[CentOS] CentOS-announce Digest, Vol 107, Issue 13
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2014:X001 Moderate Xen4CentOS libvirtSecurity Update (Johnny Hughes) 2. CESA-2014:X002 Moderate Xen4CentOS xen Security Update (Johnny Hughes) 3. CESA-2014:X003 Moderate Xen4CentOS kernel Security Update (Johnny Hughes) -- Message: 1 Date: Sat, 25 Jan 2014 01:16:59 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CESA-2014:X001 Moderate Xen4CentOS libvirt Security Update To: centos-annou...@centos.org Message-ID: 20140125011659.ga61...@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2014:X001 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) - X86_64 - dca0d401b7ac56172c4a004a412a4de308644d03c5cfd544a73aaf3675ca3e6b ibvirt-0.10.2.8-6.el6.centos.alt.x86_64.rpm b0266f915ecc3a46c14716162f1c19b98746627f0c8f1d08dba62fc75083741b ibvirt-client-0.10.2.8-6.el6.centos.alt.x86_64.rpm 827d90006f7052b850aaad10b8b94c76cf85672a2e50db2de6b87ee28f9962f9 ibvirt-daemon-0.10.2.8-6.el6.centos.alt.x86_64.rpm ff2350eb0ce8910d109a238a6d3309e4485b20713b79200330a9eb12bc116326 ibvirt-daemon-config-network-0.10.2.8-6.el6.centos.alt.x86_64.rpm c591f292a8ada637b3da039d538b3a3b5304fd0f540d32d4224732972b010559 ibvirt-daemon-config-nwfilter-0.10.2.8-6.el6.centos.alt.x86_64.rpm a8cb8f4b78d3ab68f0576d7d9c3d6eebde14e620dae8753b7cfc9432f427b110 ibvirt-daemon-driver-interface-0.10.2.8-6.el6.centos.alt.x86_64.rpm 5a41e5dc21b670397d65b4ec8bdfc758784d80a4b297eb146ae94d28513d0460 ibvirt-daemon-driver-libxl-0.10.2.8-6.el6.centos.alt.x86_64.rpm 71e2da6d10eeaf5c0d388daf3214f2c4b72bbffbba95554d2a2deb4156ab10ea ibvirt-daemon-driver-lxc-0.10.2.8-6.el6.centos.alt.x86_64.rpm 7a307f03fe71dd04dcfc01cea69e84e3dd3936e76ab9ce56813d3ef3b4452f0b ibvirt-daemon-driver-network-0.10.2.8-6.el6.centos.alt.x86_64.rpm 483068ddc0838612b6a64f6c0c0c555795112ae8af6bcc42e66ee72467d902f2 ibvirt-daemon-driver-nodedev-0.10.2.8-6.el6.centos.alt.x86_64.rpm 2edf56a7d69070ee601649c33826710492e8e01025e9a7723583c831658f10e5 ibvirt-daemon-driver-nwfilter-0.10.2.8-6.el6.centos.alt.x86_64.rpm a8ad61584a26c9c90b07aebabfd543ce0605463befacd0cbaa33078fc4b17623 ibvirt-daemon-driver-qemu-0.10.2.8-6.el6.centos.alt.x86_64.rpm b4f90cc79411a9da849111f66f58ea79872a2cb5cc21094460ac23dc9fa5419c ibvirt-daemon-driver-secret-0.10.2.8-6.el6.centos.alt.x86_64.rpm 9d2d993f9c81d622064a5444a888eb7b7c62f7f6e4a8241a22f68714ab117aee ibvirt-daemon-driver-storage-0.10.2.8-6.el6.centos.alt.x86_64.rpm aa6ab8f17ed98961d4d170754a8fc63284533624a838121f789d2e31f9cdbdb9 ibvirt-daemon-driver-xen-0.10.2.8-6.el6.centos.alt.x86_64.rpm cf67135cc854eb275606fb22bbf4a832b33765c0420afb5bc5097dd28371768f ibvirt-daemon-kvm-0.10.2.8-6.el6.centos.alt.x86_64.rpm e8795915b4320f32b32b7cd1e3b470665943f54f2f0626c4ddad4ed6bbd14cf0 ibvirt-daemon-lxc-0.10.2.8-6.el6.centos.alt.x86_64.rpm adeaf6b9a3224fbd94b3a309d4ea8ee04bdd9459b0ea0cda535e4d75b65a4a55 ibvirt-daemon-xen-0.10.2.8-6.el6.centos.alt.x86_64.rpm ef2c0e42f8fbd670a902c6de484da919c3d9aae428aab3e1c2a202cbf516065b ibvirt-debuginfo-0.10.2.8-6.el6.centos.alt.x86_64.rpm a2412290d48d386ff1873198aca2b8ef186d9564b6835430d94d655b3eb48dce ibvirt-devel-0.10.2.8-6.el6.centos.alt.x86_64.rpm 2847aa70b0fe7a34aeabdafd6352a7ef0cd35a621741d4944557948d25860eac ibvirt-docs-0.10.2.8-6.el6.centos.alt.x86_64.rpm f870254cc46117fe473effbb7faa8a6a879bf4a641a71e903b6291b4656cf3b6 libvirt-lock-sanlock-0.10.2.8-6.el6.centos.alt.x86_64.rpm 25efcbeaad0c1d1e021871ffa494f3e5569864fd2c08f6d69de3c5416abb2b82 libvirt-python-0.10.2.8-6.el6.centos.alt.x86_64.rpm - Source: - 97c6cbee46e5b3c332f6fe80fb1bdecc9a47eabe9276ddfba987d251097a0e43 ibvirt-0.10.2.8-6.el6.centos.alt.src.rpm = libvirt Changelog info from the SPEC file: * Fri Jan 24 2014 Johnny Hughes joh...@centos.org 0.10.2.8-6.el6.centos.alt - applied patches 407 to 415 from the libvirt git tree for the 0.10.2-maint branch - CVE-2013-6458 is addressed in this patch - one of the patches (xen4.3 event handler) needed to be slightly modified due to the custom patches provided by xen.org (patches 200-207). = The following
[CentOS] Permissions for LAMP
I am running a Lamp server on a CentOS 6.5 box. It works fine, I am concerned that I may have the wrong file/dir permissions. The directories /var and /var/www are root:root and 755. For /var/www/html and all directories underneath I have apache:apache and 770. For all files under /var/www/html I have apache:apache and 660. Are these these permissions OK? Thank you, Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Permissions for LAMP
On Sat, Jan 25, 2014 at 7:33 AM, Joseph Hesse joehe...@gmail.com wrote: I am running a Lamp server on a CentOS 6.5 box. It works fine, I am concerned that I may have the wrong file/dir permissions. The directories /var and /var/www are root:root and 755. For /var/www/html and all directories underneath I have apache:apache and 770. For all files under /var/www/html I have apache:apache and 660. Are these these permissions OK? Thank you, Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos the problem with your /var/www/html permissions is the user/group apache can write to directories and files. which can be used by anyone on the internet(bad guys) to use potentially exploitable dynamic pages(.php/.cgi/etc) to add/modify files on your server. this is a bad thing. SELinux may offer some protections. i would: chmod -R g-w /var/www/html chown -R somewebuser /var/www/html (replace somewebuser with the unix user account to modify the website.) http://wiki.apache.org/httpd/FileSystemPermissions ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] python updates
On 01/24/2014 08:48 AM, m.r...@5-cent.us wrote: I wasn't paying much attention, but I remember a day or two ago, someone was complaining about python updates. From the RH alerts... snip This update fixes the following bug: * Previously, the dependencies between the Python subpackages were set erroneously and caused problems with the inclusion of i686 multilib packages in the x86_64 channels. After this update, the dependencies have been resolved and the Python packages install as expected. (BZ#1033111) All users of python are advised to upgrade to these updated packages, which fix this bug. --- which I think was explicitly the problem Not sure what you are asking mark .. but now the correct i686 packages are in our x86_64 repos for CentOS. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Repodata filename problem in CentOS-6.5-x86_64-bin-DVD1.iso ?
On 01/23/2014 06:23 AM, Emmanuel Noobadmin wrote: On 1/23/14, John Doe jd...@yahoo.com wrote: I did not follow the previous thread but are you putting the iso file on the key or are you extracting the iso content to a folder on the key...? USB drive was created using Fedora's LiveUSB Creator which I believe extracts the ISO content. However, viewing the original ISO shows the filenames are already truncated, so I don't think it would had made a difference if the ISO was placed on disk or extracted. If you want to create an installable version of the 6.5 DVD onto a usb key, do it like this: dd if=path_to_iso/ of=device so, if I was in the directory that has the iso and if my usb key was /dev/sdc (note, do not use a partition, but the device name of the key ... this makes the key ONLY a copy of the DVD and all other content is lost), then I would use this command: dd if=CentOS-6.5-x86_64-bin-DVD1.iso of=/dev/sdc Then boot from the usb key. Obviously there is some issue the extraction process on the filesystem / os you are using and the loop mount and / or the livecd creator you are using ... as our ISOs do install and the files are named properly on them to get them to install. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Permissions for LAMP
On 01/25/2014 07:32 AM, Steven Tardy wrote: On Sat, Jan 25, 2014 at 7:33 AM, Joseph Hesse joehe...@gmail.com wrote: I am running a Lamp server on a CentOS 6.5 box. It works fine, I am concerned that I may have the wrong file/dir permissions. The directories /var and /var/www are root:root and 755. For /var/www/html and all directories underneath I have apache:apache and 770. For all files under /var/www/html I have apache:apache and 660. Are these these permissions OK? Thank you, Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos the problem with your /var/www/html permissions is the user/group apache can write to directories and files. which can be used by anyone on the internet(bad guys) to use potentially exploitable dynamic pages(.php/.cgi/etc) to add/modify files on your server. this is a bad thing. SELinux may offer some protections. i would: chmod -R g-w /var/www/html chown -R somewebuser /var/www/html (replace somewebuser with the unix user account to modify the website.) http://wiki.apache.org/httpd/FileSystemPermissions ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I now understand, by rtfd, how to set it up so apache owns nothing and does not have write permission. For my understanding, please tell me what a bad guy would have to do to exploit apache having read/write permission. Thank you, Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Permissions for LAMP
On Sat, 2014-01-25 at 08:32 -0500, Steven Tardy wrote: the problem with your /var/www/html permissions is the user/group apache can write to directories and files. which can be used by anyone on the internet(bad guys) to use potentially exploitable dynamic pages(.php/.cgi/etc) to add/modify files on your server. this is a bad thing. SELinux may offer some protections. i would: chmod -R g-w /var/www/html chown -R somewebuser /var/www/html (replace somewebuser with the unix user account to modify the website.) http://wiki.apache.org/httpd/FileSystemPermissions On my setup I have all web pages in a special root directory /data/web/do/domain-name/sub-domain-name/files . with a non-standard user having rw-r-r Apache can't write to anything except /data/web/logs/ I have self-created web site defences which, instantly after the first hacking attempt, block the hacker's IP address. I am not giving hackers unlimited opportunities to continuing trying to break-in. -- Paul. England, EU. Our systems are exclusively Linux. No Micro$oft Windoze here. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] python updates
On 01/25/2014 02:33 PM, Johnny Hughes wrote: On 01/24/2014 08:48 AM, m.r...@5-cent.us wrote: I wasn't paying much attention, but I remember a day or two ago, someone was complaining about python updates. From the RH alerts... snip This update fixes the following bug: * Previously, the dependencies between the Python subpackages were set erroneously and caused problems with the inclusion of i686 multilib packages in the x86_64 channels. After this update, the dependencies have been resolved and the Python packages install as expected. (BZ#1033111) All users of python are advised to upgrade to these updated packages, which fix this bug. --- which I think was explicitly the problem Not sure what you are asking mark .. but now the correct i686 packages are in our x86_64 repos for CentOS. He is not asking, he remembered Can't install Python i686 on x86_64 system (centos 6.5) thread and provided an explanation for the problem in that thread. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Permissions for LAMP
On 1/25/2014 6:12 AM, Joseph Hesse wrote: For my understanding, please tell me what a bad guy would have to do to exploit apache having read/write permission. A) exploit a bug in PHP or Apache, perhaps known but not yet patched, or totally unknown B) corrupt a database via a SQL Injection Exploit (see http://xkcd.com/327/ ), thence triggering a bug in your PHP code C) take advantage of poorly written php or whatever code that allows a page to be uploaded (such as a photo attachment feature on a blog's comment engine), then manage to invoke and execute that 'picture' which turns out to be evil php code, now running as apache on your system. D) ??? its amazing how resourceful starving 3rd world geeks are when money is put in front of them by mobsters. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Permissions for LAMP
On 1/25/2014 6:20 AM, Always Learning wrote: On my setup I have all web pages in a special root directory /data/web/do/domain-name/sub-domain-name/files . with a non-standard user having rw-r-r Apache can't write to anything except /data/web/logs/ I have self-created web site defences which, instantly after the first hacking attempt, block the hacker's IP address. I am not giving hackers unlimited opportunities to continuing trying to break-in. and you have configured SELinux to allow all this? FWIW, I usually put websites in /home/someuser/html where each virtual host has its own user account who owns said files, and manages his own stuff. even if that user is really me, I use sudo to log on as a given user to edit that site's files. re: your intrusion detection system, mod_evasive is a useful tool for creating such. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Permissions for LAMP
On Sat, 2014-01-25 at 10:00 -0800, John R Pierce wrote: re: your intrusion detection system, mod_evasive is a useful tool for creating such. Mine works like this: 1. All errors 301, 302, 400, 401, 403, 500 etc are send to a standard PHP file ErrorDocument 401 /error.php?code=401 2. In that php file, the original HTTP method etc. are extracted $code = $_GET['code']; $method0 = @$_SERVER['REDIRECT_REQUEST_METHOD']; $method= $_SERVER['REQUEST_METHOD']; $mm= date('m'); $webpage = $_SERVER[REQUEST_URI]; if(!$webpage) $webpage=(none); 3. If the web page requested is one of the usual 'php.' or other frequent ones, the banned variable is set. 4. If it HTML activity on an IP address and not on a valid domain name, the banned variable is set. 5. Ditto if the Method is not allowed, example POST, CONNECT etc. 6. if($ban) { $ipx = $ip1; exec(sudo -u root -t pts/1 /sbin/iptables -A 1banned..$mm. -j DROP -s .$ipx); } 7. There are 12 banned tables in IPtables for port 80 traffic. One for every month. Every month a new table is populated with banned IP addresses. The current month (January) is named banned.01 8. I keep the contents (the banned IPs) for about a month, then flush the table (emptying it). 9. Data Centres are blocked permanently for all port 80 traffic. I allow known major crawlers. That is the essence of my system. Its 5? years of refinements. It catches virtually all hackers after their first attempt. I tried filtering within IPtables but its difficult to read and blocking is also difficult to read. My current system is readable, easily maintainable and flexible. My system also creates an email ready for sending to the IP's abuse contact. Just have to copy and paste into a database's webform and press 'send'. Have just complained; it took 1 minute 18 seconds - from opening the warning email to pressing 'send' - to email a very comprehensive report. --- Date time = Saturday, 25 January 2014 20:21:21 UTC (GMT +00:00) Server name = d.com Server IP = 123.123.123.123 Submitted host name = d.com Submitted page name = /components/com_content/router.php From web page = (none) Browser = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Remote host = 5.45.72.16 Remote address= 5.45.72.16 Remote name = 5.45.72.16 Location = , Netherlands. Remote port = 56067 Remote protocol = HTTP/1.0 IP2 host = - IP2 address = - Forwarded-for host= - Forwarded-for address = - HTML status code = 404 HTML method = GET --- Its a Data Centre so 5.45.72.0/22 is now blocked. Just want a quiet and enjoyable life :-) Probably publish my set-up sometime this year. -- Paul. England, EU. Our systems are exclusively Linux. No Micro$oft Windoze here. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] off NM problem [low priority]
On Centos 6.5, I use NM to bring up the VPN to my office, and to disconnect from it. every now and then I screw up and disconnect the LAN itself instead of the VPN. once I do that, even after reconnecting to the LAN I'm hosed. /etc/resolv.conf hasn't been put back to the non-VPN version, so I manually fix that. but even then I can't get any name resolution. I'm sure that rebooting IS NOT the right answer, but it's the only one I've come up with that solves the problem. What should I be doing instead, once the system is in this state? thanks! -- Fred Smith -- fre...@fcshome.stoneham.ma.us - Not everyone who says to me, 'Lord, Lord,' will enter the kingdom of heaven, but only he who does the will of my Father who is in heaven. -- Matthew 7:21 (niv) - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EPEL problem
On 24/11/13 00:09, Reindl Harald wrote: Am 24.11.2013 00:57, schrieb Phil Dobbin: I'm trying to install the EPEL repo on a fully up to date CentOS 6.4. I'm using wget to download from my usual source but after I install it via `sudo rpm -ivh epel-x` it's not actually there in `/etc/yum.repos.d`. Trying to install it again, Yum just tells me it's already installed. I've no idea where it is installed if it is (which I don't think it is) so I'm stumped. Any help appreciated thats why rpm -q --filesbypkg packagename exists Returning to this thread after a considerable break (I'm sorry, I've really been quite unwell) here is the output of 'rpm -q --filesbypkg epel-release' the directory listing itself: '$ rpm -q --filesbypkg epel-release epel-release /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 epel-release /etc/rpm/macros.ghc-srpm epel-release /etc/yum.repos.d/epel-testing.repo epel-release /etc/yum.repos.d/epel.repo epel-release /usr/share/doc/epel-release-6 epel-release /usr/share/doc/epel-release-6/GPL [Sat Jan 25 20:45:24 phil@localhost:~ ] $ cd /etc/yum.repos.d/ [Sat Jan 25 20:45:43 phil@localhost:/etc/yum.repos.d ] $ l ./ CentOS-Base.repo CentOS-Media.repo mirrors-rpmforge mirrors-rpmforge-testing ../ CentOS-Debuginfo.repo CentOS-Vault.repo mirrors-rpmforge-extras rpmforge.repo' It's the same deal with 'yum list epel-*' That also reckons it's installed. I'm flummoxed as to how to proceed. Cheers, Phil... -- currently (ab)using Arch Linux, CentOS 6.5, Debian Squeeze Wheezy, Fedora 19 20, OS X Snow Leopard Tiger, Ubuntu Raring Saucy GnuGPG Key : http://phildobbin.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EPEL problem
On 01/25/2014 10:08 PM, Phil Dobbin wrote: On 24/11/13 00:09, Reindl Harald wrote: Am 24.11.2013 00:57, schrieb Phil Dobbin: I'm trying to install the EPEL repo on a fully up to date CentOS 6.4. I'm using wget to download from my usual source but after I install it via `sudo rpm -ivh epel-x` it's not actually there in `/etc/yum.repos.d`. Trying to install it again, Yum just tells me it's already installed. I've no idea where it is installed if it is (which I don't think it is) so I'm stumped. Any help appreciated thats why rpm -q --filesbypkg packagename exists Returning to this thread after a considerable break (I'm sorry, I've really been quite unwell) here is the output of 'rpm -q --filesbypkg epel-release' the directory listing itself: '$ rpm -q --filesbypkg epel-release epel-release /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 epel-release /etc/rpm/macros.ghc-srpm epel-release /etc/yum.repos.d/epel-testing.repo epel-release /etc/yum.repos.d/epel.repo epel-release /usr/share/doc/epel-release-6 epel-release /usr/share/doc/epel-release-6/GPL [Sat Jan 25 20:45:24 phil@localhost:~ ] $ cd /etc/yum.repos.d/ [Sat Jan 25 20:45:43 phil@localhost:/etc/yum.repos.d ] $ l ./ CentOS-Base.repo CentOS-Media.repo mirrors-rpmforge mirrors-rpmforge-testing ../ CentOS-Debuginfo.repo CentOS-Vault.repo mirrors-rpmforge-extras rpmforge.repo' It's the same deal with 'yum list epel-*' That also reckons it's installed. I'm flummoxed as to how to proceed. try yum reinstall ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EPEL problem
On 25/01/14 21:12, Nicolas Thierry-Mieg wrote: On 01/25/2014 10:08 PM, Phil Dobbin wrote: On 24/11/13 00:09, Reindl Harald wrote: Am 24.11.2013 00:57, schrieb Phil Dobbin: I'm trying to install the EPEL repo on a fully up to date CentOS 6.4. I'm using wget to download from my usual source but after I install it via `sudo rpm -ivh epel-x` it's not actually there in `/etc/yum.repos.d`. Trying to install it again, Yum just tells me it's already installed. I've no idea where it is installed if it is (which I don't think it is) so I'm stumped. Any help appreciated thats why rpm -q --filesbypkg packagename exists Returning to this thread after a considerable break (I'm sorry, I've really been quite unwell) here is the output of 'rpm -q --filesbypkg epel-release' the directory listing itself: '$ rpm -q --filesbypkg epel-release epel-release /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 epel-release /etc/rpm/macros.ghc-srpm epel-release /etc/yum.repos.d/epel-testing.repo epel-release /etc/yum.repos.d/epel.repo epel-release /usr/share/doc/epel-release-6 epel-release /usr/share/doc/epel-release-6/GPL [Sat Jan 25 20:45:24 phil@localhost:~ ] $ cd /etc/yum.repos.d/ [Sat Jan 25 20:45:43 phil@localhost:/etc/yum.repos.d ] $ l ./ CentOS-Base.repo CentOS-Media.repo mirrors-rpmforge mirrors-rpmforge-testing ../ CentOS-Debuginfo.repo CentOS-Vault.repo mirrors-rpmforge-extras rpmforge.repo' It's the same deal with 'yum list epel-*' That also reckons it's installed. I'm flummoxed as to how to proceed. try yum reinstall The problem with that is that it wasn't installed by yum in the first place. I used wget to grab it. Or am I misunderstanding you... Cheers, Phil. -- currently (ab)using Arch Linux, CentOS 6.5, Debian Squeeze Wheezy, Fedora 19 20, OS X Snow Leopard Tiger, Ubuntu Raring Saucy GnuGPG Key : http://phildobbin.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Permissions for LAMP
On Sat, 2014-01-25 at 21:44 +0100, Reindl Harald wrote: Am 25.01.2014 21:40, schrieb Always Learning: if($ban) { $ipx = $ip1; exec(sudo -u root -t pts/1 /sbin/iptables -A 1banned..$mm. -j DROP -s .$ipx); } if your webserver is allowed to call exec() at all from php-scripts and even sudo this is a security hole big like a house and you are a pure idiot - there is nothing more to say except some sane phh settings for a webserver disable_functions = apache_child_terminate, chown, dl, exec, fileinode, get_current_user, getmypid, getmyuid, getrusage, highlight_file, link, mail, openlog, passthru, pclose, pcntl_alarm, pcntl_errno, pcntl_exec, pcntl_fork, pcntl_get_last_error, pcntl_getpriority, pcntl_setpriority, pcntl_signal_dispatch, pcntl_signal, pcntl_sigprocmask, pcntl_sigtimedwait, pcntl_sigwaitinfo, pcntl_strerror, pcntl_wait, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, pfsockopen, popen, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, show_source, socket_accept, socket_bind, symlink, syslog, system Guten Abend Harald (that's a good old Norwegian name) 1. Both C6 and C5's /etc/php.ini have disable_functions = Neither C5 nor C6 /etc/php.ini have your list of dangerous PHP functions. One wonders why not, if they are so dangerous. 2. In your list you have 'mail' which I consider an essential PHP command in a production environment. 3. I'm willing to add your suggestions to php.ini except for three. 4. I'm puzzled how hackers can break-in to use all those functions in your list. Can you elaborate please? Mfg / best regards, Paul. -- Paul. England, EU. Our systems are exclusively Linux. No Micro$oft Windoze here. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EPEL problem
On 01/25/2014 10:30 PM, Phil Dobbin wrote: On 25/01/14 21:12, Nicolas Thierry-Mieg wrote: On 01/25/2014 10:08 PM, Phil Dobbin wrote: On 24/11/13 00:09, Reindl Harald wrote: Am 24.11.2013 00:57, schrieb Phil Dobbin: I'm trying to install the EPEL repo on a fully up to date CentOS 6.4. I'm using wget to download from my usual source but after I install it via `sudo rpm -ivh epel-x` it's not actually there in `/etc/yum.repos.d`. Trying to install it again, Yum just tells me it's already installed. I've no idea where it is installed if it is (which I don't think it is) so I'm stumped. Any help appreciated thats why rpm -q --filesbypkg packagename exists Returning to this thread after a considerable break (I'm sorry, I've really been quite unwell) here is the output of 'rpm -q --filesbypkg epel-release' the directory listing itself: '$ rpm -q --filesbypkg epel-release epel-release /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 epel-release /etc/rpm/macros.ghc-srpm epel-release /etc/yum.repos.d/epel-testing.repo epel-release /etc/yum.repos.d/epel.repo epel-release /usr/share/doc/epel-release-6 epel-release /usr/share/doc/epel-release-6/GPL [Sat Jan 25 20:45:24 phil@localhost:~ ] $ cd /etc/yum.repos.d/ [Sat Jan 25 20:45:43 phil@localhost:/etc/yum.repos.d ] $ l ./ CentOS-Base.repo CentOS-Media.repo mirrors-rpmforge mirrors-rpmforge-testing ../ CentOS-Debuginfo.repo CentOS-Vault.repo mirrors-rpmforge-extras rpmforge.repo' It's the same deal with 'yum list epel-*' That also reckons it's installed. I'm flummoxed as to how to proceed. try yum reinstall The problem with that is that it wasn't installed by yum in the first place. I used wget to grab it. Or am I misunderstanding you... If yum was not used then use rpm -e epel-release do deinstall it and yum install epel-release.x.rpm to install from rpm file (run if from directory rpm files is in). And try using --force option in rpm to make it happen. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EPEL problem
On 11/23/2013 06:57 PM, Phil Dobbin wrote: Hi, all. I'm trying to install the EPEL repo on a fully up to date CentOS 6.4. I'm using wget to download from my usual source but after I install it via `sudo rpm -ivh epel-x` it's not actually there in `/etc/yum.repos.d`. Trying to install it again, Yum just tells me it's already installed. I've no idea where it is installed if it is (which I don't think it is) so I'm stumped. Any help appreciated. Cheers, Phil... Hey Phil, If the file: /etc/yum.repos.d/epel.repo is not on your system then you can be sure that the EPEL repo is not installed correctly on your system. By now the locate database will have been rebuilt. Try: [mlapier@mushroom yum.repos.d]$ locate epel.repo /etc/yum.repos.d/epel.repo If that fails to find your wayward file then you can be sure that EPEL repo did not install. If you do manage to find the epel.repo file just move it to the /etc/yum.repos.d/ directory. If it's not on your system at all then you have to force install with yum. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EPEL problem
Phil Dobbin wrote: On 25/01/14 21:12, Nicolas Thierry-Mieg wrote: On 01/25/2014 10:08 PM, Phil Dobbin wrote: On 24/11/13 00:09, Reindl Harald wrote: Am 24.11.2013 00:57, schrieb Phil Dobbin: I'm trying to install the EPEL repo on a fully up to date CentOS 6.4. I'm using wget to download from my usual source but after I install it via `sudo rpm -ivh epel-x` it's not actually there in `/etc/yum.repos.d`. Trying to install it again, Yum just tells me it's already installed. I've no idea where it is installed if it is (which I don't think it is) so I'm stumped. Any help appreciated thats why rpm -q --filesbypkg packagename exists Returning to this thread after a considerable break (I'm sorry, I've really been quite unwell) here is the output of 'rpm -q --filesbypkg epel-release' the directory listing itself: '$ rpm -q --filesbypkg epel-release epel-release /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 epel-release /etc/rpm/macros.ghc-srpm epel-release /etc/yum.repos.d/epel-testing.repo epel-release /etc/yum.repos.d/epel.repo epel-release /usr/share/doc/epel-release-6 epel-release /usr/share/doc/epel-release-6/GPL [Sat Jan 25 20:45:24 phil@localhost:~ ] $ cd /etc/yum.repos.d/ [Sat Jan 25 20:45:43 phil@localhost:/etc/yum.repos.d ] $ l ./ CentOS-Base.repo CentOS-Media.repo mirrors-rpmforge mirrors-rpmforge-testing ../ CentOS-Debuginfo.repo CentOS-Vault.repo mirrors-rpmforge-extras rpmforge.repo' It's the same deal with 'yum list epel-*' That also reckons it's installed. I'm flummoxed as to how to proceed. try yum reinstall The problem with that is that it wasn't installed by yum in the first place. I used wget to grab it. that doesn't matter, think of yum as a front-end for rpm that can get rpm files from configured repos along with their deps. If you just have an rpm file downloaded with eg wget you can also install it with yum install whatever.rpm In your case it seems something went wrong installing the rpm, or someone messed with the files. In any case your rpm database thinks the package is installed but you don't have the files where they should be, so you want to remove that rpm and reinstall it. You can do that with yum reinstall epel-release*.rpm OR with rpm -e epel-release rpm -Uvh epel-release*.rpm (or yum install epel-release*.rpm as suggested by Ljubomir) If you still don't have the files after that your rpm is probably corrupt (you can check with rpm -K *.rpm), DL it again and retry. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos