Re: [CentOS] Problems with my simple write conf files method

[Ian Mortimer]

On Tue, 2017-02-21 at 10:50 -0500, Robert Moskowitz wrote:

> cat   $CONF['database_type'] = 'mysqli';
> $CONF['database_user'] = 'postfix';
> $CONF['database_password'] = 'xyz';
> $CONF['database_name'] = 'postfix';
> 
> $CONF['configured'] = true;
> ?>
> EOF

KMs method of escaping every $ in the here document works but a simpler
method is to escape the EOF.  That tells the shell not to do variable
expansion in the document:

   cat <<\EOF>/usr/share/postfixadmin/config.local.php || exit 1


-- 
Ian
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] usermod under CentOS

[Fred Smith]

On Tue, Feb 21, 2017 at 01:48:50PM -0500, m.r...@5-cent.us wrote:
> Beartooth wrote:
> >
> > My wife's PC, running CentOS 6, suddenly quit connecting to the
> > Net. Autodidact that I am, I fumbled with all the hard- and software I
> > could find or dared try, but did no good.
> 
> Should we assume that you have another computer running, and that it's not
> having network issues? What did dmesg say, or is this all water under the
> bridge?
> 
> > They called to ask whether I wanted to specify a username &
> > password, or just use their default dummies. I chose the dummies -- and
> > realized in the night that I've never changed a username before.
> 
> Try this: do a useradd for her, and perhaps for you. Then, as root, move
> the files to her home directory, and then chown -R herusername:hergroup
> ~herhome/*
> >
> *THEN* userdel the dummy accounts.
> 
> That way, just in case they installed something you don't want (incl.
> malware), will be disabled. Then you can poke around in the dummy home,
> etc, and when you don't find anything you want, *then* rm -rf ~dummy
> 

I'm not aware of any hard requirement that one's home directory
have the same name as the username.

therefore, I think you could create a new user for her, and in 
/etc/passwd enter the existing home folder as her home.

you might want to make sure you disable the old login.

Fred
-- 
---
Under no circumstances will I ever purchase anything offered to me as
the result of an unsolicited e-mail message. Nor will I forward chain
letters, petitions, mass mailings, or virus warnings to large numbers
of others. This is my contribution to the survival of the online
community.
 --Roger Ebert, December, 1996
- The Boulder Pledge -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] NIC Stability Problems Under Xen 4.4 / CentOS 6 / Linux 3.18

[Kevin Stange]

On 02/21/2017 11:50 AM, Johnny Hughes wrote:
> On 02/21/2017 11:47 AM, Johnny Hughes wrote:
>>
>>
>> Kevin,
>>
>> Please try the 4.9.11-22 kernel that I just released for CentOS-6 (along
>> with the newer linux-firmare packages and xfsprogs).
>>
>> If you enable the xen-testing repository in your CentOS-Xen.repo file
>> (assuming it is pointing to xen-44 and not xen-46) then a 'yum upgrade'
>> should replace all the needed packages.
>>
>> The actual path is here for the packages:
>>
>> https://buildlogs.centos.org/centos/6/virt/x86_64/xen-44/
>>
>> Hopefully this helps.
>>
> 
> 
> I should have said .. 'just releaed for testing' :)
> 
> I have been using this for 4 or 5 days with no issues in production, but
> it needs testing before final release :)

Currently I've moved most of my servers onto the 4.4 kernel from xen
made easy and they've been stable.  I have some indications of an issue
with one of my 3.18 servers right now which required it to be rebooted,
so I'm going to bring the 4.9 kernel up on that server to see how it
does.  It may take a few weeks or more to draw any conclusions.

-- 
Kevin Stange
Chief Technology Officer
Steadfast | Managed Infrastructure, Datacenter and Cloud Services
800 S Wells, Suite 190 | Chicago, IL 60607
312.602.2689 X203 | Fax: 312.602.2688
ke...@steadfast.net | www.steadfast.net
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Centos7: Intel nuc/Linksys usb-ethernet

[Patrick Laimbock]

Hi,

Suggestions inline.

On 21-02-17 21:03, johan.vermeul...@telenet.be wrote:
[snip]


Next I cannot launch the network:

[root@clgmol ~]# systemctl status network
● network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled)


Your network.service is still disabled so try enabling it:

# systemctl stop NetworkManager.service
# systemctl disable NetworkManager.service
# systemctl enable network.service
# systemctl start network.service
# systemctl status network.service

If the network.service fails, see below, review, fix and try again.


Active: failed (Result: exit-code) since di 2017-02-21 20:57:56 CET; 15s ago
Docs: man:systemd-sysv-generator(8)
Process: 2638 ExecStart=/etc/rc.d/init.d/network start (code=exited, 
status=1/FAILURE)
CGroup: /system.slice/network.service
└─1076 /sbin/dhclient -H clgmol -1 -q -lf 
/var/lib/dhclient/dhclient-13b56b89-7b1d-42fa-aeb7-af96a38102ce-enp3s0.lease 
-pf /var/run/dhclient-enp3s0.pid en...

feb 21 20:57:56 clgmol.router network[2638]: RTNETLINK answers: File exists

[snip]

IIRC make dhclient release the current lease and stop the running DHCP 
client, then remove any lingering leases files:


# dhclient -r
# rm -v -i /var/lib/dhclient/dhclient*.lease*

Also remove any /etc/sysconfig/network-scripts/ifcfg-* files created by 
NetworkManager that might interfere with your ifcfg-enp0s20u3c2 and the 
network.service. Then try to start the network.service again.


HTH,
Patrick
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos7: Intel nuc/Linksys usb-ethernet

[johan . vermeulen7]

Hello All, 

I'm installing some DIY routers, composed of Intel nuc's ,Linksys usb-ethernet 
adapters and Centos7 

On most machines I just plug in the usb device, install Centos7 and everything 
works. 
But on this one machine the network interface doesn't work. 

After installing ip addr shows: 

[root@clgmol ~]# ip addr 
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
inet 127.0.0.1/8 scope host lo 
valid_lft forever preferred_lft forever 
inet6 ::1/128 scope host 
valid_lft forever preferred_lft forever 
2: enp3s0:  mtu 1500 qdisc pfifo_fast state UP 
qlen 1000 
link/ether f4:4d:30:64:21:bb brd ff:ff:ff:ff:ff:ff 
inet 192.168.80.189/25 brd 192.168.80.255 scope global dynamic enp3s0 
valid_lft 431sec preferred_lft 431sec 
inet6 fe80::f64d:30ff:fe64:21bb/64 scope link 
valid_lft forever preferred_lft forever 
3: wlp2s0:  mtu 1500 qdisc noop state DOWN qlen 1000 
link/ether b8:81:98:9f:8f:1c brd ff:ff:ff:ff:ff:ff 
4: enp0s20u3c2:  mtu 1500 qdisc noop state DOWN qlen 1000 
link/ether 14:91:82:3b:7b:b9 brd ff:ff:ff:ff:ff:ff 

[root@clgmol ~]# dmesg | tail -n15 
[ 10.582462] Bluetooth: hci0: Intel device is already patched. patch num: 25 
[ 10.770781] usb 2-3: new SuperSpeed USB device number 3 using xhci_hcd 
[ 10.782704] usb 2-3: New USB device found, idVendor=13b1, idProduct=0041 
[ 10.782728] usb 2-3: New USB device strings: Mfr=1, Product=2, SerialNumber=6 
[ 10.782745] usb 2-3: Product: Linksys USB3GIGV1 
[ 10.782759] usb 2-3: Manufacturer: Linksys 
[ 10.782772] usb 2-3: SerialNumber: 0100 
[ 10.787858] cdc_ether 2-3:2.0 eth0: register 'cdc_ether' at 
usb-:00:14.0-3, CDC Ethernet Device, 14:91:82:3b:7b:b9 
[ 14.140292] nf_conntrack version 0.5.0 (16384 buckets, 65536 max) 
[ 14.175958] Netfilter messages via NETLINK v0.30. 
[ 14.178428] ctnetlink v0.93: registering with nfnetlink. 
[ 14.350689] ipt_ULOG: ULOG: fail to register logger. 
[ 15.192593] ipt_ULOG: ULOG: fail to register logger. 

I create /etc/sysconfig/network-scripts/ifcfg-enp0s20u3c2 using the hardware 
address from ip addr en uuid created with uuidgen but I don't understand why 
it's not created on install: 

TYPE=Ethernet 
BOOTPROTO=static 
DEFROUTE=yes 
IPV4_FAILURE_FATAL=no 
IPV6INIT=no 
IPV6_AUTOCONF=yes 
IPV6_DEFROUTE=yes 
IPV6_PEERDNS=yes 
IPV6_PEERROUTES=yes 
IPV6_FAILURE_FATAL=no 
IPV6_ADDR_GEN_MODE=stable-privacy 
NAME=enp0s20u3c2 
UUID=a728528c-0be7-49bc-9478-05743a285a7d 
DEVICE=enp0s20u3c2 
ONBOOT=yes 
PEERDNS=yes 
PEERROUTES=yes 
NM_CONTROLLED=no 
HWADDR=14:91:82:3b:7b:b9 
IPADDR=192.168.70.1 
NETMASK=255.255.255.0 

Next I cannot launch the network: 

[root@clgmol ~]# systemctl status network 
● network.service - LSB: Bring up/down networking 
Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled) 
Active: failed (Result: exit-code) since di 2017-02-21 20:57:56 CET; 15s ago 
Docs: man:systemd-sysv-generator(8) 
Process: 2638 ExecStart=/etc/rc.d/init.d/network start (code=exited, 
status=1/FAILURE) 
CGroup: /system.slice/network.service 
└─1076 /sbin/dhclient -H clgmol -1 -q -lf 
/var/lib/dhclient/dhclient-13b56b89-7b1d-42fa-aeb7-af96a38102ce-enp3s0.lease 
-pf /var/run/dhclient-enp3s0.pid en... 

feb 21 20:57:56 clgmol.router network[2638]: RTNETLINK answers: File exists 
feb 21 20:57:56 clgmol.router network[2638]: RTNETLINK answers: File exists 
feb 21 20:57:56 clgmol.router network[2638]: RTNETLINK answers: File exists 
feb 21 20:57:56 clgmol.router network[2638]: RTNETLINK answers: File exists 
feb 21 20:57:56 clgmol.router network[2638]: RTNETLINK answers: File exists 
feb 21 20:57:56 clgmol.router network[2638]: RTNETLINK answers: File exists 
feb 21 20:57:56 clgmol.router systemd[1]: network.service: control process 
exited, code=exited status=1 
feb 21 20:57:56 clgmol.router systemd[1]: Failed to start LSB: Bring up/down 
networking. 
feb 21 20:57:56 clgmol.router systemd[1]: Unit network.service entered failed 
state. 
feb 21 20:57:56 clgmol.router systemd[1]: network.service failed. 

[root@clgmol ~]# ifup enp0s20u3c2 
arping: recvfrom: Netwerk ligt plat 
RTNETLINK answers: Network is down 

I disabled NetworkManager 
I tried with another Linksys device and I reinstalled and started over. 

Why does it work with other devices and not with this one? 
Many thanks for any advise. 

Greetings, J 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] grub2 for pv

[Christoph]

Hi

could you add pv grub2 images to the packages?

I've tried it following this howto: 
https://blog.xenproject.org/2015/01/07/using-grub-2-as-a-bootloader-for-xen-pv-guests/

and it works really good...

It would be nice to have it in the rpm packages.
--
--
Greetz
Christoph
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] usermod under CentOS

[m . roth]

Beartooth wrote:
>
>   My wife's PC, running CentOS 6, suddenly quit connecting to the
> Net. Autodidact that I am, I fumbled with all the hard- and software I
> could find or dared try, but did no good.

Should we assume that you have another computer running, and that it's not
having network issues? What did dmesg say, or is this all water under the
bridge?

>   They called to ask whether I wanted to specify a username &
> password, or just use their default dummies. I chose the dummies -- and
> realized in the night that I've never changed a username before.

Try this: do a useradd for her, and perhaps for you. Then, as root, move
the files to her home directory, and then chown -R herusername:hergroup
~herhome/*
>
*THEN* userdel the dummy accounts.

That way, just in case they installed something you don't want (incl.
malware), will be disabled. Then you can poke around in the dummy home,
etc, and when you don't find anything you want, *then* rm -rf ~dummy

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Solved - Re: Centos 7 with Postfixadmin, what provides php5-mysql

[Robert Moskowitz]

My old notes had dropped the obvious of php-mysql.  Oops.

On 02/21/2017 11:02 AM, Robert Moskowitz wrote:

I am building a Centos7 mailserver to replace my Centos6 server.

This means moving to Apache 2.4 and MariaDB, so I am finding a number 
of changes from my notes.


I now have MariaDB running with the databases created and Apache 
running.  I try accessing postfixadmin and get:


DEBUG INFORMATION:
MySQL 4.1 functions not available! (php5-mysqli installed?)
database_type = 'mysqli' in config.inc.php, are you using a different 
database?


Please check the documentation and website for more information.

=

mysqli is what the config.inc.php says to use for
// mysqli = MySQL 4.1+ or MariaDB

I installed httpd mod_ssl php mariadb-server

Thanks for any help on this.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELInux conflict with Postfixadmin

[Robert Moskowitz]

On 02/21/2017 12:06 PM, Daniel J Walsh wrote:


On 02/21/2017 11:52 AM, Robert Moskowitz wrote:


On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:

On 2017-02-21 17:30, Robert Moskowitz wrote:

postfixadmin setup.php is claiming:

*Error: Smarty template compile directory templates_c is not writable.*
*Please make it writable.*
*If you are using SELinux or AppArmor, you might need to adjust their
setup to allow write access.*


This goes away with 'setenforce 0', so it is an SELinux issue.  I have
tried both:

restorecon -Rv /usr/share/postfixadmin

and

chcon -R -t httpd_sys_content_t /usr/share/postfixadmin

and they are not the problem.  Googling this message doe snot produce
any SELinux advice.

Any ideas?

thanks

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Hi,

after 'setenforce 0' check the /var/log/audit/audit.log:

# grep /var/log/audit/audit.log | audit2why

Don't I need a search string in that grep command?


to see where  the problem could be.

Anyway the last three entries are:

type=AVC msg=audit(1487695678.704:128): avc:  denied  { write } for
pid=2055 comm="httpd" name="templates_c" dev="sda3" ino=786958
scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
permissive=1


If you want to allow apache processes to write to the templates_c
directory you need to label it httpd_sys_content_rw_t.


Thanks!

I undid the httpd_unified with:

setsebool -P httpd_unified 0

Then did

chcon -R -t httpd_sys_content_rw_t /usr/share/postfixadmin/templates_c

And SELinux appears to be happy.


type=SYSCALL msg=audit(1487695678.704:128): arch=4028 syscall=33
per=80 success=yes exit=0 a0=813c3ed0 a1=2 a2=0 a3=0 items=0
ppid=2053 pid=2055 auid=4294967295 uid=48 gid=48 euid=48 suid=48
fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295
comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0
key=(null)

type=PROCTITLE msg=audit(1487695678.704:128):
proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELInux conflict with Postfixadmin

[Daniel J Walsh]

On 02/21/2017 11:52 AM, Robert Moskowitz wrote:
>
>
> On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:
>> On 2017-02-21 17:30, Robert Moskowitz wrote:
>>> postfixadmin setup.php is claiming:
>>>
>>> *Error: Smarty template compile directory templates_c is not writable.*
>>> *Please make it writable.*
>>> *If you are using SELinux or AppArmor, you might need to adjust their
>>> setup to allow write access.*
>>>
>>>
>>> This goes away with 'setenforce 0', so it is an SELinux issue.  I have
>>> tried both:
>>>
>>> restorecon -Rv /usr/share/postfixadmin
>>>
>>> and
>>>
>>> chcon -R -t httpd_sys_content_t /usr/share/postfixadmin
>>>
>>> and they are not the problem.  Googling this message doe snot produce
>>> any SELinux advice.
>>>
>>> Any ideas?
>>>
>>> thanks
>>>
>>> ___
>>> CentOS mailing list
>>> CentOS@centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>> Hi,
>>
>> after 'setenforce 0' check the /var/log/audit/audit.log:
>>
>> # grep /var/log/audit/audit.log | audit2why
>
> Don't I need a search string in that grep command?
>
>> to see where  the problem could be.
>
> Anyway the last three entries are:
>
> type=AVC msg=audit(1487695678.704:128): avc:  denied  { write } for
> pid=2055 comm="httpd" name="templates_c" dev="sda3" ino=786958
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
> permissive=1
>
If you want to allow apache processes to write to the templates_c
directory you need to label it httpd_sys_content_rw_t.
> type=SYSCALL msg=audit(1487695678.704:128): arch=4028 syscall=33
> per=80 success=yes exit=0 a0=813c3ed0 a1=2 a2=0 a3=0 items=0
> ppid=2053 pid=2055 auid=4294967295 uid=48 gid=48 euid=48 suid=48
> fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295
> comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0
> key=(null)
>
> type=PROCTITLE msg=audit(1487695678.704:128):
> proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELInux conflict with Postfixadmin

[Robert Moskowitz]

On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:

On 2017-02-21 17:30, Robert Moskowitz wrote:

postfixadmin setup.php is claiming:

*Error: Smarty template compile directory templates_c is not writable.*
*Please make it writable.*
*If you are using SELinux or AppArmor, you might need to adjust their
setup to allow write access.*


This goes away with 'setenforce 0', so it is an SELinux issue.  I have
tried both:

restorecon -Rv /usr/share/postfixadmin

and

chcon -R -t httpd_sys_content_t /usr/share/postfixadmin

and they are not the problem.  Googling this message doe snot produce
any SELinux advice.

Any ideas?

thanks

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Hi,

after 'setenforce 0' check the /var/log/audit/audit.log:

# grep /var/log/audit/audit.log | audit2why


Don't I need a search string in that grep command?


to see where  the problem could be.


Anyway the last three entries are:

type=AVC msg=audit(1487695678.704:128): avc:  denied  { write } for 
pid=2055 comm="httpd" name="templates_c" dev="sda3" ino=786958 
scontext=system_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir 
permissive=1


type=SYSCALL msg=audit(1487695678.704:128): arch=4028 syscall=33 
per=80 success=yes exit=0 a0=813c3ed0 a1=2 a2=0 a3=0 items=0 
ppid=2053 pid=2055 auid=4294967295 uid=48 gid=48 euid=48 suid=48 
fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" 
exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)


type=PROCTITLE msg=audit(1487695678.704:128): 
proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELInux conflict with Postfixadmin

[Robert Moskowitz]

On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:

On 2017-02-21 17:30, Robert Moskowitz wrote:

postfixadmin setup.php is claiming:

*Error: Smarty template compile directory templates_c is not writable.*
*Please make it writable.*
*If you are using SELinux or AppArmor, you might need to adjust their
setup to allow write access.*


This goes away with 'setenforce 0', so it is an SELinux issue.  I have
tried both:

restorecon -Rv /usr/share/postfixadmin

and

chcon -R -t httpd_sys_content_t /usr/share/postfixadmin

and they are not the problem.  Googling this message doe snot produce
any SELinux advice.

Any ideas?

thanks

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Hi,

after 'setenforce 0' check the /var/log/audit/audit.log:

# grep /var/log/audit/audit.log | audit2why

to see where  the problem could be.


Playing around a little with this, I added templates_c as the grep 
string and got:


type=AVC msg=audit(1487695678.704:128): avc:  denied  { write } for 
pid=2055 comm="httpd" name="templates_c" dev="sda3" ino=786958 
scontext=system_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir 
permissive=1


Was caused by:
The boolean httpd_unified was set incorrectly.
Description:
Allow httpd to unified

Allow access by executing:
# setsebool -P httpd_unified 1

So I tried that, and the error went away.  Going to have to add 
audit2why in my notes.


thanks

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELInux conflict with Postfixadmin

[Zdenek Sedlak]

On 2017-02-21 17:30, Robert Moskowitz wrote:
> postfixadmin setup.php is claiming:
>
> *Error: Smarty template compile directory templates_c is not writable.*
> *Please make it writable.*
> *If you are using SELinux or AppArmor, you might need to adjust their
> setup to allow write access.*
>
>
> This goes away with 'setenforce 0', so it is an SELinux issue.  I have
> tried both:
>
> restorecon -Rv /usr/share/postfixadmin
>
> and
>
> chcon -R -t httpd_sys_content_t /usr/share/postfixadmin
>
> and they are not the problem.  Googling this message doe snot produce
> any SELinux advice.
>
> Any ideas?
>
> thanks
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
Hi,

after 'setenforce 0' check the /var/log/audit/audit.log:

# grep /var/log/audit/audit.log | audit2why

to see where  the problem could be.

//Zdenek
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with my simple write conf files method

[KM]

great.

  From: Robert Moskowitz 
 To: CentOS mailing list  
 Sent: Tuesday, February 21, 2017 11:40 AM
 Subject: Re: [CentOS] Problems with my simple write conf files method
   


On 02/21/2017 11:03 AM, KM wrote:
> I have never used this method per se, but in general in any script if you 
> want to preserve the $ (dollar sign) or variable name you must use a 
> backslash to preserve it. For example change your $CONF to \$CONF.  The $CONF 
> should then be printed into your conf file.

Thanks that worked.


> KM
>
>        From: Robert Moskowitz 
>  To: centos@centos.org
>  Sent: Tuesday, February 21, 2017 10:50 AM
>  Subject: [CentOS] Problems with my simple write conf files method
>    
> I have been creating conf files and similar with the following method
> that I picked up (I think from psotfix docs):
>
> cat <>/etc/aliases || exit 1
> root: youremail
> EOF
>
> See: http://medon.htt-consult.com/Centos7-armv7.html
>
> But with postfixadmin I stumbled onto a problem.  The following:
>
> cat   $CONF['database_type'] = 'mysqli';
> $CONF['database_user'] = 'postfix';
> $CONF['database_password'] = 'xyz';
> $CONF['database_name'] = 'postfix';
>
> $CONF['configured'] = true;
> ?>
> EOF
>
> produces:
>
> cat   ['database_type'] = 'mysqli';
> ['database_user'] = 'postfix';
> ['database_password'] = 'xyz';
> ['database_name'] = 'postfix';
>
> ['configured'] = true;
> ?>
>
> That is the '$CONF' gets processed.
>
> What can I do to avoid this (and any other 'gotchas') or can someone
> provide an alternative?
>
> thanks
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
>
>    
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


   
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with my simple write conf files method

[Robert Moskowitz]

On 02/21/2017 11:03 AM, KM wrote:

I have never used this method per se, but in general in any script if you want 
to preserve the $ (dollar sign) or variable name you must use a backslash to 
preserve it. For example change your $CONF to \$CONF.  The $CONF should then be 
printed into your conf file.


Thanks that worked.



KM

   From: Robert Moskowitz 
  To: centos@centos.org
  Sent: Tuesday, February 21, 2017 10:50 AM
  Subject: [CentOS] Problems with my simple write conf files method

I have been creating conf files and similar with the following method

that I picked up (I think from psotfix docs):

cat <>/etc/aliases || exit 1
root: youremail
EOF

See: http://medon.htt-consult.com/Centos7-armv7.html

But with postfixadmin I stumbled onto a problem.  The following:

cat 

[CentOS] usermod under CentOS

[Beartooth]

My wife's PC, running CentOS 6, suddenly quit connecting to the 
Net. Autodidact that I am, I fumbled with all the hard- and software I 
could find or dared try, but did no good. 

So we lugged it down to our favorite shop. While there, she bought 
a laptop, and asked them to install CentOS and copy all her files from the 
PC (including two books she's written and is trying to market).

They called to ask whether I wanted to specify a username & 
password, or just use their default dummies. I chose the dummies -- and 
realized in the night that I've never changed a username before. 

I think, repeat think, I could hack it with mv and chown, but I 
had enough sense to try a few manuals and duckduckgo searches. Those 
eventually led me to usermod, and I took a look at 'man usermod'. It seems 
to be fairly powerful -- and therefore dangerous as well as apposite.

So I ask here: are there caveats, gotchas, and/or other entities 
of their ilk that I need be wary of?

-- 
Beartooth Staffwright, Not Quite Clueless Power User
Remember I know little (precious little!) of where up is.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] SELInux conflict with Postfixadmin

[Robert Moskowitz]

postfixadmin setup.php is claiming:

*Error: Smarty template compile directory templates_c is not writable.*
*Please make it writable.*
*If you are using SELinux or AppArmor, you might need to adjust their 
setup to allow write access.*



This goes away with 'setenforce 0', so it is an SELinux issue.  I have 
tried both:


restorecon -Rv /usr/share/postfixadmin

and

chcon -R -t httpd_sys_content_t /usr/share/postfixadmin

and they are not the problem.  Googling this message doe snot produce 
any SELinux advice.


Any ideas?

thanks

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with my simple write conf files method

[KM]

I have never used this method per se, but in general in any script if you want 
to preserve the $ (dollar sign) or variable name you must use a backslash to 
preserve it. For example change your $CONF to \$CONF.  The $CONF should then be 
printed into your conf file.
KM

  From: Robert Moskowitz 
 To: centos@centos.org 
 Sent: Tuesday, February 21, 2017 10:50 AM
 Subject: [CentOS] Problems with my simple write conf files method
   
I have been creating conf files and similar with the following method 
that I picked up (I think from psotfix docs):

cat <>/etc/aliases || exit 1
root: youremail
EOF

See: http://medon.htt-consult.com/Centos7-armv7.html

But with postfixadmin I stumbled onto a problem.  The following:

cat 

[CentOS] Centos 7 with Postfixadmin, what provides php5-mysql

[Robert Moskowitz]

I am building a Centos7 mailserver to replace my Centos6 server.

This means moving to Apache 2.4 and MariaDB, so I am finding a number of 
changes from my notes.


I now have MariaDB running with the databases created and Apache 
running.  I try accessing postfixadmin and get:


DEBUG INFORMATION:
MySQL 4.1 functions not available! (php5-mysqli installed?)
database_type = 'mysqli' in config.inc.php, are you using a different 
database?


Please check the documentation and website for more information.

=

mysqli is what the config.inc.php says to use for
// mysqli = MySQL 4.1+ or MariaDB

I installed httpd mod_ssl php mariadb-server

Thanks for any help on this.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] movie player vs. mp3

[Michael Hennebry]

On Tue, 21 Feb 2017, Alice Wonder wrote:


On 02/21/2017 04:18 AM, Leon Fauster wrote:



EPEL has libmad included (its not a gstreamer plugin):

yum install epel-release
yum install madplay




In that case the extra gstreamer plugins in EPEL should probably be updated 
to build the libmad plugin, as libmad-devel should be available to.


The libmad gstreamer plugin should allow any gstreamer based application to 
decode mp3


madplay did the trick.
The first time, I had use custom command when opening the file.
Now madplay is on the list.

--
Michael   henne...@web.cs.ndsu.nodak.edu
"Sorry but your password must contain an uppercase letter, a number,
a haiku, a gang sign, a heiroglyph, and the blood of a virgin."
 --  someeecards
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Problems with my simple write conf files method

[Robert Moskowitz]

I have been creating conf files and similar with the following method 
that I picked up (I think from psotfix docs):


cat <>/etc/aliases || exit 1
root: youremail
EOF

See: http://medon.htt-consult.com/Centos7-armv7.html

But with postfixadmin I stumbled onto a problem.  The following:

cat 

[CentOS-announce] CESA-2017:0286 Moderate CentOS 7 openssl Security Update

[Johnny Hughes]

CentOS Errata and Security Advisory 2017:0286 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0286.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
642eb35daa25ae290bd3922e7876ac5d61744cb56c0d3f7877e76320b99a8f59  
openssl-1.0.1e-60.el7_3.1.x86_64.rpm
36fa878db932143ea4c107acb2deb34f78a9e7cb9159384b767f0932a27662d6  
openssl-devel-1.0.1e-60.el7_3.1.i686.rpm
6d5b7f68f5cc4446092ab2c3502df813b0145a4186e654f22d241ca9a88f79c3  
openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm
75afa599c87b32683162c976a3f7245767b1612b6fc1c1f935c41bcaaab71b8d  
openssl-libs-1.0.1e-60.el7_3.1.i686.rpm
d3354df1c13897870b20407aed7b3eb1ee581b0e1f4af4bcd920fa57914202ca  
openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm
89aef81712ce7a139e59aa0e594db2c3bb03ba9f6bc2e161debb43705dee67a7  
openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm
a1af544918add7dbc76be337f395a816e1f3b0d7bae42fb0a6c812f8636c6f1d  
openssl-static-1.0.1e-60.el7_3.1.i686.rpm
8f7129a44f28934985e1b00ccec2a0c80271018a038afab49e23e22576c7d47c  
openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm

Source:
976eaf61e1cbe2ac4bf32a440a5697dc19be59fd1b275bb314fdac3340a4  
openssl-1.0.1e-60.el7_3.1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

Re: [CentOS] movie player vs. mp3

[Alice Wonder]

On 02/21/2017 04:18 AM, Leon Fauster wrote:

Am 21.02.2017 um 03:08 schrieb Alice Wonder :

On 02/20/2017 06:06 PM, Scott Robbins wrote:

On Mon, Feb 20, 2017 at 07:58:22PM -0600, Michael Hennebry wrote:



I have movie player installed on centos 6.
When I try to play an mp3 file, it complains about the lack of a codec,
mpeg-1 something 3.
google hasn't helped.  What package do I need?
Trying to install ffmpeg gets me a no such package message.

I've dealt with codec issues before.
Mostly what I remember is that before I was done,
I wanted to kill something.


For various legal reasons, I don't think CentOS can include various codecs.

However, if you add the nux repos, you can then install mplayer and be able
to play mp3s.

(There are probably other programs, you can install ffmpeg from source, and
so on, but installing mplayer from the nux repos is probably the easiest
workaround. Or mpv if it's available, I'm not sure if it is.)



Fedora apparently now allows mp3 decoders but not encoders.

If movie player is totem - it is GStreamer based and you can buy the fluendo 
plugins and they works well and are fairly cheap.



EPEL has libmad included (its not a gstreamer plugin):

yum install epel-release
yum install madplay




In that case the extra gstreamer plugins in EPEL should probably be 
updated to build the libmad plugin, as libmad-devel should be available to.


The libmad gstreamer plugin should allow any gstreamer based application 
to decode mp3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] that ever puzzling special chars escaping + rdiff-backup

[lejeczek]

On 21/02/17 10:51, lejeczek wrote:

hi everyone

a good basher around here?

I try in a script:

_rdiffBack="rdiff-backup -v5 --tempdir /tmp/ --no-eas 
--exclude-other-filesystems --exclude-symbolic-links"
_rdffiExclude="--exclude '**/~*' --exclude '**.tmp' 
--exclude-regexp '(.glusterfs|.trashcan|temp)'"


this cheat won't work, have it as a function instead



_execCom=${!2}
_sourceDir=${1}
_backupTo=${3}

__backMeUp() {
  for _sourceDir in ${_sourceDirs[@]}; do
echo \$ ${_execCom} ${_rdffiExclude} ${_sourceDir}/ 
${_backupTo} \> ${_logFile} | ${_copyToLog}
${_execCom} ${_rdffiExclude} ${_sourceDir}/ 
${_backupTo} > ${_logFile} 2>&1

  done
}

case ${1} in
  rdiffThis)
  declare -a _sourceDirs=( /0-ALL.DATA/rdiffThis ); 
__backMeUp ${@}

  ;;
esac

this is a snippet which may look obscure but obvious is: 
rdiff-backup some data, just that.

And when I run it as a script

~]$ runme.sh rdiffThis _rdiffBack toHere

I see:
Fatal Error: Fatal Error: The file specification
''**'
cannot match any files in the base directory

You notice that the script echos what it is meant to 
execute, which suffice I copy that echo in bash 
prompt... and it works!? No "Fatal Error"
And the problem seems to specifically be a shell pattern 
for --exclude. Take two --exclude out, having:


_rdffiExclude="--exclude-regexp '(.glusterfs|.trashcan|temp)'"

and script works when invoked, fine!
I've been fiddling around but failed to make rdiff-backup 
1.2.8 play along.

Must be something trivial, right?
b.w.
L


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] movie player vs. mp3

[Leon Fauster]

> Am 21.02.2017 um 03:08 schrieb Alice Wonder :
> 
> On 02/20/2017 06:06 PM, Scott Robbins wrote:
>> On Mon, Feb 20, 2017 at 07:58:22PM -0600, Michael Hennebry wrote:
>> 
>> 
>>> I have movie player installed on centos 6.
>>> When I try to play an mp3 file, it complains about the lack of a codec,
>>> mpeg-1 something 3.
>>> google hasn't helped.  What package do I need?
>>> Trying to install ffmpeg gets me a no such package message.
>>> 
>>> I've dealt with codec issues before.
>>> Mostly what I remember is that before I was done,
>>> I wanted to kill something.
>> 
>> For various legal reasons, I don't think CentOS can include various codecs.
>> 
>> However, if you add the nux repos, you can then install mplayer and be able
>> to play mp3s.
>> 
>> (There are probably other programs, you can install ffmpeg from source, and
>> so on, but installing mplayer from the nux repos is probably the easiest
>> workaround. Or mpv if it's available, I'm not sure if it is.)
>> 
> 
> Fedora apparently now allows mp3 decoders but not encoders.
> 
> If movie player is totem - it is GStreamer based and you can buy the fluendo 
> plugins and they works well and are fairly cheap.


EPEL has libmad included (its not a gstreamer plugin):

yum install epel-release
yum install madplay


--
LF

PS: or compile gstreamer-plugins-ugly manually


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] that ever puzzling special chars escaping + rdiff-backup

[lejeczek]

hi everyone

a good basher around here?

I try in a script:

_rdiffBack="rdiff-backup -v5 --tempdir /tmp/ --no-eas 
--exclude-other-filesystems --exclude-symbolic-links"
_rdffiExclude="--exclude '**/~*' --exclude '**.tmp' 
--exclude-regexp '(.glusterfs|.trashcan|temp)'"

_execCom=${!2}
_sourceDir=${1}
_backupTo=${3}

__backMeUp() {
  for _sourceDir in ${_sourceDirs[@]}; do
echo \$ ${_execCom} ${_rdffiExclude} ${_sourceDir}/ 
${_backupTo} \> ${_logFile} | ${_copyToLog}
${_execCom} ${_rdffiExclude} ${_sourceDir}/ 
${_backupTo} > ${_logFile} 2>&1

  done
}

case ${1} in
  rdiffThis)
  declare -a _sourceDirs=( /0-ALL.DATA/rdiffThis ); 
__backMeUp ${@}

  ;;
esac

this is a snippet which may look obscure but obvious is: 
rdiff-backup some data, just that.

And when I run it as a script

~]$ runme.sh rdiffThis _rdiffBack toHere

I see:
Fatal Error: Fatal Error: The file specification
''**'
cannot match any files in the base directory

You notice that the script echos what it is meant to 
execute, which suffice I copy that echo in bash 
prompt... and it works!? No "Fatal Error"
And the problem seems to specifically be a shell pattern for 
--exclude. Take two --exclude out, having:


_rdffiExclude="--exclude-regexp '(.glusterfs|.trashcan|temp)'"

and script works when invoked, fine!
I've been fiddling around but failed to make rdiff-backup 
1.2.8 play along.

Must be something trivial, right?
b.w.
L
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] Docker container scanner on CentOS?

[Rafał Radecki]

Hi All.

I am currently searching for a decent image/container/registry scanner. I
would like to be able to check images for CVE, at the moment I am using
rhel/centos/ubuntu/debian based images.

I tried on CentOS7:
- openscap (oscap-docker): needs atomic for installation, allows scanning
of rhel based images only;
- atomic: allows scanning of rhel based images only;
- clair: usable in theory for rhel/centos/ubuntu/debian images but in
practice I encountered problems with analyze-local-images and hyperclair
"cli" tools and API does not allow automatization;
- banyan collector/dockscan/drydock: seem to be stale or not enough mature
to be considered;
- nessus: seems to be an overkill for my usecase.

I am now looking into:
- aqua (commercial);
- twistlock (commercial);
- blackduck docker scanner (commercial).

Can you share info about what you are using to scan docker images? Any
proposals for my usecase?

Thanks!

BR,
Rafal.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt