Re: [CentOS-virt] SNMP monitoring
Lars Hecking lhecking@... writes: It seems it's not possible to monitor kvm virtual image network interfaces via SNMP. MRTG's cfgmaker says ### The following interface is commented out because: ### * has no ifSpeed property I had the same issue, but only with some of my virtual machines. I found that the Network adapter needed to be changed (or rather removed and a new one added) from type flexible to E1000. Doing that with the machine powered off, it kept the same MAC address. Then the SNMP works / sees the ifspeed correctly. hope this helps, Joe ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] vsFTP and shorewall
Thanks very much! I modified the shorewall settings, but still cannot forward those ports. Now I'm open the port 2121 and on shorewall, then use rinetd to forward TCP request: Gateway - 192.168.1.231:22 Gateway 2121 - 192.168.1.231:21 Gateway 6000 - 6010- 192.168.1.231:6000 - 6010 Both SSH and FTP works. I will upgrade the system to CentOS 6.3 next month. At 2012-09-30 05:18:34,Gordon Messmer yiny...@eburg.com wrote: On 09/27/2012 01:58 AM, muiz wrote: 1. Gateway (FC6) 1.1) eth0: lan static IP: 192.168.1.20 1.2) eth1: external public static IP: 113.89.142.80 2.3) Shorewall-3.2.8 is running This is extremely old, and you are allowing access to SSH and DNS services on the firewall itself. ISC Bind, at least, has security problems that should be patched. I strongly recommend that you upgrade this system. 3. I want to forward internet access FTP and SSH to FTP Server: 3.1) 113.89.142.80: 20 - 192.168.1.231:20 udp(FTP) 3.2) 113.89.142.80: 21 - 192.168.1.231:21 tcp (FTP) 3.3) 113.89.142.80: - 192.168.1.231:22 tcp (SSH) One: FTP doesn't use UDP, regardless of what you see in the services file. You don't need to forward UDP. Two: Port 20 is used for outbound connections from an active mode FTP server. You don't need to forward port 20 in to your server, ever. 4. Shorewall settings: 4.1 interfaces #ZONE INTERFACE BROADCAST OPTIONS net eth1 113.89.142.255 norfc1918,arp_filte lan eth0detect arp_filter ovpntun0- #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Although it doesn't make much difference, you typically don't need to specify your broadcast address. 4.4 rules #SECTION RELATED SECTION NEW ACCEPT all fw tcp ftpit works for local FTP service (tested) ACCEPT all fw udp ftp it works for local FTP service ACCEPT all fw tcp ACCEPT all fw tcp ssh,domain Ping/ACCEPT net fw ACCEPT all fw tcp 5222 ACCEPT all fw udp 5222 ACCEPT:info all $FW tcp 22 DNATnet lan:192.168.1.231 tcp 21 DNATnet lan:192.168.1.231 udp20 DNATnet lan:192.168.1.231:22 tcp #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Your ACCEPT rules are blocking your DNAT rules. They're not needed. I've never actually seen the Ping/ACCEPT syntax before, so I'm going to assume that entry is correct. It doesn't exist in Shorewall 4+. Your rules should contain only this (assuming you're actually running an XMPP server on your firewall): Ping/ACCEPTnet fw ACCEPT:infoall fw tcp 22 ACCEPT all fw tcp domain ACCEPT all fw udp domain ACCEPT all fw tcp 5222 DNAT net lan:192.168.1.231 tcp 21 DNAT net lan:192.168.1.231:22tcp ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hi
On Fri, September 28, 2012 15:21, m.r...@5-cent.us wrote: Andrei Rolando León Salas wrote: Hello how are u, im having a little problem. i use the webmin to install automatly postfix, in the other server works, but in this now says. Error while checking current Postfix configuration. Please manually fix Postfix configuration. postfix: fatal: file /etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix Manually edit the Postfix configuration file.https://mercadeoeficaz-cr.com:1/postfix/edit_manual.cgi i dont know what to do, can u help me please You need to learn something about what you're doing. For one, how did webmin install postfix? If from a tarball, then there's a bunch of stuff to do. If, on the other hand, you'd done it the *right* way, with a yum install, the scripts in the package would have created the user and group postfix. mark Webmin as shipped will use Yum on CentOS to handle software management (other than Perl modules). From the way the information is presented by the OP it seems likely that the default method is used in this instance. The error is this: postfix: fatal: file /etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix You are missing the postfix user id in /etc/passwd. If that user id is missing then it is likely that your install procedure did not complete properly. I would suggest using yum remove post followed by yum install postfix issued as the root user from the command line. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hi
On Sun, September 30, 2012 13:31, James B. Byrne wrote: The error is this: postfix: fatal: file /etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix You are missing the postfix user id in /etc/passwd. If that user id is missing then it is likely that your install procedure did not complete properly. I would suggest using yum remove post followed by yum install postfix issued as the root user from the command line. s/b yum remove postfix; yum install postfix -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Prelink failure
We were not able to resolve our issue and decided to disable prelink (there seems to be much differing opinions as to whether or not prelink is still required). If you decide to disable prelink then Dag Wieers has instructions on his web site on how to do this: Hugh, I found out what caused the problem and worked around it. I remembered a recent posting to the networker mailing list where certain system tools stopped working correctly since the networker libraries were in the library search path; networker is what sets this machine apart from the other CentOS6 machines. Using trial and error, and file listings for the networker rpms, I narrowed the problem down and was able to avoid it by adding # cd /etc/prelink.conf.d # cat networker.conf -b /usr/lib/nsr # ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache : Listen on ports other than 80
On 29/09/12 06:47, adekunleadek...@gmail.com wrote: I v run d netstat and no result(i.e no process is listening on port 1010). Also I telnet 127.0.0.1 1010 just 2 confirm that no process is using the port. I can't figure out why the port(and any other except 80) would not work! Sounds like an selinux issue. Try the following: semanage port -a -t http_port_t -p tcp 1010 K -- Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd(w) +61 (0) 3 9008 5281 Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Changes to inodes discovered by aide
Hi Correct, looking at the log of prelink.full and prelink.quick the times match the inode changes using aide -c. thanks Jobst On Fri, Sep 28, 2012 at 09:31:19AM +0100, Tony Molloy (tony.mol...@ul.ie) wrote: On Friday 28 September 2012 03:03:31 Jobst Schmalenbach wrote: Hi. On one of my servers aide just reported inode changes to a large bunch of files in a variety of directories, e.g. /usr/bin, /usr/sbin etc. This machine sits behind a couple of firewalls and it would be hard to get to. The day before I updated clam* and updated the aide database right after that: -rw--- 1 root root 7407412 Sep 26 10:58 aide.db.gz The problem was that the changes were made when no-one was in the office, here are a few: Directory: /usr/sbin Mtime: 2012-09-26 10:55:15 , 2012-09-27 06:36:42 Ctime: 2012-09-26 10:55:15 , 2012-09-27 06:36:42 File: /usr/sbin/wpa_supplicant Ctime: 2012-09-07 06:39:44 , 2012-09-27 06:36:40 Inode: 2490595 , 2490536 MD5 : IVNJESmXwIG9XY0MowL3CA== , DUQMpFMsKqlZgjOmJIp3OQ== RMD160 : 4xuWhqqliTLM5Jx6zAvQ9f1PY1c= , AlSPQGiVe+/T8YdHDSIypI904kA= SHA256 : OaUWNIGUS9AhXEjV3p8Cg4TeIEjuQ/tu , z1c9XCKVyjDzDuN7t32B+sbj6nil90TK File: /usr/sbin/clamav-milter Size : 202453 , 206637 Ctime: 2012-09-26 10:55:15 , 2012-09-27 06:36:37 Inode: 2490507 , 2490625 MD5 : HoONWy9q+qbRzHtlTeR6Wg== , klWTxNFmL8MEAQmIPwvHxg== RMD160 : lfa72Vrh6Q2DWjf+UIxREAK4V1Y= , MPbEoKH/ws3aWA+sBuycRvU9DP0= SHA256 : aFRvKcA999IPRFJ2qByu8aKB6QmHpW5i , u0oTtBkHjchhlY8AIejOfKPoJRencpmK Yum does not report anything (last 4 lines os yum.log) Sep 21 10:40:11 Installed: ghostscript-fonts-5.50-13.1.1.noarch Sep 26 10:55:14 Updated: clamav-0.97.6-1.el5.rf.x86_64 Sep 26 10:55:15 Updated: clamd-0.97.6-1.el5.rf.x86_64 Sep 26 10:55:15 Updated: clamav-milter-0.97.6-1.el5.rf.x86_64 I ran (a fresh install) of rkhunter, did not find a thing ... Is it possible that a change to one file sets of a domino effect of indode changes? thanks Jobst Just a thought. I run tripwire, planning to switch to aide, and occasionally see the same. Lots of changes reported reported in /bin type directories. In my case it's caused by a run of prelink updating lots of files in /bin. Tony ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Though the pen IS mightier than the sword, the sword is mightier at any given moment. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fsck -fvy ?
On 9/29/12, Andy Smith spoo...@gmail.com wrote: On 29 September 2012 10:45, Hadi Motamedi motamed...@hotmail.com wrote: Dear All My server got inconsistency from sudden power cut that I fixed it with #fsck -fvy /dev/hda at the maintenance prompt . But after reboot, one of the installed applications is preventing it from booting up (as can be seen in the boot up process list). Can you please let me know how can I remove it from the boot up list to reach the root user prompt and then re-install it again ? Thank you Hi. Boot up in single user mode Or press i when prompted during early boot stages for interactive boot and select no when prompted to start your application. Then chkconfig app name off to permanently turn it off until you can fix it. Regards, Andy. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Thank you very much for your reply. I did it and it solved my problem. Thank you again ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos