Re: [CentOS] Firefox Issue

[Jonathan Billings]

On Thu, Jan 05, 2017 at 10:23:18PM +, Always Learning wrote:
> [...] The
> only method of preventing it compromising a site is to test the
> acceptable maximum length of the parameter (in this example '12345') and
> if exceeded block the IP address in iptables.

I'm honestly interested in what you mean by this.  

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[John R Pierce]

On 1/5/2017 2:23 PM, Always Learning wrote:

SQL injection attempts, made by suffixing usually very long strings of
SQL coding to valid parameters such as domain.com/info.php?=12345,
has been popular with the Russians for at least the last few years.


SQL Injection is a server side issue, not a browser issue.


The only method of preventing it compromising a site is to test the
acceptable maximum length of the parameter (in this example '12345') and
if exceeded block the IP address in iptables.


no, the proper method of preventing it is not checking the length of the 
parameter, rather, its ensuring you don't construct SQL queries out of 
arbitrary URL input without proper parameter substitution techniques 
such as passing parameters by value rather than string substitution, or 
using the appropriate string escaping techniques for your database API..



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CDB tables in Centos7 Postfix ?

[John R. Dennison]

On Thu, Jan 05, 2017 at 04:25:16PM +, Tim Smith wrote:
> Hi,
> 
> It seems the default binaries don't have CDB tables compiled into them ?
> 
> Now, I know Centos isn't Ubuntu, but on Ubuntu there is an optional
> package in the main distribution "postfix-cdb - CDB map support for
> Postfix".   I can't find anything similar using "yum search", so I'm
> guessing that's not an option.
> 
> Unless anyone else here corrects me otherwise, I'm guessing it's back
> to 'old-school' compile and install myself ?

You failed to mention the release in question.  However you can try the
postfix packages in the centosplus repo which I believe have support for
additional map types.






John
>-- 
 When a man tells you that he got rich through hard work, ask him: "Whose?"

-- Don Marquis (1878-1937), American humorist, journalist, and author


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Always Learning]

On Wed, 2017-01-04 at 21:33 +, Chris Olson wrote:

> .. A Firefox browser on one system .
> Instead, a site located at the link https://gaibacoupontec.com
> was displayed with a message indicating that there was an urgent
> Firefox update required.

Firefox, like other web browsers, usually displays text in HTML mode.
Seeing a "link" for https://gaibacoupontec.com does not guarantee the
hidden 'A HREF' code is actually for that site.

> Is it possible that a new Firefox flaw has been detected and is
> being exploited for malicious purposes? 

Yes. Alertness and improving security are continuous tasks.

SQL injection attempts, made by suffixing usually very long strings of
SQL coding to valid parameters such as domain.com/info.php?=12345,
has been popular with the Russians for at least the last few years. The
only method of preventing it compromising a site is to test the
acceptable maximum length of the parameter (in this example '12345') and
if exceeded block the IP address in iptables.

Cyber attacks are gradually replacing armed conflicts. 



-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OpenSCAP failures to to OS version?

[Noam Bernstein]

Hi - I’m running the OpenSCAP STIG profile on a new CentOS 7.1611 installation, 
and I get a few failures that look like this (output from openscap scan 
—verbosity INFO).  I suspect this is because the openscap module is not 
accepting CentOS 7 as RHEL 7 for rules purposes, despite an early check for 
"Community Enterprise Operating System 7” which succeeds.  

1. Am I correct in why it’s failing?
2. Is this a bug, or an accepted behavior given that CentOS isn’t actually RHEL?

Noam


I: oscap: Evaluating XCCDF rule 'accounts_password_pam_retry'.
I: oscap: Evaluating definition 'oval:org.open-scap.cpe.rhel:def:7': Red Hat 
Enterprise Linux 7.
I: oscap: Definition 'oval:org.open-scap.cpe.rhel:def:7' evaluated as false.
I: oscap: Evaluating definition 'oval:org.open-scap.cpe.rhel:def:1007': 
Community Enterprise Operating System 7.
I: oscap: Definition 'oval:org.open-scap.cpe.rhel:def:1007' evaluated as true.
I: oscap: Adding external variable oval:ssg-var_password_pam_retry:var:1.
I: oscap: Evaluating definition 'oval:ssg-accounts_password_pam_retry:def:1': 
Set Password retry Requirements.
I: oscap:   Criteria are extended by definition 
'oval:ssg-installed_OS_is_rhel6:def:1'.
I: oscap:   Evaluating definition 'oval:ssg-installed_OS_is_rhel6:def:1': Red 
Hat Enterprise Linux 6.
I: oscap:   Definition 'oval:ssg-installed_OS_is_rhel6:def:1' evaluated as 
false.
I: oscap:   Evaluating textfilecontent54 test 
'oval:ssg-test_password_pam_cracklib_retry:tst:1': check the configuration of 
/etc/pam.d/system-auth.
I: oscap: Querying textfilecontent54 object 
'oval:ssg-obj_password_pam_cracklib_retry:obj:1', flags: 0.
I: oscap: Creating new syschar for textfilecontent54_object 
'oval:ssg-obj_password_pam_cracklib_retry:obj:1'.
I: probe_textfilecontent54: Opening file '/etc/pam.d/system-auth'.
I: oscap: State 'oval:ssg-state_password_pam_retry:ste:1' references 
external_variable 'oval:ssg-var_password_pam_retry:var:1'.
I: oscap: Test 'oval:ssg-test_password_pam_cracklib_retry:tst:1' requires 
that at least one object defined by 
'oval:ssg-obj_password_pam_cracklib_retry:obj:1' exists on the system.
I: oscap: 0 objects defined by 
'oval:ssg-obj_password_pam_cracklib_retry:obj:1' exist on the system.
I: oscap: No item matching object 
'oval:ssg-obj_password_pam_cracklib_retry:obj:1' was found on the system. 
(flag=does not exist)
I: oscap:   Test 'oval:ssg-test_password_pam_cracklib_retry:tst:1' evaluated as 
false.
I: oscap:   Criteria are extended by definition 
'oval:ssg-installed_OS_is_rhel7:def:1'.
I: oscap:   Evaluating definition 'oval:ssg-installed_OS_is_rhel7:def:1': Red 
Hat Enterprise Linux 7.
I: oscap:   Definition 'oval:ssg-installed_OS_is_rhel7:def:1' evaluated as 
false.
I: oscap:   Evaluating textfilecontent54 test 
'oval:ssg-test_password_pam_pwquality_retry:tst:1': check the configuration of 
/etc/pam.d/system-auth.
I: oscap: Querying textfilecontent54 object 
'oval:ssg-obj_password_pam_pwquality_retry:obj:1', flags: 0.
I: oscap: Creating new syschar for textfilecontent54_object 
'oval:ssg-obj_password_pam_pwquality_retry:obj:1'.
I: probe_textfilecontent54: Opening file '/etc/pam.d/system-auth'.
I: oscap: State 'oval:ssg-state_password_pam_retry:ste:1' references 
external_variable 'oval:ssg-var_password_pam_retry:var:1'.
I: oscap: Test 'oval:ssg-test_password_pam_pwquality_retry:tst:1' requires 
that at least one object defined by 
'oval:ssg-obj_password_pam_pwquality_retry:obj:1' exists on the system.
I: oscap: 1 objects defined by 
'oval:ssg-obj_password_pam_pwquality_retry:obj:1' exist on the system.
I: oscap: All items matching object 
'oval:ssg-obj_password_pam_pwquality_retry:obj:1' were collected. 
(flag=complete)
I: oscap: In test 'oval:ssg-test_password_pam_pwquality_retry:tst:1' all of 
the collected items must satisfy these states: 
'oval:ssg-state_password_pam_retry:ste:1'.
I: oscap: Entity 'subexpression'='3' of item '106534257' matches 
corresponding entity in state 'oval:ssg-state_password_pam_retry:ste:1'.
I: oscap: Item '106534257' compared to state 
'oval:ssg-state_password_pam_retry:ste:1' with result true.
I: oscap:   Test 'oval:ssg-test_password_pam_pwquality_retry:tst:1' evaluated 
as true.
I: oscap:   Criteria are extended by definition 
'oval:ssg-installed_OS_is_fedora:def:1'.
I: oscap:   Evaluating definition 'oval:ssg-installed_OS_is_fedora:def:1': 
Installed operating system is Fedora.
I: oscap:   Definition 'oval:ssg-installed_OS_is_fedora:def:1' evaluated as 
false.
I: oscap:   Evaluating textfilecontent54 test 
'oval:ssg-test_password_pam_pwquality_retry:tst:1': check the configuration of 
/etc/pam.d/system-auth.
I: oscap:   Test 'oval:ssg-test_password_pam_pwquality_retry:tst:1' evaluated 
as true.
I: oscap: Definition 'oval:ssg-accounts_password_pam_retry:def:1' evaluated as 
false.

___
CentOS mailing list
C

Re: [CentOS] Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK

[lakhera2017]

Hi Steven

Please find my answer inline

On Wed, Jan 4, 2017 at 5:48 PM, Steven Tardy-2 [via CentOS] <
ml-node+s1050465n574647...@n5.nabble.com> wrote:

>
> > On Jan 3, 2017, at 2:59 PM, lakhera2017 <[hidden email]
> > wrote:
> >
> > |- 1:0:0:15 sdq  65:0   failed ready running
> >  - 3:0:0:15 sdai 66:32  failed ready running
>
> Does the same SAN target fail each time?
>
>> Nope ever time its different target

> What brand/model/firmware SAN switch is between initiator and target?
>
>> Cisco MDS 9710
NX-OS Version 6.2.15
8 Gb SFP end to end connectivity

VMAX3
Enginuity Build Version : 5977.813.785


> Does the HBA show any SCSI aborts?
>
>> Reply from EMC



*ENG can see the ab3e/cc3e error logs on a write of 0x180 blocks that spans
tracks from head B to head C.*

*First 0x100 blocks transferred okay.*
*But when we send receiver ready for remaining 80 blocks the hosts sends an
abts so we need to find out why the host is aborting the write.*



> ___
> CentOS mailing list
> [hidden email] 
> https://lists.centos.org/mailman/listinfo/centos
>
>
> --
> If you reply to this email, your message will be added to the discussion
> below:
> http://centos.1050465.n5.nabble.com/Result-hostbyte-
> DID-ERROR-driverbyte-DRIVER-OK-tp5746449p5746476.html
> To unsubscribe from Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK, click
> here
> 
> .
> NAML
> 
>




--
View this message in context: 
http://centos.1050465.n5.nabble.com/Result-hostbyte-DID-ERROR-driverbyte-DRIVER-OK-tp5746449p5746490.html
Sent from the CentOS mailing list archive at Nabble.com.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Andrew Holway]

Maybe is was an ad redirect. I get this a lot on my phone where people are
putting malicious js in ads that redirects me to advertisements for rock
hard erections whilst I'm reading articles. Its very noisome!

On 4 January 2017 at 22:33, Chris Olson  wrote:

> Everyone is back at work and starting to use computers on our
> smallest network which has Internet access through a rather old
> Linksys router.  Two systems were left on and screen-locked over
> the extra long weekend.  There does not appear to have been any
> Internet access interruption in our absence.
>
> A Firefox browser on one system was left pointing to a commonly
> used web site: https://www.yahoo.com/.  This Yahoo web page was
> not displayed when the user unlocked the screen and brought up
> the browser from the task bar.
>
> Instead, a site located at the link https://gaibacoupontec.com
> was displayed with a message indicating that there was an urgent
> Firefox update required.  There was a button to download and to
> install the update.  I killed the Firefox browser rather than
> getting rid of it with the X in the upper right hand corner.
>
> This event has the aroma of an unwanted cyber intrusion, which
> is why I killed the browser.  I have also copied and stored the
> full URL displayed in the browser, but have only included the
> first part "https://gaibacoupontec.com"; here so as not to tempt
> anyone to risk access.
>
> Is it possible that a new Firefox flaw has been detected and is
> being exploited for malicious purposes?
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange (?) device.map in CentOS 7 VM installations

[Tony Schreiner]

Also seeing duplicates on a CentOS 7 kvm vm

# this device map was generated by anaconda
(hd0)  /dev/vda
(hd1)  /dev/vda

On Thu, Jan 5, 2017 at 12:32 PM, Mike - st257 
wrote:

> On Thu, Jan 5, 2017 at 4:04 AM, Nikolaos Milas  wrote:
>
> > On 4/1/2017 7:37 μμ, Gordon Messmer wrote:
> >
> > I don't see that on VMs that I manage.  Some of the physical machines
> that
> >> I manage do have duplicates in the device.map.
> >>
> >
> > Thank you Gordon for your feedback!
> >
> > Can others please report the content of /boot/grub2/device.map on their
> > CentOS 7 (physical or virtual) installations?
> >
>
> On my CentOS7 installs I find dups too.
>
> Physical
> # this device map was generated by anaconda
> (hd0)  /dev/sda
> (hd1)  /dev/sda
>
> Virtual (KVM VM)
> # this device map was generated by anaconda
> (hd0)  /dev/vda
> (hd1)  /dev/vda
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange (?) device.map in CentOS 7 VM installations

[Mike - st257]

On Thu, Jan 5, 2017 at 4:04 AM, Nikolaos Milas  wrote:

> On 4/1/2017 7:37 μμ, Gordon Messmer wrote:
>
> I don't see that on VMs that I manage.  Some of the physical machines that
>> I manage do have duplicates in the device.map.
>>
>
> Thank you Gordon for your feedback!
>
> Can others please report the content of /boot/grub2/device.map on their
> CentOS 7 (physical or virtual) installations?
>

On my CentOS7 installs I find dups too.

Physical
# this device map was generated by anaconda
(hd0)  /dev/sda
(hd1)  /dev/sda

Virtual (KVM VM)
# this device map was generated by anaconda
(hd0)  /dev/vda
(hd1)  /dev/vda

-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CDB tables in Centos7 Postfix ?

[Tim Smith]

Hi,

It seems the default binaries don't have CDB tables compiled into them ?

Now, I know Centos isn't Ubuntu, but on Ubuntu there is an optional
package in the main distribution "postfix-cdb - CDB map support for
Postfix".   I can't find anything similar using "yum search", so I'm
guessing that's not an option.

Unless anyone else here corrects me otherwise, I'm guessing it's back
to 'old-school' compile and install myself ?

Thanks !

Tim
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] puppetmaster after updating to 7.3

[Fred Wittekind]

https://bugzilla.redhat.com/show_bug.cgi?id=1376893


On 1/3/2017 2:05 PM, Fred Wittekind wrote:
Any one else having issues starting the puppetmaster service after 
updating to 7.3?


Looks like a SELinux issue, I couldn't find an existing bug report, 
but, seems like I shouldn't be the first one to trip on this issue.


# grep puppet audit.log | audit2allow

#= puppetmaster_t ==
allow puppetmaster_t puppetagent_exec_t:file { execute 
execute_no_trans getattr ioctl open read };


selinux-policy-3.13.1-102.el7_3.7.noarch
selinux-policy-targeted-3.13.1-102.el7_3.7.noarch
puppet-server-3.6.2-3.el7.noarch (from EPEL)
puppet-3.6.2-3.el7.noarch (from EPEL)



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 143, Issue 3

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. Release for CentOS 7.3.1611 on ARM64/AArch64 (Jim Perrin)


--

Message: 1
Date: Wed, 4 Jan 2017 11:45:51 -0600
From: Jim Perrin 
To: centos-annou...@centos.org, Conversations around CentOS on ARM
hardware 
Subject: [CentOS-announce] Release for CentOS 7.3.1611 on
ARM64/AArch64
Message-ID: 
Content-Type: text/plain; charset=utf-8

I am pleased to announce the general availability of CentOS Linux 7
(1611) for AArch64/ARM64 machines.


== Changes
The kernel has been rebased from 4.2.0 to 4.5.0, and includes several
patches recently merged into the upstream. The kernel patches and
modifications can be found at
https://git.centos.org/summary/sig-altarch!kernel.git in the
sig-altarch7-aarch64 branch.



== Download
You can download new images and isos via
http://mirror.centos.org/altarch/7/isos/aarch64/

Images and sha256sums:
1513f5325accfd32ac7973a9b24e401c829ece24da78e24d021e507e877f930e
CentOS-7-aarch64-Everything.iso
f7ae6bae6c2cc177134d7f8f3808e0f457537c4cd48a119620f50d18ff7bb908
CentOS-7-aarch64.img.xz
48776338f8c8994a9499f07e3af847253cf7235c6aac635a8418a2028ec675cf
CentOS-7-aarch64-NetInstall.iso
f7ae6bae6c2cc177134d7f8f3808e0f457537c4cd48a119620f50d18ff7bb908
CentOS-7-aarch64-rolling.img.xz
238b1ebf22a0ff894064e6ed2ac35ee02a6503657a40ad51f2eee7afc8229e75
CentOS-7-aarch64-rootfs-7.3.1611.tar.xz


== Known Issues
1. Mustang based boards must be on the most recent firmware version,
otherwise the network may lose connectivity when using 4.5.0-19+ based
kernels. Please ensure your hardware is running the most recent firmware
available to avoid network issues.

2. Merlin based boards should be on the most recent firmware version, in
order to take full advantage of recent kernel improvements.

3. Some ThunderX based boards have been reported to have MAC address
inconsistency when using older firmware versions. Please make sure you
have the most recent firmware applied to your hardware to avoid network
issues.


-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77


--

Subject: Digest Footer

___
CentOS-announce mailing list
centos-annou...@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce


--

End of CentOS-announce Digest, Vol 143, Issue 3
***
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange (?) device.map in CentOS 7 VM installations

[Nikolaos Milas]

On 4/1/2017 7:37 μμ, Gordon Messmer wrote:

I don't see that on VMs that I manage.  Some of the physical machines 
that I manage do have duplicates in the device.map. 


Thank you Gordon for your feedback!

Can others please report the content of /boot/grub2/device.map on their 
CentOS 7 (physical or virtual) installations?


And can any tech geek please explain when why do we have these 
duplicates and if they are intentional or not?


Thanks,
Nick
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos