[CentOS-virt] bridging to a bond in KVM
Hi all, Just wondering if any one has experienced problems with trying to bridge a bonded interface with your KVM guests? There may be some ARP issues as per this link; https://bugzilla.redhat.com/show_bug.cgi?id=584872 Thanks in advance, - aurf ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] bridging to a bond in KVM
On 5/9/2012 7:19 PM, aurfalien wrote: Hi all, Just wondering if any one has experienced problems with trying to bridge a bonded interface with your KVM guests? Avoid modes 0 and 6, 1 and 4 are the best two choices There may be some ARP issues as per this link; https://bugzilla.redhat.com/show_bug.cgi?id=584872 Thanks in advance, - aurf ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-es] Migracion de ambientes Red Hat a CentOS - temas legales
El 08/05/12, Saul Pedraza sarp...@gmail.com escribió: Buenas tardes, Estoy migrando mis sitemas Red Hat 5 a CentOS 5 correspondientemente, y he encontrado en la pagina de centos un procedimiento para realizar dicha migración de forma facil y rapida, ( http://wiki.centos.org/HowTos/MigrationGuide ), pero tengo algunas dudas al respecto y estas son de tipo legal. Red Hat realiza un cobro realmente por el uso de la marca, cuando se paga la suscripción del sistema ellos cobran el soporte si el año siguiente no quieres pagar el soporte, ellos te dicen que estas incurriendo en temas legales ya que estas utilizando la marce registrada RedHat, (nombres y logos etc) por lo cual te piden desinstalar el sistema, para evitar todo el tema juridico. He investigado al respecto y como ya todos sabemos centOS es creado desde las fuentes liberadas por Red Hat, cumpliendo con las politicas que esta compañia imparte para el uso de los fuentes liberados a la comunidad que contienen el nombre Red Hat que no pueden ser cambiados ya que se afectaria la funcionalidad del sistema. La duda que tengo es: Si al realizar el procedimiento propuesto por CentOS, que consiste en desinstalar los paquetes de logos, y release para luego instalar los de centOS, estaria incurriendo en temas legales? yo veo que este cambio es muy superficial, y no cumpliria con las politicas liberadas por el proveedor de los fuentes. Es software libre y RedHat entiende eso, por eso liberaron los fuentes, SI eliminas todo rastro de Redhat (logos, etc.), pues creo que no habría problema, pero al igual que otros yo también te recomiendo una instalación fresca (desde cero) alguien me podria confirmar esto? Muchas gracias por la ayuda. -- Armando. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Error al ejecutar el g_mdrun_openmpi
El día 8 de mayo de 2012 22:50, Luciano Andrés Chiarotto lachiaro...@gmail.com escribió: Hola a todos. Instale el repositorio que me recomendó Alexander para instalar Gromacs y gromacs-openmpi y ahora tengo problemas con las librerías cuando Ejecuto el comando --- # g_mdrun_openmpi y me muestra el siguiente error: g_mdrun_openmpi: error while loading shared libraries: libgmxpreprocess_openmpi.so.6: cannot open shared object file: No such file or directory Las librerías se encuentran en : - usr/lib64/openmpi/lib/libgmx_openmpi.so.6 - /usr/lib64/openmpi/lib/libgmx_openmpi_d.so.6 - /usr/lib64/openmpi/lib/libgmxpreprocess_openmpi.so.6 - /usr/lib64/openmpi/lib/libgmxpreprocess_openmpi_d.so.6 - /usr/lib64/openmpi/lib/libmd_openmpi.so.6 - /usr/lib64/openmpi/lib/libmd_openmpi_d.so.6 Las busque en el sistema y estan todas instaladas. Si alguna persona les paso lo mismo o algo parecido les voy agradecer por su respuestas. Por la WEB comentan algo sobre tu problema, en relacion a la variables de entorno LD_LIBRARY, espero te ayude. http://blogs.uct.ac.za/blog/big-bytes/2011/04/22/getting-gromacs Saludos a todos. Luciano ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Saludos, cheperobert ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] descarga de src.rpms
El día 8 de mayo de 2012 23:37, César CRUZ ARRUNATEGUI cc...@mail.ipd.gob.pe escribió: Hola a todos estoy tratando de ubicar un sitio de donde descargar algunos archivos src.rpm pero no doy con algun site para hacerlo. Pense que estarian en los mirror de centos o de algunos repositorios como DAG o EPEL pero no doy con ellos. Alguien me podrian indicar algun sitio de donde descargarlos?? agradesco desde ya cualquier info que me puedan brindar. Que tal aca: http://vault.centos.org/ Por ejemplo para CentOS 6.0 http://vault.centos.org/6.0/os/SRPMS/Packages/ Espero te sirva Gracias Cesar. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Saludos, cheperobert ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Error al ejecutar el g_mdrun_openmpi
Hola Roberto. Gracias por tu respuesta ahora voy a leer que solución tengo sobre este problema. Desde ya muchas gracias. Saludos Luciano El 9 de mayo de 2012 13:48, cheperobert jrobertoa...@gmail.com escribió: El día 8 de mayo de 2012 22:50, Luciano Andrés Chiarotto lachiaro...@gmail.com escribió: Hola a todos. Instale el repositorio que me recomendó Alexander para instalar Gromacs y gromacs-openmpi y ahora tengo problemas con las librerías cuando Ejecuto el comando --- # g_mdrun_openmpi y me muestra el siguiente error: g_mdrun_openmpi: error while loading shared libraries: libgmxpreprocess_openmpi.so.6: cannot open shared object file: No such file or directory Las librerías se encuentran en : - usr/lib64/openmpi/lib/libgmx_openmpi.so.6 - /usr/lib64/openmpi/lib/libgmx_openmpi_d.so.6 - /usr/lib64/openmpi/lib/libgmxpreprocess_openmpi.so.6 - /usr/lib64/openmpi/lib/libgmxpreprocess_openmpi_d.so.6 - /usr/lib64/openmpi/lib/libmd_openmpi.so.6 - /usr/lib64/openmpi/lib/libmd_openmpi_d.so.6 Las busque en el sistema y estan todas instaladas. Si alguna persona les paso lo mismo o algo parecido les voy agradecer por su respuestas. Por la WEB comentan algo sobre tu problema, en relacion a la variables de entorno LD_LIBRARY, espero te ayude. http://blogs.uct.ac.za/blog/big-bytes/2011/04/22/getting-gromacs Saludos a todos. Luciano ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Saludos, cheperobert ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Error al ejecutar el g_mdrun_openmpi
El día 9 de mayo de 2012 19:39, Luciano Andrés Chiarotto lachiaro...@gmail.com escribió: Hola Roberto. Gracias por tu respuesta ahora voy a leer que solución tengo sobre este problema. Desde ya muchas gracias. Saludos Luciano Pues eso comentan que hay que exportar esa libreria, otro enlace que tambien te puede dar referencias. http://www.gromacs.org/Documentation/Installation_Instructions/GPUs?highlight=LD_LIBRARY Espero ese sea el problema, saludos y nos comentas El 9 de mayo de 2012 13:48, cheperobert jrobertoa...@gmail.com escribió: El día 8 de mayo de 2012 22:50, Luciano Andrés Chiarotto lachiaro...@gmail.com escribió: Hola a todos. Instale el repositorio que me recomendó Alexander para instalar Gromacs y gromacs-openmpi y ahora tengo problemas con las librerías cuando Ejecuto el comando --- # g_mdrun_openmpi y me muestra el siguiente error: g_mdrun_openmpi: error while loading shared libraries: libgmxpreprocess_openmpi.so.6: cannot open shared object file: No such file or directory Las librerías se encuentran en : - usr/lib64/openmpi/lib/libgmx_openmpi.so.6 - /usr/lib64/openmpi/lib/libgmx_openmpi_d.so.6 - /usr/lib64/openmpi/lib/libgmxpreprocess_openmpi.so.6 - /usr/lib64/openmpi/lib/libgmxpreprocess_openmpi_d.so.6 - /usr/lib64/openmpi/lib/libmd_openmpi.so.6 - /usr/lib64/openmpi/lib/libmd_openmpi_d.so.6 Las busque en el sistema y estan todas instaladas. Si alguna persona les paso lo mismo o algo parecido les voy agradecer por su respuestas. Por la WEB comentan algo sobre tu problema, en relacion a la variables de entorno LD_LIBRARY, espero te ayude. http://blogs.uct.ac.za/blog/big-bytes/2011/04/22/getting-gromacs Saludos a todos. Luciano ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Saludos, cheperobert ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Saludos, cheperobert ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] OT Open Cobol
From: Scott Silva ssi...@sgvwater.com Just think how much money you could earn at Y3K!!! DUCKS ;) I wonder what are the plans for Y2038... Most of us will have retired by then I guess. JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - x11vnc auto probing to port 5903
On 06/05/2012 16:20, aurfalien wrote: Hi all, I was at one time able to get x11vnc to start on 5900 but for some reason its listening on port 5903. Here is what the logs say; -- snippet X display :0.0 -- snippet The VNC desktop is: hostname:3 Why is the VNC desktop going to 3? I was working on 5900 previous to a reboot, unsure what changed, but something obviously has. It is an upper port 1023, it is entirely possible that 5900, 5901, 5902 were used by outgoing connections at the time service establishment, and VNC just chose the next available port. -- Best Regards, Giles Coochey, CCNA Security, CCNA NetSecSpec Ltd giles.cooc...@netsecspec.co.uk Tel: +44 (0) 7983 877 438 Live Messenger: gi...@coochey.net http://www.netsecspec.co.uk http://www.coochey.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Reject Action For SPF
On 03/05/2012 18:07, John Hinton wrote: On 5/3/2012 12:40 PM, Prabhpal S. Mavi wrote: A couple of notes. 1. SPF was not designed to be used this way. It is doubtful that anyone has written anything that even remotely considered this option in use. You will likely have to write it yourself. Correct, I will echo this: First, you really don't want to do this (reject domains without a SPF record). I would technically challenge anyone who thinks this is a good idea. Having said that, spamassassin with a milter will allow you to set a high scoring rule for SPF checks, enough to blanket block them with a rejection. If you go that far, try checking whether spamassassin's score based method is better suited to fixing your problem. (a) You save yourself having to really code your own solution. (b) You end up with a better anti-spam solution overall. 2. SPF is still in RFC testing, so it is not yet a full internet standard. And once it is, the standard still does not condone using it the way you intend. IOW, there is nothing in the standard that states you must have a SPF record to be a legit email domain. Basically, you'll have a broken mailserver. We are actually stuck with having to take ours off for the moment as one 'service' we use demands sending email from their mailservers using our email address and they still have no SPF record. If you do this, most likely you will not get around 90% of the good email as SPF is not widely used as of yet. But I guess if you are only interested in receiving email from a few 'known' domains... it could work. Seems it would be easier to just blacklist all and whitelist the few? If it is just for internal... perhaps a webmail system with no outside email ability would be the way to go? -- Best Regards, Giles Coochey, CCNA Security, CCNA NetSecSpec Ltd giles.cooc...@netsecspec.co.uk Tel: +44 (0) 7983 877 438 Live Messenger: gi...@coochey.net http://www.netsecspec.co.uk http://www.coochey.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] openoffice
Does anyone have an idea about if upstream will be moving to Apache openoffice or libreoffice - or just stay at the current openoffice and patch security items? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openoffice
On 05/09/2012 06:31 AM, Jerry Geis wrote: Does anyone have an idea about if upstream will be moving to Apache openoffice or libreoffice - or just stay at the current openoffice and patch security items? I don't have any idea what they will do in the Current releases ... but they will do one of the 3 things you mention. They are moving to libreoffice for new versions of Fedora, so that is the overall direction. Whether or not they will roll that into the currently released distros, I don't know. I would expect that they would move to a libreoffice release for EL6 as an enhancement as they are still in the early stages of Production Phase 1 on EL6. They may not move to libreoffice on EL5 as it moves to Production Phase 2 soon (w/in 6 months). See this link for details on the EL LifeCycles for upstream products: https://access.redhat.com/support/policy/updates/errata/ I would expect RHEA's (enhancements) only in Production Phase 1 of any release. But, upstream has done RHEA's in the later production phases for some releases ... so anything is possible. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openoffice
On 05/09/2012 04:31 AM, Jerry Geis wrote: Does anyone have an idea about if upstream will be moving to Apache openoffice or libreoffice - or just stay at the current openoffice and patch security items? Red Hat Enterprise LInux 6.3 Beta appears to have LibreOffice 3.4.5.2 on it. -Greg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Reject Action For SPF
While is a bad idea to reject mail without SPF records, its a good idea to reject email if the SPF record is present and incorrectly set or not authorized for the sender (hardfail). SA works after the email gets in the queue, but the most efficient way, whenever possible, is to reject it (not bounce it) before it gets in the queue, as there is a chance the admin of the sender mail server gets a notice sooner and take the necessary steps to identify compromised systems, fix the problems etc. -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Giles Coochey Sent: Wednesday, May 09, 2012 12:28 PM To: centos@centos.org Subject: Re: [CentOS] Reject Action For SPF On 03/05/2012 18:07, John Hinton wrote: On 5/3/2012 12:40 PM, Prabhpal S. Mavi wrote: A couple of notes. 1. SPF was not designed to be used this way. It is doubtful that anyone has written anything that even remotely considered this option in use. You will likely have to write it yourself. Correct, I will echo this: First, you really don't want to do this (reject domains without a SPF record). I would technically challenge anyone who thinks this is a good idea. Having said that, spamassassin with a milter will allow you to set a high scoring rule for SPF checks, enough to blanket block them with a rejection. If you go that far, try checking whether spamassassin's score based method is better suited to fixing your problem. (a) You save yourself having to really code your own solution. (b) You end up with a better anti-spam solution overall. 2. SPF is still in RFC testing, so it is not yet a full internet standard. And once it is, the standard still does not condone using it the way you intend. IOW, there is nothing in the standard that states you must have a SPF record to be a legit email domain. Basically, you'll have a broken mailserver. We are actually stuck with having to take ours off for the moment as one 'service' we use demands sending email from their mailservers using our email address and they still have no SPF record. If you do this, most likely you will not get around 90% of the good email as SPF is not widely used as of yet. But I guess if you are only interested in receiving email from a few 'known' domains... it could work. Seems it would be easier to just blacklist all and whitelist the few? If it is just for internal... perhaps a webmail system with no outside email ability would be the way to go? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Reject Action For SPF
On 09/05/2012 15:16, Asymmetrics Webmaster wrote: While is a bad idea to reject mail without SPF records, its a good idea to reject email if the SPF record is present and incorrectly set or not authorized for the sender (hardfail). SA works after the email gets in the queue, but the most efficient way, whenever possible, is to reject it (not bounce it) before it gets in the queue, as there is a chance the admin of the sender mail server gets a notice sooner and take the necessary steps to identify compromised systems, fix the problems etc. My SpamAssassin works at the MTA level through a milter. It doesn't queue the mail and check later - the mail is checked after SMTP DATA and the decision to reject the email is made there and then. So, no, SA does not work after the email gets in the queue, as you say. That is dependent on implementation. -- Best Regards, Giles Coochey, CCNA Security, CCNA NetSecSpec Ltd giles.cooc...@netsecspec.co.uk Tel: +44 (0) 7983 877 438 Live Messenger: gi...@coochey.net http://www.netsecspec.co.uk http://www.coochey.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 ASSP ( anti-spam-smtp-proxy)
On Tue, May 8, 2012 at 2:07 PM, Tom Bishop bisho...@gmail.com wrote: Need an anti-spam proxy and looking at options, was wondering if anyone is using ASSP with Centos 6 and if so does anyone have any goo How-to links they have...I have managed to find this one - http://www.how2centos.com/fight-spam-with-assp-anti-spam-smtp-proxy-on-centos-5-4/ Probably most still applies to 6, but maybe thinking with the newer versions of things I could stay in the standard repos...Thanks. I've always liked MimeDefang as a sendmail milter, running (at least) spamassassin and clamav as scanners. I'm not sure it can be configured as a strict proxy, but it works nicely as an internet facing MX receiver that knows how to relay to your internal mail system(s). I've only used the packages from rpmforge on centos5, but I see they are now in epel for centos6 and I'd expect them to work just as well. -- Les Mikesell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 87, Issue 5
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CEBA-2012:0550 CentOS 6 krb5-appl Update (Johnny Hughes) -- Message: 1 Date: Wed, 9 May 2012 14:50:09 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CEBA-2012:0550 CentOS 6 krb5-appl Update To: centos-annou...@centos.org Message-ID: 20120509145009.ga11...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2012:0550 Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-0550.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 53562439565200a11c77d81abde2ac3af97a8f9a20cdc80967464fd3cdbaabe3 krb5-appl-clients-1.0.1-7.el6_2.1.i686.rpm b426e73f03f71ba55eaa4b8272ca2812e90a673008053dc7bb4a205b37b01afb krb5-appl-servers-1.0.1-7.el6_2.1.i686.rpm x86_64: cb79327df9282a33e8c46d858cd96e3a2f224e69b271201d2390e73d52bf3263 krb5-appl-clients-1.0.1-7.el6_2.1.x86_64.rpm 63ba842e7ac2a251fd8c241c3fa23a9228ec58e2b7b4c77885d4fba8e6bc12ca krb5-appl-servers-1.0.1-7.el6_2.1.x86_64.rpm Source: 4a8b3ec39f81d738c0c50f2d7ba6e930f8a495906ed373d835abf675b4836af1 krb5-appl-1.0.1-7.el6_2.1.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- ___ CentOS-announce mailing list centos-annou...@centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 87, Issue 5 ** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Spam, fail2ban and centos
Been working on my anti-spam centos mailserver for a while now and thought I would share fail2ban's help. I installed fail2ban a few weeks back. It was tough to get it working properly but pretty much working now. Although it works fine for brute force, I thought I would run it pretty tough against spammers. I started with a regular mail server, my old one, that is horrendously pounded daily by spammers and has been for years. I installed centos 6 and used postfix to replace my 5.x and sendmail system. As I added some smtpd restrictions I noticed an immediate drop in spam getting through...til the next day when spam from new sources arrived. Then I would add more smtpd restrictions and the same thing happened. I get the feeling that they go for low hanging fruit and when they see that stop, they go a step higher. Eventually ran out of smtpd restrictions and still a lot getting through. I used spamassassin to tag mails, but not delete..I wanted to find out who it was and stop them, not delete them. Then I started adding rbl rejects. That too had the same effect..a day with little spam, then next day a whole new set would hit me. Then I added a ton of rbls like spamhaus, etcEven apews. That really stopped what was getting through and my mail logs went from 30 MB a day to 5MB (this was for a one email address server, one that is seldom used at all). 5MB of rejects, rarely would one ever get through. I wanted to limit those log sizes, so with fail2ban I decided to start banning any ip that made more than 2 attempts to send mail of they were rejected by a rbl, bad helo, or non existent recipient. Bascially all the rejects that my smtpd restrictions were using. First day, much less attacks, went to less than 1MB log files. Then starting the second day and every day there after the attacks started.. Each day 1 or two IPs now send a concurrent blast to the site, just a connect but not trying to send anything..then that IP goes for sasl auth, but never sends a user/passthen it sends an encrypted pass...then it is finally taken out by fail2ban. Also, the attacks of bad addresses have now greatly increased. I am now banning 1,000 IPs a day with fail2ban (I have it set for a 5 day ban to test it)but each day 1,000 new ones go after it. I have logs going back 4 years (logwatch) and can definitely see that these newer ips were not used before. I think I made them madlol Working on adding some kind of regex to fail2ban to look for concurrent attacks. I find it rather interesting, after analyzing my spam, how it seems to fall into about 10 or 12 different formats and that is about it... I found it very interesting that as I really started rejecting that places like ovh.net suddenly cropped up pounding me. Vocus, constant contact, etc...really started going in overdrive once I had it set up. I am starting to see a real pattern to all this. I would love to see someone do a case study on spam attacks. Their system seems well honed to scale up with your defenses until they finally have to 'appear' on their real computers like the ovh.net servers, and many more hosts, and through legitimate (ha ha) spammers like vocus, constant contact, etc. Here is the logwatch from today for fail2ban and postfix if you want to see how much I get each day http://www.politicalgateway.com/postfix.txt http://www.politicalgateway.com/fail2ban.txt this is for a one email address mailserver, that never had other addresses used. It was a somewhat popular site for candidates for a few years, but has been closed down for about 3 years. Usually not one email gets through for days, spam that is. And those reports are after about 4 days of long term ip bans. My log file size is now about 1MB, down from 5MB thanks to fail2ban. Quite an experience. Going to work on consolidating all those banned ips and see if I can find a 'iptables drop' solution for most of them. Fail2ban really helps out in the number of times these bozos try to send a mail. Instead of 100 times, they get 2 off then banned. That has really helped the server out. Can't sue anyone for the can-spam act, but places like vocus.com and the likethinking of suing them for harassment and DDoS attacks...maybe then they will stop sending me their legitimate spam. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Spam, fail2ban and centos
On Wed, May 9, 2012 at 11:07 AM, Bob Hoffman b...@bobhoffman.com wrote: I am starting to see a real pattern to all this. I would love to see someone do a case study on spam attacks. Their system seems well honed to scale up with your defenses until they finally have to 'appear' on their real computers like the ovh.net servers, and many more hosts, I think you are over-analyzing. The senders are distributed and shift around whether you do anything defensive or not, and if you have ever accepted an address, even years ago with a system like qmail that accepted without checking anything, then tried to bounce bad addresses, those addresses will be on some lists that are re-tried forever no matter how many times you reject them now. I haven't watched this for a while but I used to be surprised that even though the senders were spread over hundreds of IPs, the overall rate seemed to be centrally controlled and in what would look like a dictionary attack the list seemed to be sorted, at least in big chunks, across the senders. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Allow users on Console?
How does one allow non-root users to use X11 console logins, CentOS 5 with gnome? I've looked through the startup scripts, but haven't been able to figure out where this goes. Thanks. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 Windows is a computer virus with a user interface!! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Allow users on Console?
On 05/09/12 12:21 PM, Bill Campbell wrote: How does one allow non-root users to use X11 console logins, CentOS 5 with gnome? I've looked through the startup scripts, but haven't been able to figure out where this goes. it should just work with the default configuration. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] webmin and DNS configuration on CentOS 6.2
Hello listmates, I have two seemingly identical (in this reglard, at least) machine - both of them are running CentOS 6.2 with bind (bind-chroot) installed. I used webmin to edit the DNS configuration. One one of them it seems to work fine, on the other I get messages akin to the following: Failed to create master zone : Failed to replace /var/named/chroot/etc/named.conf with /var/named/chroot/etc/named.conf.webmintmp.13214 : Device or resource busy From what I can tell, the file /var/named/chroot/etc/named.conf.webmintmp.13214 never even gets created to begin with. Has anyone experienced that? Does anyone know what the issue is? Thanks. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] webmin and DNS configuration on CentOS 6.2
On 5/9/2012 4:38 PM, Boris Epstein wrote: Hello listmates, I have two seemingly identical (in this reglard, at least) machine - both of them are running CentOS 6.2 with bind (bind-chroot) installed. I used webmin to edit the DNS configuration. One one of them it seems to work fine, on the other I get messages akin to the following: Failed to create master zone : Failed to replace /var/named/chroot/etc/named.conf with /var/named/chroot/etc/named.conf.webmintmp.13214 : Device or resource busy From what I can tell, the file /var/named/chroot/etc/named.conf.webmintmp.13214 never even gets created to begin with. Has anyone experienced that? Does anyone know what the issue is? Thanks. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I don't know anything about webmin, but I know in 6.x the zone files go in /var/named... and then when you reload named, they are chrooted...but you should let named do that. I might hazard to guess webmin is trying to put it where it should not go? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] webmin and DNS configuration on CentOS 6.2
On May 9, 2012, at 2:55 PM, Bob Hoffman wrote: On 5/9/2012 4:38 PM, Boris Epstein wrote: Hello listmates, I have two seemingly identical (in this reglard, at least) machine - both of them are running CentOS 6.2 with bind (bind-chroot) installed. I used webmin to edit the DNS configuration. One one of them it seems to work fine, on the other I get messages akin to the following: Failed to create master zone : Failed to replace /var/named/chroot/etc/named.conf with /var/named/chroot/etc/named.conf.webmintmp.13214 : Device or resource busy From what I can tell, the file /var/named/chroot/etc/named.conf.webmintmp.13214 never even gets created to begin with. Has anyone experienced that? Does anyone know what the issue is? Thanks. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I don't know anything about webmin, but I know in 6.x the zone files go in /var/named... and then when you reload named, they are chrooted...but you should let named do that. I might hazard to guess webmin is trying to put it where it should not go? - sounds like an SELinux issue. Probably best to work it out with Jamie on the Webmin mail list. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Allow updates but not upgrades
Hi. At the moment it seems my machines just update to the latest current release . I install a 6.0 machine and run yum update , and next thing its 6.2 . I have a requirement where I need machines to only upgrade to even numbered sub releases eg: 6.0 , 6.2, 6.4 and only on my approval. But will allow updates within a given release. How can I achieve this ? If I sync the repositories for eg: 6.0 , 6.2, 6.4 separately in Spacewalk and only allow access to the ones I want to give access to, would that work ? Thanks G ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos