Re: [CentOS] xdgurl

[Fred Smith]

On Wed, Oct 19, 2016 at 10:25:43PM -0400, Mark LaPierre wrote:
> Has anyone figured out how to make Firefox 45.4.0 on CentOS 6 use xdgurl
> to handle xdg:// URLs?
> 
> Google is full of suggestions that don't work.  When I select a an
> xdg:// link I don't get a dialog asking me what to do like Google says I
> will.  Instead I get a message that says Firefox doesn't have a clue how
> to handle this URL.  Do you want to try again?
> 
> I tried about:config
> 
> I added:
> 

Just a guess... did you really mean to have "zdgurl" at the end of
this string, as you show below?

> network.protocol-handler.external.xdg  user set  string /usr/bin/zdgurl
   ^
> 
> Still no joy.
> 
> -- 
> _
>°v°
>   /(_)\
>^ ^  Mark LaPierre
> Registered Linux user No #267004
> https://linuxcounter.net/
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
   But God demonstrates his own love for us in this: 
 While we were still sinners, 
  Christ died for us.
--- Romans 5:8 (niv) --
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] xdgurl

[Mark LaPierre]

Has anyone figured out how to make Firefox 45.4.0 on CentOS 6 use xdgurl
to handle xdg:// URLs?

Google is full of suggestions that don't work.  When I select a an
xdg:// link I don't get a dialog asking me what to do like Google says I
will.  Instead I get a message that says Firefox doesn't have a clue how
to handle this URL.  Do you want to try again?

I tried about:config

I added:

network.protocol-handler.external.xdg  user set  string /usr/bin/zdgurl

Still no joy.

-- 
_
   °v°
  /(_)\
   ^ ^  Mark LaPierre
Registered Linux user No #267004
https://linuxcounter.net/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH Weak Ciphers

[Alice Wonder]

On 10/19/2016 01:54 PM, m.r...@5-cent.us wrote:

Alice Wonder wrote:

On 10/19/2016 11:34 AM, Leonard den Ottolander wrote:

Hello Gordon,


*snip*


Personally I would be more concerned whether or not to enable ECDSA
algorithms (https://blog.cr.yp.to/20140323-ecdsa.html).


For web server ECDSA certs is currently a concern because the only
curves with popular support across browsers have parameters that were
chosen for undocumented reasons.

That doesn't mean they are vulnerable but there is a question.

OpenSSH uses Curve25519 for ECDSA which has documented reasons for the
parameters chosen and thus are far less likely to be nefariously chosen.

At least that's my understanding of the situation, which could be flawed.


Oh, are those the ones with the NSA backdoor curve?



Allegedly they might.

I use ecdsa certs on most of my websites, using secp384r1

I formerly used secp521r1 but suddenly Google with no warning stopped 
supporting it in chrome. That company is too powerful.


The only other option (that has both browser and CA support) is prime256v1

Hopefully soon we will get a better option.

I don't believe it is an issue with OpenSSH though.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] port running but connection refused

[Jack Bailey]

On 10/19/16 2:03 PM, Jerry Geis wrote:

Hi All,

I have a process running on port 5070... I'm using CentOS 7.
iptables is running firewalld should be stopped and disabled.

When I telnet localhost 5070 I get connection refused.

When I stop iptables I still get connection refused.

netstat -tnlv | grep 5070
tcp0  0 192.168.1.8:50700.0.0.0:*   LISTEN

so the process is running and listening.




The process is not listening on localhost.  Try telnet 192.168.1.8 5070

Jack

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] port running but connection refused

[Jerry Geis]

Hi All,

I have a process running on port 5070... I'm using CentOS 7.
iptables is running firewalld should be stopped and disabled.

When I telnet localhost 5070 I get connection refused.

When I stop iptables I still get connection refused.

netstat -tnlv | grep 5070
tcp0  0 192.168.1.8:50700.0.0.0:*   LISTEN

so the process is running and listening.

ps ax | grep firewalld
returns nothing except the grep command.

What else could be blocking this connection?

Thanks,

Jerry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bacula Restore

[Jon LaBadie]

On Wed, Oct 19, 2016 at 01:20:49PM +0200, Alessandro Baggi wrote:
> Hi list,
> another question about bacula, but this time about restoring backups.
> 
> I've a server that I must backup every day. My plan is:
> 
> from mon to sat incrimental backup
> and on sunday full backup.
> 
> When I will perform a restore I  must restore from last valid full backup
> and then all valid incremental backup from last backup to specific date.
> 
> This server has aweb managed application where user can update data or
> delete data.
> 
> Suppose that after a full backup, on monday the user upload a file and
> incrimental backup is performed. On tuesday the user remove the uploaded
> file and backup is performed.
> 
> Suppose that I want perform a restore of these jobs. I restore full,
> mon-incr and I found on restore path file uploaded on monday. When restoring
> tuesday incr (where the uploaded file was not present), on restore path I
> will found the uploaded file or bacula remove it with tuesday incremental
> backup restore?
> 
Don't know about bacula, but with amanda you restore to the
state that existed as of a particlar date.  Restore as of Sunday
or Tuesday the file is not in the restore.

jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH Weak Ciphers

[m . roth]

Alice Wonder wrote:
> On 10/19/2016 11:34 AM, Leonard den Ottolander wrote:
>> Hello Gordon,
>>
> *snip*
>>
>> Personally I would be more concerned whether or not to enable ECDSA
>> algorithms (https://blog.cr.yp.to/20140323-ecdsa.html).
>>
> For web server ECDSA certs is currently a concern because the only
> curves with popular support across browsers have parameters that were
> chosen for undocumented reasons.
>
> That doesn't mean they are vulnerable but there is a question.
>
> OpenSSH uses Curve25519 for ECDSA which has documented reasons for the
> parameters chosen and thus are far less likely to be nefariously chosen.
>
> At least that's my understanding of the situation, which could be flawed.

Oh, are those the ones with the NSA backdoor curve?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH Weak Ciphers

[Alice Wonder]

On 10/19/2016 11:34 AM, Leonard den Ottolander wrote:

Hello Gordon,


*snip*


Personally I would be more concerned whether or not to enable ECDSA
algorithms (https://blog.cr.yp.to/20140323-ecdsa.html).

Regards,
Leonard.



For web server ECDSA certs is currently a concern because the only 
curves with popular support across browsers have parameters that were 
chosen for undocumented reasons.


That doesn't mean they are vulnerable but there is a question.

OpenSSH uses Curve25519 for ECDSA which has documented reasons for the 
parameters chosen and thus are far less likely to be nefariously chosen.


At least that's my understanding of the situation, which could be flawed.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH Weak Ciphers

[Clint Dilks]

On Thu, Oct 20, 2016 at 4:30 AM, Leonard den Ottolander <
leon...@den.ottolander.nl> wrote:

> Hello Clint,
>
> On Wed, 2016-10-19 at 11:28 +1300, Clint Dilks wrote:
> > The following weak client-to-server encryption algorithms are supported
> by
> > the remote service:
> > rijndael-...@lysator.liu.se
> > arcfour256
> > arcfour128
> > aes256-cbc
> > 3des-cbc
> > aes192-cbc
> > blowfish-cbc
> > cast128-cbc
> > arcfour
> > aes128-cbc
>
> Where did you get the idea that AES (~ Rijndael) is a weak cipher?
>
> RC4 (arcfour) is indeed considered insecure and Blowfish uses a block
> size that is too small for comfort. CAST-128 might still be quite usable
> and even though triple DES only provides about 80 bits of security it is
> still not considered broken.
>
> Regards,
> Leonard.
>


Morning Leonard,

I believe the vulnerability scan was done using OpenVAS
http://www.openvas.org/

Medium (CVSS: 4.3)
NVT: SSH Weak Encryption Algorithms Supported
Summary
The remote SSH server is configured to allow weak encryption algorithms.
Vulnerability Detection Result
The following weak client-to-server encryption algorithms are supported by
the remote service:
rijndael-...@lysator.liu.se
arcfour256
arcfour128
aes256-cbc
3des-cbc
aes192-cbc
blowfish-cbc
cast128-cbc
arcfour
aes128-cbc
The following weak server-to-client encryption algorithms are supported by
the remote service:
rijndael-...@lysator.liu.se
arcfour256
arcfour128
aes256-cbc
3des-cbc
aes192-cbc
blowfish-cbc
cast128-cbc
arcfour
aes128-cbc

Solution
Disable the weak encryption algorithms.
Vulnerability Insight
The ‘arcfour‘ cipher is the Arcfour stream cipher with 128-bit keys. The
Arcfour cipher is believed
to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has
problems with weak
keys, and should not be used anymore.
The ‘none‘ algorithm specifies that no encryption is to be done. Note that
this method provides
no confidentiality protection, and it is NOT RECOMMENDED to use it.
A vulnerability exists in SSH messages that employ CBC mode that may allow
an attacker to
recover plaintext from a block of ciphertext.
Vulnerability Detection Method
Check if remote ssh service supports Arcfour, none or CBC ciphers.
Details:SSH Weak Encryption Algorithms Supported
OID:1.3.6.1.4.1.25623.1.0.105611
Version used: $Revision: 3160 $
References
Other:
URL:https://tools.ietf.org/html/rfc4253#section-6.3
URL:https://www.kb.cert.org/vuls/id/958563

Thanks



>
> --
> mount -t life -o ro /dev/dna /genetic/research
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-announce] CEEA-2016:2053 CentOS 7 qed Enhancement Update

[Johnny Hughes]

CentOS Errata and Enhancement Advisory 2016:2053 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-2053.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
d377a4d756626c36b06cba43245271483cde612665f7824c2dd4e92ce0a658bd  
kmod-qed-8.7.1.20-1.el7_2.x86_64.rpm
270416cf1eaa63e45787df70ea96e08b62fa9727617c90c2565db18ae29d06b0  
kmod-qed-firmware-8.7.1.20-1.el7_2.x86_64.rpm

Source:
9177a9008d81b6e116c7108382229015c9c2794581427d4f712fbab122ea05ad  
qed-8.7.1.20-1.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEEA-2016:2053 CentOS 7 qede Enhancement Update

[Johnny Hughes]

CentOS Errata and Enhancement Advisory 2016:2053 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-2053.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
134fd2c3fe3439169678c5c57518f9231804ee34098e7f169bca57b7179886ae  
kmod-qede-8.7.1.20-1.el7_2.x86_64.rpm

Source:
0f176dc6e202d09ea6e200f17f6ae7f66ea66983c2f5ee5564faf17c99f5782e  
qede-8.7.1.20-1.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2016:2079 Critical CentOS 7 java-1.8.0-openjdk Security Update

[Johnny Hughes]

CentOS Errata and Security Advisory 2016:2079 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-2079.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
028b7d73cab8947df0f2fe08c028d6349aa7cb6a19ef01ac4ddc78939ab25f61  
java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.x86_64.rpm
83fc734f15cd1891fb0c5fd5e692df9048cd7dc56ec468e7281eb2eaf6654e20  
java-1.8.0-openjdk-accessibility-1.8.0.111-1.b15.el7_2.x86_64.rpm
84a58a7dab05f4230d4c30b35e0649de9e0f0acd1ea984428da31ca4d91dab92  
java-1.8.0-openjdk-accessibility-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
02488f4200afbba9b86c6f3cbf6054778afaf24164675fe1a7e3eca11399  
java-1.8.0-openjdk-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
7c5e7dc04f1286a18c1c5df06fa73dd5640ef9f631c91c2a3cd6c883cb7acf68  
java-1.8.0-openjdk-demo-1.8.0.111-1.b15.el7_2.x86_64.rpm
11b2902c6c4d7dfe82b869903c894b05c7b768c337469f36310fc43b5b4611df  
java-1.8.0-openjdk-demo-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
03433ad6c3f91643b9744acf870b875d7418593c60c31eb5cfe32f4619112a8f  
java-1.8.0-openjdk-devel-1.8.0.111-1.b15.el7_2.x86_64.rpm
70c0c17a4dced2896b0f1d4c622615e2e3bfce16042017d0e424496a1386d680  
java-1.8.0-openjdk-devel-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
ce6eed8d95c73553e83669594284cfb4d43959761499f1a2d90e040352eb8b1c  
java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64.rpm
b9f8e783b3f82a3fe567a6f343a3e7ab5acf3d838fb2bdf6670da3df52bc11bd  
java-1.8.0-openjdk-headless-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
5f2d8974a59c970489994bd9f74194122cfccd1d48e3078977e9840cccd4bae4  
java-1.8.0-openjdk-javadoc-1.8.0.111-1.b15.el7_2.noarch.rpm
99764694bbfc61c98497d90f482f11b29edeb9a14ed583386e1fcd1f7685a003  
java-1.8.0-openjdk-javadoc-debug-1.8.0.111-1.b15.el7_2.noarch.rpm
241163cc6cd5f82476b489dcaa3d02e2e97f71606de63af94178f0538648b9e2  
java-1.8.0-openjdk-src-1.8.0.111-1.b15.el7_2.x86_64.rpm
749d9c3495ec107da97f6044016972877c75346e06f358559d8beb1dd0b013ad  
java-1.8.0-openjdk-src-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm

Source:
14dd2d91e721496277c119284a579fe2efd2433e3ee1841053bef94f5fb2f455  
java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2016:2079 Critical CentOS 6 java-1.8.0-openjdk Security Update

[Johnny Hughes]

CentOS Errata and Security Advisory 2016:2079 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-2079.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
60cf77046bec5d09e30ac37298ae03030f7f12bdf1c85991e895164d43f23df1  
java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.i686.rpm
16bee782dac78dcb28c9b193b93507e7dbcf3e4486fcefb31524c546939a32d8  
java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.i686.rpm
7eef730957fd3bda1f05b693c2d0c8db7b76b79efd55f8dd02a5f748a556ea38  
java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.i686.rpm
e523ee91414bf1d2bc968549379ed5236c802b6033d9532f005e703f07d60390  
java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.i686.rpm
c2a8ce469379455489ca8244f24f0b746d42b3ecfbb053545daf7a322114ed5f  
java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.i686.rpm
03f53cb8d4e9c68801459ee488874072965d2302229f98679ee12c42965f8b59  
java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.i686.rpm
78838b4b92f42d353a1bd2c0b93f1e1680abd8e700cfb6ea87cda478d70a6a0a  
java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.i686.rpm
a9d5f8ec69fe74b5c2ca61844b708880a12a4c6a9fb02b8e47ab09e036075a3f  
java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.i686.rpm
39eb4adf71a189d04374ac6f334a8575e6305bd3f9740b28b4afaa09f0c3dea8  
java-1.8.0-openjdk-javadoc-1.8.0.111-0.b15.el6_8.noarch.rpm
d95e4b1f0f00548357f68bea0ba618ca57c05c83c6126801e7486f927505ed9d  
java-1.8.0-openjdk-javadoc-debug-1.8.0.111-0.b15.el6_8.noarch.rpm
75d481665ef258552464259d83abed1b217c156b4b6ff3e5f7dacea0f70643a3  
java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.i686.rpm
341c0b2114349353d5ffd7259e203d84639364eadc7dbfac3c5f715ec06baf05  
java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.i686.rpm

x86_64:
f4499b1d6b31f133b89baa832794ff0c37f9ea9e87850172e71e08c1e0c438b6  
java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.x86_64.rpm
af76e86cf568bb3274b8ba6c62c48a8a856269264b036350591591575df15772  
java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm
1b0945e04fb8ffbadef61357bee914ee49496eb91b2687601f4f763393e2  
java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.x86_64.rpm
d5ec7926cdbb83b25403e435082f8cbe14ee88fcb63f4aab01e8c24794cd  
java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm
33063935b9ff95f54b9d094503eba5f90dcfcc3c8041f3d7bbb9c7e61768ce07  
java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.x86_64.rpm
c55e83f73cdf85dab61c716033b26739ee8c845178cee0aae54423305947  
java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm
bffd148c22ea1410222cf8542ce5c5ee2288db9510648a0fda8345d2abf9fbe7  
java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.x86_64.rpm
28f12d2c23f0e6f48f40a68f25ca5b8d87399b96139919a32f10a1c709148e16  
java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm
39eb4adf71a189d04374ac6f334a8575e6305bd3f9740b28b4afaa09f0c3dea8  
java-1.8.0-openjdk-javadoc-1.8.0.111-0.b15.el6_8.noarch.rpm
d95e4b1f0f00548357f68bea0ba618ca57c05c83c6126801e7486f927505ed9d  
java-1.8.0-openjdk-javadoc-debug-1.8.0.111-0.b15.el6_8.noarch.rpm
c02bf67c37e94832bcc73b9f5af6eca847ad56e318ffc39a77b2799354130afb  
java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.x86_64.rpm
393b67b81738b1cd12ca1d1b883759338ea6652264fe34f14afb2b5aa7a7fb5d  
java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm

Source:
a23a87514ad0c6f825ebd5ff9e2d950521d8de88086d4abfc7a0b6eec29a4e30  
java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

Re: [CentOS] SSH Weak Ciphers

[Leonard den Ottolander]

Hello Gordon,

On Wed, 2016-10-19 at 10:31 -0700, Gordon Messmer wrote:
> On 10/19/2016 08:30 AM, Leonard den Ottolander wrote:
> > Where did you get the idea that AES (~ Rijndael) is a weak cipher?
> 
> 
> It's not the cipher, but the mode.  CBC has several known weaknesses in 
> TLS, and is frequently regarded as potentially insecure as a result.
> 
> https://www.openssl.org/~bodo/tls-cbc.txt

According to that document those issues are solved in the TLS 1.1
specification. It also indicates that issues 1) and 2) do not exist in
openssl since 0.9.6i and 0.9.6e respectively and that openssls TLS 1.0
implementation handles padding correctly so issue 3) doesn't exist in
openssl either.

However, I see that the openssh developers have decided to disable cbc
algorithms in 6.7. Not sure what their rationale is as from the document
you mention I grasp that these issues can be fixed by correctly padding
the message and adding one extra random block before the message ("front
padding").

Personally I would be more concerned whether or not to enable ECDSA
algorithms (https://blog.cr.yp.to/20140323-ecdsa.html).

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH Weak Ciphers

[Gordon Messmer]

On 10/19/2016 08:30 AM, Leonard den Ottolander wrote:

Where did you get the idea that AES (~ Rijndael) is a weak cipher?



It's not the cipher, but the mode.  CBC has several known weaknesses in 
TLS, and is frequently regarded as potentially insecure as a result.


https://www.openssl.org/~bodo/tls-cbc.txt


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH Weak Ciphers

[Leon Fauster]

Am 19.10.2016 um 17:30 schrieb Leonard den Ottolander 
:
> Hello Clint,
> 
> On Wed, 2016-10-19 at 11:28 +1300, Clint Dilks wrote:
>> The following weak client-to-server encryption algorithms are supported by
>> the remote service:
>> rijndael-...@lysator.liu.se
>> arcfour256
>> arcfour128
>> aes256-cbc
>> 3des-cbc
>> aes192-cbc
>> blowfish-cbc
>> cast128-cbc
>> arcfour
>> aes128-cbc
> 
> Where did you get the idea that AES (~ Rijndael) is a weak cipher?
> 
> RC4 (arcfour) is indeed considered insecure and Blowfish uses a block
> size that is too small for comfort. CAST-128 might still be quite usable
> and even though triple DES only provides about 80 bits of security it is
> still not considered broken.


Isn't there a collision attack for DES? 

--
LF


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH Weak Ciphers

[Leon Fauster]

Am 19.10.2016 um 17:05 schrieb Chris Adams :
> Once upon a time, Erik Laxdal  said:
>> The supported KexAlgorithms, Ciphers, and MACs are generally listed
>> in the sshd_config man page.  So 'man sshd_config' then look for the
>> section of the item of interest.
> 
> Note that the man page does not always match the actual compiled binary
> (the build process does not update the man page to match configuration).

That was my assumption.


> The best way is to run "ssh -Q cipher" (as mentioned in the ssh_config
> and sshd_config man pages under Ciphers).


Great! For

# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

# echo cipher  cipher-auth  mac  kex  key |xargs -n1 ssh -Q

shows all informations.

Unfortunately that applies only to EL7. ssh's version of EL{5,6} doesn't have 
the Q switch. 

--
LF


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-build-reports] Build Done: java-1.8.0-openjdk 1.8.0.111-1.b15.el7_2.i386 on c7.1511.u

[buildsys]

logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/build.log
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.src.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-accessibility-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-accessibility-debug-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-debug-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-demo-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-demo-debug-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-devel-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-devel-debug-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-headless-debug-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-javadoc-1.8.0.111-1.b15.el7_2.noarch.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-javadoc-debug-1.8.0.111-1.b15.el7_2.noarch.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-src-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/java-1.8.0-openjdk-src-debug-1.8.0.111-1.b15.el7_2.i686.rpm
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/mock.cfg
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/mock.exitcode
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/root.log
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/state.log
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/stderr
logs/c7.1511.u/java-1.8.0-openjdk/20161019142003/1.8.0.111-1.b15.el7_2.i386/stdout
___
CentOS-build-reports mailing list
CentOS-build-reports@centos.org
https://lists.centos.org/mailman/listinfo/centos-build-reports

Re: [CentOS] SSH Weak Ciphers

[Leonard den Ottolander]

Hello Clint,

On Wed, 2016-10-19 at 11:28 +1300, Clint Dilks wrote:
> The following weak client-to-server encryption algorithms are supported by
> the remote service:
> rijndael-...@lysator.liu.se
> arcfour256
> arcfour128
> aes256-cbc
> 3des-cbc
> aes192-cbc
> blowfish-cbc
> cast128-cbc
> arcfour
> aes128-cbc

Where did you get the idea that AES (~ Rijndael) is a weak cipher?

RC4 (arcfour) is indeed considered insecure and Blowfish uses a block
size that is too small for comfort. CAST-128 might still be quite usable
and even though triple DES only provides about 80 bits of security it is
still not considered broken.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Problemas de correos

[Roberto Bermúdez]

Buenos días estimados Listeros, agradezco mucho todos sus consejos, pido
perdón por no haber escrito anteriormente pero pase con problemas
adicionales a los del correo, voy a poner en práctica todo lo que me han
comentado y cualquier cosa estaré retroalimentando de los progresos, un
saludo afectuoso a todos

El 6 de octubre de 2016, 20:55, angel jauregui
escribió:

> DKIM y DomainKeys son dos metodos distintos, pero hacen lo mismo (firman el
> correo y colocan una cabecera), pero el que oficialmente NO ES OBSOLETO es
> el DKIM (paquete: opendkim).
>
> Otro metodo NUEVO de validacion de autenticidad de tu dominio es usar
> DMARC.
>
> Ademas te recomiendo registrar tu dominio con proveedores de correos como
> Google, que te brindan hashes que debes incluir en tu DNS como un registro
> TXT adicional al SPF, esto te hara ganar confianza y que lleges al inbox.
>
> Otro dato SUPER IMPORTANTE es que busques BLACKLIST y cheques cada mes el
> estatus, en caso que estes enlistado, hacer el tramite para salir, despues
> VER EN TU MAILLOG quien esta mal usando el server.
>
> Saludos !
>
> El 6 de octubre de 2016, 16:29, Ricardo J. Barberis  >
> escribió:
>
> > DKIM no esta obsoleto (hotmail, gmail y yahoo si aun no lo requieren no
> > creo
> > que falte mucho para que lo hagan), quizas hayas leido sobre DomainKeys o
> > Identified Internet Mail, ambos se fusionaron en DKIM segun la wikipedia:
> >
> > https://es.wikipedia.org/wiki/DomainKeys_Identified_Mail
> >
> >
> > La configuracion depende del servidor de correo que utilices, aqui
> algunos
> > enlaces que te pueden ser utiles:
> >
> > http://www.opendkim.org/docs.html
> > http://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/
> > http://blog.sunsaturn.com/linux/dkim/dkim-and-postfix-
> setup-on-centos-6-3/
> > http://www.exim.org/exim-html-current/doc/html/spec_html/ch-
> > support_for_dkim_domainkeys_identified_mail.html
> >
> > Espero te sirvan.
> >
> > Saludos!
> >
> > El Jueves 06/10/2016, Roberto Bermúdez escribió:
> > > Saludos estimada comunidad
> > >
> > > he logrado repara el problema del registro SPF, ahora ya los califican
> > > correctamente, pero sin embargo sigo teniendo problemas de no poder
> > mandar
> > > correos a dominios públicos como hotmail o gmail, en varios foros del
> > > internet he visto que hotmail desde hace algunos años no permite el
> paso
> > de
> > > correos de dominios que no tengan asignados registros DKIM pero también
> > he
> > > visto que estos registros están obsoletos, alguién me puede indicar que
> > hay
> > > de cierto en esto?, si es necesario, como puedo configurarlos, alguien
> > sabe
> > > de un foro donde esté claramente explicado? por otro lado también he
> > visto
> > > que se requiere de registros DMARC, alguien los ha configuraco ya?,
> > > agradezcol de antemano cualquier ayuda que me puedan brindar
> > >
> > > Saludos cordiales
> > > Roberto B.
> >
> > --
> > Ricardo J. Barberis
> > Usuario Linux Nº 250625: http://counter.li.org/
> > Usuario LFS Nº 5121: http://www.linuxfromscratch.org/
> > Senior SysAdmin / IT Architect - www.DonWeb.com
> > ___
> > CentOS-es mailing list
> > CentOS-es@centos.org
> > https://lists.centos.org/mailman/listinfo/centos-es
> >
>
>
>
> --
> M.S.I. Angel Haniel Cantu Jauregui.
>
> Celular: (011-52-1)-899-871-17-22
> E-Mail: angel.ca...@sie-group.net
> Web: http://www.sie-group.net/
> Cd. Reynosa Tamaulipas.
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es
>
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS] SSH Weak Ciphers

[Chris Adams]

Once upon a time, Erik Laxdal  said:
> The supported KexAlgorithms, Ciphers, and MACs are generally listed
> in the sshd_config man page.  So 'man sshd_config' then look for the
> section of the item of interest.

Note that the man page does not always match the actual compiled binary
(the build process does not update the man page to match configuration).
The best way is to run "ssh -Q cipher" (as mentioned in the ssh_config
and sshd_config man pages under Ciphers).

-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH Weak Ciphers

[Erik Laxdal]

On 2016-10-19 03:11, Leon Fauster wrote:

Is there any command to find the supported list of KeyAlgos, MACs and
Ciphers for
the particular system (e.g. EL{5,6,7})? Similar to  $ openssl ciphers 
-v ...


The supported KexAlgorithms, Ciphers, and MACs are generally listed in 
the sshd_config man page.  So 'man sshd_config' then look for the 
section of the item of interest.


Erik
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Problemas con Squid

[Pablo Flores Aravena]

Seguro que fue después de un corte de energía, si es así posiblemente tu
disco este dañado.


*Pablo Flores AravenaIngeniero Informátic*o
Sysadmin, Centro de Tecnología de la Información CTI-FAVET
Facultad de Cs. Veterinarias y Pecuarias - Universidad de Chile
Tel: +56 (02) 2978 56 31 - +56 (02) 2978 55 46

El 19 de octubre de 2016, 12:18, Carlos Esparza 
escribió:

> Hola, te mando captura de pantalla reciente. Te comento algo. Este problema
> lo tengo después de algún corte de energía eléctrica o después de reiniciar
> el servidor. Lo que hago ultimamente es reiniciarlo unas 15 veces
> aproximadamente. Esto lo hago en dos o tres días como máximo. Luego se
> normaliza. Busqué si alguna máquina estaba generando peticiones en demasía
> y no encontré nada. Lamentablemente no manejo nada de CentOS o Linux. Sólo
> una lista de comandos que me dejó el proveedor que instaló este servidor.
>
>
> El 19 de octubre de 2016, 11:08, Pablo Flores Aravena 
> escribió:
>
> > El 99% de cpu, ram, DD
> >
> > Lo tienes con squidguard?
> >
> > Ocupas SARG? eliminalo, ocupa squidanalyzer mejor
> > Cuanta de ram le tienes asignada, cuanto libre?
> > Eue dice netstat -atunp
> >
> > Lienes munin para monitorizar el server?
> > Los log dicen algo?
> >
> > Corre el comando
> > df -iH
> >
> > En una de esas los inodos están llenos
> >
> >
> > suerte
> >
> >
> > *Pablo Flores AravenaIngeniero Informátic*o
> > Sysadmin, Centro de Tecnología de la Información CTI-FAVET
> > Facultad de Cs. Veterinarias y Pecuarias - Universidad de Chile
> > Tel: +56 (02) 2978 56 31 - +56 (02) 2978 55 46
> >
> > El 18 de octubre de 2016, 13:02, Carlos Esparza 
> > escribió:
> >
> > > Hola, estoy teniendo hace tiempo problemas con el squid. Lo tengo
> dentro
> > de
> > > un servidor proxy. El problema es el siguiente:
> > > -Al reiniciar el servidor, por algún corte de energía, etc. El squid
> > > comienza a ocupar el 99% del servidor. No puedo pararlo ni reiniciarlo.
> > Lo
> > > único que puedo hacer es reiniciar el servidor completamente.
> > > Verifiqué que no haya virus en la red, ni que alguna máquina esté
> > generando
> > > peticiones de forma masiva.
> > > ¿Qué se les ocurre que puede ser?
> > >
> > > --
> > > Carlos J. Esparza
> > > Cell Phone: 54 2804-308030
> > > chauch...@gmail.com
> > > chauch...@hotmail.com
> > > ___
> > > CentOS-es mailing list
> > > CentOS-es@centos.org
> > > https://lists.centos.org/mailman/listinfo/centos-es
> > >
> > ___
> > CentOS-es mailing list
> > CentOS-es@centos.org
> > https://lists.centos.org/mailman/listinfo/centos-es
> >
>
>
>
> --
> Carlos J. Esparza
> Cell Phone: 54 2804-308030
> chauch...@gmail.com
> chauch...@hotmail.com
>
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es
>
>
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS-build-reports] Build Done: qed 8.7.1.20-1.el7_2.x86_64 on c7.1511.u

[buildsys]

logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/build.log
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/kmod-qed-8.7.1.20-1.el7_2.x86_64.rpm
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/kmod-qed-firmware-8.7.1.20-1.el7_2.x86_64.rpm
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/mock.cfg
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/mock.exitcode
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/qed-8.7.1.20-1.el7_2.src.rpm
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/qed-debuginfo-8.7.1.20-1.el7_2.x86_64.rpm
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/root.log
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/state.log
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/stderr
logs/c7.1511.u/qed/20161019143226/8.7.1.20-1.el7_2.x86_64/stdout
___
CentOS-build-reports mailing list
CentOS-build-reports@centos.org
https://lists.centos.org/mailman/listinfo/centos-build-reports

[CentOS-build-reports] Build Done: qede 8.7.1.20-1.el7_2.x86_64 on c7.1511.u

[buildsys]

logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64
logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64/build.log
logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64/kmod-qede-8.7.1.20-1.el7_2.x86_64.rpm
logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64/mock.cfg
logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64/mock.exitcode
logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64/qede-8.7.1.20-1.el7_2.src.rpm
logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64/qede-debuginfo-8.7.1.20-1.el7_2.x86_64.rpm
logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64/root.log
logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64/state.log
logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64/stderr
logs/c7.1511.u/qede/20161019143238/8.7.1.20-1.el7_2.x86_64/stdout
___
CentOS-build-reports mailing list
CentOS-build-reports@centos.org
https://lists.centos.org/mailman/listinfo/centos-build-reports

[CentOS-build-reports] Build Fail: qed 8.7.1.20-1.el7_2.i386 on c7.1511.u

[buildsys]

ROOT log: -( last 500 lines )-\n\n
DEBUG util.py:399:   libxml2  i686 2.9.1-6.el7_2.3  
 c7.1511.u653 k
DEBUG util.py:399:   lua  i686 5.1.4-14.el7 
 c7.00.03 218 k
DEBUG util.py:399:   mpfr i686 3.1.1-4.el7  
 c7.00.03 199 k
DEBUG util.py:399:   ncurses  i686 5.9-13.20130511.el7  
 c7.00.03 301 k
DEBUG util.py:399:   ncurses-base noarch   5.9-13.20130511.el7  
 c7.00.03  67 k
DEBUG util.py:399:   ncurses-libs i686 5.9-13.20130511.el7  
 c7.00.03 315 k
DEBUG util.py:399:   nspr i686 4.11.0-1.el7_2   
 c7.1511.u126 k
DEBUG util.py:399:   nss  i686 3.21.0-9.el7_2   
 c7.1511.u847 k
DEBUG util.py:399:   nss-softokn  i686 3.16.2.3-14.2.el7_2  
 c7.1511.u305 k
DEBUG util.py:399:   nss-softokn-freebl   i686 3.16.2.3-14.2.el7_2  
 c7.1511.u186 k
DEBUG util.py:399:   nss-sysinit  i686 3.21.0-9.el7_2   
 c7.1511.u 53 k
DEBUG util.py:399:   nss-toolsi686 3.21.0-9.el7_2   
 c7.1511.u489 k
DEBUG util.py:399:   nss-util i686 3.21.0-2.2.el7_2 
 c7.1511.u 69 k
DEBUG util.py:399:   openldap i686 2.4.40-9.el7_2   
 c7.1511.u344 k
DEBUG util.py:399:   openssl-libs i686 1:1.0.1e-51.el7_2.7  
 c7.1511.u939 k
DEBUG util.py:399:   p11-kit  i686 0.20.7-3.el7 
 c7.01.00 103 k
DEBUG util.py:399:   p11-kit-trusti686 0.20.7-3.el7 
 c7.01.00 124 k
DEBUG util.py:399:   pam  i686 1.1.8-12.el7_1.1 
 c7.01.u  710 k
DEBUG util.py:399:   pcre i686 8.32-15.el7_2.1  
 c7.1511.u416 k
DEBUG util.py:399:   perl i686 4:5.16.3-286.el7 
 c7.1511.00   7.9 M
DEBUG util.py:399:   perl-Carpnoarch   1.26-244.el7 
 c7.00.03  18 k
DEBUG util.py:399:   perl-Encode  i686 2.51-7.el7   
 c7.00.02 1.1 M
DEBUG util.py:399:   perl-Exporternoarch   5.68-3.el7   
 c7.00.03  27 k
DEBUG util.py:399:   perl-File-Path   noarch   2.09-2.el7   
 c7.00.03  25 k
DEBUG util.py:399:   perl-File-Temp   noarch   0.23.01-3.el7
 c7.00.03  55 k
DEBUG util.py:399:   perl-Filter  i686 1.49-3.el7   
 c7.00.02  75 k
DEBUG util.py:399:   perl-Getopt-Long noarch   2.40-2.el7   
 c7.00.03  55 k
DEBUG util.py:399:   perl-HTTP-Tiny   noarch   0.033-3.el7  
 c7.00.03  37 k
DEBUG util.py:399:   perl-PathTools   i686 3.40-5.el7   
 c7.00.02  81 k
DEBUG util.py:399:   perl-Pod-Escapes noarch   1:1.04-286.el7   
 c7.1511.0049 k
DEBUG util.py:399:   perl-Pod-Perldoc noarch   3.20-4.el7   
 c7.00.03  86 k
DEBUG util.py:399:   perl-Pod-Simple  noarch   1:3.28-4.el7 
 c7.00.03 215 k
DEBUG util.py:399:   perl-Pod-Usage   noarch   1.63-3.el7   
 c7.00.03  26 k
DEBUG util.py:399:   perl-Scalar-List-Utils   i686 1.27-248.el7 
 c7.00.02  35 k
DEBUG util.py:399:   perl-Socket  i686 2.010-3.el7  
 c7.00.02  47 k
DEBUG util.py:399:   perl-Storablei686 2.45-3.el7   
 c7.00.02  76 k
DEBUG util.py:399:   perl-Text-ParseWords noarch   3.29-4.el7   
 c7.00.03  13 k
DEBUG util.py:399:   perl-Thread-Queuenoarch   3.02-2.el7   
 c7.00.03  16 k
DEBUG util.py:399:   perl-Time-HiRes  i686 4:1.9725-3.el7   
 c7.00.02  44 k
DEBUG util.py:399:   perl-Time-Local  noarch   1.2300-2.el7 
 c7.00.03  23 k
DEBUG util.py:399:   perl-constantnoarch   1.27-2.el7   
 c7.00.03  18 k
DEBUG util.py:399:   perl-libsi686 4:5.16.3-286.el7 
 c7.1511.00   679 k
DEBUG util.py:399:   perl-macros  i686 4:5.16.3-286.el7 
 c7.1511.0042 k
DEBUG util.py:399:   perl-parent  noarch   1:0.225-244.el7  
 c7.00.03  11 k
DEBUG util.py:399:   perl-podlators   noarch   2.5.1-3.el7  
 c7.00.03 111 k
DEBUG util.py:399:   perl-srpm-macros noarch   1-8.el7  
 c7.00.03 3.5 k
DEBUG util.py:399:   perl-threads i686 1.87-4.el7   
 c7.00.02  48 k
DEBUG util.py:399:   perl-threads-shared  i686 1.43-6.el7   
 c7.00.02  38 k
DEBUG util.py:399:   pinentry i686 0.8.1-14.el7 
 c7.00.02  

[CentOS-build-reports] Build Fail: qede 8.7.1.20-1.el7_2.i386 on c7.1511.u

[buildsys]

ROOT log: -( last 500 lines )-\n\n
DEBUG util.py:399:   libxml2  i686 2.9.1-6.el7_2.3  
 c7.1511.u653 k
DEBUG util.py:399:   lua  i686 5.1.4-14.el7 
 c7.00.03 218 k
DEBUG util.py:399:   mpfr i686 3.1.1-4.el7  
 c7.00.03 199 k
DEBUG util.py:399:   ncurses  i686 5.9-13.20130511.el7  
 c7.00.03 301 k
DEBUG util.py:399:   ncurses-base noarch   5.9-13.20130511.el7  
 c7.00.03  67 k
DEBUG util.py:399:   ncurses-libs i686 5.9-13.20130511.el7  
 c7.00.03 315 k
DEBUG util.py:399:   nspr i686 4.11.0-1.el7_2   
 c7.1511.u126 k
DEBUG util.py:399:   nss  i686 3.21.0-9.el7_2   
 c7.1511.u847 k
DEBUG util.py:399:   nss-softokn  i686 3.16.2.3-14.2.el7_2  
 c7.1511.u305 k
DEBUG util.py:399:   nss-softokn-freebl   i686 3.16.2.3-14.2.el7_2  
 c7.1511.u186 k
DEBUG util.py:399:   nss-sysinit  i686 3.21.0-9.el7_2   
 c7.1511.u 53 k
DEBUG util.py:399:   nss-toolsi686 3.21.0-9.el7_2   
 c7.1511.u489 k
DEBUG util.py:399:   nss-util i686 3.21.0-2.2.el7_2 
 c7.1511.u 69 k
DEBUG util.py:399:   openldap i686 2.4.40-9.el7_2   
 c7.1511.u344 k
DEBUG util.py:399:   openssl-libs i686 1:1.0.1e-51.el7_2.7  
 c7.1511.u939 k
DEBUG util.py:399:   p11-kit  i686 0.20.7-3.el7 
 c7.01.00 103 k
DEBUG util.py:399:   p11-kit-trusti686 0.20.7-3.el7 
 c7.01.00 124 k
DEBUG util.py:399:   pam  i686 1.1.8-12.el7_1.1 
 c7.01.u  710 k
DEBUG util.py:399:   pcre i686 8.32-15.el7_2.1  
 c7.1511.u416 k
DEBUG util.py:399:   perl i686 4:5.16.3-286.el7 
 c7.1511.00   7.9 M
DEBUG util.py:399:   perl-Carpnoarch   1.26-244.el7 
 c7.00.03  18 k
DEBUG util.py:399:   perl-Encode  i686 2.51-7.el7   
 c7.00.02 1.1 M
DEBUG util.py:399:   perl-Exporternoarch   5.68-3.el7   
 c7.00.03  27 k
DEBUG util.py:399:   perl-File-Path   noarch   2.09-2.el7   
 c7.00.03  25 k
DEBUG util.py:399:   perl-File-Temp   noarch   0.23.01-3.el7
 c7.00.03  55 k
DEBUG util.py:399:   perl-Filter  i686 1.49-3.el7   
 c7.00.02  75 k
DEBUG util.py:399:   perl-Getopt-Long noarch   2.40-2.el7   
 c7.00.03  55 k
DEBUG util.py:399:   perl-HTTP-Tiny   noarch   0.033-3.el7  
 c7.00.03  37 k
DEBUG util.py:399:   perl-PathTools   i686 3.40-5.el7   
 c7.00.02  81 k
DEBUG util.py:399:   perl-Pod-Escapes noarch   1:1.04-286.el7   
 c7.1511.0049 k
DEBUG util.py:399:   perl-Pod-Perldoc noarch   3.20-4.el7   
 c7.00.03  86 k
DEBUG util.py:399:   perl-Pod-Simple  noarch   1:3.28-4.el7 
 c7.00.03 215 k
DEBUG util.py:399:   perl-Pod-Usage   noarch   1.63-3.el7   
 c7.00.03  26 k
DEBUG util.py:399:   perl-Scalar-List-Utils   i686 1.27-248.el7 
 c7.00.02  35 k
DEBUG util.py:399:   perl-Socket  i686 2.010-3.el7  
 c7.00.02  47 k
DEBUG util.py:399:   perl-Storablei686 2.45-3.el7   
 c7.00.02  76 k
DEBUG util.py:399:   perl-Text-ParseWords noarch   3.29-4.el7   
 c7.00.03  13 k
DEBUG util.py:399:   perl-Thread-Queuenoarch   3.02-2.el7   
 c7.00.03  16 k
DEBUG util.py:399:   perl-Time-HiRes  i686 4:1.9725-3.el7   
 c7.00.02  44 k
DEBUG util.py:399:   perl-Time-Local  noarch   1.2300-2.el7 
 c7.00.03  23 k
DEBUG util.py:399:   perl-constantnoarch   1.27-2.el7   
 c7.00.03  18 k
DEBUG util.py:399:   perl-libsi686 4:5.16.3-286.el7 
 c7.1511.00   679 k
DEBUG util.py:399:   perl-macros  i686 4:5.16.3-286.el7 
 c7.1511.0042 k
DEBUG util.py:399:   perl-parent  noarch   1:0.225-244.el7  
 c7.00.03  11 k
DEBUG util.py:399:   perl-podlators   noarch   2.5.1-3.el7  
 c7.00.03 111 k
DEBUG util.py:399:   perl-srpm-macros noarch   1-8.el7  
 c7.00.03 3.5 k
DEBUG util.py:399:   perl-threads i686 1.87-4.el7   
 c7.00.02  48 k
DEBUG util.py:399:   perl-threads-shared  i686 1.43-6.el7   
 c7.00.02  38 k
DEBUG util.py:399:   pinentry i686 0.8.1-14.el7 
 c7.00.02  

Re: [CentOS-es] Problemas con Squid

[Carlos Esparza]

Hola, te mando captura de pantalla reciente. Te comento algo. Este problema
lo tengo después de algún corte de energía eléctrica o después de reiniciar
el servidor. Lo que hago ultimamente es reiniciarlo unas 15 veces
aproximadamente. Esto lo hago en dos o tres días como máximo. Luego se
normaliza. Busqué si alguna máquina estaba generando peticiones en demasía
y no encontré nada. Lamentablemente no manejo nada de CentOS o Linux. Sólo
una lista de comandos que me dejó el proveedor que instaló este servidor.


El 19 de octubre de 2016, 11:08, Pablo Flores Aravena 
escribió:

> El 99% de cpu, ram, DD
>
> Lo tienes con squidguard?
>
> Ocupas SARG? eliminalo, ocupa squidanalyzer mejor
> Cuanta de ram le tienes asignada, cuanto libre?
> Eue dice netstat -atunp
>
> Lienes munin para monitorizar el server?
> Los log dicen algo?
>
> Corre el comando
> df -iH
>
> En una de esas los inodos están llenos
>
>
> suerte
>
>
> *Pablo Flores AravenaIngeniero Informátic*o
> Sysadmin, Centro de Tecnología de la Información CTI-FAVET
> Facultad de Cs. Veterinarias y Pecuarias - Universidad de Chile
> Tel: +56 (02) 2978 56 31 - +56 (02) 2978 55 46
>
> El 18 de octubre de 2016, 13:02, Carlos Esparza 
> escribió:
>
> > Hola, estoy teniendo hace tiempo problemas con el squid. Lo tengo dentro
> de
> > un servidor proxy. El problema es el siguiente:
> > -Al reiniciar el servidor, por algún corte de energía, etc. El squid
> > comienza a ocupar el 99% del servidor. No puedo pararlo ni reiniciarlo.
> Lo
> > único que puedo hacer es reiniciar el servidor completamente.
> > Verifiqué que no haya virus en la red, ni que alguna máquina esté
> generando
> > peticiones de forma masiva.
> > ¿Qué se les ocurre que puede ser?
> >
> > --
> > Carlos J. Esparza
> > Cell Phone: 54 2804-308030
> > chauch...@gmail.com
> > chauch...@hotmail.com
> > ___
> > CentOS-es mailing list
> > CentOS-es@centos.org
> > https://lists.centos.org/mailman/listinfo/centos-es
> >
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es
>



-- 
Carlos J. Esparza
Cell Phone: 54 2804-308030
chauch...@gmail.com
chauch...@hotmail.com
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] Problemas con Squid

[Pablo Flores Aravena]

El 99% de cpu, ram, DD

Lo tienes con squidguard?

Ocupas SARG? eliminalo, ocupa squidanalyzer mejor
Cuanta de ram le tienes asignada, cuanto libre?
Eue dice netstat -atunp

Lienes munin para monitorizar el server?
Los log dicen algo?

Corre el comando
df -iH

En una de esas los inodos están llenos


suerte


*Pablo Flores AravenaIngeniero Informátic*o
Sysadmin, Centro de Tecnología de la Información CTI-FAVET
Facultad de Cs. Veterinarias y Pecuarias - Universidad de Chile
Tel: +56 (02) 2978 56 31 - +56 (02) 2978 55 46

El 18 de octubre de 2016, 13:02, Carlos Esparza 
escribió:

> Hola, estoy teniendo hace tiempo problemas con el squid. Lo tengo dentro de
> un servidor proxy. El problema es el siguiente:
> -Al reiniciar el servidor, por algún corte de energía, etc. El squid
> comienza a ocupar el 99% del servidor. No puedo pararlo ni reiniciarlo. Lo
> único que puedo hacer es reiniciar el servidor completamente.
> Verifiqué que no haya virus en la red, ni que alguna máquina esté generando
> peticiones de forma masiva.
> ¿Qué se les ocurre que puede ser?
>
> --
> Carlos J. Esparza
> Cell Phone: 54 2804-308030
> chauch...@gmail.com
> chauch...@hotmail.com
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es
>
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS-build-reports] Build Done: centos-packager 0.5.3-1.el7.centos.x86_64 on c7-extras

[buildsys]

logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.x86_64
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.x86_64/build.log
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.x86_64/centos-packager-0.5.3-1.el7.centos.noarch.rpm
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.x86_64/centos-packager-0.5.3-1.el7.centos.src.rpm
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.x86_64/mock.cfg
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.x86_64/mock.exitcode
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.x86_64/root.log
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.x86_64/state.log
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.x86_64/stderr
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.x86_64/stdout
___
CentOS-build-reports mailing list
CentOS-build-reports@centos.org
https://lists.centos.org/mailman/listinfo/centos-build-reports

[CentOS-build-reports] Build Done: centos-packager 0.5.3-1.el7.centos.i386 on c7-extras

[buildsys]

logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.i386
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.i386/build.log
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.i386/centos-packager-0.5.3-1.el7.centos.noarch.rpm
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.i386/centos-packager-0.5.3-1.el7.centos.src.rpm
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.i386/mock.cfg
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.i386/mock.exitcode
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.i386/root.log
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.i386/state.log
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.i386/stderr
logs/c7-extras/centos-packager/20161019140706/0.5.3-1.el7.centos.i386/stdout
___
CentOS-build-reports mailing list
CentOS-build-reports@centos.org
https://lists.centos.org/mailman/listinfo/centos-build-reports

[CentOS-es] Problemas con Squid

[Carlos Esparza]

Hola, estoy teniendo hace tiempo problemas con el squid. Lo tengo dentro de
un servidor proxy. El problema es el siguiente:
-Al reiniciar el servidor, por algún corte de energía, etc. El squid
comienza a ocupar el 99% del servidor. No puedo pararlo ni reiniciarlo. Lo
único que puedo hacer es reiniciar el servidor completamente.
Verifiqué que no haya virus en la red, ni que alguna máquina esté generando
peticiones de forma masiva.
¿Qué se les ocurre que puede ser?

-- 
Carlos J. Esparza
Cell Phone: 54 2804-308030
chauch...@gmail.com
chauch...@hotmail.com
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] Corte en la red Centos 6 - x64

[Carlos Javier Esparza]

Hola Gente. Cómo puedo hacer para ingresar una consulta? Estoy teniendo 
problemas con el squid.


Enviado desde mi smartphone BlackBerry 10.
  Mensaje original  
De: Ramón Macías Zamora
Enviado: martes, 18 de octubre de 2016 11:53
Para: centos-es@centos.org
Responder a: centos-es@centos.org
Asunto: Re: [CentOS-es] Corte en la red Centos 6 - x64

Te sugiero instales arpwatch, este aplicativo te indica las MAC e IP de tu
lan y adicionalmente, problemas de IP con MAC distintas, típica cuando un
usuario te cambia las IP

Saludos

RMZ

--



Ramón Macías Zamora
Tecnología, Investigación y Desarrollo
www.rks.ec - www.raykasolutions.com
Guayaquil - Ecuador
msn: ramon_mac...@hotmail.com
skype: ramon_macias
UserLinux# 180926 (http://counter.li.org)
Cel: 593-8-0192238
Tel: 593 4 6044566




WEB SITES, HOSTINGS, DOMINIOS, MANTENIMIENTO DE EQUIPOS, REDES, SERVIDORES
LINUX, SOPORTE.

2016-10-18 5:04 GMT-05:00 Miguel González :

> > He probado pinear la misma IP en la red a ver si había alguien
> > conectado, y salvo que tenga la respuesta deshabilitada, no había nadie
> > con la misma IP.
>
> La mayoría de la gente filtra el tráfico ICMP...
> >
> > Probé algo elemental, cambiarle la IP al servidor... SANTO REMEDIO. Si
> > me pregunta qué es o cuál es el problema que hubo, no lo sé. Lo que sí
> > infiero es que evidentemente algo por fuera del servidor me estaba
> > perjudicando enormemente.
>
> Pues va a ser que alguien tenía la misma IP que tu en la LAN.
>
> Saludos
>
> Miguel
>
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es
>
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS] Bacula Restore

[Alessandro Baggi]

Il 19/10/2016 13:52, mark ha scritto:

Hi, there,

On 10/19/16 07:20, Alessandro Baggi wrote:

Hi list,
another question about bacula, but this time about restoring backups.

I've a server that I must backup every day. My plan is:

from mon to sat incrimental backup
and on sunday full backup.

When I will perform a restore I  must restore from last valid full
backup and
then all valid incremental backup from last backup to specific date.


One issue - how long does a full backup take? We've moved our full b/u
from the default to Fri? Sat? Not at work at the moment, but that way if
it takes six or twelve hours, no big deal.

mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



Hi Mark,
full backup at the moment (with low data) takes about ~ 10min.

Before production stage, I've tested with 180 GB (the maximum size for 
data due to disk limit) and takes ~ 2 hours.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] glxinfo problem

[Jonathan Billings]

On Tue, Oct 18, 2016 at 10:24:52PM +0200, Mahmoud A. A. Ibrahim wrote:
> The weird thing is that when we use another desktop computer running the
> same cygwin version and accessing with the same username, glxinfo works
> fine.
> Indeed, echo $DISPLAY on my desktop computer gives us localhost:10.0 ,
> while it gives localhost:13.0 on the another desktop.
> If I set DISPLAY on my desktop to localhost:13.0, it doesn't work
> One more point, if we run glxinfo on the another desktop using my account
> and logging at the same time from my desktop with the same username and
> setting DISPLAY to 13:0, glxinfo works on my desktop.

You're running an X server on the desktop computer, and then using
cygwin's SSH client to forward X11 when you connect to the remote
host.  This is how $DISPLAY is being defined.  Also, your X11 server
will need to support GLX for the remote X11 applications to be able to
support it.

I suggest looking at your desktop computers and figure out why one of
them doesn't support GLX.  Try to take the SSH connection out of the
loop, since that's most likely unrelated.

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bacula Restore

[mark]

Hi, there,

On 10/19/16 07:20, Alessandro Baggi wrote:

Hi list,
another question about bacula, but this time about restoring backups.

I've a server that I must backup every day. My plan is:

from mon to sat incrimental backup
and on sunday full backup.

When I will perform a restore I  must restore from last valid full backup and
then all valid incremental backup from last backup to specific date.


One issue - how long does a full backup take? We've moved our full b/u from 
the default to Fri? Sat? Not at work at the moment, but that way if it takes 
six or twelve hours, no big deal.


mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Bacula Restore

[Alessandro Baggi]

Hi list,
another question about bacula, but this time about restoring backups.

I've a server that I must backup every day. My plan is:

from mon to sat incrimental backup
and on sunday full backup.

When I will perform a restore I  must restore from last valid full 
backup and then all valid incremental backup from last backup to 
specific date.


This server has aweb managed application where user can update data or 
delete data.


Suppose that after a full backup, on monday the user upload a file and 
incrimental backup is performed. On tuesday the user remove the uploaded 
file and backup is performed.


Suppose that I want perform a restore of these jobs. I restore full, 
mon-incr and I found on restore path file uploaded on monday. When 
restoring tuesday incr (where the uploaded file was not present), on 
restore path I will found the uploaded file or bacula remove it with 
tuesday incremental backup restore?


Sorry but today I can't try this due to time issue.

Thanks in advance.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH Weak Ciphers

[Leon Fauster]

Am 19.10.2016 um 00:58 schrieb Gordon Messmer :
> On 10/18/2016 03:28 PM, Clint Dilks wrote:
>> So first
>> question is are people generally modifying the list of ciphers supported by
>> the ssh client and sshd?
> 
> I suspect that "generally" people are not.  I do, because I can, and so that 
> I can offer at least some advice to people who aim to do so.
> 
>> On CentOS 6 currently it looks like if I remove all the ciphers they are
>> concerned about then I am left with Ciphers
>> aes128-ctr,aes192-ctr,aes256-ctr for both /etc/ssh/sshd_config and
>> /etc/ssh/ssh_config.
> 
> If you're going to go down this road, you should probably look at key 
> exchanges and HMACs as well.  On CentOS 7, I use:
> 
> KexAlgorithms 
> curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
> Ciphers 
> chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> MACs 
> hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-...@openssh.com
> 
> On CentOS 6, I believe you'd have to drop all of the @openssh.com items.


Is there any command to find the supported list of KeyAlgos, MACs and Ciphers 
for 
the particular system (e.g. EL{5,6,7})? Similar to  $ openssl ciphers -v ...



>> Is just using these three ciphers like to cause me
>> any problems?  Could having so few ciphers be creating a security concern
>> itself?
> 
> I don't think it'd be a security concern, just compatibility issues.  So far, 
> I've had minimal problems with restricted algorithms.  I do have to make an 
> exception for a slightly old WD MyBook World edition.

--
LF


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos