mention some very basic thing where is the mock config files? and i can ask dozens of such questions (what is did previously and i'm the only only one who send detail description how to rebuild rhel-6... I am still on the development team and I am working on the release of 4.9 as we speak. Thanks for your concern about my well being though. We use mock ... we use the standard trees. If you are rebuilding something in extras, then extras is enabled. If you are building something in plus, then plus is enabled. If you need to build something staged (package A is built then package B gets built on it), then you need to either run plague, koji, or develop a file that builds the packages and moves them into a repo, then runs createrepo. We use plague for some packages and we use a custom script that runs mock, copies the built files to a staged local folder and runs createrepo for some other packages. This is hard work ... you figure out the packages that you need to build, you figure out if you need to build it staged or not, you figure out what repos you need for the pacakages you are building, etc. What, would you like me to log into your server, install all the software required to rebuild the distro and set it up for you? Does Red Hat provide that information? ... how about Oracle? Maybe Ubuntu tells you exactly how the build their LTS server? Oh, I know, Novell has a step by step guide to build SLES posted. I gave you the script we used to build the CentOS 4 isos / distro. The one for CentOS 5 is very similar. It has all the switches used to build the distro in its entirety. We are still building CentOS-6 ... we don't have one yet for that. There is no other project, certainly not an enterprise one, that provides this much information to their users. Fedora is the absolute most open project I know ... do they provide the mock config files and koji config to build their entire distro? (They might do it, I don't know). None of the enterprise distros do. Do you think Red Hat tells us what is in their build roots and gives us mock config files or koji configurations? Well, they don't. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Fri, Feb 18, 2011 at 2:19 PM, Always Learning cen...@g7.u22.net wrote: Larry, please take my advice and get help or, at the very least, talk to someone about the matters troubling you. It is bad to hold everything inside you. Please share your problems with someone you can relate to. It is for your own benefit. Paul, I did as you suggest. An extract of said post is below the sig. There wasn't a single response (I could be wrong about that, but don't believe that is the case at this time). kind regards/ldv/va...@texoma.net -- Forwarded message -- From: Larry Vaden va...@texoma.net Date: Sun, Jan 23, 2011 at 8:03 PM Subject: sources of bind-9.7.2-P3 rpms for Centos 4.8 and 5.5? To: centos@centos.org Our site running Centos 4.8 and 5.5 name servers was hacked with the result that www.yahoo.com is now within our /19 and causing some grief. Google hasn't led me to an RPM for bind-9.7.2-P3 nor has the search facility at centos.org. However, it is obvious from said searches that Mandriva upgraded last year. An attempt to install bind-9.7.2-P3 from source yields the warning below the sig for both 4.8 and 5.5 machines. Does anyone know of RPMs that address the security issues involved? RANT: does anyone know of the upstream's justification for providing such old code? kind regards/ldv WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING Your OpenSSL crypto library may be vulnerable to WARNING WARNING one or more of the the following known security WARNING WARNING flaws: WARNING WARNING WARNING WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and WARNING WARNING CVE-2006-2940. WARNING WARNING WARNING WARNING It is recommended that you upgrade to OpenSSL WARNING WARNING version 0.9.8d/0.9.7l (or greater). WARNING WARNING WARNING WARNING You can disable this warning by specifying: WARNING WARNING WARNING WARNING --disable-openssl-version-check WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING [root@shell bind-9.7.2-P3]# cat /etc/redhat-release CentOS release 5.5 (Final) [root@shell bind-9.7.2-P3]# ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of John R. Dennison Sent: Friday, February 18, 2011 12:43 PM To: Always Learning Cc: CentOS mailing list Subject: Re: [CentOS] Any update on 5.6 / 6? On Fri, Feb 18, 2011 at 08:19:16PM +, Always Learning wrote: Larry, please take my advice and get help or, at the very least, talk to someone about the matters troubling you. It is bad to hold everything inside you. Please share your problems with someone you can relate to. It is for your own benefit. I think it is safe to say that while we may sympathize with the sentiment, this flame fest needs to end. Let's be honest, engineers are not known for social skills. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
On 2/18/2011 3:09 PM, Dr. Ed Morbius wrote: I haven't spoken with the hackerguardian people yet but it would be nice if I could just say I'm using CentOS 5.5 and have them factor that into their report so that I can focus on any real issues. Are there vulnerability scanning services that are more or less sophisticated about this? I'd suggest you educate yourself on the PCI compliance issue, and query your prospective vendor(s) on what specific scans they run and/or how these are tuned to specific operating environments. I'd tend to suspect that vuln/pen testing is going to be based more on known vulnerabilities than your environment. Very good information, Ed. And yes, you will almost certainly be fighting with the compliance company, as I have not yet seen any who recognized CentOS. RHEL, yes. CentOS however does not hold the same 'trusted standard' or clout as the major 'name brand' providers. Yes, the trouble is the versioning numbers used by RH. If the system 'is' RH, most of the time those 'exceptions' are noted by the scanner but you may find yourself trying to 'teach them' a lot. Hopefully they have improved on this front. I really think much of this is no more than smoking mirrors. For instance they do not ask about username/password policies and obviously do not scan for such. So this scanning leaves a lot to be desired. After I met all scan problems, my affected clients discovered they just answered a question wrong and found that since CC processing was not actually happening on my systems, but instead through other processors, this all went away and ended the need to address the same issues (backports) for the same applications, sometimes still under the same version, just due to a new scan. Basically a huge waste of my time. But I must admit, I did learn of just a couple of areas which I did tighten up. The rest was just red tape and I started feeling one particular compliance company was more into self promotion of their service by showing these non-existent flaws. I suppose one could compare it to the AV companies that allow broken virus sigs to set off alarms. We just saved your computer !--from this item that had no potential of harming your computer--. But, if you must, I did find the Nessus output was fairly close to what the compliance companies found and gave me a bit of time to tune systems before the real scan. It has been a while, but I think Nessus found some things I thought more important, which the commercial scanner did not mention. And hey, if you do breeze through with CentOS being recognized as a RHEL clone, I would love to hear about that back to this list. -- John Hinton 877-777-1407 ext 502 http://www.ew3d.com Comprehensive Online Solutions ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Friday, February 18, 2011 03:36:58 pm Ray Van Dolson wrote: Obviously always exceptions but as you alluded to, know your audience is a good rule of thumb. Public Speaking 101. Also 'Linux Distribution 101' in reality; the CentOS audience consists largely of those wanting as close to upstream EL as is possible without the associated monetary costs. CentOS meets a very definite need for, and has a very distinct audience in, those who must have binary-level compatibilty with the upstream EL, bugs and all. And I would hazard to say that most, if not up to 90%, of CentOS users have zero desire for 'release early, release often' but prefer 'release correctly, and release infrequently.' For my servers, I distinctly prefer the latter, since I do run things that require EL binary compatibility and would be seriously problematic were they to break because of an update. If 'release early, release often' is your motto, but you still want EL binary compatibility, then SL is going to be more your thing. If you want bleeding edge and everything fully upstream up to date, give Fedora a whirl (and it'll make you dizzy, which might be a good thing (I run Fedora on my laptop, for instance...)). And those who want to see how things are done in Fedora, the complete process is documented in depth in the Release Engineering SOP wiki page at http://fedoraproject.org/wiki/ReleaseEngineering/SOP For that matter, if you wanted to re-compose an EL6 rebuild, you would actually find it highly educational to do it the Fedora way, since EL6 is somewhat based on F12. The scripts for Fedora are there, and the procedures are there; have fun! The SOP's you would be most interested in would be the Mass Rebuild and the Compose. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
John Hinton wrote: On 2/18/2011 3:09 PM, Dr. Ed Morbius wrote: I haven't spoken with the hackerguardian people yet but it would be nice if I could just say I'm using CentOS 5.5 and have them factor that into their report so that I can focus on any real issues. Are there vulnerability scanning services that are more or less sophisticated about this? I'd suggest you educate yourself on the PCI compliance issue, and query your prospective vendor(s) on what specific scans they run and/or how these are tuned to specific operating environments. I'd tend to suspect that vuln/pen testing is going to be based more on known vulnerabilities than your environment. Very good information, Ed. And yes, you will almost certainly be fighting with the compliance company, as I have not yet seen any who recognized CentOS. RHEL, yes. CentOS however does not hold the same 'trusted standard' or clout as the major 'name brand' providers. Yes, If you do talk to Trustwave, and they're not too expensive, they *use* CentOS. I really think much of this is no more than smoking mirrors. For smoke and mirrors snip up. The rest was just red tape and I started feeling one particular compliance company was more into self promotion of their service by showing these non-existent flaws. I suppose one could compare it to the They're all that way. snip mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] BInd Problem or Update SSL ?
From: Larry Vaden va...@texoma.net Date: Sun, Jan 23, 2011 at 8:03 PM Subject: sources of bind-9.7.2-P3 rpms for Centos 4.8 and 5.5? Our site running Centos 4.8 and 5.5 name servers was hacked with the result that www.yahoo.com is now within our /19 and causing some grief. Don't understand what you mean by 'within our /19'. Have your IP ranges changed? If your Bind date is corrupt, why not re-install Centos and then restore the domains data from one of your regular backups? Is it a wise business decision to use C 4.8 instead of C 5 or the latest which is C 5.5 ? Google hasn't led me to an RPM for bind-9.7.2-P3 nor has the search facility at centos.org. However, it is obvious from said searches that Mandriva upgraded last year. I believe C6 will include an updated Bind. An attempt to install bind-9.7.2-P3 from source yields the warning below the sig for both 4.8 and 5.5 machines. WARNING WARNING WARNING WARNING WARNING .. Your OpenSSL crypto library may be vulnerable to . one or more of the the following known security flaws: CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940. It is recommended that you upgrade to OpenSSL version 0.9.8d/0.9.7l (or greater). Well, on my C 5.5 desktop my OpenSSL is (yum info openssl) Name : openssl Arch : x86_64 Version: 0.9.8e Release: 12.el5_5.7 Size : 3.4 M The same version for i686. Larry, why can't you install the latest OpenSSL ? On C 5.5 the latest Bind is 9.3.6 (Release: 4.P1.el5_5.3) If you really need the latest Bind and can not wait about a month for C6 why don't you use a different flavour of Linux? In business one can not be too sentimental and difficult decisions have to be made all the time. With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
On 02/18/2011 03:09 PM, Michael B Allen wrote: Hackerguiardian is a commercial service (it's actually COMODO CA Limited). Their scan looks thorough. Obviously they're just matching up version numbers with CVE notices but I have a feeling most of these guys are going to be doing the same thing. I was just hoping one would be more sophisticated about the fact that ALL of their Fail items I've checked so far are things that were backported or fixed by Redhat. Probably not. I've yet to see any vulnerability scanning service that does much above running nessus in safe mode (which only does banner grabs). If you're prepared to monkey around with the scanner people, you can request waivers, false positives, etc from the various companies, proving that you're patched against the CVEs they're looking for. If there is a really competent vendor out there, and if you're comfortable with it, ask them to run a more thorough scan against your box. I just had to add N/A for questions like the do you run anti-virus software and explain that everything goes through the one Linux machine for which no anti-virus software exists or is necessary. I would have marked that other than satisfactory in an audit. There are AV products for Linux, and on a personal level, rootkit checks and file integrity checks on a public CC handling server are a good idea. I would *very* strongly recommmend that you talk to the bank or agency that's asking you for this, and ask them for recommendations. If you mean my merchant account service, they claim to be the largest Authorized.Net reseller, they sanity checked my SAQC and thought I would be ready for approval as soon as I get a good scan. So trustwave and Qualys ... I'll check them out. Thanks, I'm faintly surprised they aren't in the scam racket of mandating you use a certain vendor, or one of a select few. -- -- John E. Jasen (jja...@realityfailure.org) -- Deserve Victory. -- Terry Goodkind, Naked Empire ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
2011/2/18 John Hinton webmas...@ew3d.com: On 2/18/2011 3:09 PM, Dr. Ed Morbius wrote: I haven't spoken with the hackerguardian people yet but it would be nice if I could just say I'm using CentOS 5.5 and have them factor that into their report so that I can focus on any real issues. Are there vulnerability scanning services that are more or less sophisticated about this? I'd suggest you educate yourself on the PCI compliance issue, and query your prospective vendor(s) on what specific scans they run and/or how these are tuned to specific operating environments. I'd tend to suspect that vuln/pen testing is going to be based more on known vulnerabilities than your environment. Very good information, Ed. And yes, you will almost certainly be fighting with the compliance company, as I have not yet seen any who recognized CentOS. RHEL, yes. CentOS however does not hold the same 'trusted standard' or clout as the major 'name brand' providers. Yes, the trouble is the versioning numbers used by RH. If the system 'is' RH, most of the time those 'exceptions' are noted by the scanner but you may find yourself trying to 'teach them' a lot. Hopefully they have improved on this front. I really think much of this is no more than smoking mirrors. For instance they do not ask about username/password policies and obviously do not scan for such. So this scanning leaves a lot to be desired. After I met all scan problems, my affected clients discovered they just answered a question wrong and found that since CC processing was not actually happening on my systems, but instead through other processors, this all went away and ended the need to address the same issues (backports) for the same applications, sometimes still under the same version, just due to a new scan. Basically a huge waste of my time. But I must admit, I did learn of just a couple of areas which I did tighten up. The rest was just red tape and I started feeling one particular compliance company was more into self promotion of their service by showing these non-existent flaws. I suppose one could compare it to the AV companies that allow broken virus sigs to set off alarms. We just saved your computer !--from this item that had no potential of harming your computer--. But, if you must, I did find the Nessus output was fairly close to what the compliance companies found and gave me a bit of time to tune systems before the real scan. It has been a while, but I think Nessus found some things I thought more important, which the commercial scanner did not mention. Buy nessus professional feed and download pci compliancy checks for nessus. It gives you the good baseline for configurations and things that need to fixed.. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Friday, February 18, 2011 01:39:48 pm Farkas Levente wrote: and please don't ask me to why. just to mention some very basic thing where is the mock config files? and i can ask dozens of such questions (what is did previously and i'm the only only one who send detail description how to rebuild rhel-6... A mock config for C5 building was posted, to the Centos-devel list, the appropriate place for such. Here's a link to an archive copy: http://lists.centos.org/pipermail/centos-devel/2007-August/001910.html Read through that thread againshouldn't take too long, since there's only two messages. Note the date, and note the posters. For building a 5.6 of your own this should help, along with the el5 buildsys RPM (which only contains requires for the basic buildsys) that's already been posted about. For building a 6 of your own, the Fedora process, while tuned to a much larger project, uses koji and all that entails, is available and completely open (to the best of my knowledge). The Mass Rebuild scripts live at http://git.fedorahosted.org/git/?p=releng Note that a full koji is fully required by those scripts, but there they are. Far more than just a simple mock config.but that's because of the size of the project, and the fact that it has a distributed build system. There is plenty of documentation on how to do a Fedora rebuild yourself on the Fedora project wiki. And, not to beat a dead horse, but EL6 is based off F12, and thus, once you have comps and a few things, in theory the Fedora infrastructure, loaded with all the buildrequires (a larger package set than the distributed SRPMS) for EL6, would churn out EL6 builds and composes. Now, I mentioned the build requires. Poking around in my local copy of the 6rolling tree of SL, I find that there are packages required to build SL6 that are not part of SL6, and live in a separate directory ( ftp://ftp.scientificlinux.org/linux/scientific/6rolling/build/ to be specific). I don't see the mock config or build scripts, however; perhaps I'm not looking in the right place. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nss_ldap: reconnected to LDAP server ldap://127.0.0.1
On 2/18/2011 11:05 AM, Tim Alberts wrote: I found a helpful page: http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html approximately 2/3 down the page, section titled 'Notes: LDAP on Red Hat/Fedora distribution:' An example database recovery command as follows: /usr/sbin/slapd_db_recover -v -h /var/lib/ldap/stooges/ I have run this (twice now with ldap stopped) on all three servers and continue to have problems. Now I'm really lost as to what to do. Update, I believe this actually did fix the problem (db_recover). Unfortunately, after I did this, I hadn't seen anymore: nss_ldap: reconnected to LDAP serverldap://127.0.0.1 errors in /var/log/messages. However my Apache server was still giving Forbidden errors, and my subversion server was still giving Forbidden errors. I figured some berkelyDB was not shutdown in apache authentication and or subversion as well. Fortunately, I decided to do a restart of Apache and that seems to have fixed that problem too. So solution appears to be, simple database recovery, followed by Apache restart. Thank you to the folks who posted responses to help. Hopefully my this thread can find it's way to helping someone else who runs in to this. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BInd Problem or Update SSL ?
On Fri, Feb 18, 2011 at 3:15 PM, Always Learning cen...@g7.u22.net wrote: Don't understand what you mean by 'within our /19'. Have your IP ranges changed? If your Bind date is corrupt, why not re-install Centos and then restore the domains data from one of your regular backups? Our network consists of aaa.bbb.ccc.0/19. That's CIDR notation for 8,192 addresses. Is it a wise business decision to use C 4.8 instead of C 5 or the latest which is C 5.5 ? IMHO, fully updated purpose-built servers running 4.8 should have more or less the same vulnerablity profile as 5.5 IFF RH is doing a good job of backporting security fixes. I am supported in that statement by my mentor at FedEx but NOT by my mentor at Internet2. The open ?s about human error wrt the SRPMs in SL6 could arguably lead to a different conclusion. I believe C6 will include an updated Bind. Yes, it will be based on a later release. Larry, why can't you install the latest OpenSSL ? We installed openssl-1.0.0c Jan 23 20:30 27 minutes after filing the original post IIRC. kind regards/ldv/va...@texoma.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BInd Problem or Update SSL ?
On Fri, Feb 18, 2011 at 4:15 PM, Always Learning cen...@g7.u22.net wrote: From: Larry Vaden va...@texoma.net Date: Sun, Jan 23, 2011 at 8:03 PM Subject: sources of bind-9.7.2-P3 rpms for Centos 4.8 and 5.5? Our site running Centos 4.8 and 5.5 name servers was hacked with the result that www.yahoo.com is now within our /19 and causing some grief. Don't understand what you mean by 'within our /19'. Have your IP ranges changed? If your Bind date is corrupt, why not re-install Centos and then restore the domains data from one of your regular backups? Is it a wise business decision to use C 4.8 instead of C 5 or the latest which is C 5.5 ? Google hasn't led me to an RPM for bind-9.7.2-P3 nor has the search facility at centos.org. However, it is obvious from said searches that Mandriva upgraded last year. I believe C6 will include an updated Bind. It's also in RHEL 5.6, so I expect it in CentOs 5.6, from the SRPM bind97-9.7.0-6.P2.el5.src.rpm. Grab that one from your nearest RedHat SRPM repository, such mirrors.kernel.org/redhat/, if you're in a rush. An attempt to install bind-9.7.2-P3 from source yields the warning below the sig for both 4.8 and 5.5 machines. WARNING WARNING WARNING WARNING WARNING .. Your OpenSSL crypto library may be vulnerable to . one or more of the the following known security flaws: CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940. It is recommended that you upgrade to OpenSSL version 0.9.8d/0.9.7l (or greater). Well, on my C 5.5 desktop my OpenSSL is (yum info openssl) Name : openssl Arch : x86_64 Version : 0.9.8e Release : 12.el5_5.7 Size : 3.4 M The same version for i686. Larry, why can't you install the latest OpenSSL ? On C 5.5 the latest Bind is 9.3.6 (Release: 4.P1.el5_5.3) If you really need the latest Bind and can not wait about a month for C6 why don't you use a different flavour of Linux? In business one can not be too sentimental and difficult decisions have to be made all the time. With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - simple CAD program to design electronic circuits with
On Sun, 6 Feb 2011, Keith Roberts wrote: To: CentOS mailing list centos@centos.org From: Keith Roberts ke...@karsites.net Subject: [CentOS] OT - simple CAD program to design electronic circuits with Is there an electronic circuit design CAD package available for Centos 5.5 please? Thanks for all the replies and suggestions. I found Qucs mentioned in the FEL docs. I have decided to start with that as it has a very intuitive GUI, appears to have a fast learning curve, and supports circuit simulations. By following the qucs help documents, I have done a simple DC simulation similar to the one in this video below. http://www.youtube.com/watch?gl=GBv=VYhWK_lUrFw Thanks for all the other suggestions which I have bookmarked and will start to check out if Qucs cannot handle what I need it for. Kind Regards, Keith Roberts - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BInd Problem or Update SSL ?
Our network consists of aaa.bbb.ccc.0/19. That's CIDR notation for 8,192 addresses. But what has that got to do with www.yahoo.com moved into our /19 your comment is pretty unclear. IMHO, fully updated purpose-built servers running 4.8 should have more or less the same vulnerablity profile as 5.5 IFF RH is doing a good job of backporting security fixes. Why are you so sure it was a bind issue? What logs/research has come to that conclusion? Would bind 9.7 really have helped you if you were hacked or was your vulnerability elsewhere - and if so where? Was this the same server that you posted where you had mangled the install with force reinstalling rpms from SL and/or oracle that you posted about before for instance? I am supported in that statement by my mentor at FedEx but NOT by my mentor at Internet2. Your mentor? What do you mean by that? We installed openssl-1.0.0c Jan 23 20:30 27 minutes after filing the original post IIRC. If you were so gung ho about security that you wanted bleeding edge bind even newer than current centos 5 why are you so out of date on your openssl libraries. Given that you are out of date on those as per your previous posts would the currently released bind on rhel5 iff it was already on c5 really have been installed? If you were that desperate you could have built the srpms yourself or taken 9.7 from c5-testing. You have posted the same rubbish over and over without any substantiation with wild allegations. Post details if you need help or just please stop ranting to no point. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
On Fri, Feb 18, 2011 at 3:36 PM, Lamar Owen lo...@pari.edu wrote: I don't see the mock config or build scripts, however; perhaps I'm not looking in the right place. THANKS for a very helpful post. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] We haven't had a lot of demand for Fedora...people seem okay with CentOS!
That just in from chunkhost.com, where you help them beta test Xen for $FREE :) regards/ldv/va...@texoma.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] We haven't had a lot of demand for Fedora...people seem okay with CentOS!
Larry, I suggest you leave this group while it's still safe todo so. What do you have against CentOS FOSS On Sat, Feb 19, 2011 at 12:44 AM, Larry Vaden va...@texoma.net wrote: That just in from chunkhost.com, where you help them beta test Xen for $FREE :) regards/ldv/va...@texoma.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] We haven't had a lot of demand for Fedora...people seem okay with CentOS!
On Fri, Feb 18, 2011 at 5:09 PM, Rudi Ahlers r...@softdux.com wrote: Larry, I suggest you leave this group while it's still safe todo so. What do you have against CentOS FOSS This was posted as a compliment to the CentOS Team and to the CentOS Community. Should the vendor be asked for a less ambiguous statement? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] request for a learning moment
Can you please stop this, finally? Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BInd Problem or Update SSL ?
On Friday, February 18, 2011 04:15:28 pm Always Learning wrote: From: Larry Vaden va...@texoma.net Our site running Centos 4.8 and 5.5 name servers was hacked with the result that www.yahoo.com is now within our /19 and causing some grief. Don't understand what you mean by 'within our /19'. I think I do; he's an ISP, and apparently someone inside his address block (the CIDR notation /19; his actual block is publicly found by doing a quick nslookup of his domain name, noting the IP address of the DNS server(s) listed, and then a whois of the IP address of the DNS server(s). His /19 shows up) has hacked in some way the zone file(s) or the cache for his nameserver so that his customers, who would ordinarily use his DNS server as their recursive resolver, now see www.yahoo.com (among who knows what others) as pointing to a different address, the one inside his /19 (which I hope he has tracked and duly removed in grand Texas style), for the purpose of phishing. Now whether this was done by actually hacking into his DNS server or by a cache poisoning attack or what, I don't know since those details Larry hasn't made public. And that's ok. A fully up-to-date C4 or C5 should be covered when it comes to those sorts of things, but to prevent such things I would recommend to Larry that he use the great iptables tools that CentOS provides, or use some other iptables configurator, or simple hosts.allow and hosts.deny, to restrict the addresses that can actually ssh into his server, and only allow port 53 UDP and TCP traffic into and out of his DNS servers to his cutsomers. If he has routers/switches with access lists I would apply those as a second layer of traffic filtering, going both ingress and egress relative to his DNS server. A DNS/BIND vulnerability alone won't kill you, other than the previously mentioned cache poisoning attacks (and those are mitigated with other well-known techniques); it's the TCP connection from the vulnerability shellcode back to the attacker's box that is the killer, and that's what the aggressive iptables/acls will do for you. Hmmm, the Bastille hardening script might help you, but I don't know that for sure. DNS servers should only serve DNS, and the only other connections in or out should be tightly controlled. Easier said than done, especially with limited staff and funds, I know, but still the best practice. I say that having had a DNS server hit, on May 1, 1998, with a BIND 4 vulnerability. Got a quick education on BIND best practices, even though it is sometimes is tempting to 'do it later' ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] We haven't had a lot of demand for Fedora...people seem okay with CentOS!
On Fri, Feb 18, 2011 at 5:09 PM, Rudi Ahlers r...@softdux.com wrote: Larry, I suggest you leave this group while it's still safe todo so. What do you have against CentOS FOSS Absolutely nothing to the purity of Ivory soap :) 26 of our favorite servers run CentOS. Having read what Lamar wrote, namely: On Fri, Feb 18, 2011 at 3:36 PM, Lamar Owen lo...@pari.edu wrote: quote There is plenty of documentation on how to do a Fedora rebuild yourself on the Fedora project wiki. And, not to beat a dead horse, but EL6 is based off F12, and thus, once you have comps and a few things, in theory the Fedora infrastructure, loaded with all the buildrequires (a larger package set than the distributed SRPMS) for EL6, would churn out EL6 builds and composes. /quote This poster doesn't have a spare box, so after reading Lamar's post about how to learn, GMail mentioned $FREE Xen vboxen over at chunkhost.com. When queried about whether a FC14 image was available and thus a vbox on which the learning process could proceed, the subject line was the answer. Thus, the compliment to the CentOS Team and to the CentOS Community for the wisdom of selecting CentOS as the beneficiary of their hard work and for their choice of an OS, respectively. Some may perceive ambiguity in the subject line :( ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] We haven't had a lot of demand for Fedora...people seem okay with CentOS!
On Sat, Feb 19, 2011 at 1:19 AM, Larry Vaden va...@texoma.net wrote: On Fri, Feb 18, 2011 at 5:09 PM, Rudi Ahlers r...@softdux.com wrote: Larry, I suggest you leave this group while it's still safe todo so. What do you have against CentOS FOSS This was posted as a compliment to the CentOS Team and to the CentOS Community. Should the vendor be asked for a less ambiguous statement? ___ Larry, you clearly enjoy making a fool of yourself in public, making stupid remarks of things which you clearly have no knowledge off. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BInd Problem or Update SSL ?
I think I do; he's an ISP, and apparently someone inside his address block (the CIDR notation /19; his actual block is publicly found by doing a quick nslookup of his domain name, noting the IP address of the DNS server(s) listed, and then a whois of the IP address of the DNS server(s). His /19 shows up) has hacked in some way the zone file(s) or the cache for his nameserver so that his customers, who would ordinarily use his DNS server as their recursive resolver, now see www.yahoo.com (among who knows what others) as pointing to a different address, the one inside his /19 (which I hope he has tracked and duly removed in grand Texas style), for the purpose of phishing. Now whether this was done by actually hacking into his DNS server or by a cache poisoning attack or what, I don't know since those details Larry hasn't made public. And that's ok. That's what I assumed however given the vagueness I wasn't sure. At this time I'm unaware of any attacks on Bind within current Centos 5 if it is a properly configured system (selinux enabled, bind chroot, iptables in place, etc) that would allow someone to mess with his zone files or other parts of bind. As such if there is such a critical vulnerability it would be nice to get details especially how he is so intent on blaming Redhat and Bind on the other hand if he has misconfigured systems it's his own fault and he should stop blaming Redhat/CentOS. If he is willing to discuss the details great! If he is not I would strongly suggest he stop spamming the mailing lists with nonsense. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BInd Problem or Update SSL ?
On Fri, 2011-02-18 at 18:32 -0500, Lamar Owen wrote: On Friday, February 18, 2011 04:15:28 pm Always Learning wrote: Don't understand what you mean by 'within our /19'. I think I do; he's an ISP, and apparently someone inside his address block ... has hacked in some way the zone file(s) or the cache for his nameserver so that his customers, who would ordinarily use his DNS server as their recursive resolver, now see www.yahoo.com (among who knows what others) as pointing to a different address Thank you for explaining Larry had his DNS servers hacked or poisoned. to prevent such things I would recommend to Larry that he use the great iptables tools that CentOS provides ... ... to restrict the addresses that can actually ssh into his server, and only allow port 53 UDP and TCP traffic into and out of his DNS servers to his customers. Agreed. IPtables is a very useful tool to block unauthorised accesses in and (heaven forbid) out of one's servers. Every server is screwed down to the barest minimum and every port that can be changed from its default is. No servers share the same non-standard port numbers. SSH access is limited to 3 static IP addresses. Aggressive blocking with IPtables can prevent a lot of time wasting aggro. I also ban some Chinese blocks and even more Taiwan blocks from port 80 to reduce web hacking and lots of Taiwanese blocks from port 25. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BInd Problem or Update SSL ?
On Fri, Feb 18, 2011 at 4:37 PM, James Hogarth james.hoga...@gmail.com wrote: Your mentor? What do you mean by that? The same thing Wikipedia says, namely: a trusted friend, counselor or teacher, usually a more experienced person. Some professions have mentoring programs in which newcomers are paired with more experienced people, who advise them and serve as examples as they advance. Joe, Randy and James are my mentors of 15, 5 and 5 years, respectively, and all said the same thing, namely nuke and repave, be sure to be current on BIND since it is a purpose-built box (ns1). Since others have asked for details, they are below the sig. With 20/20 hindsight, it is clear that I shouldn't have posted the original post asking the list for help and hopefully informing other potential targets of the risk (read: there were no responses to the original post, therefore it was posted to the wrong audience). regards/ldv/va...@texoma.net There was no time for forensics at the time of the discovery; just time to get advice and react. What follows is from a few moments ago. ===details=== ===box was last nuked and repaved Jul 28 2008 ===much unnecessary software removed Jul 28 2008, 57 tasks active per 'ps auxw | wc -l' ===current nmap (same nmap results as on problem day) Starting Nmap 5.21 ( http://nmap.org ) at 2011-02-18 18:38 CST Note: Host seems down. If it is really up, but blocking our ping probes, try -PN Nmap done: 1 IP address (0 hosts up) scanned in 0.19 seconds vaden@turtlehill:/opt$ nmap -A -PN ns1.texoma.net Starting Nmap 5.21 ( http://nmap.org ) at 2011-02-18 18:38 CST Nmap scan report for ns1.texoma.net (209.151.96.2) Host is up (0.0012s latency). Not shown: 998 filtered ports PORTSTATE SERVICE VERSION 53/tcp open domain 987/tcp open ssh OpenSSH 3.9p1 (protocol 2.0) | ssh-hostkey: 1024 36:dc:c8:29:b1:d3:8a:b1:e6:cf:2b:4c:70:ed:c8:9a (DSA) |_1024 10:f9:a6:d2:32:68:15:3a:9f:04:3a:89:05:1e:b8:52 (RSA) Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 26.44 seconds vaden@turtlehill:/opt$ ===named.conf security in 2008 [root@ns1 data]# cat /var/named/chroot/etc/named.conf | more ### # # attribution: By Rob Thomas, noc at cymru.com # http://www.cymru.com/Documents/secure-bind-template.html # -and- # http://www.knowplace.org/pages/howtos/split_view_with_bind_9_howto.php # # at the behest of # Dr. Joe Redacted (redacted1.edu) # Dr. Randall Redacted (redacted2.edu) === ssh port not on 22 === distro's standard iptables save ssh port ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openoffice command line printing
On 19/02/2011, at 3:30 AM, Gregory P. Ennis wrote: Cameron, Thanks for your suggestion On my system that command results in printing the document on the desired printer, but does not return back to the shell prompt. If I add -terminate_after_init so that the command line is : openoffice.org -headless -pt lpt3 document.doc -terminate_after_init The above command returns back to the prompt but the document is not printed. Ah, so it does... looking around, I see that it works as documented in versions of OOo before 3.1 (3.0.1 should work, and prior). You're certainly not alone. I wonder if this will be useful for you: http://www.oooninja.com/2008/02/batch-command-line-file-conversion-with.html For further help, you ought to get better help on the OOo forums etc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BInd Problem or Update SSL ?
Joe, Randy and James are my mentors of 15, 5 and 5 years, respectively, and all said the same thing, namely nuke and repave, be sure to be current on BIND since it is a purpose-built box (ns1). Perhaps is it a difference in language and what you mean by mentor and where I would mean old colleague/peer who I have discussed this with. They have stated their opinions and you can follow that - but then you would be diverging from the point of RHEL somewhat with a custom built BIND. Remember that the version number you see on BIND is not always the equivalent of upstream due to backports. You should check the relevant RHEL errata, the package %changelog and CVE to get a better understanding of what exploits are known and what has been patched. With 20/20 hindsight, it is clear that I shouldn't have posted the original post asking the list for help and hopefully informing other potential targets of the risk (read: there were no responses to the original post, therefore it was posted to the wrong audience). Err... this isn't the whole story/truth. I just searched your emails on this list. the first reference to bind was the 16th feb with the thread Blasphemous with complaints (and no substance) to Redhat not having current Bind - despite the fact 9.7 is in the then released 5.6... you suggested an alt repo for critical internet functions. No where did you indicate you had a name server hacked/altered/poisoned... although you pointed out your credit card prcessing system was running Redhat linux 7.3 (Valhalla) and was nearing 10 years old this from someone complaining about teh 'age'' of BIND in RHEL/CentOS. There was no time for forensics at the time of the discovery; just time to get advice and react. Then you have no way of telling what happened. For future reference a better reaction is to isolate the server (whether physical or virtual) and put a new system in place to serve the need for it whilst you analyze what happened to the previous. Without that knowledge you cannot mitigate any issues or discover where the failure was, if any. What follows is from a few moments ago. ===details=== ===box was last nuked and repaved Jul 28 2008 ===much unnecessary software removed Jul 28 2008, 57 tasks active per 'ps auxw | wc -l' This is irrelevant to the point at hand. ===current nmap (same nmap results as on problem day) Starting Nmap 5.21 ( http://nmap.org ) at 2011-02-18 18:38 CST Note: Host seems down. If it is really up, but blocking our ping probes, try -PN Nmap done: 1 IP address (0 hosts up) scanned in 0.19 seconds vaden@turtlehill:/opt$ nmap -A -PN ns1.texoma.net Starting Nmap 5.21 ( http://nmap.org ) at 2011-02-18 18:38 CST Nmap scan report for ns1.texoma.net (209.151.96.2) Host is up (0.0012s latency). Not shown: 998 filtered ports PORT STATE SERVICE VERSION 53/tcp open domain 987/tcp open ssh OpenSSH 3.9p1 (protocol 2.0) | ssh-hostkey: 1024 36:dc:c8:29:b1:d3:8a:b1:e6:cf:2b:4c:70:ed:c8:9a (DSA) |_1024 10:f9:a6:d2:32:68:15:3a:9f:04:3a:89:05:1e:b8:52 (RSA) Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 26.44 seconds So you have SSH exposed and Domain requests exposed. Not surprising but irrelevant in and of itself. vaden@turtlehill:/opt$ ===named.conf security in 2008 [root@ns1 data]# cat /var/named/chroot/etc/named.conf | more ### # # attribution: By Rob Thomas, noc at cymru.com # http://www.cymru.com/Documents/secure-bind-template.html # -and- # http://www.knowplace.org/pages/howtos/split_view_with_bind_9_howto.php # # at the behest of # Dr. Joe Redacted (redacted1.edu) # Dr. Randall Redacted (redacted2.edu) === Without adequate details such as whether IP requests were limited to your allotted IP addresses and other config details this doesn't help. ssh port not on 22 === This is fundamentally irrelevant. This is a very visible server given it is a primary nameserver for you. A simple nmap as you showed above presents any potential hacker with the correct port for SSH given a targeted attack. distro's standard iptables save ssh port Perhaps here you made a security mistake and should have configured it differently - for example limiting connection attempts, set up fail2ban, limit inbound SSH from known IPs for management purposes from your corporate network, not had SSH publically visable, etc. Without more detail it is impossible to say what went wrong and how the system could be potentially secured. If you have a specific point of vulnerability you have encountered - whether a known CVE or not - I would urge you to open a bugzilla ticket with reproducible steps. If you got hacked through poor configuration and monitoring then it's your own fault quite frankly and perhaps for something you see as such a key service you should hire a proper admin and pay for a Redhat license so you have an SLA to full back
Re: [CentOS] CentOS 5.5 Java Process Death
On 18/02/11 20:49, Michael Gliwinski wrote: Try adding 'nohup' before 'java'. Closing SSH session closes the shell which sends HUP to its children. I religiously use 'screen' when logging in remotely to do any work. Not only has saved me from interrupted work the connection breaks, but it is also saves me from having to remember to use 'nohup' before starting any Jobs! Ciao, Ak. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openoffice command line printing
On Fri, Feb 18, 2011, Gregory P. Ennis wrote: On 18/02/2011, at 2:29 PM, Gregory P. Ennis wrote: Everyone, I am trying to print some *.doc files from the command line with openoffice on centos 5.5 with using cups as the print server. I can open the file from the command line with open office and then print it manually from the gui, but when I open the file and print from command line I am not getting anything. The commands that I have used are the following : /usr/bin/openoffice.org -pt lpt4 /mnt/lp/document.doc -terminate_after_init This works for me on LibreOffice on my Mac (also uses Cups) LibreOffice 3.3 330m12(Build:1) /path/to/soffice -headless -pt PRINTER_NAME doco.doc Note though that if you wanted to do this outside of X11, it might fail... I tried this using NeoOffice on my Macbook Pro which doesn't use X11, but I expect that it would fail on Linux without X11 as it presents the normal print dialog box to select the printer even though it's set on the command line. Answering the question below, I ran this in background, terminating the command with , which left NeoOffice running, but gave me the command line back so I could continue. This is not entirely a Bad Thing(tm) as it avoids the startup time when printing multiple documents. On the other hand, having NeoOffice present the print dialog box for every file is less than optimal, but it looks like that's a NeoOffice thing. I tried the same command with the path to the most recent OpenOffice.org soffice which didn't present the dialog box, and terminated after the print job was complete. Trying this on a CentOS 5 box here it works fine running the job in background where it is ready to run subsequent print jobs. This does not present the print dialog box either. I ran this test in an xterm via ssh with X11 forwarding from my Macbook Pro. Another test using 'xterm -e ssh -x' to disable X11 forwarding failed on startup saying it can't open DISPLAY. Running the command with 'ssh -Y user@system /path/to/soffice ...'' did work nicely, and did not leave soffice running on completion. -- Cameron, Thanks for your suggestion On my system that command results in printing the document on the desired printer, but does not return back to the shell prompt. If I add -terminate_after_init so that the command line is : openoffice.org -headless -pt lpt3 document.doc -terminate_after_init The above command returns back to the prompt but the document is not printed. Any other ideas would be appreciated!!! Greg ___ -- Bill Bill, Thanks for taking the time to confirm my findings and giving me that link lots of good information. I had hoped this was a simple problem and my syntax was faulty, but am in agreement with you about taking this to oo forums. I did make some progress with the use of macros from the command line to print a file, but X11 is required, and so far I have not been able to have it function from a background script. Thanks again Bill, Greg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BInd Problem or Update SSL ?
On Fri, Feb 18, 2011 at 7:39 PM, James Hogarth james.hoga...@gmail.com wrote: With 20/20 hindsight, it is clear that I shouldn't have posted the original post asking the list for help and hopefully informing other potential targets of the risk (read: there were no responses to the original post, therefore it was posted to the wrong audience). Err... this isn't the whole story/truth. As a result of this isn't whole story/truth, I searched GMail and Thunderbird and here's what I found: 1) GMail says I sent a message To: centos@centos.org Sun, 23 Jan 2011 20:03:22 -0600 Subject: sources of bind-9.7.2-P3 rpms for Centos 4.8 and 5.5? Message-ID: AANLkTimmNnEs-=otzp29j3vhgfgvc9pc4eeojcfoc...@mail.gmail.com 2) GMail says there was neither a bounce nor a echo post from the mailing list 3) Thunderbird agrees with Gmail re #2 4) New to me (see #7, but more likely as a result of the stress of the situation of wondering what other big URLs were pointing at leaf nodes) is a log entry indicating I got a request for a confirmation from centos-request Jan 23 and Jan 26 and a welcome Jan 26 5) It is possible that I may have unsubscribed from centos but apparently not from centos-devel 6) If I was unsubscribed, it was definitely posted to the wrong list 7) One nice thing about Alzheimers is that you meet so many new people each day and they act like they've known you all your life :) 8) apologies to the CentOS Community and CentOS Team are due and issued. This has been revealing; I used to think that with 9 stents and a pacemaker, I could be a stand in on the 6 (read: 1) Million Dollar Man TV show if it ever went into reruns :) Through this experience, starting with a hacked or poisoned name server, or, quite frankly, the perception of one, I have learned what people really see. best regards/ldv/va...@texoma.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BInd Problem or Update SSL ?
On Fri, Feb 18, 2011 at 7:39 PM, James Hogarth james.hoga...@gmail.com wrote: Joe, Randy and James are my mentors of 15, 5 and 5 years, respectively, and all said the same thing, namely nuke and repave, be sure to be current on BIND since it is a purpose-built box (ns1). Perhaps is it a difference in language and what you mean by mentor and where I would mean old colleague/peer who I have discussed this with. Wikipedia says This is the source of the modern use of the word mentor: a trusted friend, counselor or teacher, usually a more experienced person. I am not their peer; they are my mentors. They have been invaluable over the 25 combined years of mentorship to this rural ISP. Remember that the version number you see on BIND is not always the equivalent of upstream due to backports. You should check the relevant RHEL errata, the package %changelog and CVE to get a better understanding of what exploits are known and what has been patched. Johnny has remarked on the importance of trust. My trust in RedHat went down when I learned they are not shipping all the SRPMs. Some say it is due to human error. If that is the case, why should I think they are better at backporting security fixes than at making sure a manifest of SRPMs is complete and correct? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ACHTUNG: wrt CentALT repo
On Thu, Feb 17, 2011 at 3:00 PM, Johnny Hughes joh...@centos.org wrote: Just for the record ... we (the CentOS Project) do not recommend this site. They are using our name without permission. Attribution goes to EliteMoly: CentALT repository not ready for mirroring, rpms not signed. EPEL is must have to be enabled for CentALT packages to work. CentALT packages relies on EPEL. Repacking all dependencies is bad idea. This work is already done in EPEL. 2011-02-18, 10:41 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
