[CentOS-docs] Proposed change to FAQ/CentOS6 add netinstall info
I'm a newb CentOS user and was struggling to find the netinstall info. An external site pointed me to the correct URL to enter, but it was difficult to find on the CentOS site. I manged to find centos 5 specific info that did the job (on the centos5 page ofcourse). The change I would like to add is below: What is the URL when I try to do a network install? If you desire to do a remote HTTP or FTP install from the Internet using the LiveCD or the netinstall.iso, you can pick a mirror that is close to you from these public mirrors: http://www.centos.org/modules/tinycontent/index.php?id=13 You can then find the path on that mirror to the 6/os/arch/ directory and use the paths for install where arch is the desired architecture (i386 or x86_64 for example). If you want to choose the mirror provided by Linux Kernel Archives, in the above page click on the HTTP link for that mirror, then click 6 - i386 - os ... the full path for this mirror would be: http://mirrors.kernel.org/centos/6/os/i386/http://mirrors.kernel.org/centos/5/os/i386/ In the URL installation, use these paths based on the above mirror: Server: http://mirrors.kernel.org/centos/6/os/i386 Other install locations are available by selecting a mirror close to you. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-announce] CESA-2011:1187 Moderate CentOS 4 i386 dovecot - security update
CentOS Errata and Security Advisory CESA-2011:1187 dovecot security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2011-1187.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/dovecot-0.99.11-10.EL4.i386.rpm source: updates/SRPMS/dovecot-0.99.11-10.EL4.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update dovecot Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpUX1PDjwlDZ.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2011:1185 CentOS 4 x86_64 lvm2 bug fix update
CentOS Errata and Bugfix Advisory CEBA-2011:1185 lvm2 bugfix update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHBA-2011-1185.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/lvm2-2.02.42-11.el4.x86_64.rpm source: updates/SRPMS/lvm2-2.02.42-11.el4.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update lvm2 Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpvY0gvcC5yU.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On Sat, 20 Aug 2011, Barry Brimer wrote: To: CentOS mailing list centos@centos.org From: Barry Brimer li...@brimer.org Subject: Re: [CentOS] Apache Changing IPtables C 5.6 via Apache When a web site is attacked, so far by unsuccessful hackers, my error routine adds the attackers IP address, prefixed by 'deny', to that web site's .htaccess file. It works and the attacker, on second and subsequent attacks, gets a 403 error response. Have you looked at mod_evasive? http://www.zdziarski.com/blog/?page_id=442 There is also another application that reads the Apache log file, and then IIRC writes IPTables rules to deal with these sort of attacks. It was written for a university thesis several years ago, but I just do not remember the name of that particular guy or the project. Kind Regards, Keith Roberts - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On Sat, 2011-08-20 at 22:43 -0500, Barry Brimer wrote: When a web site is attacked, so far by unsuccessful hackers, my error routine adds the attackers IP address, prefixed by 'deny', to that web site's .htaccess file. It works and the attacker, on second and subsequent attacks, gets a 403 error response. Have you looked at mod_evasive? http://www.zdziarski.com/blog/?page_id=442 Thank you for the suggestion. I have just looked at it and see:- * Requesting the same page more than a few times per second * Making more than 50 concurrent requests on the same child per second * Making any requests while temporarily blacklisted ... My requirement, based on observations, is to instantly cut-off the IP's access as soon a wrong URL is entered. When a web page error occurs it is handled by a PHP routine. Two sets of checks show whether it was an 'innocent' mistake or a known hacking attempt. Currently known hacking attempts are blocked at the web site's .htaccess file. mod_evasive lacks the ability to compare the erroneous page request and then take action. Clive's helpful /etc/sudoers suggestion overnight seems ideal because (if it works for my routine) it will let me block an IP address at iptables and limit that blocking to a port. My check list has a 104 'words' which cause an IP address to be blocked. When my revised system is working satisfactorily with whole server blocking I will publish the details on the web. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On Sun, 2011-08-21 at 08:26 +0100, Keith Roberts wrote: There is also another application that reads the Apache log file, and then IIRC writes IPTables rules to deal with these sort of attacks. It was written for a university thesis several years ago, but I just do not remember the name of that particular guy or the project. That is probably too slow for me. My present system is immediate and effective usually within the same second. I just want to expand site .htaccess blocking to iptables whole server blocking and will, when I have a spare minute, implement Clive's /etc/sudoers suggestion. - With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On Sun, 2011-08-21 at 02:50 +0200, Patrick Lists wrote: On 08/21/2011 01:09 AM, Always Learning wrote: When a web site is attacked, so far by unsuccessful hackers, my error routine adds the attackers IP address, prefixed by 'deny', to that web site's .htaccess file. It works and the attacker, on second and subsequent attacks, gets a 403 error response. I want to extend the exclusion ability to every web site hosted on a server. My preferred method is iptables. However, when breaking-out of a PHP script on a web page and running a normal iptables command, for example: iptables -A 3temp -s 1.2.3.4 -j DROP iptables responds with: iptables v1.3.5: can't initialize iptables table `filter': Permission denied (you must be root) Executing 'whoami' confirms Apache is the user. Giving Apache group rw on the /etc/sysconfig/iptables and ensuring the /sbin/iptables is executable by all, fails to resolve the problem. Is there any method of running iptables from an Apache originated process ? Maybe SELinux blocks Apache from writing to /etc/sysconfig/iptables? Have you looked at fail2ban and denyhosts? These apps seem to offer a similar solution. fail2ban and denyhosts center on failed logins - I don't think this is what he is dealing with. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On Sun, 2011-08-21 at 02:00 +0100, Always Learning wrote: On Sun, 2011-08-21 at 02:50 +0200, Patrick Lists wrote: Maybe SELinux blocks Apache from writing to /etc/sysconfig/iptables? Have you looked at ? These apps seem to offer a similar solution. I'm not using SELinux at the moment simply because I don't have the time to understand it. I'm a self-taught Linuxist. I believe it uses the 'labels' inherent with every file description block. With Craig's SU suggestion, I believe my attack detection system will successfully block the attacker's IP address on a server and for a selected ports only. I will look at fail2ban and denyhosts and see how they can help. I'm going to present another view of what I think is a larger picture. What you seem to want to do is to block host access (TCP possibly UDP) based upon certain GET/POST activities on your web server. Thus you are attempting to create a curtain based upon things that have already failed and eventually you will get a huge IPTABLES filter that will slow up all traffic while parsing the rules. I would suspect that this would also be the same system that is also the web server - thus you will slow down the very system you want to be fast. The entire predicate is reactive. You would also need to have a system to expire those rules after a period of time. It's all a waste of energy focused on giving you satisfaction that you are at least doing something to block script kiddies. You should spend the time protecting the server with good system administration... SELinux, which you state 'you are not using at the moment' is a prime example. You should ensure that known attack vectors (first place to look is the very common php programs like phpmyadmin) are either not in use or at least always kept up to date and secured via access controls. The security issues you should be worrying about are not the things that are getting logged - that's just a record of things that already didn't work. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On Sun, Aug 21, 2011 at 05:46:18AM -0700, Craig White wrote: What you seem to want to do is to block host access (TCP possibly UDP) based upon certain GET/POST activities on your web server. Thus you are attempting to create a curtain based upon things that have already failed and eventually you will get a huge IPTABLES filter that will slow up all traffic while parsing the rules. I would suspect that this would fail2ban handles rule expiration; firewall rules can be configured as the admin sees fit for the offending action. In fact each trigger can have a configurable lifetime. fail2ban also ships with working apache triggers, for example there is one that triggers off of failed auth attempts; these can be modified to fit the OP's needs with minimal work. You should spend the time protecting the server with good system administration... SELinux, which you state 'you are not using at the moment' is a prime example. There is little excuse in not having selinux enabled. Every hacked box we've seen in #centos for the past few years has had selinux disabled; not one that I've seen reported had it enabled. The security issues you should be worrying about are not the things that are getting logged - that's just a record of things that already didn't work. True, but blocking automated 5cr1p7-k1dd135 probes will reduce log volume and potentially protect you from probes further down the scan chain that haven't hit yet that you may be vulnerable to. John -- We cannot do everything at once, but we can do something at once. -- Calvin Coolidge (1872-1933), 30th president of the United States pgp5G8xs8ejz6.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On Sunday, August 21, 2011 08:46 PM, Craig White wrote: On Sun, 2011-08-21 at 02:00 +0100, Always Learning wrote: On Sun, 2011-08-21 at 02:50 +0200, Patrick Lists wrote: Maybe SELinux blocks Apache from writing to /etc/sysconfig/iptables? Have you looked at ? These apps seem to offer a similar solution. I'm not using SELinux at the moment simply because I don't have the time to understand it. I'm a self-taught Linuxist. I believe it uses the 'labels' inherent with every file description block. With Craig's SU suggestion, I believe my attack detection system will successfully block the attacker's IP address on a server and for a selected ports only. I will look at fail2ban and denyhosts and see how they can help. I'm going to present another view of what I think is a larger picture. What you seem to want to do is to block host access (TCP possibly UDP) based upon certain GET/POST activities on your web server. Thus you are attempting to create a curtain based upon things that have already failed and eventually you will get a huge IPTABLES filter that will slow up all traffic while parsing the rules. I would suspect that this would also be the same system that is also the web server - thus you will slow down the very system you want to be fast. The entire predicate is reactive. You would also need to have a system to expire those rules after a period of time. It's all a waste of energy focused on giving you satisfaction that you are at least doing something to block script kiddies. is ipset stable yet? Maybe he is better off with two redundant OpenBSD boxes using pf to protect his boxes and his apache instances scripting them bsd boxen firewall rules. /me loses the 'simple and works' challenge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On Sun, 2011-08-21 at 05:46 -0700, Craig White wrote: I'm going to present another view of what I think is a larger picture. What you seem to want to do is to block host access (TCP possibly UDP) based upon certain GET/POST activities on your web server. Yes, in this instance the annoying attacks of 200 attempts to break-in via phpmyadmin for example or the stupid pratts suffixing a correct web page name with things like ...login and ... forgotten_password ... and execute and ...sql... etc. I don't want that crap. Thus you are attempting to create a curtain based upon things that have already failed and eventually you will get a huge IPTABLES filter that will slow up all traffic while parsing the rules. Yes create a curtain but wrong about 'huge'. Attempts are done via compromised IP addresses around the world by the same person or a group of like-minded people. It is my intention to delete the contents of the temporary iptables table often to prevent it becoming a liability. I could probably achieve this by having two temporary tables (for blocked IP addresses) and after a week or two delete the contents of one table and than at another interval delete the contents of the second table. This would provide a useful overlap and ensure an IP blocked today is not 'freed' tomorrow when a temporary table's contents are deleted. Persistent offenders would have their IP address or their IP block, if a data centre, permanently stored in another table (3web). I would suspect that this would also be the same system that is also the web server - thus you will slow down the very system you want to be fast. The entire predicate is reactive. You would also need to have a system to expire those rules after a period of time. I can do a cron at a regular interval to flush the first temporary table and a second cron job to flush the second temporary table. So not too much effort involved. It's all a waste of energy focused on giving you satisfaction that you are at least doing something to block script kiddies. It is a good programming and learning Linux exercise. I gain personally from doing it. The ultimate objective is a smooth running system although I am certain there will be other issues arising. You should spend the time protecting the server with good system administration... SELinux, which you state 'you are not using at the moment' is a prime example. Yes you are correct. May have a look at it in a week or two. In the past SELinux seems to stop things running which is not what I want. You should ensure that known attack vectors (first place to look is the very common php programs like phpmyadmin) are either not in use or at least always kept up to date and secured via access controls. PHPmyAdmin is definitely not available to the public. Absolutely not. That was one of my very first priorities. I do not follow the /var/www convention for locating public web pages. Every hosted web site is a virtual site and entrance through the front door (the server's IP addresses) is blocked and monitored. The security issues you should be worrying about are not the things that are getting logged - that's just a record of things that already didn't work. I have introduced additional logging on things that work as well as do not work. It is the things I am unaware of that present a danger. That is why I try to block everything and specifically permit authorised things through the firewall. Obviously I am still learning and SELinux needs some experimentation after I discover exactly how it works and the logic behind it and the Linux 'labelling'. Your /etc/sudoers is uppermost in my thoughts. Thank you. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On Sun, Aug 21, 2011 at 03:07:51PM +0100, Always Learning wrote:
I could probably achieve this by having two temporary tables (for
blocked IP addresses) and after a week or two delete the contents of one
table and than at another interval delete the contents of the second
table. This would provide a useful overlap and ensure an IP blocked
today is not 'freed' tomorrow when a temporary table's contents are
deleted.
What I do (for SMTP) is nightly check the rules for those that don't
have any packets associated with them, delete those, then reset the
count on the remainder. This means that entries stay in the firewall
while they're still making attempts, but get removed a day after they've
stopped.
Code extracts:
getlist()
{
/sbin/iptables --line-numbers -L INPUT -v$n $1 | awk '/dpt:25|dpt:smtp/
{printf(Rule=%d Count=%d source=%s\n, $1,$2,$9)}'
}
lst=$(getlist | /usr/bin/tac | sed -n 's/^Rule=\(.* Count=0\)/\1/p')
if [ -n $lst ]
then
echo $lst | while read rule details
do
/sbin/iptables -D INPUT $rule
echo Clearing Rule=$rule $details
done
else
echo No Rules to clear
fi
getlist -Z
--
rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 78, Issue 4
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2011:1187 Moderate CentOS 4 i386 dovecot - security update (Tru Huynh) 2. CESA-2011:1187 Moderate CentOS 4 x86_64 dovecot - security update (Tru Huynh) 3. CEBA-2011:1185 CentOS 4 i386 lvm2 bug fix update (Tru Huynh) 4. CEBA-2011:1185 CentOS 4 x86_64 lvm2 bug fix update (Tru Huynh) -- Message: 1 Date: Fri, 19 Aug 2011 14:26:31 +0200 From: Tru Huynh t...@centos.org Subject: [CentOS-announce] CESA-2011:1187 Moderate CentOS 4 i386 dovecot - security update To: centos-annou...@centos.org Message-ID: 20110819122631.ga18...@sillage.bis.pasteur.fr Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2011:1187 dovecot security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2011-1187.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/dovecot-0.99.11-10.EL4.i386.rpm source: updates/SRPMS/dovecot-0.99.11-10.EL4.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update dovecot Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20110819/ee9a3b90/attachment-0001.bin -- Message: 2 Date: Fri, 19 Aug 2011 14:27:00 +0200 From: Tru Huynh t...@centos.org Subject: [CentOS-announce] CESA-2011:1187 Moderate CentOS 4 x86_64 dovecot - security update To: centos-annou...@centos.org Message-ID: 20110819122700.gb18...@sillage.bis.pasteur.fr Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2011:1187 dovecot security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2011-1187.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/dovecot-0.99.11-10.EL4.x86_64.rpm source: updates/SRPMS/dovecot-0.99.11-10.EL4.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update dovecot Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20110819/2ee2d084/attachment-0001.bin -- Message: 3 Date: Fri, 19 Aug 2011 14:28:17 +0200 From: Tru Huynh t...@centos.org Subject: [CentOS-announce] CEBA-2011:1185 CentOS 4 i386 lvm2 bug fix update To: centos-annou...@centos.org Message-ID: 20110819122817.gc18...@sillage.bis.pasteur.fr Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory CEBA-2011:1185 lvm2 bugfix update for CentOS 4 i386: https://rhn.redhat.com/errata/RHBA-2011-1185.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/lvm2-2.02.42-11.el4.i386.rpm source: updates/SRPMS/lvm2-2.02.42-11.el4.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update lvm2 Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20110819/0f49b2a9/attachment-0001.bin -- Message: 4 Date: Fri, 19 Aug 2011 14:28:49 +0200 From: Tru Huynh t...@centos.org Subject: [CentOS-announce] CEBA-2011:1185 CentOS 4 x86_64 lvm2 bug fix update To: centos-annou...@centos.org Message-ID: 20110819122849.gd18...@sillage.bis.pasteur.fr Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory CEBA-2011:1185 lvm2 bugfix update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHBA-2011-1185.html The following updated file has been uploaded and is
[CentOS] Centos6 - Logwatch not mailing on 64bit
Folks Logwatch is doing its thing properly on my 32-bit servers, delivering the report by mail to my root account once a day sometime around 3:30am. On the 64-bit systems, no mail is occurring. From the cron log on a 64-bit system, there are lines like: cron-20110821:Aug 21 03:36:23 XXX run-parts(/etc/cron.daily)[9727]: finished 0logwatch (where XXX stands for the server name) but no report is sent. If I run logtwatch manually, by simply typing logwatch as root, I get the mail. Is this a known issue? Is there some information I could supply that would help identify the reason? To the best of my knowledge, I made no changes to the logwatch configuration. Thanks David Kurn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos6 - Logwatch not mailing on 64bit
Well, can we verify whether the sent mail generated in the /var/log/mail.log? Also, (assuming that you are running Postfix), I assume that the configuration are identical on both 32-bit and 64-bit systems, right? On Aug 21, 2011, at 3:23 PM, david wrote: Folks Logwatch is doing its thing properly on my 32-bit servers, delivering the report by mail to my root account once a day sometime around 3:30am. On the 64-bit systems, no mail is occurring. From the cron log on a 64-bit system, there are lines like: cron-20110821:Aug 21 03:36:23 XXX run-parts(/etc/cron.daily)[9727]: finished 0logwatch (where XXX stands for the server name) but no report is sent. If I run logtwatch manually, by simply typing logwatch as root, I get the mail. Is this a known issue? Is there some information I could supply that would help identify the reason? To the best of my knowledge, I made no changes to the logwatch configuration. Thanks David Kurn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] help with gpg
Under Centos 5 I ran this command: gpg --passphrase-file /home/myuser/pass_phrase.txt -c ../Versions/program.x86_64.tgz and this worked fine. On CentOS 6 running the same command prompts me for the passphrase. Thats exactly what I dont want to have happen. I have the pass phrase I want in the file. After some searching it says I need to start the daemon like gpg-agent --daemon take the output: GPG_AGENT_INFO=/tmp/gpg-x4WH7K/S.gpg-agent:19156:1; export GPG_AGENT_INFO; and use it - which I did. Then when I run my command above I still get prompted for the pass phrase. What am I not doing correct? I just want a simple phrase on a file that someone has to know before they can extract it. Nothing special going on Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Multipath w/ iscsi
I have several CentOS 6 boxes that mount iscsi based luns and use mpath. They all had problems shutting down as a result of unused maps not getting flushed as the system halted. After examining the init scripts, netfs, iscsi and multipathd all had the correct order but mpath failed to flush these maps and the system waited indefinitely. In the meantime I hacked this by adding a `/sbin/multipath -F` at the end of the stop clause in the init script. I seriously doubt this problems exists w/o being the result of my error in configuration. Anyone know what the required mpath config might be in this scenario where the block devices all disappear once netfs unmounts and iscsi stops? Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos6 - Logwatch not mailing on 64bit
At 12:32 PM 8/21/2011, you wrote: Well, can we verify whether the sent mail generated in the /var/log/mail.log? Also, (assuming that you are running Postfix), I assume that the configuration are identical on both 32-bit and 64-bit systems, right? On Aug 21, 2011, at 3:23 PM, david wrote: Folks Logwatch is doing its thing properly on my 32-bit servers, delivering the report by mail to my root account once a day sometime around 3:30am. On the 64-bit systems, no mail is occurring. From the cron log on a 64-bit system, there are lines like: cron-20110821:Aug 21 03:36:23 XXX run-parts(/etc/cron.daily)[9727]: finished 0logwatch (where XXX stands for the server name) but no report is sent. If I run logtwatch manually, by simply typing logwatch as root, I get the mail. Is this a known issue? Is there some information I could supply that would help identify the reason? To the best of my knowledge, I made no changes to the logwatch configuration. Thanks David Kurn Rilindo: I performed as root cd /var/log grep -ri logw * and only the cron- messages showed up. I am using Sendmail and dovecot, and the sendmail is configured to relay all mail to my (local) mail server as a smart relay [converting to posting responses at the bottom] David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] help with gpg
On Sun, 21 Aug 2011, Jerry Geis wrote: Under Centos 5 I ran this command: gpg --passphrase-file /home/myuser/pass_phrase.txt -c ../Versions/program.x86_64.tgz and this worked fine. On CentOS 6 running the same command prompts me for the passphrase. Thats exactly what I dont want to have happen. I have the pass phrase I want in the file. After some searching it says I need to start the daemon like gpg-agent --daemon take the output: GPG_AGENT_INFO=/tmp/gpg-x4WH7K/S.gpg-agent:19156:1; export GPG_AGENT_INFO; and use it - which I did. Then when I run my command above I still get prompted for the pass phrase. What am I not doing correct? I just want a simple phrase on a file that someone has to know before they can extract it. Nothing special going on Thanks, Jerry From the man page: ...Note that this passphrase is only used if the option --batch has also been given. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] help with gpg
/ From the man page: / ...Note that this passphrase is only used if the option --batch has also been given. Mike, Thanks - that does work. I was thinking too hard and thought it was something with the gpg-agent. Thanks Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On 08/21/2011 02:34 PM, Craig White wrote: Maybe SELinux blocks Apache from writing to /etc/sysconfig/iptables? Have you looked at fail2ban and denyhosts? These apps seem to offer a similar solution. fail2ban and denyhosts center on failed logins - I don't think this is what he is dealing with. Afaik both are configurable for what you want them to listen for and how you want them to react to. Agree that their popular use is for listening for failed logins and then blocking the originating IP address. But with a little regex creativity, perhaps Paul could use them for his purpose. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Multipath w/ iscsi
Am 21.08.2011 21:49, schrieb Joseph L. Casale: I have several CentOS 6 boxes that mount iscsi based luns and use mpath. They all had problems shutting down as a result of unused maps not getting flushed as the system halted. After examining the init scripts, netfs, iscsi and multipathd all had the correct order but mpath failed to flush these maps and the system waited indefinitely. That sounds as if the paths (SCSI block devices) where removed before multipath had a chance to flush its map(s). In the meantime I hacked this by adding a `/sbin/multipath -F` at the end of the stop clause in the init script. I seriously doubt this problems exists w/o being the result of my error in configuration. Anyone know what the required mpath config might be in this scenario where the block devices all disappear once netfs unmounts and iscsi stops? You are sure about the order of the service stops? If you stop iscsi and remove the devices before multipath flushes the maps, you will end up in the situation described. 1) umount 2) vgchange -an if LVM is used on LUNs 3) flush multipaths 4) stop iscsi Thanks! jlc Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos6 - Logwatch not mailing on 64bit (withdrawn)
At 12:32 PM 8/21/2011, you wrote: Well, can we verify whether the sent mail generated in the /var/log/mail.log? Also, (assuming that you are running Postfix), I assume that the configuration are identical on both 32-bit and 64-bit systems, right? On Aug 21, 2011, at 3:23 PM, david wrote: Folks Logwatch is doing its thing properly on my 32-bit servers, delivering the report by mail to my root account once a day sometime around 3:30am. On the 64-bit systems, no mail is occurring. From the cron log on a 64-bit system, there are lines like: cron-20110821:Aug 21 03:36:23 XXX run-parts(/etc/cron.daily)[9727]: finished 0logwatch (where XXX stands for the server name) but no report is sent. If I run logtwatch manually, by simply typing logwatch as root, I get the mail. Is this a known issue? Is there some information I could supply that would help identify the reason? To the best of my knowledge, I made no changes to the logwatch configuration. Thanks David Kurn I apologize to the group; my observations were wrong and LOGWATCH seems to be performing exactly as expected. I was misinterpreting the mail data. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos6 - Logwatch not mailing on 64bit
On Aug 21, 2011, at 3:56 PM, David wrote: At 12:32 PM 8/21/2011, you wrote: Well, can we verify whether the sent mail generated in the /var/log/mail.log? Also, (assuming that you are running Postfix), I assume that the configuration are identical on both 32-bit and 64-bit systems, right? On Aug 21, 2011, at 3:23 PM, david wrote: Folks Logwatch is doing its thing properly on my 32-bit servers, delivering the report by mail to my root account once a day sometime around 3:30am. On the 64-bit systems, no mail is occurring. From the cron log on a 64-bit system, there are lines like: cron-20110821:Aug 21 03:36:23 XXX run-parts(/etc/cron.daily)[9727]: finished 0logwatch (where XXX stands for the server name) but no report is sent. If I run logtwatch manually, by simply typing logwatch as root, I get the mail. Is this a known issue? Is there some information I could supply that would help identify the reason? To the best of my knowledge, I made no changes to the logwatch configuration. Thanks David Kurn Rilindo: I performed as root cd /var/log grep -ri logw * and only the cron- messages showed up. I am using Sendmail and dovecot, and the sendmail is configured to relay all mail to my (local) mail server as a smart relay [converting to posting responses at the bottom] David It sounds like it is set not to send email. If you haven't make any changes, it would be weird, since it defaults to send email, but you may want to verify this file: /usr/share/logwatch/default.conf/logwatch.conf And see if this part of the file is commented out or at least set to yes: # By default the cron daemon generates daily logwatch report # if you want to switch it off uncomment DailyReport tag. # The implicit value is Yes # # DailyReport = No ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] .XXX Domain Name / Trade Mark Protection
A new .xxx domain suffix for sexual content is becoming available. If you have a cherished Trade Mark or brand name and do not want relish having your_domain_name.xxx being available to Cyber Squatters or the 'porn trade' you can block the issuing of that .xxx domain name for a single payment of USD $200 - $300. The blocking application period is from 7 September 2011 until 28 October 2011. The details of where to apply were not disclosed. .xxx will cost about USD $75 yearly. Source: Law Now mailing list CMS Cameron McKenna, London, England 19 August 2011. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .XXX Domain Name / Trade Mark Protection
Am 21.08.2011 23:11, schrieb Always Learning: A new .xxx domain suffix for sexual content is becoming available. Keep that elsewhere! Do not spam this list with non CentOS topics. Thanks. Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .XXX Domain Name / Trade Mark Protection
On Sun, 2011-08-21 at 23:15 +0200, Alexander Dalloz wrote: Keep that elsewhere! Do not spam this list with non CentOS topics. Thanks. Some on here may will to protect their domain names. www.centos.xxx for example Best wishes, Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .XXX Domain Name / Trade Mark Protection
On Sun, Aug 21, 2011 at 10:11:24PM +0100, Always Learning wrote: A new .xxx domain suffix for sexual content is becoming available. This has been available for a long time. The important question is why in the world would you spam this list with yet more off-topic garbage? The signal to noise ratio has gone to the dogs over the past 9 months and what used to be a good and viable source for technical information is now a morass of noise more often than not - please don't add to it. John -- There is nothing more agreeable in life than to make peace with the Establishment -- and nothing more corrupting. -- Alan John Percivale (AJP) Taylor (1906-1990), British historian of the 20th Century, William Cobbett, New Statesman (London, 1953) pgpxdxL1LVmUC.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] help with gpg
On Sun, 21 Aug 2011, Jerry Geis wrote: / From the man page: / ...Note that this passphrase is only used if the option --batch has also been given. Mike, Thanks - that does work. I was thinking too hard and thought it was something with the gpg-agent. Thanks Jerry I'm certainly no gpg expert but I had a similar issue that was *finally* solved by using --batch. I also meant to mention from what I can tell in CentOS6 gpg is really gpg2. Notice that /usr/bin/gpg is really /usr/bin/gpg - gpg2. I mention this because in various places as I searched I noticed phrases like This is different from gpg. What? Now I understand, I'm now using gpg2 and never knew it... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .XXX Domain Name / Trade Mark Protection
On 08/21/2011 11:30 PM, John R. Dennison wrote: On Sun, Aug 21, 2011 at 10:11:24PM +0100, Always Learning wrote: A new .xxx domain suffix for sexual content is becoming available. This has been available for a long time. The important question is why in the world would you spam this list with yet more off-topic garbage? The signal to noise ratio has gone to the dogs over the past 9 months and what used to be a good and viable source for technical information is now a morass of noise more often than not - please don't add to it. More importantly the address he posted is a law firm and as such cannot really make any sort of guarantees. At best this is false advertising and at worst it's an outright scam. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .XXX Domain Name / Trade Mark Protection
On Mon, 2011-08-22 at 00:48 +0200, Dennis Jacobfeuerborn wrote: More importantly the address he posted is a law firm and as such cannot really make any sort of guarantees. At best this is false advertising and at worst it's an outright scam. I have subscribed to several English law mailing lists for several years to gain an insight in law changes and case law decisions. Case law in English legal terms means court interpretations and hence decisions which effectively modify the law (in England that is statues and statutory instruments also known as primary and secondary legislation). I saw this item and thought it might possibly interest readers because of its international scope and computer connection. Because the law firm holds the copyright on reproduction I summarised the content and cited the source, as is common in legal matters. Please note I omitted the contact details for the firm. Please also note I have no commercial interests in the firm. Please additionally note I thought, mistakenly it appears, I was being helpful and have taken notice of the objections. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Multipath w/ iscsi
3) flush multipaths 4) stop iscsi I guess that's the point, it seems the init script does not flush them out so the module and any dependent dm mods stay active. jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .XXX Domain Name / Trade Mark Protection
Please additionally note I thought, mistakenly it appears, I was being helpful and have taken notice of the objections. Please note, this is a mailing list for people to get help with CentOS. Nothing else. Most people here are old enough to figure out how to get their own news. -- Spiro Harvey Knossos Networks Ltd (04) 460-2531 : (021) 295-1923 www.knossos.net.nz signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .XXX Domain Name / Trade Mark Protection
On Mon, 2011-08-22 at 14:54 +1200, Spiro Harvey wrote: Please additionally note I thought, mistakenly it appears, I was being helpful and have taken notice of the objections. Please note, this is a mailing list for people to get help with CentOS. Nothing else. I reiterate for your personal convenience Please additionally note I thought, mistakenly it appears, I was being helpful and have taken notice of the objections. Most people here are old enough to figure out how to get their own news. Some are wise enough not to prolong a now boring thread. Have a nice day. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .XXX Domain Name / Trade Mark Protection
On Mon, Aug 22, 2011 at 04:01:23AM +0100, Always Learning wrote: Some are wise enough not to prolong a now boring thread. And even more are mature enough not to have to get defensive and try to get the last word in on every thread they are part of. In my opinion you could learn something from such people. John -- Much of what looks like rudeness in hacker circles is not intended to give offense. Rather, it's the product of the direct, cut-through-the-bullshit communications style that is natural to people who are more concerned about solving problems than making others feel warm and fuzzy. http://www.tuxedo.org/~esr/faqs/smart-questions.html pgpAKfQ9PUFmf.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .XXX Domain Name / Trade Mark Protection
On Sun, 2011-08-21 at 22:05 -0500, John R. Dennison wrote: And even more are mature enough not to have to get defensive and try to get the last word in on every thread they are part of. In my opinion you could learn something from such people. I was merely replying to the gentleman's concern. Some words pop into my mind and this is my last posting on this increasingly tedious thread ... I hope others will desist. Much of what looks like rudeness in hacker circles is not intended to give offense. Rather, it's the product of the direct, cut-through-the-bullshit communications style that is natural to people who are more concerned about solving problems than making others feel warm and fuzzy. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
