Re: [CentOS] weird apache issue

2014-03-07 Thread Cliff Pratt 
Does the same issue arise if the restart is split into a stop and start? My
thinking is that the stop IS working, but is taking longer than the script
expects, so the stop step fails when the program checks the PID to see if
it has shutdown properly. Then when the start happens the Apache has not
completely shutdown and is still holding the port. After the failure the
stop completes and the PID file is deleted. The PID file could be empty
because the startup creates the PID file, but can't write the PID to it
because the startup failed.

I'm just guessing though, as I don't have a CENTOS/RHEL system to look at.
I'm not even sure if my suggested scenario makes sense!

Cheers,

Cliff


On Sat, Mar 8, 2014 at 4:28 AM, Les Mikesell  wrote:

> On Fri, Mar 7, 2014 at 5:37 AM, Tim Dunphy  wrote:
> >
> > Not really sure how to interpret that, unfortunately.
> >
> >
> > However looked for the pid file for apache and noticed that it DOESN'T
> > EXIST!
> >
> > [root@beta:~] #ls -l /var/run/httpd/
> > total 0
> >
> >
> > Well, that would explain why the init script isn';t able to kill the
> > process. Maybe puppet is doing something weird with that pid file? I
> don't
> > really know offhand, but I guess I will have to investigate that.
>
> Is one created at a successful startup?   And how is puppet involved?
>
> --
>   Les Mikesell
> lesmikes...@gmail.com
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5 + Quagga + SELinux

2014-03-07 Thread SilverTip257 
On Thu, Mar 6, 2014 at 7:07 PM, SilverTip257  wrote:

> On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh  wrote:
>
>>
>> ...
>>If  you want to allow zebra daemon to write it configuration
>> files, you
>>must turn on the zebra_write_config boolean. Disabled by default.
>>
>>setsebool -P zebra_write_config 1
>>
>
> // before
> ~]# getsebool -a | grep zebra
> allow_zebra_write_config --> on
> zebra_disable_trans --> off
>
> Apparently the command from the Bugzilla ticket I linked to earlier took
> and already had allow_zebra_write_config enabled.
> setsebool -P allow_zebra_write_config=1
>
> // trying to set that selinux boolean comes back with
> ~]# setsebool -P zebra_write_config 1
> libsemanage.dbase_llist_set: record not found in the database
> libsemanage.dbase_llist_set: could not set record value
> Could not change boolean zebra_write_config
> Could not change policy booleans
>

* What should I try next after this failure?


>
> ~]# tail /var/log/audit/audit.log | grep zebra | audit2why
> ...
> type=AVC msg=audit(1394150156.203:30): avc:  denied  { add_name } for
>  pid=3111 comm="zebra" name="zebra.conf.fT434c"
> scontext=root:system_r:zebra_t:s0
> tcontext=system_u:object_r:zebra_conf_t:s0 tclass=dir
> Was caused by:
> Missing or disabled TE allow rule.
> Allow rules may exist but be disabled by boolean settings;
> check boolean settings.
> You can see the necessary allow rules by running
> audit2allow with this audit message as input.
>
> ~]# tail /var/log/audit/audit.log | grep zebra | audit2allow
>
>
> #= zebra_t ==
> allow zebra_t zebra_conf_t:dir add_name;
>
>
* So I'm at the point where I may just as well create a custom policy file?

I plan on following the steps on the wiki (unless there's a better
source/write-up).
http://wiki.centos.org/HowTos/SELinux

Looks like this will be a fun one ... I'll have rules for each routing
daemon to create.
[At least that's the impression I got from mailing lists/bug tickets.]


Thanks,
-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] gnutls bug

2014-03-07 Thread Michael Coffman 
On Fri, Mar 7, 2014 at 9:55 AM, Lamar Owen  wrote:

> On 03/05/2014 06:36 PM, Michael Coffman wrote:
> > Not sure what your environment looks like but the systems I manage are
> > locked down and it's typically difficult to get them changed.   We have
> > hundreds of systems ( desktop, server and HPC systems) that are all the
> > same rev with all the same packages.   A large number of vendor packages
> > and internally developed packages have to be re-qualified everytime
> > anything is changed.   So we don't change them often.
> >
> Scientific Linux will allow you to stay at a particular update rev (6.0
> if you had that requirement, even) but still get security updates.  So
> you might consider installing the gnutls update from the SL 6.4 updates
> instead, or rebasing to SL completely.
>
> This is one of the few really significant differences between SL and
> CentOS; the SL user base wants to be able to get security updates
> without a complete 'point release' update, too, and have put forth the
> nontrivial effort required to actually make that happen.
>
> I'm using CentOS myself, but if you need that particular feature of SL
> it may be the better choice for you.
>

Thanks.   This info was very helpful.


>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
-MichaelC
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Latest openswan update does no longer connect to Cisco VPN 3000 Series

2014-03-07 Thread SilverTip257 
On Fri, Mar 7, 2014 at 9:56 AM, Radu Radutiu  wrote:

> Does anyone else noticed problems after updating openswan to
> openswan-2.6.32-27.2.el6_5.i686 ? In our case a connection to Cisco VPN
>

https://bugzilla.redhat.com/buglist.cgi?bug_status=__open__&content=openswan&no_redirect=1&order=changeddate%20DESC%2C&product=&query_based_on=&query_format=specific

Bug 1070358 - openswan breaks NAT-T draft clients (and possibly ike
fragmentation) [NEEDINFO]
https://bugzilla.redhat.com/show_bug.cgi?id=1070358

Bug 1070356 - openswan breaks NAT-T draft clients (and possibly ike
fragmentation)
https://bugzilla.redhat.com/show_bug.cgi?id=1070356

Maybe you've been bitten by that bug.



-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] gnutls bug

2014-03-07 Thread Lamar Owen 
On 03/07/2014 11:57 AM, m.r...@5-cent.us wrote:
> Lamar Owen wrote:
>> I'm using CentOS myself, but if you need that particular feature of SL
>> it may be the better choice for you.
> Have you used yum-plugin-security?
>
>   
Why yes, yes I have.  It is not equivalent to the SL versioning for the 
particular use cases and scenarios for which the SL versioning method 
was made.  By your response you indicate that you really don't 
understand what SL is actually doing.  It's going one step beyond what 
upstream is doing and adding a feature that some people and institutions 
vastly prefer.

No, I am not advocating that this is the 'one true way' to do it; I'm 
pointing the OP to something that was designed for a scenario much like 
the OP's specific situation.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] gnutls bug

2014-03-07 Thread m . roth 
Lamar Owen wrote:
> On 03/05/2014 06:36 PM, Michael Coffman wrote:
>> Not sure what your environment looks like but the systems I manage are
>> locked down and it's typically difficult to get them changed.   We have
>> hundreds of systems ( desktop, server and HPC systems) that are all the
>> same rev with all the same packages.   A large number of vendor packages
>> and internally developed packages have to be re-qualified everytime
>> anything is changed.   So we don't change them often.
>>
> Scientific Linux will allow you to stay at a particular update rev (6.0
> if you had that requirement, even) but still get security updates.  So
> you might consider installing the gnutls update from the SL 6.4 updates
> instead, or rebasing to SL completely.
>
> This is one of the few really significant differences between SL and
> CentOS; the SL user base wants to be able to get security updates
> without a complete 'point release' update, too, and have put forth the
> nontrivial effort required to actually make that happen.
>
> I'm using CentOS myself, but if you need that particular feature of SL
> it may be the better choice for you.

Have you used yum-plugin-security?

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] gnutls bug

2014-03-07 Thread Lamar Owen 
On 03/05/2014 06:36 PM, Michael Coffman wrote:
> Not sure what your environment looks like but the systems I manage are
> locked down and it's typically difficult to get them changed.   We have
> hundreds of systems ( desktop, server and HPC systems) that are all the
> same rev with all the same packages.   A large number of vendor packages
> and internally developed packages have to be re-qualified everytime
> anything is changed.   So we don't change them often.
>
Scientific Linux will allow you to stay at a particular update rev (6.0 
if you had that requirement, even) but still get security updates.  So 
you might consider installing the gnutls update from the SL 6.4 updates 
instead, or rebasing to SL completely.

This is one of the few really significant differences between SL and 
CentOS; the SL user base wants to be able to get security updates 
without a complete 'point release' update, too, and have put forth the 
nontrivial effort required to actually make that happen.

I'm using CentOS myself, but if you need that particular feature of SL 
it may be the better choice for you.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Latest openswan update does no longer connect to Cisco VPN 3000 Series

2014-03-07 Thread John Doe 
From: Radu Radutiu 

> Does anyone else noticed problems after updating openswan to
> openswan-2.6.32-27.2.el6_5.i686 ?

Not the solution but here is what was fixed:

# rpm -qp --changelog openswan-2.6.32-27.2.el6_5.x86_64.rpm
* Thu Feb 06 2014 Paul Wouters  - 2.6.32-27.2
- Resolves: rhbz#1050337 (CVE-2013-6466 refix for delete/notify code)

* Wed Jan 22 2014 Paul Wouters  - 2.6.32-27.1
- Resolves: rhbz#1050337 (CVE-2013-6466)

https://access.redhat.com/security/cve/CVE-2013-6466

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] weird apache issue

2014-03-07 Thread Les Mikesell 
On Fri, Mar 7, 2014 at 5:37 AM, Tim Dunphy  wrote:
>
> Not really sure how to interpret that, unfortunately.
>
>
> However looked for the pid file for apache and noticed that it DOESN'T
> EXIST!
>
> [root@beta:~] #ls -l /var/run/httpd/
> total 0
>
>
> Well, that would explain why the init script isn';t able to kill the
> process. Maybe puppet is doing something weird with that pid file? I don't
> really know offhand, but I guess I will have to investigate that.

Is one created at a successful startup?   And how is puppet involved?

-- 
  Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Latest openswan update does no longer connect to Cisco VPN 3000 Series

2014-03-07 Thread Radu Radutiu 
Does anyone else noticed problems after updating openswan to
openswan-2.6.32-27.2.el6_5.i686 ? In our case a connection to Cisco VPN
3000 Series would no longer work. I can see in the log an ASSERTION FAILED
error and the connection would remain in Pending phase 2.


Mar  7 16:24:40 firewall pluto[7647]: "ciscovpntest" #2: discarding
duplicate packet; already STATE_MAIN_I1
Mar  7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Mar  7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: ignoring Vendor ID
payload [FRAGMENTATION c000]
Mar  7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: enabling possible
NAT-traversal with method draft-ietf-ipsec-nat-t-ike-05
Mar  7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: ASSERTION FAILED
at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/ikev1_main.c:1112:
st->st_sec_in_use==FALSE
Mar  7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: using kernel
interface: netkey

Mar  7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: #2:
"ciscovpntest":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
EVENT_RETRANSMIT in 39s; nodpd; idle; import:admin initiate
Mar  7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: #2: pending Phase
2 for "ciscovpntest" replacing #0

Downgrading openswan to openswan-2.6.32-27.el6.i686 solves the problem. The
problem is restricted to this VPN connection, other 2 VPNs continue to work
fine with the new version.

Radu
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] weird apache issue

2014-03-07 Thread Tony Mountifield 
In article ,
Tim Dunphy  wrote:
> ok thanks for the tip!
> 
> So I did a netstat as you suggested and this is what I found:
> 
> [root@beta:~] #netstat -natp | grep 80
> tcp0  0 0.0.0.0:80080.0.0.0:*
> LISTEN  2354/python2.6
> tcp0  0 0.0.0.0:80100.0.0.0:*
> LISTEN  8198/python2.6
> tcp0  0 0.0.0.0:80130.0.0.0:*
> LISTEN  8198/python2.6
> tcp0  0 166.78.8.98:80810.0.0.0:*
> LISTEN  10950/java
> tcp0  0 0.0.0.0:28017   0.0.0.0:*
> LISTEN  2289/mongod
> tcp0  1 166.78.8.98:33612   72.52.4.74:80
> SYN_SENT17471/wget
> tcp0672 166.78.8.98:22  24.38.100.4:35265
> ESTABLISHED 5680/sshd
> tcp0  0 :::995  :::*
> LISTEN  1806/couriertcpd
> tcp0  0 :::110  :::*
> LISTEN  1800/couriertcpd
> tcp0  0 :::80   :::*
> LISTEN  31589/httpd
> 
> 
> And it does look as if it's apache that's taking up port 80 and nothing
> else.
> 
> I also checked /var/run/httpd and saw that it was EMPTY! No pid file to be
> found. I had a look at the puppet manifests and couldn't see ANYTHING that
> could be causing the pid file to go missing.
> 
> 
> Does anyone have any suggestions on how I can track down why the pid file
> keeps disappearing?

It's probably a case of piecing together bits of evidence, e.g.

- "ps -fp 31589" to see when the process started.

- Compare that with /var/log/httpd/error_log* - apache logs a message
  there when it starts up.

- Do "ls -ld /var/run/httpd" to see when /var/sun/httpd was last changed
  (due to the deletion of httpd.pid)

- Look through logfiles in /var/log and /var/log/httpd for anything that
  happened just at that time.

- Kill off the httpd process manually using "kill 31589" (or whatever) and
  check with "ps -ef" that all instances of httpd disappear.

- Start it up again with "service httpd start" and then watch more closely.

Hope you manage to find an explanation!

Cheers
Tony
-- 
Tony Mountifield
Work: t...@softins.co.uk - http://www.softins.co.uk
Play: t...@mountifield.org - http://tony.mountifield.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5 + Quagga + SELinux

2014-03-07 Thread Daniel J Walsh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 03/06/2014 07:07 PM, SilverTip257 wrote:
> On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh  wrote:
> 
>> 
>> man zebra_selinux
>> 
> 
> Thank you for the quick reply.
> 
> ~]# man zebra_selinux No manual entry for zebra_selinux
> 
> This is a rather basic (headless) install of CentOS 5.10 from the 
> netinstall ISO. I haven't ripped out any default selinux pieces, so should
> I really be missing that manpage?
> 
> ~]# cat /etc/*ele* cat: /etc/lsb-release.d: Is a directory CentOS release
> 5.10 (Final)
> 
> ~]# apropos selinux | egrep 'zebra|quagga'
> 
> If I remove the pipe to egrep, I do see squid_selinux for example.
> 
> 
>> ... If  you want to allow zebra daemon to write it configuration files, 
>> you must turn on the zebra_write_config boolean. Disabled by default.
>> 
>> setsebool -P zebra_write_config 1
>> 
> 
> // before ~]# getsebool -a | grep zebra allow_zebra_write_config --> on 
> zebra_disable_trans --> off
> 
> Apparently the command from the Bugzilla ticket I linked to earlier took 
> and already had allow_zebra_write_config enabled. setsebool -P
> allow_zebra_write_config=1
> 
> // trying to set that selinux boolean comes back with ~]# setsebool -P
> zebra_write_config 1 libsemanage.dbase_llist_set: record not found in the
> database libsemanage.dbase_llist_set: could not set record value Could not
> change boolean zebra_write_config Could not change policy booleans
> 
> On an selinux, but different topic... I had to modify the user (role and
> type were right) to allow dnsmasq to write to /var/log/dnsmasq.log ~]#
> chcon -v --user=system_u --role=object_r --type=var_log_t 
> /var/log/dnsmasq.log This may or may not be the best/proper way, but
> appears to have fixed the dnsmasq logging + selinux clash.
> 
> And now to apply that to my quagga/zebra + selinux situation... // before 
> ~]# ls -Z /etc/quagga/ | egrep '(zebra|vtysh)\.conf' -rw-r-  quagga
> quaggavt root:object_r:zebra_conf_t   vtysh.conf -rwxr-x---  quagga
> quaggavt system_u:object_r:zebra_conf_t vtysh.conf.sample -rw---
> quagga quagga   root:object_r:zebra_conf_t   zebra.conf -rw-r--r--  root
> root system_u:object_r:zebra_conf_t zebra.conf.sample -rw-r-
> quagga quaggavt root:object_r:zebra_conf_t   zebra.conf.sav
> 
> ~]# chcon -v --user=system_u /etc/quagga/vtysh.conf /etc/quagga/zebra.conf 
> /etc/quagga/zebra.conf.sav
> 
> // after ~]# ls -Z /etc/quagga/ | egrep '(zebra|vtysh)\.conf' -rw-r-
> quagga quaggavt system_u:object_r:zebra_conf_t   vtysh.conf -rwxr-x---
> quagga quaggavt system_u:object_r:zebra_conf_t vtysh.conf.sample -rw---
> quagga quagga   system_u:object_r:zebra_conf_t   zebra.conf -rw-r--r--
> root   root system_u:object_r:zebra_conf_t zebra.conf.sample -rw-r-
> quagga quaggavt system_u:object_r:zebra_conf_t   zebra.conf.sav
> 
> // but no dice ... # write Building Configuration... Can't open
> configuration file /etc/quagga/zebra.conf.ZHwkuk. [OK]
> 
> 
> 
> ~]# tail /var/log/audit/audit.log | grep zebra | audit2why ... type=AVC
> msg=audit(1394150156.203:30): avc:  denied  { add_name } for pid=3111
> comm="zebra" name="zebra.conf.fT434c" scontext=root:system_r:zebra_t:s0 
> tcontext=system_u:object_r:zebra_conf_t:s0 tclass=dir Was caused by: 
> Missing or disabled TE allow rule. Allow rules may exist but be disabled by
> boolean settings; check boolean settings. You can see the necessary allow
> rules by running audit2allow with this audit message as input.
> 
> ~]# tail /var/log/audit/audit.log | grep zebra | audit2allow
> 
> 
> #= zebra_t == allow zebra_t zebra_conf_t:dir
> add_name;
> 
> 
> What am I doing wrong here? ( missing manpage , still AVC denied )
> 
> 
> I'm learning a thing or two about SELinux with each bump in the road it 
> presents to me. Thanks for the help and for bearing with me. ;)
> 
> 
Introduced in RHEL6 not in Rhel5 sorry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlMZzPQACgkQrlYvE4MpobPh3wCfd54pFCl3U5zamlcOobHO47fl
npEAn2GdCQZnZbnzGu3mOr+G2rbR2nxp
=E3uw
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] weird apache issue

2014-03-07 Thread Tim Dunphy 
ok thanks for the tip!

So I did a netstat as you suggested and this is what I found:

[root@beta:~] #netstat -natp | grep 80
tcp0  0 0.0.0.0:80080.0.0.0:*
LISTEN  2354/python2.6
tcp0  0 0.0.0.0:80100.0.0.0:*
LISTEN  8198/python2.6
tcp0  0 0.0.0.0:80130.0.0.0:*
LISTEN  8198/python2.6
tcp0  0 166.78.8.98:80810.0.0.0:*
LISTEN  10950/java
tcp0  0 0.0.0.0:28017   0.0.0.0:*
LISTEN  2289/mongod
tcp0  1 166.78.8.98:33612   72.52.4.74:80
SYN_SENT17471/wget
tcp0672 166.78.8.98:22  24.38.100.4:35265
ESTABLISHED 5680/sshd
tcp0  0 :::995  :::*
LISTEN  1806/couriertcpd
tcp0  0 :::110  :::*
LISTEN  1800/couriertcpd
tcp0  0 :::80   :::*
LISTEN  31589/httpd


And it does look as if it's apache that's taking up port 80 and nothing
else.

I also checked /var/run/httpd and saw that it was EMPTY! No pid file to be
found. I had a look at the puppet manifests and couldn't see ANYTHING that
could be causing the pid file to go missing.


Does anyone have any suggestions on how I can track down why the pid file
keeps disappearing?

Thanks!
Tim

On Fri, Mar 7, 2014 at 7:32 AM, Tony Mountifield  wrote:

> In article <
> caozy0en0x_wrbzkvjzupatymod7z_vtbomormukedknrwnf...@mail.gmail.com>,
> Tim Dunphy  wrote:
> > Hey guys,
> >
> >  Well it took a little while for me to be able to reproduce this. It
> seems
> > that this problem is intermittent and sporadic.
> >
> > But I tried running a sh -x /etc/init.d/httpd restart command once I
> > reallized I had another incident of this and this is what I saw as the
> > output:
> >
>
> > + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/httpd'
> > (98)Address already in use: make_sock: could not bind to address [::]:80
> > (98)Address already in use: make_sock: could not bind to address
> 0.0.0.0:80
> > no listening sockets available, shutting down
>
> >
> > Not really sure how to interpret that, unfortunately.
> >
> >
> > However looked for the pid file for apache and noticed that it DOESN'T
> > EXIST!
> >
> > [root@beta:~] #ls -l /var/run/httpd/
> > total 0
> >
> >
> > Well, that would explain why the init script isn';t able to kill the
> > process. Maybe puppet is doing something weird with that pid file? I
> don't
> > really know offhand, but I guess I will have to investigate that.
> >
> > Thanks for all your input.
>
> Have a look to see what process is actually doing the listening on port 80:
>
> # netstat -natp
>
> Look for a local address with a port of 80 and a state of LISTEN.
>
> The final column shows you the PID and program name.
>
> Cheers
> Tony
> --
> Tony Mountifield
> Work: t...@softins.co.uk - http://www.softins.co.uk
> Play: t...@mountifield.org - http://tony.mountifield.org
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5 + Quagga + SELinux

2014-03-07 Thread SilverTip257 
On Fri, Mar 7, 2014 at 5:16 AM, John Doe  wrote:

> From: SilverTip257 
>
> > On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh 
> wrote:
> >>  man zebra_selinux
> > ~]# man zebra_selinux
> > No manual entry for zebra_selinux
>
> This man page seems to be in selinux-policy-doc package for CentOS 6...
>

I'm on CentOS 5.10 on the system in question.
I did try searching for packages prior to sending the message you responded
to.


>   # yum whatprovides \*zebra_selinux\*
>   ...
>   selinux-policy-doc-3.7.19-231.el6.noarch : SELinux policy documentation
>   Repo: base
>   Matched from:
>   Filename: /usr/share/man/man8/zebra_selinux.8.gz
>

Here's a search from 5.10...

~]$ yum whatprovides \*zebra_selinux\*
...
No Matches found


-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] weird apache issue

2014-03-07 Thread Tony Mountifield 
In article ,
Tim Dunphy  wrote:
> Hey guys,
> 
>  Well it took a little while for me to be able to reproduce this. It seems
> that this problem is intermittent and sporadic.
> 
> But I tried running a sh -x /etc/init.d/httpd restart command once I
> reallized I had another incident of this and this is what I saw as the
> output:
> 

> + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/httpd'
> (98)Address already in use: make_sock: could not bind to address [::]:80
> (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
> no listening sockets available, shutting down

> 
> Not really sure how to interpret that, unfortunately.
> 
> 
> However looked for the pid file for apache and noticed that it DOESN'T
> EXIST!
> 
> [root@beta:~] #ls -l /var/run/httpd/
> total 0
> 
> 
> Well, that would explain why the init script isn';t able to kill the
> process. Maybe puppet is doing something weird with that pid file? I don't
> really know offhand, but I guess I will have to investigate that.
> 
> Thanks for all your input.

Have a look to see what process is actually doing the listening on port 80:

# netstat -natp

Look for a local address with a port of 80 and a state of LISTEN.

The final column shows you the PID and program name.

Cheers
Tony
-- 
Tony Mountifield
Work: t...@softins.co.uk - http://www.softins.co.uk
Play: t...@mountifield.org - http://tony.mountifield.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 109, Issue 2

2014-03-07 Thread centos-announce-request 
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CEBA-2014:0260 CentOS 6 ghostscript-fonts FASTTRACK Update
  (Johnny Hughes)
   2. CEBA-2014:0256  CentOS 6 libvirt Update (Johnny Hughes)
   3. CEBA-2014:0257  CentOS 6 opencryptoki Update (Johnny Hughes)
   4. CESA-2014:0255 Moderate CentOS 5 subversion Update (Johnny Hughes)
   5. CESA-2014:0255 Moderate CentOS 6 subversion Update (Johnny Hughes)
   6. CEBA-2014:0260 CentOS 6 ghostscript-fonts FASTTRACK Update
  (Johnny Hughes)


--

Message: 1
Date: Thu, 6 Mar 2014 11:11:23 +
From: Johnny Hughes 
Subject: [CentOS-announce] CEBA-2014:0260 CentOS 6 ghostscript-fonts
FASTTRACK Update
To: centos-annou...@centos.org
Message-ID: <2014030623.ga12...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2014:0260 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0260.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 






-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 2
Date: Thu, 6 Mar 2014 11:12:02 +
From: Johnny Hughes 
Subject: [CentOS-announce] CEBA-2014:0256  CentOS 6 libvirt Update
To: centos-annou...@centos.org
Message-ID: <20140306111202.ga12...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2014:0256 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0256.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
23c0149b052e2987f151c375ec85f37d888746e643cc1a69106a8435ed283b13  
libvirt-0.10.2-29.el6_5.5.i686.rpm
9a9905c98972ae651779f17716858d012fc9c405771df437484168da0940781c  
libvirt-client-0.10.2-29.el6_5.5.i686.rpm
91f5285cab9716b410cd34bbec40f2c53af04c3666330cb2ab589d08d6e5b5dc  
libvirt-devel-0.10.2-29.el6_5.5.i686.rpm
350a0a5e5bc2b5a5d6e7c3f3d64b75c4a5b2b6719f8e702756bf985193475e38  
libvirt-python-0.10.2-29.el6_5.5.i686.rpm

x86_64:
9c5c6b152480ba836c54fef984762666af88e3a848d574b88c699800bbc8ed13  
libvirt-0.10.2-29.el6_5.5.x86_64.rpm
9a9905c98972ae651779f17716858d012fc9c405771df437484168da0940781c  
libvirt-client-0.10.2-29.el6_5.5.i686.rpm
d214a50fe7d8c937957b2a573f693f8a8df7328d61fec496facc2863f5c88b92  
libvirt-client-0.10.2-29.el6_5.5.x86_64.rpm
91f5285cab9716b410cd34bbec40f2c53af04c3666330cb2ab589d08d6e5b5dc  
libvirt-devel-0.10.2-29.el6_5.5.i686.rpm
5758aec874832932cb4d17f9a599a67b54cb3cab4b8253c7f90285d72498f943  
libvirt-devel-0.10.2-29.el6_5.5.x86_64.rpm
6ea1a8bf254b8424412fb38a0d9902753c36634944ae5f99aa06d6bbf8370bfd  
libvirt-lock-sanlock-0.10.2-29.el6_5.5.x86_64.rpm
fe1e40ed66b81c50895e5cbdb56f1850e7517f46efbc520f17519d643e210119  
libvirt-python-0.10.2-29.el6_5.5.x86_64.rpm

Source:
0cb808eb84762decd4969c9be68db43bb0da1856cde0bb7d5e99c5f13e65d510  
libvirt-0.10.2-29.el6_5.5.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 3
Date: Thu, 6 Mar 2014 11:12:47 +
From: Johnny Hughes 
Subject: [CentOS-announce] CEBA-2014:0257  CentOS 6 opencryptoki
Update
To: centos-annou...@centos.org
Message-ID: <20140306111247.ga12...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2014:0257 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0257.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
ad8d228cb302b6f835150764c086ce01c07f67b28970d7dae559bcbded9f7c27  
opencryptoki-2.4.3.1-1.el6_5.1.i686.rpm
60d598475b52022f01b9eab03c2c147b0f00ac8f16a9ae7cee72f100b839d589  
opencryptoki-devel-2.4.3.1-1.el6_5.1.i686.rpm
aa098fa85fe3782074ae66093560e7098a8728214a63aa9799c471365df8017a  
opencryptoki-libs-2.4.3.1-1.el6_5.1.i686.rpm

x86_64:
22e86a6edb9e4a7e64453f6e41c59a7c502149de7c9b1a345417a2aa9ee21cbd  
opencryptoki-2.4.3.1-1.el6_5.1.x86_64.rpm
60d598475b52022f01b9eab03c2c147b0f00ac8f16a9ae7cee72f100b839d589  
opencryptoki-devel-2.4.3.1-1.el6_5.1.i686.rpm
1b4d6267d3a1a3518b2ae6c9c95b1fa91c4009f406bc50388f3978bff0a89dcf  
opencryptoki-devel-2.4.3.1-1.el6_5.1.x86_64.rpm
aa098fa85fe3782074ae66093560e7098a8728214a63aa9799c471365df8017a  
opencryptoki-libs-2.4.3.1-1.el6_5.1.i686.

Re: [CentOS] weird apache issue

2014-03-07 Thread Tim Dunphy 
Hey guys,

 Well it took a little while for me to be able to reproduce this. It seems
that this problem is intermittent and sporadic.

But I tried running a sh -x /etc/init.d/httpd restart command once I
reallized I had another incident of this and this is what I saw as the
output:

+ . /etc/rc.d/init.d/functions
++ TEXTDOMAIN=initscripts
++ umask 022
++ PATH=/sbin:/usr/sbin:/bin:/usr/bin
++ export PATH
++ '[' -z '' ']'
++ COLUMNS=80
++ '[' -z '' ']'
+++ /sbin/consoletype
++ CONSOLETYPE=pty
++ '[' -f /etc/sysconfig/i18n -a -z '' ']'
++ . /etc/profile.d/lang.sh
+++ sourced=0
+++ '[' -z '' -a -n en_US.UTF-8 ']'
+++ sourced=1
+++ '[' -n '' ']'
+++ '[' 1 = 1 ']'
+++ '[' -n en_US.UTF-8 ']'
+++ export LANG
+++ '[' -n '' ']'
+++ unset LC_ADDRESS
+++ '[' -n '' ']'
+++ unset LC_CTYPE
+++ '[' -n '' ']'
+++ unset LC_COLLATE
+++ '[' -n '' ']'
+++ unset LC_IDENTIFICATION
+++ '[' -n '' ']'
+++ unset LC_MEASUREMENT
+++ '[' -n '' ']'
+++ unset LC_MESSAGES
+++ '[' -n '' ']'
+++ unset LC_MONETARY
+++ '[' -n '' ']'
+++ unset LC_NAME
+++ '[' -n '' ']'
+++ unset LC_NUMERIC
+++ '[' -n '' ']'
+++ unset LC_PAPER
+++ '[' -n '' ']'
+++ unset LC_TELEPHONE
+++ '[' -n '' ']'
+++ unset LC_TIME
+++ '[' -n '' ']'
+++ unset LC_ALL
+++ '[' -n '' ']'
+++ unset LANGUAGE
+++ '[' -n '' ']'
+++ unset LINGUAS
+++ '[' -n '' ']'
+++ unset _XKB_CHARSET
+++ consoletype=pty
+++ '[' -z pty ']'
+++ '[' -n '' ']'
+++ '[' -n '' ']'
+++ '[' -n en_US.UTF-8 ']'
+++ case $LANG in
+++ '[' screen = linux ']'
+++ unset SYSFONTACM SYSFONT
+++ unset sourced
+++ unset langfile
++ '[' -z '' ']'
++ '[' -f /etc/sysconfig/init ']'
++ . /etc/sysconfig/init
+++ BOOTUP=color
+++ GRAPHICAL=yes
+++ RES_COL=60
+++ MOVE_TO_COL='echo -en \033[60G'
+++ SETCOLOR_SUCCESS='echo -en \033[0;32m'
+++ SETCOLOR_FAILURE='echo -en \033[0;31m'
+++ SETCOLOR_WARNING='echo -en \033[0;33m'
+++ SETCOLOR_NORMAL='echo -en \033[0;39m'
+++ LOGLEVEL=3
+++ PROMPT=yes
+++ AUTOSWAP=no
++ '[' pty = serial ']'
++ '[' color '!=' verbose ']'
++ INITLOG_ARGS=-q
++
__sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d'
+ '[' -f /etc/sysconfig/httpd ']'
+ . /etc/sysconfig/httpd
+ HTTPD_LANG=C
+ INITLOG_ARGS=
+ apachectl=/usr/sbin/apachectl
+ httpd=/usr/sbin/httpd
+ prog=httpd
+ pidfile=/var/run/httpd/httpd.pid
+ lockfile=/var/lock/subsys/httpd
+ RETVAL=0
+ case "$1" in
+ stop
+ echo -n 'Stopping httpd: '
Stopping httpd: + killproc -p /var/run/httpd/httpd.pid -d 10 /usr/sbin/httpd
+ local RC killlevel= base pid pid_file= delay
+ RC=0
+ delay=3
+ '[' 5 -eq 0 ']'
+ '[' -p = -p ']'
+ pid_file=/var/run/httpd/httpd.pid
+ shift 2
+ '[' -d = -d ']'
+ delay=10
+ shift 2
+ '[' -n '' ']'
+ base=httpd
+ __pids_var_run /usr/sbin/httpd /var/run/httpd/httpd.pid
+ local base=httpd
+ local pid_file=/var/run/httpd/httpd.pid
+ pid=
+ '[' -f /var/run/httpd/httpd.pid ']'
+ return 3
+ '[' -z /var/run/httpd/httpd.pid -a -z '' ']'
+ '[' -n '' ']'
+ '[' -n '' -a -n '' ']'
+ failure 'httpd shutdown'
+ local rc=1
+ '[' color '!=' verbose -a -z '' ']'
+ echo_failure
+ '[' color = color ']'
+ echo -en '\033[60G'
+ echo -n '['
[+ '[' color = color ']'
+ echo -en '\033[0;31m'
+ echo -n FAILED
FAILED+ '[' color = color ']'
+ echo -en '\033[0;39m'
+ echo -n ']'
]+ echo -ne '\r'
 + return 1
+ '[' -x /usr/bin/rhgb-client ']'
+ return 1
+ RC=0
+ '[' -z '' ']'
+ rm -f /var/run/httpd/httpd.pid
+ return 0
+ RETVAL=0
+ echo

+ '[' 0 = 0 ']'
+ rm -f /var/lock/subsys/httpd /var/run/httpd/httpd.pid
+ start
+ echo -n 'Starting httpd: '
Starting httpd: + LANG=C
+ daemon --pidfile=/var/run/httpd/httpd.pid /usr/sbin/httpd
+ local gotbase= force= nicelevel corelimit
+ local pid base= user= nice= bg= pid_file=
+ nicelevel=0
+ '[' --pidfile=/var/run/httpd/httpd.pid '!='
-pidfile=/var/run/httpd/httpd.pid ']'
+ case $1 in
+ pid_file=/var/run/httpd/httpd.pid
+ shift
+ '[' /usr/sbin/httpd '!=' /usr/sbin/httpd ']'
+ '[' -z '' ']'
+ base=httpd
+ __pids_var_run httpd /var/run/httpd/httpd.pid
+ local base=httpd
+ local pid_file=/var/run/httpd/httpd.pid
+ pid=
+ '[' -f /var/run/httpd/httpd.pid ']'
+ return 3
+ '[' -n '' -a -z '' ']'
+ corelimit='ulimit -S -c 0'
+ '[' -n '' ']'
+ '[' color = verbose -a -z '' ']'
+ '[' -z '' ']'
+ /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/httpd'
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
+ '[' 1 -eq 0 ']'
+ failure 'httpd startup'
+ local rc=1
+ '[' color '!=' verbose -a -z '' ']'
+ echo_failure
+ '[' color = color ']'
+ echo -en '\033[60G'
+ echo -n '['
[+ '[' color = color ']'
+ echo -en '\033[0;31m'
+ echo -n FAILED
FAILED+ '[' color = color ']'
+ echo -en '\033[0;39m'
+ echo -n ']'
]+ echo -ne '\r'
 + return 1
+ '[' -x /usr/bin/rhgb-client ']'
+ return 1
+ RETVAL=1
+ echo

+ '[' 1 = 0 ']'
+ return 1
+ exit 1



Not really sure how to interpret that, unfortunately.


However loo

Re: [CentOS] cachefs

2014-03-07 Thread Leon Fauster 
Am 01.03.2014 um 13:48 schrieb Rita :
> has anyone been using cachefs with 6.x series? i have tried using it but i
> keep getting hung processes after 2 weeks.
> 
> ATM, running 6.3 but was curious if its more stable on Centos 6.5?


we use it with nfs (latest EL6 OS version). In the last year we had two 
system freezes caused by cachefs. Its still a tech preview. 

the nfs client performance is significant better with cachefs enabled. 

--
LF



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cachefs

2014-03-07 Thread Nux! 
On 02.03.2014 15:58, Rita wrote:
> thanks steve. seems like we are in the same boat.
> 
> I was wondering if there was an alternative to cachefs like
> http://ccache.samba.org/

I don't see how a compiler cache could help you with your problem. 
That's a totally different thing.

HTH
Lucian

-- 
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5 + Quagga + SELinux

2014-03-07 Thread John Doe 
From: SilverTip257 

> On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh  wrote:
>>  man zebra_selinux
> ~]# man zebra_selinux
> No manual entry for zebra_selinux

This man page seems to be in selinux-policy-doc package for CentOS 6...
  # yum whatprovides \*zebra_selinux\*
  ...
  selinux-policy-doc-3.7.19-231.el6.noarch : SELinux policy documentation
  Repo    : base
  Matched from:
  Filename    : /usr/share/man/man8/zebra_selinux.8.gz

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos