Re: [CentOS] Squid as interception HTTPS proxy under CentOS 7

[Eliezer Croitoru]

Hey There,

I think it would be better asked at squid-users list:
- http://www.squid-cache.org/Support/mailing-lists.html#squid-users
- squid-us...@lists.squid-cache.org

Eliezer Croitoru

On 04/02/2016 15:24, C. L. Martinez wrote:

Hi all,

  I am trying to configure squid as a interception HTTPS proxy under CentOS 7. 
At every https request, I am receiving a certificate error.

  My current config for squid is:

# My localnet
acl localnet src 172.22.55.0/28
acl localnet src 172.22.58.0/29

acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
#http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320

# My custom configuration
http_port 8079
http_port 8080 intercept
https_port 8081 ssl-bump intercept generate-host-certificates=on 
dynamic_cert_mem_cache_size=4MB key=/etc/squid/custom.private 
cert=/etc/squid/custom.cert

# Anonymous proxy
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

# SSL Bump Config
always_direct allow all
ssl_bump server-first all
sslproxy_cert_error deny all
sslproxy_flags DONT_VERIFY_PEER

  I have tried disabling "sslproxy_cert_error" and "sslproxy_flags" directives, 
without luck.

  Any ideas about what am I doing wrong?

  Thanks.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "upstream testing"??

[John R Pierce]

On 2/7/2016 1:00 PM, Bear Tooth wrote:

So I put in an install disk for CentOS, and rebooted.

 It never came near finishing the reboot. Up popped the

following:



what version of centos was this?   you previously mentioned 6.4, thats 
like 3-4 updates behind the current 6.7


model 94, thats a Core Ix-6xxx which is the brand new Skylake 
processor,lotta hardware changes on those, you likely will need the 
/newest/ version of the kernel for any given release for it to work, 
specifically 7.2 (1511) is the first version to support Skylake, and 
there may still be issues with the on-chip graphics as they are quite new.





--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "upstream testing"??

[Chris Murphy]

Which System76 model? How is the install media created? Presumably it's a
USB stick, but how is it being created?

The easiest and most reliable is to use dd. Livecd-tools is also reliable
but has a number of options required to boot UEFi systems. LiveUSB Creator
should work. Everything else is prone to failure.

CentOS 6.4 is kinda old for new hardware. You're better off looking at
CentOS 7.1.


Chris Murphy
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Digimer]

On 09/02/16 12:24 AM, g wrote:
> 
> 
> On 02/08/16 23:10, Digimer wrote:
>> On 09/02/16 12:08 AM, g wrote:
>>>
>>>
>>> On 02/08/16 15:34, Wes James wrote:
 Is there a utility to zero unused blocks on a disk?

 CentOS 6.7/Ext4

 I saw zerofree, but I’m not sure it would work on Ext4 or even work on
 this version of CentOS.

 thanks,

>>> .
>>> a comment on replies to your post.
>>>
>>> i find it interesting that "Subject:" is and you ask for info to
>>>
>>>   *zero unused blocks on disk*
>>>
>>> and all the replies for wiping the _entire_ disk.
>>>
>>> why is so hard to understand that _blocks_ does not mean _disk_. ((GBWG))
>>
>> Not all of them.
>>
> .
> this is true.
> 
> also true is that i phrased with;
> 
>   and all the replies for
> 
> not,
> 
>   with all replies for
> 
> because, yes, i did read you reply with all the rest. ;-)
> 
> fell better? :-P

I need ice cream to feel better. ;)

-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Chris Murphy]

On Mon, Feb 8, 2016 at 10:54 PM, Chris Murphy  wrote:
> Secure erase is really the only thing to use on SSDs.

Oops. It's probably a fairly close approximation to just mkfs.btrfs -f
(or xfs) the entire block device for the SSD. If the kernel sees it as
non-rotational, it'll issue a whole device trim first, then write out
scant amount of metadata (btrfs writes out a tiny amount of metadata
at mkfs time, xfs a bit more, ext4 a lot and then even more after
mounting).

For most people this is probably a lot easier than the multistep
process using hdparm and secure erase.

-- 
Chris Murphy
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[g]

On 02/08/16 15:34, Wes James wrote:
> Is there a utility to zero unused blocks on a disk?
>
> CentOS 6.7/Ext4
>
> I saw zerofree, but I’m not sure it would work on Ext4 or even work on
> this version of CentOS.
>
> thanks,
>
.
a comment on replies to your post.

i find it interesting that "Subject:" is and you ask for info to

  *zero unused blocks on disk*

and all the replies for wiping the _entire_ disk.

why is so hard to understand that _blocks_ does not mean _disk_. ((GBWG))


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Digimer]

On 09/02/16 12:08 AM, g wrote:
> 
> 
> On 02/08/16 15:34, Wes James wrote:
>> Is there a utility to zero unused blocks on a disk?
>>
>> CentOS 6.7/Ext4
>>
>> I saw zerofree, but I’m not sure it would work on Ext4 or even work on
>> this version of CentOS.
>>
>> thanks,
>>
> .
> a comment on replies to your post.
> 
> i find it interesting that "Subject:" is and you ask for info to
> 
>   *zero unused blocks on disk*
> 
> and all the replies for wiping the _entire_ disk.
> 
> why is so hard to understand that _blocks_ does not mean _disk_. ((GBWG))

Not all of them.

-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[g]

On 02/08/16 23:10, Digimer wrote:
> On 09/02/16 12:08 AM, g wrote:
>>
>>
>> On 02/08/16 15:34, Wes James wrote:
>>> Is there a utility to zero unused blocks on a disk?
>>>
>>> CentOS 6.7/Ext4
>>>
>>> I saw zerofree, but I’m not sure it would work on Ext4 or even work on
>>> this version of CentOS.
>>>
>>> thanks,
>>>
>> .
>> a comment on replies to your post.
>>
>> i find it interesting that "Subject:" is and you ask for info to
>>
>>   *zero unused blocks on disk*
>>
>> and all the replies for wiping the _entire_ disk.
>>
>> why is so hard to understand that _blocks_ does not mean _disk_. ((GBWG))
>
> Not all of them.
>
.
this is true.

also true is that i phrased with;

  and all the replies for

not,

  with all replies for

because, yes, i did read you reply with all the rest. ;-)

fell better? :-P


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Chris Murphy]

On Mon, Feb 8, 2016 at 3:18 PM,   wrote:
> Chris Murphy wrote:
>> DBAN is obsolete. NIST 800-88 for some time now says to use secure erase
>> or enhanced security erase or crypto erase if supported.
>>
>> Other options do not erase data in remapped sectors.
>
> dban doesn't? What F/OSS does "secure erase"? And does it do what dban's
> DoD 5220.22-M does?

http://dban.org/download

That DoD standard is also obsolete per NIST 800-88. There's zero
evidence provided that 2 passes makes any difference compared to 1,
let alone doing 7.

hdparm --security-help

This takes the form of something like:

hdparm --user-master u --set-security-pass chickens /dev/sdX
hdparm --user-master u --security-erase-enhanced chickens /dev/sdX

The 2nd command doesn't return until completion. hdparm -I can give an
estimate of how long it will take. For HDDs I've found it slightly
overestimates how long it will take, but is generally pretty close.
For SSD's it can be way off. It says 8 minutes for my SSD, but the
command returns in 5 seconds and the SSD spits back all zeros.

Secure erase is really the only thing to use on SSDs. Writing a pile
of zeros just increases wear (minor negative) but also doesn't
actually set the cells to the state required to accept a new write, so
you've just added a lot more work for the SSD's garbage collector and
wear leveling, so it's going to be slower than before you did the
zeroing. Secure erase on an SSD erases the cells so they're ready to
accept writes.

-- 
Chris Murphy
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Robert Nichols]

On 02/08/2016 07:04 PM, Chris Adams wrote:

Once upon a time, Greg Bailey  said:

Wes didn't say the reason he wanted to zero unused blocks, but I
always do this in kickstart scripts when constructing VM images as
the image size is considerably reduced by doing this...


For that purpose, use something that can TRIM a VM image, like
virt-sparsify.


That's doing the same thing.

virt-sparsify works by mounting the filesystem, filling it to capacity
with zeros, then performing a copy operation which skips over the
all-zero blocks, leaving them unallocated in the sparse destination
file.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Chris Adams]

Once upon a time, Robert Nichols  said:
> On 02/08/2016 07:04 PM, Chris Adams wrote:
> >For that purpose, use something that can TRIM a VM image, like
> >virt-sparsify.
> 
> That's doing the same thing.
> 
> virt-sparsify works by mounting the filesystem, filling it to capacity
> with zeros, then performing a copy operation which skips over the
> all-zero blocks, leaving them unallocated in the sparse destination
> file.

Well, that's the slow method that copies the image.  There's also the
in-place method, which just does a TRIM that pokes holes in the original
image (much faster and uses no extra disk space).

-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[John R Pierce]

On 2/8/2016 9:54 PM, Chris Murphy wrote:

Secure erase is really the only thing to use on SSDs. Writing a pile
of zeros just increases wear (minor negative) but also doesn't
actually set the cells to the state required to accept a new write, so
you've just added a lot more work for the SSD's garbage collector and
wear leveling, so it's going to be slower than before you did the
zeroing. Secure erase on an SSD erases the cells so they're ready to
accept writes.


at least one SSD I had, the vendor told me writing a full pass of zeros 
on it via dd or whatever would completely reset the garbage collection 
and effectively defrag it.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Squid as interception HTTPS proxy under CentOS 7

[C. L. Martinez]

On Thu  4.Feb'16 at 20:24:58 +0200, Eero Volotinen wrote:
> check out sslbump documentation:
> http://wiki.squid-cache.org/Features/SslBump
> 
> --
> Eero
> 
I have changed my ssl-bump options to "ssl_bump server-first all" only, but 
nothing ... It doesn't works.

Any more idea??

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Seeking Clarification CentOS 7 as Samba 4 Active Directory Domain Controller

[Mike]

I performed a Samba 4 Active Directory Domain Controller install in June of
2015 on CentOS 7.
At that time I used the Samba 4.1.XX package from SerNet due to the absence
of necessary heimdal packages and libraries not provided in the CentOS 7
Samba package.
Since the the 4.1 series is on security fix only, I'd like to upgrade to
the latest package that tracks with CentOS 7.

When searching the samba packages, I've found:

samba-client.x86_64 : Samba client programs
samba-client-libs.i686 : Samba client libraries
samba-client-libs.x86_64 : Samba client libraries
samba-common.x86_64 : Files used by both Samba servers and clients
samba-common.noarch : Files used by both Samba servers and clients
samba-common-libs.x86_64 : Libraries used by both Samba servers and clients
samba-common-tools.x86_64 : Tools for Samba servers and clients

samba-dc.x86_64 : Samba AD Domain Controller
samba-dc-libs.x86_64 : Samba AD Domain Controller Libraries

samba-devel.i686 : Developer tools for Samba libraries
samba-devel.x86_64 : Developer tools for Samba libraries
samba-libs.x86_64 : Samba libraries
samba-libs.i686 : Samba libraries
samba-python.x86_64 : Samba Python libraries
samba-test.x86_64 : Testing tools for Samba servers and clients
samba-test-devel.x86_64 : Testing devel files for Samba servers and clients
samba-test-libs.i686 : Libraries need by teh testing tools for Samba
servers and clients
samba-test-libs.x86_64 : Libraries need by teh testing tools for Samba
servers and clients

It appears the CentOS 7 packages now support full provisioning of a Samba 4
AD DC but I'd like to obtain guidance regarding all necessary packages and
libraries necessary to do so on CentOS7.

Has anyone on the list used CentOS7 packages (not samba source tarball or
SerNet package) to install and provision a Samba4 AD DC.  Which combination
of repository packages did you use?

Thanks for your help.

Mike
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] KVM

[Gokan Atmaca]

>>> If you run top what are you seeing on the %Cpu(s) line?
http://i.hizliresim.com/NrmV9Y.png


On Mon, Feb 8, 2016 at 10:53 PM, Alvin Starr  wrote:
> You need to provide more information.
> 20% is what number.
> There are something like 6 numbers on that line.
>
>
> On 02/08/2016 02:56 PM, Gokan Atmaca wrote:
>>>
>>> If you run top what are you seeing on the %Cpu(s) line?
>>
>> %20
>>
>>
>> On Mon, Feb 8, 2016 at 9:30 PM, Alvin Starr  wrote:
>>>
>>> Slow disks will show up as higher I/Owait times.
>>> If your seeing 99% cpu usage then your likely looking at some other
>>> problem.
>>>
>>> If you run top what are you seeing on the %Cpu(s) line?
>>>
>>>
>>> On 02/08/2016 02:20 PM, Gokan Atmaca wrote:
>
> I'm guessing you're using standard 7,200rpm platter drives? You'll need
> to share more information about your environment in order for us to
> provide useful feedback. Usually though, the answer is 'caching' and/or
> 'faster disks'.

 Yes , 7.2k rpm disks. 2T mirror (soft). In fact, I had such a
 preference for slightly more capacity.
 Unfortunately very expensive SAS drives.  But this works only if the
 server in question occur.
 In this case, about 15 minutes. progress.


 On Mon, Feb 8, 2016 at 9:13 PM, Digimer  wrote:
>
> On 08/02/16 02:12 PM, Gokan Atmaca wrote:
>>
>> Hello
>>
>> I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
>> increases. It consumes up to 99%. For this reason, slowing down the
>> other virtual machine. What should I do to solve the problem. ?
>>
>> Thanks..
>
> I'm guessing you're using standard 7,200rpm platter drives? You'll need
> to share more information about your environment in order for us to
> provide useful feedback. Usually though, the answer is 'caching' and/or
> 'faster disks'.
>
> --
> Digimer
> Papers and Projects: https://alteeve.ca/w/
> What if the cure for cancer is trapped in the mind of a person without
> access to education?
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt

 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 https://lists.centos.org/mailman/listinfo/centos-virt
>>>
>>>
>>>
>>> --
>>> Alvin Starr   ||   voice: (905)513-7688
>>> Netvel Inc.   ||   Cell:  (416)806-0133
>>> al...@netvel.net  ||
>>>
>>>
>>> ___
>>> CentOS-virt mailing list
>>> CentOS-virt@centos.org
>>> https://lists.centos.org/mailman/listinfo/centos-virt
>>
>> ___
>> CentOS-virt mailing list
>> CentOS-virt@centos.org
>> https://lists.centos.org/mailman/listinfo/centos-virt
>
>
>
> --
> Alvin Starr   ||   voice: (905)513-7688
> Netvel Inc.   ||   Cell:  (416)806-0133
> al...@netvel.net  ||
>
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM

[Alexander Dalloz]

Am 08.02.2016 um 22:25 schrieb Gokan Atmaca:

If you run top what are you seeing on the %Cpu(s) line?

http://i.hizliresim.com/NrmV9Y.png


That's not a CentOS system. You should probably consult the community 
providing support for your Debian or Ubuntu based system.


I see you run MySQL, so verify your database configuration against the 
discussion at


https://serverfault.com/questions/363355/io-wait-causing-so-much-slowdown-ext4-jdb2-at-99-io-during-mysql-commit

Alexander

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] Utility to zero unused blocks on disk

[Wes James]

Is there a utility to zero unused blocks on a disk?

CentOS 6.7/Ext4

I saw zerofree, but I’m not sure it would work on Ext4 or even work on this 
version of CentOS.

thanks,

-wes
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Digimer]

Personally, I just do 'dd if=/dev/zero of=/path/to/zero.img bs=1M; rm -f
/path/to/zero.img'. It's inelegant, for sure, but it works (note to run
it as a normal user or else be careful of how your system reacts to
running out of disk space for a moment).

fix-it-with-a-hammer-digimer

On 08/02/16 04:34 PM, Wes James wrote:
> Is there a utility to zero unused blocks on a disk?
> 
> CentOS 6.7/Ext4
> 
> I saw zerofree, but I’m not sure it would work on Ext4 or even work on this 
> version of CentOS.
> 
> thanks,
> 
> -wes
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 


-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] KVM

[Gokan Atmaca]

> If you run top what are you seeing on the %Cpu(s) line?

%20


On Mon, Feb 8, 2016 at 9:30 PM, Alvin Starr  wrote:
> Slow disks will show up as higher I/Owait times.
> If your seeing 99% cpu usage then your likely looking at some other problem.
>
> If you run top what are you seeing on the %Cpu(s) line?
>
>
> On 02/08/2016 02:20 PM, Gokan Atmaca wrote:
>>>
>>> I'm guessing you're using standard 7,200rpm platter drives? You'll need
>>> to share more information about your environment in order for us to
>>> provide useful feedback. Usually though, the answer is 'caching' and/or
>>> 'faster disks'.
>>
>> Yes , 7.2k rpm disks. 2T mirror (soft). In fact, I had such a
>> preference for slightly more capacity.
>> Unfortunately very expensive SAS drives.  But this works only if the
>> server in question occur.
>> In this case, about 15 minutes. progress.
>>
>>
>> On Mon, Feb 8, 2016 at 9:13 PM, Digimer  wrote:
>>>
>>> On 08/02/16 02:12 PM, Gokan Atmaca wrote:

 Hello

 I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
 increases. It consumes up to 99%. For this reason, slowing down the
 other virtual machine. What should I do to solve the problem. ?

 Thanks..
>>>
>>> I'm guessing you're using standard 7,200rpm platter drives? You'll need
>>> to share more information about your environment in order for us to
>>> provide useful feedback. Usually though, the answer is 'caching' and/or
>>> 'faster disks'.
>>>
>>> --
>>> Digimer
>>> Papers and Projects: https://alteeve.ca/w/
>>> What if the cure for cancer is trapped in the mind of a person without
>>> access to education?
>>> ___
>>> CentOS-virt mailing list
>>> CentOS-virt@centos.org
>>> https://lists.centos.org/mailman/listinfo/centos-virt
>>
>> ___
>> CentOS-virt mailing list
>> CentOS-virt@centos.org
>> https://lists.centos.org/mailman/listinfo/centos-virt
>
>
>
> --
> Alvin Starr   ||   voice: (905)513-7688
> Netvel Inc.   ||   Cell:  (416)806-0133
> al...@netvel.net  ||
>
>
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM

[Alvin Starr]

You need to provide more information.
20% is what number.
There are something like 6 numbers on that line.

On 02/08/2016 02:56 PM, Gokan Atmaca wrote:

If you run top what are you seeing on the %Cpu(s) line?

%20


On Mon, Feb 8, 2016 at 9:30 PM, Alvin Starr  wrote:

Slow disks will show up as higher I/Owait times.
If your seeing 99% cpu usage then your likely looking at some other problem.

If you run top what are you seeing on the %Cpu(s) line?


On 02/08/2016 02:20 PM, Gokan Atmaca wrote:

I'm guessing you're using standard 7,200rpm platter drives? You'll need
to share more information about your environment in order for us to
provide useful feedback. Usually though, the answer is 'caching' and/or
'faster disks'.

Yes , 7.2k rpm disks. 2T mirror (soft). In fact, I had such a
preference for slightly more capacity.
Unfortunately very expensive SAS drives.  But this works only if the
server in question occur.
In this case, about 15 minutes. progress.


On Mon, Feb 8, 2016 at 9:13 PM, Digimer  wrote:

On 08/02/16 02:12 PM, Gokan Atmaca wrote:

Hello

I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
increases. It consumes up to 99%. For this reason, slowing down the
other virtual machine. What should I do to solve the problem. ?

Thanks..

I'm guessing you're using standard 7,200rpm platter drives? You'll need
to share more information about your environment in order for us to
provide useful feedback. Usually though, the answer is 'caching' and/or
'faster disks'.

--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt



--
Alvin Starr   ||   voice: (905)513-7688
Netvel Inc.   ||   Cell:  (416)806-0133
al...@netvel.net  ||


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt



--
Alvin Starr   ||   voice: (905)513-7688
Netvel Inc.   ||   Cell:  (416)806-0133
al...@netvel.net  ||

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM

[NightLightHosts Admin]

On Mon, Feb 8, 2016 at 2:53 PM, Alvin Starr  wrote:
> You need to provide more information.
> 20% is what number.
> There are something like 6 numbers on that line.
>
>

Post commands and results of command outputs
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM

[Gokan Atmaca]

> Are the disk partitions properly aligned to 4k boundary on the host (and in
> the guests too) ?
>
There are 5 in total server. 32G ram. 2T r1 (soft) disk.


On Mon, Feb 8, 2016 at 9:41 PM, Zoltan Frombach  wrote:
> Are the disk partitions properly aligned to 4k boundary on the host (and in
> the guests too) ?
>
> See
> http://www.ibm.com/developerworks/library/l-linux-on-4kb-sector-disks/index.html
> and this:
> http://unix.stackexchange.com/questions/247387/check-if-partitions-are-aligned-properly-for-performance
>
>
> On 2/8/2016 8:12 PM, Gokan Atmaca wrote:
>>
>> Hello
>>
>> I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
>> increases. It consumes up to 99%. For this reason, slowing down the
>> other virtual machine. What should I do to solve the problem. ?
>>
>> Thanks..
>> ___
>> CentOS-virt mailing list
>> CentOS-virt@centos.org
>> https://lists.centos.org/mailman/listinfo/centos-virt
>
>
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM

[Digimer]

On 08/02/16 02:20 PM, Gokan Atmaca wrote:
>> I'm guessing you're using standard 7,200rpm platter drives? You'll need
>> to share more information about your environment in order for us to
>> provide useful feedback. Usually though, the answer is 'caching' and/or
>> 'faster disks'.
> 
> Yes , 7.2k rpm disks. 2T mirror (soft). In fact, I had such a
> preference for slightly more capacity.

Those are slow and have poor seek latency. Slow-down of other servers
when one hits the disk hard has to be expected.

> Unfortunately very expensive SAS drives.  But this works only if the
> server in question occur.
> In this case, about 15 minutes. progress.

I don't understand what you are saying/asking, sorry.

> On Mon, Feb 8, 2016 at 9:13 PM, Digimer  wrote:
>> On 08/02/16 02:12 PM, Gokan Atmaca wrote:
>>> Hello
>>>
>>> I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
>>> increases. It consumes up to 99%. For this reason, slowing down the
>>> other virtual machine. What should I do to solve the problem. ?
>>>
>>> Thanks..
>>
>> I'm guessing you're using standard 7,200rpm platter drives? You'll need
>> to share more information about your environment in order for us to
>> provide useful feedback. Usually though, the answer is 'caching' and/or
>> 'faster disks'.
>>
>> --
>> Digimer
>> Papers and Projects: https://alteeve.ca/w/
>> What if the cure for cancer is trapped in the mind of a person without
>> access to education?
>> ___
>> CentOS-virt mailing list
>> CentOS-virt@centos.org
>> https://lists.centos.org/mailman/listinfo/centos-virt
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
> 


-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM

[Zoltan Frombach]

Are the disk partitions properly aligned to 4k boundary on the host (and 
in the guests too) ?


See
http://www.ibm.com/developerworks/library/l-linux-on-4kb-sector-disks/index.html
and this:
http://unix.stackexchange.com/questions/247387/check-if-partitions-are-aligned-properly-for-performance

On 2/8/2016 8:12 PM, Gokan Atmaca wrote:

Hello

I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
increases. It consumes up to 99%. For this reason, slowing down the
other virtual machine. What should I do to solve the problem. ?

Thanks..
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM

[Digimer]

On 08/02/16 02:12 PM, Gokan Atmaca wrote:
> Hello
> 
> I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
> increases. It consumes up to 99%. For this reason, slowing down the
> other virtual machine. What should I do to solve the problem. ?
> 
> Thanks..

I'm guessing you're using standard 7,200rpm platter drives? You'll need
to share more information about your environment in order for us to
provide useful feedback. Usually though, the answer is 'caching' and/or
'faster disks'.

-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM

[Gokan Atmaca]

> I'm guessing you're using standard 7,200rpm platter drives? You'll need
> to share more information about your environment in order for us to
> provide useful feedback. Usually though, the answer is 'caching' and/or
> 'faster disks'.

Yes , 7.2k rpm disks. 2T mirror (soft). In fact, I had such a
preference for slightly more capacity.
Unfortunately very expensive SAS drives.  But this works only if the
server in question occur.
In this case, about 15 minutes. progress.


On Mon, Feb 8, 2016 at 9:13 PM, Digimer  wrote:
> On 08/02/16 02:12 PM, Gokan Atmaca wrote:
>> Hello
>>
>> I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
>> increases. It consumes up to 99%. For this reason, slowing down the
>> other virtual machine. What should I do to solve the problem. ?
>>
>> Thanks..
>
> I'm guessing you're using standard 7,200rpm platter drives? You'll need
> to share more information about your environment in order for us to
> provide useful feedback. Usually though, the answer is 'caching' and/or
> 'faster disks'.
>
> --
> Digimer
> Papers and Projects: https://alteeve.ca/w/
> What if the cure for cancer is trapped in the mind of a person without
> access to education?
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] KVM

[Gokan Atmaca]

Hello

I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
increases. It consumes up to 99%. For this reason, slowing down the
other virtual machine. What should I do to solve the problem. ?

Thanks..
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM

[Alvin Starr]

Slow disks will show up as higher I/Owait times.
If your seeing 99% cpu usage then your likely looking at some other problem.

If you run top what are you seeing on the %Cpu(s) line?

On 02/08/2016 02:20 PM, Gokan Atmaca wrote:

I'm guessing you're using standard 7,200rpm platter drives? You'll need
to share more information about your environment in order for us to
provide useful feedback. Usually though, the answer is 'caching' and/or
'faster disks'.

Yes , 7.2k rpm disks. 2T mirror (soft). In fact, I had such a
preference for slightly more capacity.
Unfortunately very expensive SAS drives.  But this works only if the
server in question occur.
In this case, about 15 minutes. progress.


On Mon, Feb 8, 2016 at 9:13 PM, Digimer  wrote:

On 08/02/16 02:12 PM, Gokan Atmaca wrote:

Hello

I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
increases. It consumes up to 99%. For this reason, slowing down the
other virtual machine. What should I do to solve the problem. ?

Thanks..

I'm guessing you're using standard 7,200rpm platter drives? You'll need
to share more information about your environment in order for us to
provide useful feedback. Usually though, the answer is 'caching' and/or
'faster disks'.

--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt



--
Alvin Starr   ||   voice: (905)513-7688
Netvel Inc.   ||   Cell:  (416)806-0133
al...@netvel.net  ||

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM

[Marcin Figura]

Using *top *and looki at *'wa' *value can tell you I/O wait time for each
CPU
Dont forget to press "*1*" to expand list of CPUs

Tasks: 501 total,   4 running, 497 sleeping,   0 stopped,   0 zombie
Cpu0  : 31.9%us, 52.7%sy,  0.0%ni, 15.1%id,  *0.0%wa*,  0.0%hi,  0.3%si,
 0.0%st
Cpu1  : 29.7%us,  7.6%sy,  0.0%ni, 62.1%id,  *0.0%wa,*  0.0%hi,  0.7%si,
 0.0%st

Also, there is handy tool called: *iotop *which can tell how much process
writes and read. We can see on our 6Gpbs SATAIII interface with SSD disks,
the interfaces is being maxed out with writes at ~500MBs

At the end 7.2k disks can be easily maxed out while running a few VMs so no
surprise here.

Lastly, setup some monitoring for example munin, its quite handy :

http://demo.munin-monitoring.org/disk-day.html



On Mon, Feb 8, 2016 at 1:58 PM Gokan Atmaca  wrote:

> > Are the disk partitions properly aligned to 4k boundary on the host (and
> in
> > the guests too) ?
> >
> There are 5 in total server. 32G ram. 2T r1 (soft) disk.
>
>
> On Mon, Feb 8, 2016 at 9:41 PM, Zoltan Frombach 
> wrote:
> > Are the disk partitions properly aligned to 4k boundary on the host (and
> in
> > the guests too) ?
> >
> > See
> >
> http://www.ibm.com/developerworks/library/l-linux-on-4kb-sector-disks/index.html
> > and this:
> >
> http://unix.stackexchange.com/questions/247387/check-if-partitions-are-aligned-properly-for-performance
> >
> >
> > On 2/8/2016 8:12 PM, Gokan Atmaca wrote:
> >>
> >> Hello
> >>
> >> I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very
> >> increases. It consumes up to 99%. For this reason, slowing down the
> >> other virtual machine. What should I do to solve the problem. ?
> >>
> >> Thanks..
> >> ___
> >> CentOS-virt mailing list
> >> CentOS-virt@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos-virt
> >
> >
> > ___
> > CentOS-virt mailing list
> > CentOS-virt@centos.org
> > https://lists.centos.org/mailman/listinfo/centos-virt
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
>

-- 




Mintel Group Limited | 333 West Wacker Drive Suite 1100 | Chicago, Illinois USA 
60606

Contact details for our other offices can be found at 
http://www.mintel.com/office-locations.

This email and any attachments may include content that is confidential, 
privileged 
 or otherwise protected under applicable law. Unauthorized disclosure, copying, 
distribution 
 or use of the contents is prohibited and may be unlawful. If you have received 
this email in error,
 including without appropriate authorization, then please reply to the sender 
about the error 
 and delete this email and any attachments.


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Utility to zero unused blocks on disk

[Chris Murphy]

hdparm supports ATA secure erase. This is SSD safe, unlike other options.
It's faster than writing zeros to both HDD and SSD.

Chris Murphy

On Mon, Feb 8, 2016, 3:06 PM   wrote:

> Wes James wrote:
> > Is there a utility to zero unused blocks on a disk?
> >
> > CentOS 6.7/Ext4
> >
> > I saw zerofree, but I’m not sure it would work on Ext4 or even work on
> > this version of CentOS.
> >
> I don't understand the point of doing this. If you want to sanitize the
> disk, use dban , which surely approaches industry standard for
> the open source answer.
>
> Just zeroing random blocks? Why? If you want to wipe a specific file,
> there's shred.
>
>mark
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Chris Murphy]

DBAN is obsolete. NIST 800-88 for some time now says to use secure erase or
enhanced security erase or crypto erase if supported.

Other options do not erase data in remapped sectors.

Chris Murphy
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[m . roth]

John R Pierce wrote:
> On 2/8/2016 2:14 PM, Chris Murphy wrote:
>> DBAN is obsolete. NIST 800-88 for some time now says to use secure erase
>> or
>> enhanced security erase or crypto erase if supported.
>>
>> Other options do not erase data in remapped sectors.
>
> the only truly safe way to destroy data on magnetic media is to grind
> the media up into filings or melt it down in a furnace.
>
Well, no. DeGaussing works, also. Plus, with current storage techniques,
I've heard that one pass of whatever will make it unreadable. That was why
I jokingly referred to DoD 5220.22-M as overkill, since it does 7 passes.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[m . roth]

Wes James wrote:
> Is there a utility to zero unused blocks on a disk?
>
> CentOS 6.7/Ext4
>
> I saw zerofree, but I’m not sure it would work on Ext4 or even work on
> this version of CentOS.
>
I don't understand the point of doing this. If you want to sanitize the
disk, use dban , which surely approaches industry standard for
the open source answer.

Just zeroing random blocks? Why? If you want to wipe a specific file,
there's shred.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Greg Bailey]

On 02/08/2016 03:05 PM, m.r...@5-cent.us wrote:

Wes James wrote:

Is there a utility to zero unused blocks on a disk?

CentOS 6.7/Ext4

I saw zerofree, but I’m not sure it would work on Ext4 or even work on
this version of CentOS.


I don't understand the point of doing this.


Wes didn't say the reason he wanted to zero unused blocks, but I always 
do this in kickstart scripts when constructing VM images as the image 
size is considerably reduced by doing this...


-Greg

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Wes James]

> On Feb 8, 2016, at 2:37 PM, Digimer  wrote:
> 
> Personally, I just do 'dd if=/dev/zero of=/path/to/zero.img bs=1M; rm -f
> /path/to/zero.img'. It's inelegant, for sure, but it works (note to run
> it as a normal user or else be careful of how your system reacts to
> running out of disk space for a moment).
> 
> fix-it-with-a-hammer-digimer
> 

Looks like it’s working. Thanks.

> On 08/02/16 04:34 PM, Wes James wrote:
>> Is there a utility to zero unused blocks on a disk?
>> 
>> CentOS 6.7/Ext4
>> 
>> I saw zerofree, but I’m not sure it would work on Ext4 or even work on this 
>> version of CentOS.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[m . roth]

Chris Murphy wrote:
> DBAN is obsolete. NIST 800-88 for some time now says to use secure erase
> or enhanced security erase or crypto erase if supported.
>
> Other options do not erase data in remapped sectors.

dban doesn't? What F/OSS does "secure erase"? And does it do what dban's
DoD 5220.22-M does?

   mark, overkill

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[John R Pierce]

On 2/8/2016 2:14 PM, Chris Murphy wrote:

DBAN is obsolete. NIST 800-88 for some time now says to use secure erase or
enhanced security erase or crypto erase if supported.

Other options do not erase data in remapped sectors.


the only truly safe way to destroy data on magnetic media is to grind 
the media up into filings or melt it down in a furnace.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[John R Pierce]

On 2/8/2016 2:18 PM, m.r...@5-cent.us wrote:

dban doesn't? What F/OSS does "secure erase"? And does it do what dban's
DoD 5220.22-M does?


do you even know what NISP Operating Manual 5220.22-M is?   One thing it 
does NOT have is ANY specifications of methods of data erasure (it 
mentions data erasure in 2 short paragraphs, out of a 140 page book on 
security).


The Defense Security Service C (clearing and sanitization matrix) 
procedures state that magnetic disks will be degaussed or physically 
destroyed.

http://www.oregon.gov/DAS/OP/docs/policy/state/107-009-005_Exhibit_B.pdf

note that degaussing a hard drive made since the early 80s will erase 
its servo tracks and render it scrap.


there is no such thing as secure erasure.   the whole silly 3 passes of 
random data followed by zeroing thing has been debunked numerous 
times.   It MIGHT have worked in the days of MFM disks, when block 
sparing was an OS function, and the drives just provided a stream of 1s 
and 0s without recognizing 'sectors' (sectoring was done in the MFM disk 
controller board).With any modern storage device writing a single 
pass of zeros will do virtually the same thing, and is adequate to 
remove casual data but by no means good enough for any sort of 
government mandated security.





--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Valeri Galtsev]

On Mon, February 8, 2016 5:45 pm, John R Pierce wrote:
> On 2/8/2016 3:33 PM, Valeri Galtsev wrote:
>> DRAM had more persistent imprint of information that was sitting in it,
>> which appears much harder to destroy than information on hard drive.
>
> well aware of that.   30 years ago a friend and I built a specialized
> video card for a consulting project   discovered on the prototype
> that we could power it down, go home, come back the next day, and power
> it up, and sufficient image remained in the DRAM to be totally
> recognizable.   sure, it had 'noise' bits all over it, but whatever was
> on the screen the day before was still visible.
>

This is amazing! That is what distinguishes experts from us mortals: what
we just learned by reading they saw themselves (sometimes quite a while
ago)! On the other hand, why I'm so surprised? This is why they can answer
any of our questions on this list in a split second.

Still, I'm very impressed!

Valeri


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Always Learning]

On Mon, 2016-02-08 at 14:22 -0800, John R Pierce wrote:

> the only truly safe way to destroy data on magnetic media is to grind 
> the media up into filings or melt it down in a furnace.

I unscrew the casing, extract the disk platter(s), slide a very strong
magnet over both sides of the platter surface then bend the platter in
half. 

How secure is that ?

I can't afford a machine that grinds everything into dust particles.

-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[SternData]

On 02/08/2016 06:38 PM, Always Learning wrote:
> 
> On Mon, 2016-02-08 at 14:22 -0800, John R Pierce wrote:
> 
>> the only truly safe way to destroy data on magnetic media is to grind 
>> the media up into filings or melt it down in a furnace.
> 
> I unscrew the casing, extract the disk platter(s), slide a very strong
> magnet over both sides of the platter surface then bend the platter in
> half. 
> 
> How secure is that ?
> 
> I can't afford a machine that grinds everything into dust particles.
> 
I have a sledge hammer. It's good exercise and fun.

-- 
-- Steve
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Valeri Galtsev]

On Mon, February 8, 2016 4:22 pm, John R Pierce wrote:
> On 2/8/2016 2:14 PM, Chris Murphy wrote:
>> DBAN is obsolete. NIST 800-88 for some time now says to use secure erase
>> or
>> enhanced security erase or crypto erase if supported.
>>
>> Other options do not erase data in remapped sectors.
>
> the only truly safe way to destroy data on magnetic media is to grind
> the media up into filings or melt it down in a furnace.

Without any intent to contradict... This article I found to be very
instructive reading:

https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

As far as hard drives are concerned, it changed my mind about magnetic
media (hard drives): from "you never will be able to securely destroy
data" to "one pass of writing zeroes is sufficient for modern drives.
Bringing platters over 1000 times deep into hysteresis back and forth is
enough to destroy even residual magnetization related to magnetic domain
aging... On modern drives though... No, I decided to not spoil it for
those who decides to read that article. One thing I learned from there:
DRAM had more persistent imprint of information that was sitting in it,
which appears much harder to destroy than information on hard drive. I
hope I intrigued you enough to go and read that article.

Valeri



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Valeri Galtsev]

On Mon, February 8, 2016 3:37 pm, Digimer wrote:
> Personally, I just do 'dd if=/dev/zero of=/path/to/zero.img bs=1M; rm -f
> /path/to/zero.img'. It's inelegant, for sure, but it works (note to run
> it as a normal user or else be careful of how your system reacts to
> running out of disk space for a moment).

This definitely does the trick. reallocated bad blocks aside, one path
writing zeroes on modern drives is sufficient, according to one nice paper
on the subject I remember. Does not comply DoD (and similar) secure data
destruction though... As it always is when army is concerned: overkill ;-)

Valeri

>
> fix-it-with-a-hammer-digimer
>
> On 08/02/16 04:34 PM, Wes James wrote:
>> Is there a utility to zero unused blocks on a disk?
>>
>> CentOS 6.7/Ext4
>>
>> I saw zerofree, but I’m not sure it would work on Ext4 or even work on
>> this version of CentOS.
>>
>> thanks,
>>
>> -wes
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
>
> --
> Digimer
> Papers and Projects: https://alteeve.ca/w/
> What if the cure for cancer is trapped in the mind of a person without
> access to education?
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[John R Pierce]

On 2/8/2016 3:33 PM, Valeri Galtsev wrote:

DRAM had more persistent imprint of information that was sitting in it,
which appears much harder to destroy than information on hard drive.


well aware of that.   30 years ago a friend and I built a specialized 
video card for a consulting project   discovered on the prototype 
that we could power it down, go home, come back the next day, and power 
it up, and sufficient image remained in the DRAM to be totally 
recognizable.   sure, it had 'noise' bits all over it, but whatever was 
on the screen the day before was still visible.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Utility to zero unused blocks on disk

[Chris Adams]

Once upon a time, Greg Bailey  said:
> Wes didn't say the reason he wanted to zero unused blocks, but I
> always do this in kickstart scripts when constructing VM images as
> the image size is considerably reduced by doing this...

For that purpose, use something that can TRIM a VM image, like
virt-sparsify.
-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos