Re: [CentOS] Notice: Check your tuned settings for a performance boost.

[Yves Bellefeuille]

On Thursday 21 September 2017, Jim Perrin  wrote:

> Last week we noticed that the default scheduler isn't being set
> properly in CentOS 7. I haven't checked this for CentOS 6, but it
> might be worth exploring.

On my CentOS 6 system, tuned wasn't installed by default, but when I 
installed it and followed your instructions, that did seem to improve 
some programs' performance considerably.

-- 
Yves Bellefeuille 
GPG key 837A6134 at http://members.storm.ca/~yan/pgp.asc
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] gtk3 update causing havoc

[Paul Johnson]

I will try to fiddle with themes, but I think it is a superficial fix.
Emacs ought to work even without a desktop environment. Hell, I'll run
Window Maker with no DE at all sometimes.

I think I found fix with this with Emacs. It may be only fix for
Chromium or like is a theme, because there is no way I have energy to
learn how to compile that.

The Emacs fix...

I checked Ubuntu's packaging of Emacs to see how it is different.
They have a patch they pulled from Emacs upstream.  Ironically, it is
called "0020-Emacs-should-show-GTK-icons-again.patch".  With that,
I've recompiled Emacs and buttons now work correctly, without changing
anything else, no new themes. In fact, I'm doing these builds on a
headless system where I'm launching Emacs to test via X11 forwarding.
Theme does not matter, so far as I can tell.  The Emacs session
forwards back just fine now, calling into question the emphasis on
themes.

In case you want to try Emacs-24.5 on Centos with that patch, the
files are in my rpm server

http://pj.freefaculty.org/Software/EL

It is yum repo, if you install my security key

The RPMs in question are

http://pj.freefaculty.org/Software/EL/7/x86_64/emacs-24.5-8.el7.centos.x86_64.rpm
http://pj.freefaculty.org/Software/EL/7/x86_64/emacs-common-24.5-8.el7.centos.x86_64.rpm

All the other RPM files generated from the Emacs build are in that same folders.

I know I'm not allowed to put an attachment on this list, so I'll
paste in 0020-Emacs-should-show-GTK-icons-again.patch and you can
maybe tell me what it does:

From d4a257411a7c23c2ed75c3e163243fd0e92dc2be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Dj=C3=A4rv?= 
Date: Sat, 18 Oct 2014 18:19:53 +0200
Subject: Emacs should show GTK+ icons again.

This upstream patch has been added:

  Handle deprecated Gtk+ stuff for version <= 3.10

  * lisp/term/x-win.el (x-gtk-stock-map): Add icon names suggested as
  replacements to stock names before stock names in a list.
  Cdr may be a list, each name is tried in turn until one is found.

  * src/gtkutil.c (XG_TEXT_CANCEL, XG_TEXT_OPEN, XG_TEXT_OK): New defines
  to handle Gtk versions.
  (xg_get_file_with_chooser): Use them.
  (xg_have_tear_offs, tearoff_remove, tearoff_activate): Remove
  (create_menus): Remove teroff argument and code.
  Remove call to gtk_menu_set_title.
  (xg_update_menubar, xg_update_submenu): Remove tearoff code.  Adjust
  args to create_menus.
  (xg_tool_bar_menu_proxy, xg_tool_bar_detach_callback)
  (xg_tool_bar_attach_callback, TOOLBAR_TOP_WIDGET): Remove.
  (xg_pack_tool_bar): Replace TOOLBAR_TOP_WIDGET, remove detach code.
  (xg_make_tool_item): Remove detach code.
  (xg_update_tool_bar_sizes): Replace TOOLBAR_TOP_WIDGET.
  (find_icon_from_name): New function.
  (update_frame_tool_bar): Remove GtkStockItem code, move to
  find_icon_from_name.  Let stock be a list of icon names to try.
  Only use gtk_image_new_from_stock on Gtk+ < 3.10.
  Replace TOOLBAR_TOP_WIDGET.
  (free_frame_tool_bar, xg_change_toolbar_position ): Replace
  TOOLBAR_TOP_WIDGET.
  (xg_initialize): Remove tearoff code.

  * src/gtkutil.h (xg_have_tear_offs): Remove declaration.

  * src/xmenu.c (set_frame_menubar): Remove GTK block that calls
  xg_have_tear_offs.

  * src/xterm.h (handlebox_widget): Remove.

Origin: upstream, commit: 3f4c6d52d34538bc2d4a53246af4c61ef176
Bug-Debian: http://bugs.debian.org/828000
Added-by: Rob Browning 
---
 lisp/ChangeLog |   6 +
 lisp/term/x-win.el |  63 
 src/ChangeLog  |  31 
 src/gtkutil.c  | 421 +++--
 src/gtkutil.h  |   2 -
 src/xmenu.c|   6 -
 src/xterm.h|   4 -
 7 files changed, 155 insertions(+), 378 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 7345c6a..102461e 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,9 @@
+2014-10-18  Jan Djärv  
+
+* term/x-win.el (x-gtk-stock-map): Add icon names suggested as
+replacements to stock names before stock names in a list.
+Cdr may be a list, each name is tried in turn until one is found.
+
 2015-04-10  Nicolas Petton  

 * Version 24.5 released.
diff --git a/lisp/term/x-win.el b/lisp/term/x-win.el
index ca0ae3b..7a41d32 100644
--- a/lisp/term/x-win.el
+++ b/lisp/term/x-win.el
@@ -1475,47 +1475,47 @@ This returns an error if any Emacs frames are
X frames, or always under W32."
   (mapcar (lambda (arg)
 (cons (purecopy (car arg)) (purecopy (cdr arg
   '(
-("etc/images/new" . "gtk-new")
-("etc/images/open" . "gtk-open")
+("etc/images/new" . ("document-new" "gtk-new"))
+("etc/images/open" . ("document-open" "gtk-open"))
 ("etc/images/diropen" . "n:system-file-manager")
-("etc/images/close" . "gtk-close")
-("etc/images/save" . "gtk-save")
-("etc/images/saveas" . "gtk-save-as")
-("etc/images/undo" . "gtk-undo")
-("etc/images/cut" . "gtk-cut")
-("etc/images/copy" . 

Re: [CentOS] gtk3 update causing havoc

[Frank Cox]

On Fri, 22 Sep 2017 17:04:14 -0500
Paul Johnson wrote:

> The bad problem I see now is that Emacs and  Chromium-browser, which
> rely on gtk3 don't work properly anymore. In Emacs, the symptom is
> that the ribbon of buttons under the pull down menu will no longer
> show.  In Chromium,  the buttons and other widget things on the top
> are an ugly yellow distortion.

Un-intuitive as it may be, you may just need to start using either the Adwaita 
or Clearlooks-phenix theme.

One chap I know of that's using the CERN linux told me that solved a  problem 
similar to yours by using the clearlooks-phenix theme.

I use clearlooks-phenix here to solve a different set of problems (menus on 
Gnome-terminal and Geany), and I don't really like the way Adwaita looks.

Here's the solution if you want to try it:

yum install clearlooks-phenix-gtk2-theme clearlooks-phenix-gtk3-theme

Go to the look and feel preferences setting on your desktop and select 
Clearlooks-phenix from the list.

And afterward you can

yum remove mate-themes

if you want because it's not needed any more (assuming that you're using mate, 
that is).


-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache Compression

[Frank Cox]

On Fri, 22 Sep 2017 16:41:51 -0500
Matt wrote:

> I have a centos 7 install with apache running.  How do I get apache to
> use gzip compression on html and text based content?

I don't know how definitive it is, but this is what I use here:


AddOutputFilterByType DEFLATE text/text
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE image/x-icon
DeflateCompressionLevel 9
 

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[Larry Martell]

On Fri, Sep 22, 2017 at 1:20 PM, ken  wrote:
> On 09/22/2017 11:50 AM, Stephen John Smoogen wrote:
>>
>> On 22 September 2017 at 11:39, Larry Martell 
>> wrote:
>>>
>>> On Fri, Sep 22, 2017 at 11:30 AM Stephen John Smoogen 
>>> wrote:
>>>
 On 22 September 2017 at 10:33, Larry Martell 
 wrote:
>
> I am trying to get a centos 6 system on the internet with a tethered
> iPhone. I can see the phone with lsusb as bus 001 device 011. A post on
> stackoverflow said I would need to run "# ip link set usb0 up && dhcpcd
> usb0"
>
> But how do I reference my phone in that command?

 I thought that if the phone is in tethering mode that is all you need
 to do. The command is saying setup an 'ethernet' port on the USB and
 to ask for a dhcpd command from it. If the phone allows tethering it
 will be using its USB as an ethernet connection and will see a dhcpd
 connection and will give out an ip address.
>>>
>>>
>>>
>>> Seems something else is using usb0 - without the phone connected I see
>>> something on usb0 when running ifconfig. I think it's some internal
>>> network.  I tried running those commands when the phones be was connected
>>> but the system still is not on the internet.
>>>
>> That may be the case with some hardware. A lot of management hardware
>> will appear as a USB network address so you can loop back into the
>> hardware that way. You could try usb1 for the phone to see if that
>> works.
>
>
> When you have the phone plugged in, what does "lsusb" say?

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 003: ID 0624:0248 Avocent Corp. Virtual Hub
Bus 002 Device 005: ID 04b3:4010 IBM Corp.
Bus 001 Device 011: ID 4c7c:5f30   Apple iPhone 6S
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[Larry Martell]

On Fri, Sep 22, 2017 at 12:06 PM, Yan Li  wrote:
> On 09/22/2017 07:33 AM, Larry Martell wrote:
>> I am trying to get a centos 6 system on the internet with a tethered
>> iPhone. I can see the phone with lsusb as bus 001 device 011. A post on
>> stackoverflow said I would need to run "# ip link set usb0 up && dhcpcd
>> usb0"
>
> I always found that USB tethering is flaky and hard to set up. So I use
> wifi tethering whenever possible. Just my $.02.

If this machine had wifi I would not need to use my phone.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[Larry Martell]

On Fri, Sep 22, 2017 at 11:55 AM, J Martin Rushton
 wrote:
>
>
> On 09/22/2017 04:50 PM, Jon Pruente wrote:
>>
>> On Fri, Sep 22, 2017 at 10:39 AM, Larry Martell 
>> wrote:
>>
>>> Seems something else is using usb0 - without the phone connected I see
>>> something on usb0 when running ifconfig. I think it's some internal
>>> network.  I tried running those commands when the phones be was connected
>>> but the system still is not on the internet.
>>
>>
>>
>> Run 'udevadm monitor' with sudo or as root and watch for what /dev entry
>> the phone picks up when it is plugged in. Use that one in your ip or dhcpd
>> commands.

> Or really crudely:
>
> Plug in the phone, wait a minute then issue
> # ls -ltr /dev
> and the last named one should be the phone.

The phone appears as this:

/dev/bus/usb/001/011

How does that translate as something I can pass into the ip command?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] gtk3 update causing havoc

[Paul Johnson]

On my lab systems, the automatic updates were failing because of the
problems with ipod libraries from EPEL being in the way.  It turns out
that was a good thing, because when I "fixed" it, a massive set of
packages was updated, including the new gtk3.

These packages are the ones causing problems, I think.

gtk3-3.22.10-4.el7.x86_64
gtk3-devel-3.22.10-4.el7.x86_64

In the release notes, there is mention of the "giant icon" problem and
how to fix that.  We understand that part.

The bad problem I see now is that Emacs and  Chromium-browser, which
rely on gtk3 don't work properly anymore. In Emacs, the symptom is
that the ribbon of buttons under the pull down menu will no longer
show.  In Chromium,  the buttons and other widget things on the top
are an ugly yellow distortion.

I've recompiled the Emacs that comes with EL7, as well as 24.5, and
the Emacs behaves the same way, no buttons show.  The buttons are
invisible, but still there. If you click in there, you can get lucky.

Do you see it too in Emacs?

I see some posts that say the Gnome themes don't work any more with
GTK and those themes should have been deprecated by the gtk3 packages.
I don't think the theme is the cause because I see same problem in
both Gnome and XFCE4 desktops.  I see it also if I SSH into the
machine and run emacs forwarded over X11.

I just realized that on Ubuntu I'm running gtk-3.22.11 with Emacs 24.5
and the icons do show. Maybe there is a change in the compiler flag
for Emacs that I'm missing.

pj

-- 
Paul E. Johnson   http://pj.freefaculty.org
Director, Center for Research Methods and Data Analysis http://crmda.ku.edu

To write to me directly, please address me at pauljohn at ku.edu.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Apache Compression

[Matt]

I have a centos 7 install with apache running.  How do I get apache to
use gzip compression on html and text based content?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[Larry Martell]

On Fri, Sep 22, 2017 at 11:50 AM, Stephen John Smoogen  wrote:
> On 22 September 2017 at 11:39, Larry Martell  wrote:
>> On Fri, Sep 22, 2017 at 11:30 AM Stephen John Smoogen 
>> wrote:
>>
>>> On 22 September 2017 at 10:33, Larry Martell 
>>> wrote:
>>> > I am trying to get a centos 6 system on the internet with a tethered
>>> > iPhone. I can see the phone with lsusb as bus 001 device 011. A post on
>>> > stackoverflow said I would need to run "# ip link set usb0 up && dhcpcd
>>> > usb0"
>>> >
>>> > But how do I reference my phone in that command?
>>>
>>> I thought that if the phone is in tethering mode that is all you need
>>> to do. The command is saying setup an 'ethernet' port on the USB and
>>> to ask for a dhcpd command from it. If the phone allows tethering it
>>> will be using its USB as an ethernet connection and will see a dhcpd
>>> connection and will give out an ip address.
>>
>>
>>
>> Seems something else is using usb0 - without the phone connected I see
>> something on usb0 when running ifconfig. I think it's some internal
>> network.  I tried running those commands when the phones be was connected
>> but the system still is not on the internet.
>>
>
> That may be the case with some hardware. A lot of management hardware
> will appear as a USB network address so you can loop back into the
> hardware that way. You could try usb1 for the phone to see if that
> works.

I did try that - I got no such device or something like that.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[Larry Martell]

On Fri, Sep 22, 2017 at 11:50 AM, Jon Pruente
 wrote:
> On Fri, Sep 22, 2017 at 10:39 AM, Larry Martell 
> wrote:
>
>> Seems something else is using usb0 - without the phone connected I see
>> something on usb0 when running ifconfig. I think it's some internal
>> network.  I tried running those commands when the phones be was connected
>> but the system still is not on the internet.
>
>
> Run 'udevadm monitor' with sudo or as root and watch for what /dev entry
> the phone picks up when it is plugged in. Use that one in your ip or dhcpd
> commands.

Unfortunately I am not at the site any more. I will have to try that
next time I am there. Thanks!
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SOLVED upgrade or install to Centos 7.4.1708

[Pete Geenhuizen]

After trying the suggestions offered here and various other suggestions 
that I found through various searches I finally solved the problem by 
ditching the on board graphics and installing a graphics card.



On 09/19/17 11:01, Pete Geenhuizen wrote:
I upgraded from 7.3 to 7.4 over the weekend.  Everything went well 
except that I can't login because the screen is black with a cursor.


If reboot boot the 7.3 kernel 3.10.0-514.26.2.el7.x86_64 kernel 
everything works just fine, so my guess is that there's a kernel issue 
with the hardware, specifically the Skylake processor.


Has anyone else run into this problem and if so can how I resolve the 
problem other than using the previous kernel?


ASUSTeK COMPUTER INC.  Z170M-PLUS
VGA compatible controller: Intel Corporation HD Graphics 530 (rev 06)
Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz Skylake

Any help with this would be greatly appreciated.

Pete



--
Unencumbered by the thought process.
 -- Click and Clack the Tappet brothers


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] owncloud on CentOS - I have problems installing/updating recently

[Nicolas Kovacs]

Le 22/09/2017 à 12:14, James Hogarth a écrit :
> I know that many prefer EPEL packages but sometimes life gets ahead of us...
> 
> So far as owncloud in EPEL/CentOS is concerned it's not actually lagging
> that badly ... the most recent 9.1.X release is 9.1.6 and it's only a few
> minor bugfixes for the large part over the 9.1.5 in the EPEL repo.

I was only referring to the OwnCloud client package, for which I prefer
the OwnCloud repository.

For the server, I'm always doing manual installations, because it's more
flexible that way.

https://blog.microlinux.fr/owncloud-centos/

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Notice: Check your tuned settings for a performance boost.

[Frank Cox]

On Fri, 22 Sep 2017 13:00:38 -0500
Jon Pruente wrote:

> Does virt-what give you any output?

[root@mutt frankcox]# virt-what
[root@mutt frankcox]# 


-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Notice: Check your tuned settings for a performance boost.

[Jon Pruente]

On Fri, Sep 22, 2017 at 12:05 PM, Frank Cox  wrote:

> On Fri, 22 Sep 2017 09:04:58 -0700
> Jim Perrin wrote:
>
> > Yes. This command will drop an 'active-profile' file in /etc/tuned that
> > will be used and survive reboots, kernel updates, etc.
>
> [root@mutt frankcox]# tuned-adm active
> Current active profile: virtual-guest
>
> ???
>
> This is my main desktop computer and it isn't any kind of a virtual
> system.  I do run VirtualBox on it occasionally, though.
>
> What could have happened here?
>

Does virt-what give you any output?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] owncloud on CentOS - I have problems installing/updating recently

[Nicolas Kovacs]

Le 21/09/2017 à 20:06, Johnny Hughes a écrit :
> Well, it must be noted that they do have to work with things in RHEL ..
> I have not looked if they are using SCLs.  If not, they can't move to
> things that require newer languages, etc.
> 
> So sometimes, they have to lag.

As far as I can tell, the main thing they had to deal with recently was
the transition to Qt5. So far they managed it well, since all the
dependencies are in some extra packages in their repo.

$ rpm -qa | grep ocqt
ocqt562-libqt5-qtwebkit-5.6.2-11.3.x86_64
ocqt562-libQt5Widgets5-5.6.2-22.1.x86_64
ocqt562-libQt5Concurrent5-5.6.2-22.1.x86_64
ocqt562-libQt5Gui5-5.6.2-22.1.x86_64
ocqt562-libQt5Core5-5.6.2-22.1.x86_64
ocqt562-qt5keychain1-0.7.0-4.6.x86_64
ocqt562-libQt5DBus5-5.6.2-22.1.x86_64
ocqt562-libQt5Xml5-5.6.2-22.1.x86_64
ocqt562-libQt5Sql5-5.6.2-22.1.x86_64
ocqt562-libQt5PrintSupport5-5.6.2-22.1.x86_64
ocqt562-libQt5Network5-5.6.2-22.1.x86_64

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] OT ayuda comando Sed

[César Martinez]

Muchas gracias Ricardo con el * funciono a la perfección, gracias a 
todos y buena tarde.


--
|Saludos Cordiales
|César Martínez M. | Ingeniero de Sistemas
|Consultor & Proyectos Software Libre| SERVICOM
|Teléfono: (593-2)554-271 2221-386 | Ext 4501
|Celular:593 999374317 |Skype servicomecuador
|Web www.servicomecuador.com Síguenos en:
|Twitter: @servicomecuador |Facebook: servicomec
|Zona Clientes: www.servicomecuador.com/billing
|Blog: http://servicomecuador.com/blog
|Dir. Av. 10 de Agosto N29-140 Entre
|Acuña y  Cuero y Caicedo
|Quito - Ecuador - Sudamérica

El 22/09/17 a las 12:28, Ricardo J. Barberis escribió:

El Jueves 21/09/2017 a las 11:58, Cesar Martinez escribió:

Saludos amigos listeros espero todos se encuentren bien, acudo a ustedes
con una peque consulta, tengo un servidor de correo el cuál esta siendo
atacado constantemente e instalado ya fail2ban pero aún así son
repetitivos los intentos de acceso de usuarios, tengo claves fuertes
para los usuarios de correo, estoy creando un script donde se lee los
logs saca las direcciones ips atacantes hacia un archivo y luego via
iptables bloqueo estas ips, pero necesito que las ips del segmento de la
lan que encuentre en los logs no las banee, aquí lo que tengo haber si
alguien me puede echar una mano

sed -i 's/192.168.0.$/192.168.100.23/g' /archivo

Ejecuto no me da error pero no reemplaza las direcciones ips

El $ indica final de linea, probablemente lo que quieras es poner un * en su
lugar.


Si lo hago de uno en uno funciona pero quiero que sea a nivel de todo el
segmento

sed  -i  's/192.168.0.86/192.168.100.23/g' /archivo

Con esta linea si funciona

Gracias a todos los que puedan ayudarme





___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] OT ayuda comando Sed

[Ricardo J. Barberis]

El Jueves 21/09/2017 a las 11:58, Cesar Martinez escribió:
> Saludos amigos listeros espero todos se encuentren bien, acudo a ustedes
> con una peque consulta, tengo un servidor de correo el cuál esta siendo
> atacado constantemente e instalado ya fail2ban pero aún así son
> repetitivos los intentos de acceso de usuarios, tengo claves fuertes
> para los usuarios de correo, estoy creando un script donde se lee los
> logs saca las direcciones ips atacantes hacia un archivo y luego via
> iptables bloqueo estas ips, pero necesito que las ips del segmento de la
> lan que encuentre en los logs no las banee, aquí lo que tengo haber si
> alguien me puede echar una mano
>
> sed -i 's/192.168.0.$/192.168.100.23/g' /archivo
>
> Ejecuto no me da error pero no reemplaza las direcciones ips

El $ indica final de linea, probablemente lo que quieras es poner un * en su 
lugar.

> Si lo hago de uno en uno funciona pero quiero que sea a nivel de todo el
> segmento
>
> sed  -i  's/192.168.0.86/192.168.100.23/g' /archivo
>
> Con esta linea si funciona
>
> Gracias a todos los que puedan ayudarme



-- 
Ricardo J. Barberis
Usuario Linux Nº 250625: http://counter.li.org/
Usuario LFS Nº 5121: http://www.linuxfromscratch.org/
Senior SysAdmin / IT Architect - www.DonWeb.com
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS] Connecting to internet with USB tethered iphone

[ken]

On 09/22/2017 11:50 AM, Stephen John Smoogen wrote:

On 22 September 2017 at 11:39, Larry Martell  wrote:

On Fri, Sep 22, 2017 at 11:30 AM Stephen John Smoogen 
wrote:


On 22 September 2017 at 10:33, Larry Martell 
wrote:

I am trying to get a centos 6 system on the internet with a tethered
iPhone. I can see the phone with lsusb as bus 001 device 011. A post on
stackoverflow said I would need to run "# ip link set usb0 up && dhcpcd
usb0"

But how do I reference my phone in that command?

I thought that if the phone is in tethering mode that is all you need
to do. The command is saying setup an 'ethernet' port on the USB and
to ask for a dhcpd command from it. If the phone allows tethering it
will be using its USB as an ethernet connection and will see a dhcpd
connection and will give out an ip address.



Seems something else is using usb0 - without the phone connected I see
something on usb0 when running ifconfig. I think it's some internal
network.  I tried running those commands when the phones be was connected
but the system still is not on the internet.


That may be the case with some hardware. A lot of management hardware
will appear as a USB network address so you can loop back into the
hardware that way. You could try usb1 for the phone to see if that
works.


When you have the phone plugged in, what does "lsusb" say?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS mount on Centos 7 crashing

[Nikolaos Milas]

On 22/9/2017 3:46 μμ, Nikolaos Milas wrote:

Based on the facts and experience, it looks like a bug. After all, it 
occurred right after upgrade to 7.4, without any system configuration 
changes.


I have created bug report: https://bugs.centos.org/view.php?id=13891 for 
this.


Isn't there anyone else having NFS mount issues after upgrade to 7.4?

(I have found this report: https://access.redhat.com/solutions/3146191 
which I think is not directly related.)


Other possible error report which could be related:
https://www.reddit.com/r/ansible/comments/6tu9c4/mounting_a_nfs_share_from_aix_to_rhel_74_remote/dlpdco6/?st=j7w56e1a=065301d7

Please let me know if there can be a workaround or something.

Thanks,
Nick
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Notice: Check your tuned settings for a performance boost.

[Frank Cox]

On Fri, 22 Sep 2017 09:04:58 -0700
Jim Perrin wrote:

> Yes. This command will drop an 'active-profile' file in /etc/tuned that
> will be used and survive reboots, kernel updates, etc.

[root@mutt frankcox]# tuned-adm active
Current active profile: virtual-guest

???

This is my main desktop computer and it isn't any kind of a virtual system.  I 
do run VirtualBox on it occasionally, though.

What could have happened here?

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] webkit on CentOS 7.4

[Johnny Hughes]

On 09/22/2017 11:02 AM, Yan Li wrote:
> On 09/22/2017 08:43 AM, Jerry Geis wrote:
>> hi Johhny
>>
>> thanks - I am using the second link webkitgtk4.
>>
>> I could not find anything mediasource or media_source in the build log.
>> Is that an "oversite" in the upstream? Can it be enabled for all and
>> rebuilt and posted? (I'd rather not compile webkit).
> 
> CentOS doesn't and cannot alter upstream source except for trademark
> reasons and a few other necessities for getting the build done,
> unfortunately.
> 
> Of course, any other party is free to do so and publish the altered
> package themselves. Just it won't be part of CentOS.
> 

Exactly what Yan Li said .. we build it like it is written in the spec
from upstream, and make no changes except for trademarks.  In this case
there is no modification at all to that package.

I have no idea how one would modify or pass things in to this package
without research, etc.

But, the build.log is the rpmbuild output from the build .. and the
root.log is everything installed in the build root where it was built.





signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[Yan Li]

On 09/22/2017 07:33 AM, Larry Martell wrote:
> I am trying to get a centos 6 system on the internet with a tethered
> iPhone. I can see the phone with lsusb as bus 001 device 011. A post on
> stackoverflow said I would need to run "# ip link set usb0 up && dhcpcd
> usb0"

I always found that USB tethering is flaky and hard to set up. So I use
wifi tethering whenever possible. Just my $.02.

-- 
Yan Li
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Notice: Check your tuned settings for a performance boost.

[Jim Perrin]

On 09/21/2017 07:02 PM, Fred Smith wrote:
> On Thu, Sep 21, 2017 at 11:45:12AM -0700, Jim Perrin wrote:
>> Last week we noticed that the default scheduler isn't being set properly
>> in CentOS 7. I haven't checked this for CentOS 6, but it might be worth
>> exploring.
>>
>> The TL;DR is unless you're running CentOS 7 on a laptop or as a virtual
>> guest, you should probably run 'tuned-adm profile throughput-performance'
>>
>> I wrote up the full details here ->
>> http://jperrin.org/centos/boosting-centos-server-performance/
> 
> Cool. thanks!
> 
> I have noticed (without being quite sure what to do about it) that
> my Centos 7 desktop (six core AMD Vishera) seems sluggish at times,
> when there doesn't seem to be much running that should be a system
> hog. I'll see if this change  helps resolve that.
> 
> Does running the command shown there make a permanent change, i.e.,
> one that survives reboot?
> 
> 

Yes. This command will drop an 'active-profile' file in /etc/tuned that
will be used and survive reboots, kernel updates, etc.


-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] webkit on CentOS 7.4

[Yan Li]

On 09/22/2017 08:43 AM, Jerry Geis wrote:
> hi Johhny
> 
> thanks - I am using the second link webkitgtk4.
> 
> I could not find anything mediasource or media_source in the build log.
> Is that an "oversite" in the upstream? Can it be enabled for all and
> rebuilt and posted? (I'd rather not compile webkit).

CentOS doesn't and cannot alter upstream source except for trademark
reasons and a few other necessities for getting the build done,
unfortunately.

Of course, any other party is free to do so and publish the altered
package themselves. Just it won't be part of CentOS.

-- 
Yan Li
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[J Martin Rushton]

On 09/22/2017 04:50 PM, Jon Pruente wrote:

On Fri, Sep 22, 2017 at 10:39 AM, Larry Martell 
wrote:


Seems something else is using usb0 - without the phone connected I see
something on usb0 when running ifconfig. I think it's some internal
network.  I tried running those commands when the phones be was connected
but the system still is not on the internet.



Run 'udevadm monitor' with sudo or as root and watch for what /dev entry
the phone picks up when it is plugged in. Use that one in your ip or dhcpd
commands.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Or really crudely:

Plug in the phone, wait a minute then issue
# ls -ltr /dev
and the last named one should be the phone.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[Stephen John Smoogen]

On 22 September 2017 at 11:39, Larry Martell  wrote:
> On Fri, Sep 22, 2017 at 11:30 AM Stephen John Smoogen 
> wrote:
>
>> On 22 September 2017 at 10:33, Larry Martell 
>> wrote:
>> > I am trying to get a centos 6 system on the internet with a tethered
>> > iPhone. I can see the phone with lsusb as bus 001 device 011. A post on
>> > stackoverflow said I would need to run "# ip link set usb0 up && dhcpcd
>> > usb0"
>> >
>> > But how do I reference my phone in that command?
>>
>> I thought that if the phone is in tethering mode that is all you need
>> to do. The command is saying setup an 'ethernet' port on the USB and
>> to ask for a dhcpd command from it. If the phone allows tethering it
>> will be using its USB as an ethernet connection and will see a dhcpd
>> connection and will give out an ip address.
>
>
>
> Seems something else is using usb0 - without the phone connected I see
> something on usb0 when running ifconfig. I think it's some internal
> network.  I tried running those commands when the phones be was connected
> but the system still is not on the internet.
>

That may be the case with some hardware. A lot of management hardware
will appear as a USB network address so you can loop back into the
hardware that way. You could try usb1 for the phone to see if that
works.

>>
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[Jon Pruente]

On Fri, Sep 22, 2017 at 10:39 AM, Larry Martell 
wrote:

> Seems something else is using usb0 - without the phone connected I see
> something on usb0 when running ifconfig. I think it's some internal
> network.  I tried running those commands when the phones be was connected
> but the system still is not on the internet.


Run 'udevadm monitor' with sudo or as root and watch for what /dev entry
the phone picks up when it is plugged in. Use that one in your ip or dhcpd
commands.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] webkit on CentOS 7.4

[Jerry Geis]

hi Johhny

thanks - I am using the second link webkitgtk4.

I could not find anything mediasource or media_source in the build log.
Is that an "oversite" in the upstream? Can it be enabled for all and
rebuilt and posted? (I'd rather not compile webkit).

Thanks,

Jerry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[Larry Martell]

On Fri, Sep 22, 2017 at 11:30 AM Stephen John Smoogen 
wrote:

> On 22 September 2017 at 10:33, Larry Martell 
> wrote:
> > I am trying to get a centos 6 system on the internet with a tethered
> > iPhone. I can see the phone with lsusb as bus 001 device 011. A post on
> > stackoverflow said I would need to run "# ip link set usb0 up && dhcpcd
> > usb0"
> >
> > But how do I reference my phone in that command?
>
> I thought that if the phone is in tethering mode that is all you need
> to do. The command is saying setup an 'ethernet' port on the USB and
> to ask for a dhcpd command from it. If the phone allows tethering it
> will be using its USB as an ethernet connection and will see a dhcpd
> connection and will give out an ip address.



Seems something else is using usb0 - without the phone connected I see
something on usb0 when running ifconfig. I think it's some internal
network.  I tried running those commands when the phones be was connected
but the system still is not on the internet.

>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Connecting to internet with USB tethered iphone

[Stephen John Smoogen]

On 22 September 2017 at 10:33, Larry Martell  wrote:
> I am trying to get a centos 6 system on the internet with a tethered
> iPhone. I can see the phone with lsusb as bus 001 device 011. A post on
> stackoverflow said I would need to run "# ip link set usb0 up && dhcpcd
> usb0"
>
> But how do I reference my phone in that command?

I thought that if the phone is in tethering mode that is all you need
to do. The command is saying setup an 'ethernet' port on the USB and
to ask for a dhcpd command from it. If the phone allows tethering it
will be using its USB as an ethernet connection and will see a dhcpd
connection and will give out an ip address.


> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] webkit on CentOS 7.4

[Johnny Hughes]

On 09/22/2017 10:02 AM, Jerry Geis wrote:
> Hello is the webkit with CentOS 7.4 compiled with ENABLE_MEDIASOURCE ?
> 
> When I call the set_media_source function with TRUE and then ask
> get_media_source function for the value it returns TRUE. I presume it would
> no return TRUE if its not enabled.
> 
> However, my webpage with a video tag using webkit is not finding the
> MediaSource.
> 

There is more than one webkit in 7.4:

https://buildlogs.centos.org/c7.1708.00/webkitgtk3/20170806053147/2.4.11-2.el7.x86_64/


https://buildlogs.centos.org/c7.1708.00/webkitgtk4/20170808203516/2.14.7-2.el7.x86_64/


If you look at the build.log, in the whichever one you have installed,
you should be able to see any configure variables that were passed in on
the build.

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] webkit on CentOS 7.4

[Jerry Geis]

Hello is the webkit with CentOS 7.4 compiled with ENABLE_MEDIASOURCE ?

When I call the set_media_source function with TRUE and then ask
get_media_source function for the value it returns TRUE. I presume it would
no return TRUE if its not enabled.

However, my webpage with a video tag using webkit is not finding the
MediaSource.

Thanks,

Jerry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Connecting to internet with USB tethered iphone

[Larry Martell]

I am trying to get a centos 6 system on the internet with a tethered
iPhone. I can see the phone with lsusb as bus 001 device 011. A post on
stackoverflow said I would need to run "# ip link set usb0 up && dhcpcd
usb0"

But how do I reference my phone in that command?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] prevent users from fiddling with network?

[Valeri Galtsev]

On Fri, September 22, 2017 8:31 am, Leroy Tennison wrote:
> As Scott said, nothing is perfect.  On Ubuntu (16.04 - the current long
> term support version) all home directories are world executable/readable
> ("Security?  What's that?").

Thanks Scott and Leroy for your advises. I agree, Ubuntu almost from the
very beginning was (IMHO) aimed to be single user laptop or desktop
system. Being Debian replica, _that_ was what differed it from Debian.
Debian, though very rich and independent (not backed by company - even one
with excellent reputation) had its quirks. I bet everybody remembers
random number generator flop that was on Debian and all its clones for
about 4 years before it became publicly known and fixed (basically,
someone commented our fair chunk of code of random number generator for
debugging, and left it that way, - so all random numbers had only 4 first
bits random and the rest deterministically predictable from those). All
Debian (and clones) admins had to re-generate all key pairs, certificates,
etc., and live guessing if bad guys ever visited they systems, or rebuild
those. I do not recollect a flop like that on RedHat side (praising good
guys again, thigh not liking their direction now). So, I'm still looking
for centrally manageable and installable en masse Linux system (my users
do need to run variety of code written on and for Linux) - thanks for
suggestions everybody!

Valeri

>
> - Original Message -
> From: "Scott Robbins" 
> To: "centos" 
> Sent: Thursday, September 21, 2017 9:40:03 PM
> Subject: Re: [CentOS] prevent users from fiddling with network?
>
> On Thu, Sep 21, 2017 at 07:00:12PM -0500, Valeri Galtsev wrote:
>>
>> On Thu, September 21, 2017 6:13 pm, Scott Robbins wrote:
>> > On Thu, Sep 21, 2017 at 05:23:23PM -0500, Valeri Galtsev wrote:
>> >>
>> >
>> > Well, this is my longstanding rant against RedHat and friends.  Take a
>> > look
>> > at what Fedora is doing before blithely throwing it into RedHat.
>> >>
>> > Most Fedora stuff is for single user laptops, and frankly, a lot of it
>> > seems developed by people with no concept of system administration.
>
>> Well, I guess we see Microsoft money invested into ("donated" to? ;-)
>> RedHat at work. Yes, my servers are FreeBSD for long time already, but
>> as
>> we have to use Linux for wide variety of stuff, we may need to start
>> looking which other distribution (better from sysadmin's prospective) to
>> flee to. Scott, I'd be glad to hear your advise on that matter. (As
>> CentOS
>> public mirror maintainer I will keep maintaining that indefinitely as a
>> token of gratitude to the project that gave us so much over long time).
>
> Unfortunately, no advice.  I haven't used Debian as anything but a laptop
> install for a long time, but their developers did, in the past, seem to
> have better ideas of system administration. They have their own issues, of
> course, nothing is perfect.
>
>
> --
> Scott Robbins
> PGP keyID EB3467D6
> ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
> gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] upgrade to 7.4 ZFS issue

[Johnny Hughes]

On 09/22/2017 06:25 AM, Thomas Roth wrote:
> Hi all,
> 
> I have a server running 7.3 using the zfs-kmod packages from
> zfsonlinux.org.
> For the update to 7.4, I followed
> https://github.com/zfsonlinux/zfs/wiki/RHEL-&-CentOS: removal of all zfs
> - and related packages and installation of the zfs-release.7.4.noarch.rpm
> Afterwards, yum will find almost all packages from that repository -
> except for the zfs-0.7.1-1.el7_4.x86_64.rpm itself ("ZFS command line
> utilities").
> However, the package is there, I can get it via wget!
> Of course I tried cleaning yum + caches, not removing the zfs packages,
> removing them before reboot, removing them after booting into 
> 3.10.0-693 - all of which makes no difference.
> 
> On a fresh installation (aka starting with 7.4), this problem does not
> occur.
> 
> 
> Regardless of any ZFS specifics, what could cause yum to exclude one
> single package file from an otherwise perfectly accessible repo?
> 

The only way would be bad metadata at the site, an exclude in either
/etc/yum.conf or the applicable repo file, or something like an obsolete
in an installed or repo package that causes that package to be filtered out.

You can use yum install ./ to try to install a local rpm and
see what it tells you.




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] prevent users from fiddling with network?

[Leroy Tennison]

As Scott said, nothing is perfect.  On Ubuntu (16.04 - the current long term 
support version) all home directories are world executable/readable ("Security? 
 What's that?").

- Original Message -
From: "Scott Robbins" 
To: "centos" 
Sent: Thursday, September 21, 2017 9:40:03 PM
Subject: Re: [CentOS] prevent users from fiddling with network?

On Thu, Sep 21, 2017 at 07:00:12PM -0500, Valeri Galtsev wrote:
> 
> On Thu, September 21, 2017 6:13 pm, Scott Robbins wrote:
> > On Thu, Sep 21, 2017 at 05:23:23PM -0500, Valeri Galtsev wrote:
> >>
> >
> > Well, this is my longstanding rant against RedHat and friends.  Take a
> > look
> > at what Fedora is doing before blithely throwing it into RedHat.
> >>
> > Most Fedora stuff is for single user laptops, and frankly, a lot of it
> > seems developed by people with no concept of system administration.

> Well, I guess we see Microsoft money invested into ("donated" to? ;-)
> RedHat at work. Yes, my servers are FreeBSD for long time already, but as
> we have to use Linux for wide variety of stuff, we may need to start
> looking which other distribution (better from sysadmin's prospective) to
> flee to. Scott, I'd be glad to hear your advise on that matter. (As CentOS
> public mirror maintainer I will keep maintaining that indefinitely as a
> token of gratitude to the project that gave us so much over long time).

Unfortunately, no advice.  I haven't used Debian as anything but a laptop
install for a long time, but their developers did, in the past, seem to
have better ideas of system administration. They have their own issues, of
course, nothing is perfect.


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux prevents lighttpd from printing

[Daniel Walsh]

On 09/22/2017 08:24 AM, hw wrote:

Daniel Walsh wrote:

On 09/22/2017 06:58 AM, hw wrote:


PS: Now I found this:


type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : 
proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp
type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 
syscall=setgroups success=no exit=EPERM(Operation not permitted) 
a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 
pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root suid=root 
fsuid=root egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) 
ses=unset comm=sendmail exe=/usr/sbin/exim 
subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc: denied  { 
setgid } for  pid=19418 comm=sendmail capability=setgid 
scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=capability


type=SYSCALL msg=audit(09/15/2017 12:12:14.551:31746) : arch=x86_64 
syscall=open success=yes exit=7 a0=0x7ffd1659ec70 a1=O_RDONLY a2=0x0 
a3=0x9 items=0 ppid=27605 pid=27633 auid=unset uid=lighttpd 
gid=lighttpd euid=lighttpd suid=lighttpd fsuid=lighttpd 
egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset 
comm=lpr exe=/usr/bin/lpr.cups 
subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
type=AVC msg=audit(09/15/2017 12:12:14.551:31746) : avc: denied { 
open } for  pid=27633 comm=lpr path=/etc/cups/lpoptions dev="sdb2" 
ino=153957 scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
type=AVC msg=audit(09/15/2017 12:12:14.551:31746) : avc: denied { 
read } for  pid=27633 comm=lpr name=lpoptions dev="sdb2" ino=153957 
scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file



So I can see that sending email and printing was denied -- which I 
already

found out --- and I don´t have any idea how to allow it.


hw wrote:

Johnny Hughes wrote:

On 09/20/2017 07:19 AM, hw wrote:

hw wrote:


Hi,

how do I allow CGI programs to print (using 'lpr -P some-printer
some-file.pdf') when
lighttpd is being used for a web server?

When selinux is permissive, the printer prints; when it´s 
enforcing,

the printer
does not print, and I´m getting the log message '/bin/lpr: 
Permission

denied'.

'getsebool -a | grep http' doesn´t show any boolean I could make 
out

to be responsible
for this.

Any idea what I need to do/change to allow printing without 
disabling

selinux?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Nobody knows?



Look in your audit logs while in permissive mode and you should 
see the

issue in there, the wiki has details:

https://wiki.centos.org/HowTos/SELinux#head-798c98ef37cb8a00425a048152113b7a7dc14f1b 



Thanks!  I´m guessing I´m supposed to use ausearch to search for 
something, and

I don´t know what to search for.

So far, lighttpd can not print and can not send emails (using 
MIME::Lite) unless

selinux is permissive.  Using

'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i'

, I only get


type=PROCTITLE msg=audit(09/21/2017 14:08:40.569:559) : 
proctitle=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
type=SYSCALL msg=audit(09/21/2017 14:08:40.569:559) : arch=x86_64 
syscall=open success=no exit=EACCES(Permission denied) 
a0=0x559fc8094740 
a1=O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_TRUNC|O_CLOEXEC a2=0644 
a3=0x7 items=0 ppid=1 pid=14081 auid=unset uid=root gid=root 
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root 
tty=(none) ses=unset comm=lighttpd exe=/usr/sbin/lighttpd 
subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(09/21/2017 14:08:40.569:559) : avc: denied { 
write } for  pid=14081 comm=lighttpd name=www dev="sda2" ino=64608 
scontext=system_u:system_r:httpd_t:s0 
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir



Any idea what I would need to search for, or how to figure out what 
I would

need to allow?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


First thing to enable httpd to send mail, you can turn on the send 
mail boolean.


# setsebool -P httpd_can_sendmail 1


Oh I looked at these variables and somehow didn´t see it.


The ability to print you would need to add custom rules.

# grep lpr /var/log/audit/audit.log | audit2allow -R -M myprint

# semodule -i myprint.pp

If you get another failure on lpt, you might have to run these 
commands a couple of times.


Thank you very much!  Both problems are now fixed :)

However:

grep lpr /var/log/audit/audit.log | audit2allow -R -M myprint
could not open interface info [/var/lib/sepolgen/interface_info]


I don´t know what´s missing, so I 

Re: [CentOS] NFS mount on Centos 7 crashing

[Nikolaos Milas]

On 22/9/2017 2:58 μμ, Nikolaos Milas wrote:


...
or through /etc/fstab:

  10.201.40.34:/data/col1/hesperia-mount /hesperiamount2   nfs 
auto,noatime,nolock,bg,nfsvers=3,intr,tcp,actimeo=1800 0 


Correction: the /etc/fstab nfs mount line has one more zero:

  10.201.40.34:/data/col1/hesperia-mount /hesperiamount2   nfs 
auto,noatime,nolock,bg,nfsvers=3,intr,tcp,actimeo=1800 0 0


I am looking forward to your feedback.

Based on the facts and experience, it looks like a bug. After all, it 
occurred right after upgrade to 7.4, without any system configuration 
changes.


Please help!
Nick
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] OT ayuda comando Sed

[César Martinez]

Gracias por responder Carlos, el problema es que fail2ban banea solo 
intentos fallidos de acceso pero tengo en el log del mail por ejemplo 
ataques con estos conceptos


max connection count 1 for

connect from unknown

auth failed

authentication failure

Por eso saco esas ips y las baneo por iptables adicional a las que banea 
fail2ban que por cierto no son las mismas


--
|Saludos Cordiales
|César Martínez M. | Ingeniero de Sistemas
|Consultor & Proyectos Software Libre| SERVICOM
|Teléfono: (593-2)554-271 2221-386 | Ext 4501
|Celular:593 999374317 |Skype servicomecuador
|Web www.servicomecuador.com Síguenos en:
|Twitter: @servicomecuador |Facebook: servicomec
|Zona Clientes: www.servicomecuador.com/billing
|Blog: http://servicomecuador.com/blog
|Dir. Av. 10 de Agosto N29-140 Entre
|Acuña y  Cuero y Caicedo
|Quito - Ecuador - Sudamérica

El 21/09/17 a las 19:34, Carlos Martinez escribió:

Cordial saludo.

Es extraño que debas usar sed con fail2ban. Se supone que fail2ban
hace todo incluyendo el manejo de IPs o segmentos de red excluidos.
Revisa el parámetro ignoreip dentro de la sección [DEFAULT] en el
archivo jail.local. El asunto es como el siguiente:

[DEFAULT]
ignoreip = 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 8.8.8.8/12


Mensaje importante:


Este correo y sus archivos adjuntos pueden contener datos e
información confidencial y/o privilegiada de RADY CONSULTORES o de
terceros para conocimiento y uso exclusivo de los destinatarios
correctos y/o de las personas que expresamente en estos se indiquen.
Si usted lo recibió por error, le solicitamos notificarlo de inmediato
al remitente y abstenerse de divulgar, reenviar, almacenar, imprimir,
reproducir, publicar o utilizar de alguna forma la información o el
contenido de este mensaje y sus anexos.


Las opiniones personales que se hayan incluido, se entiende que son de
su autor y en ningún caso representan los intereses de la  empresa
RADY CONSULTORES.


2017-09-21 9:58 GMT-05:00 César Martinez :

Saludos amigos listeros espero todos se encuentren bien, acudo a ustedes con
una peque consulta, tengo un servidor de correo el cuál esta siendo atacado
constantemente e instalado ya fail2ban pero aún así son repetitivos los
intentos de acceso de usuarios, tengo claves fuertes para los usuarios de
correo, estoy creando un script donde se lee los logs saca las direcciones
ips atacantes hacia un archivo y luego via iptables bloqueo estas ips, pero
necesito que las ips del segmento de la lan que encuentre en los logs no las
banee, aquí lo que tengo haber si alguien me puede echar una mano

sed -i 's/192.168.0.$/192.168.100.23/g' /archivo

Ejecuto no me da error pero no reemplaza las direcciones ips

Si lo hago de uno en uno funciona pero quiero que sea a nivel de todo el
segmento

sed  -i  's/192.168.0.86/192.168.100.23/g' /archivo

Con esta linea si funciona

Gracias a todos los que puedan ayudarme

--
|Saludos Cordiales
|César Martínez M. | Ingeniero de Sistemas
|Consultor & Proyectos Software Libre| SERVICOM
|Tel: (593-2)554-271 2221-386 | Ext 4501
|Celular:(593 999374317 |Skype servicomecuador
|Web www.servicomecuador.com Síguenos en:
|Twitter: @servicomecuador |Facebook: servicomec
|Zona Clientes: www.servicomecuador.com/billing
|Blog: http://servicomecuador.com/blog
|Dir. Av. 10 de Agosto N29-140 Entre
|Acuña y  Cuero y Caicedo
|Quito - Ecuador - Sudamérica

___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es



___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS] selinux prevents lighttpd from printing

[hw]

Daniel Walsh wrote:

On 09/22/2017 06:58 AM, hw wrote:


PS: Now I found this:


type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : 
proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp
type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 
syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 
a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 
auid=unset uid=lighttpd gid=lighttpd euid=root suid=root fsuid=root 
egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset comm=sendmail 
exe=/usr/sbin/exim subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc:  denied  { setgid } for 
 pid=19418 comm=sendmail capability=setgid 
scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=capability

type=SYSCALL msg=audit(09/15/2017 12:12:14.551:31746) : arch=x86_64 
syscall=open success=yes exit=7 a0=0x7ffd1659ec70 a1=O_RDONLY a2=0x0 a3=0x9 
items=0 ppid=27605 pid=27633 auid=unset uid=lighttpd gid=lighttpd euid=lighttpd 
suid=lighttpd fsuid=lighttpd egid=lighttpd sgid=lighttpd fsgid=lighttpd 
tty=(none) ses=unset comm=lpr exe=/usr/bin/lpr.cups 
subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
type=AVC msg=audit(09/15/2017 12:12:14.551:31746) : avc:  denied { open } for  pid=27633 
comm=lpr path=/etc/cups/lpoptions dev="sdb2" ino=153957 
scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
type=AVC msg=audit(09/15/2017 12:12:14.551:31746) : avc:  denied { read } for  pid=27633 
comm=lpr name=lpoptions dev="sdb2" ino=153957 
scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file


So I can see that sending email and printing was denied -- which I already
found out --- and I don´t have any idea how to allow it.


hw wrote:

Johnny Hughes wrote:

On 09/20/2017 07:19 AM, hw wrote:

hw wrote:


Hi,

how do I allow CGI programs to print (using 'lpr -P some-printer
some-file.pdf') when
lighttpd is being used for a web server?

When selinux is permissive, the printer prints; when it´s enforcing,
the printer
does not print, and I´m getting the log message '/bin/lpr: Permission
denied'.

'getsebool -a | grep http' doesn´t show any boolean I could make out
to be responsible
for this.

Any idea what I need to do/change to allow printing without disabling
selinux?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Nobody knows?



Look in your audit logs while in permissive mode and you should see the
issue in there, the wiki has details:

https://wiki.centos.org/HowTos/SELinux#head-798c98ef37cb8a00425a048152113b7a7dc14f1b


Thanks!  I´m guessing I´m supposed to use ausearch to search for something, and
I don´t know what to search for.

So far, lighttpd can not print and can not send emails (using MIME::Lite) unless
selinux is permissive.  Using

'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i'

, I only get


type=PROCTITLE msg=audit(09/21/2017 14:08:40.569:559) : 
proctitle=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
type=SYSCALL msg=audit(09/21/2017 14:08:40.569:559) : arch=x86_64 syscall=open 
success=no exit=EACCES(Permission denied) a0=0x559fc8094740 
a1=O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_TRUNC|O_CLOEXEC a2=0644 a3=0x7 items=0 
ppid=1 pid=14081 auid=unset uid=root gid=root euid=root suid=root fsuid=root 
egid=root sgid=root fsgid=root tty=(none) ses=unset comm=lighttpd 
exe=/usr/sbin/lighttpd subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(09/21/2017 14:08:40.569:559) : avc:  denied { write } for  pid=14081 
comm=lighttpd name=www dev="sda2" ino=64608 
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 
tclass=dir


Any idea what I would need to search for, or how to figure out what I would
need to allow?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


First thing to enable httpd to send mail, you can turn on the send mail boolean.

# setsebool -P httpd_can_sendmail 1


Oh I looked at these variables and somehow didn´t see it.


The ability to print you would need to add custom rules.

# grep lpr /var/log/audit/audit.log | audit2allow -R -M myprint

# semodule -i myprint.pp

If you get another failure on lpt, you might have to run these commands a 
couple of times.


Thank you very much!  Both problems are now fixed :)

However:

grep lpr /var/log/audit/audit.log | audit2allow -R -M myprint
could not open interface info [/var/lib/sepolgen/interface_info]


I don´t know what´s missing, so I omitted the -R option, and it worked.

[CentOS] CentOS-announce Digest, Vol 151, Issue 6

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. New CentOS Atomic Host with OverlayFS Storage (Jason Brooks)
   2. CESA-2017:2789 Moderate CentOS 6 samba Security   Update
  (Johnny Hughes)
   3. CESA-2017:2791 Moderate CentOS 6 samba4 Security  Update
  (Johnny Hughes)
   4. CESA-2017:2788 Important CentOS 7 augeas Security Update
  (Johnny Hughes)
   5. CESA-2017:2790 Moderate CentOS 7 samba Security   Update
  (Johnny Hughes)


--

Message: 1
Date: Wed, 20 Sep 2017 15:25:55 -0700
From: Jason Brooks 
To: "The CentOS developers mailing list." ,
centos-annou...@centos.org,  atomic-devel
, atomic-annou...@projectatomic.io
Subject: [CentOS-announce] New CentOS Atomic Host with OverlayFS
Storage
Message-ID:

Re: [CentOS] NFS mount on Centos 7 crashing

[Nikolaos Milas]

On 2/6/2017 1:46 μμ, Nikolaos Milas wrote:


After a bit of search, I found the associated reports:

https://bugs.centos.org/view.php?id=13351
https://bugzilla.redhat.com/show_bug.cgi?id=1454876

No solution yet, but -as a workaround- it seems that -at least- nfs 
problems are indeed solved with downgrading.


I have been working fine with CentOS 7.3, since I downgraded to 
rpcbind-0.2.0-38.el7.x86_64.


Today, I decided to upgrade to 7.4 (which, among several hundred 
updates, includes rpcbind-0.2.0-42.el7.x86_64); after that I have 
started having similar NFS issues again: NFS communication hungs. In 
/var/log/messages:


-
...
Sep 22 11:03:21 hesperia1 kernel: RPC: Registered named UNIX socket 
transport module.

Sep 22 11:03:21 hesperia1 kernel: RPC: Registered udp transport module.
Sep 22 11:03:21 hesperia1 kernel: RPC: Registered tcp transport module.
Sep 22 11:03:21 hesperia1 kernel: RPC: Registered tcp NFSv4.1 
backchannel transport module.

Sep 22 11:03:21 hesperia1 systemd-udevd: starting version 219
Sep 22 11:03:21 hesperia1 systemd: Started Configure read-only root support.
Sep 22 11:03:21 hesperia1 kernel: Installing knfsd (copyright (C) 1996 
o...@monad.swb.de).

Sep 22 11:03:21 hesperia1 systemd: Mounted NFSD configuration filesystem.
...
Sep 22 11:03:27 hesperia1 systemd: Mounting /mnt/dd2500-1...
Sep 22 11:03:27 hesperia1 systemd: Starting Notify NFS peers of a restart...
Sep 22 11:03:27 hesperia1 sm-notify[948]: Version 1.3.0 starting
Sep 22 11:03:27 hesperia1 systemd: Started Notify NFS peers of a restart.
Sep 22 11:03:27 hesperia1 systemd: Started OpenSSH server daemon.
Sep 22 11:03:27 hesperia1 kernel: FS-Cache: Loaded
Sep 22 11:03:27 hesperia1 kernel: FS-Cache: Netfs 'nfs' registered for 
caching

Sep 22 11:03:27 hesperia1 systemd: Mounted /mnt/dd2500-1.
Sep 22 11:03:27 hesperia1 systemd: Reached target Remote File Systems.
Sep 22 11:03:27 hesperia1 systemd: Starting Remote File Systems.
...
Sep 22 11:11:16 hesperia1 kernel: nfs: server 10.201.40.34 not 
responding, still trying

...
Sep 22 11:20:44 hesperia1 kernel: nfs: server 10.201.40.34 not 
responding, still trying

...
-

I tried downgrading to rpcbind-0.2.0-38.el7.x86_64 but this time it 
didn't help.


I mount either directly:

  mount -vv -o auto,noatime,nolock,bg,nfsvers=3,intr,tcp,actimeo=1800 
-t nfs 10.201.40.34:/data/col1/hesperia-mount /hesperiamount2


or through /etc/fstab:

  10.201.40.34:/data/col1/hesperia-mount   /hesperiamount2   nfs 
auto,noatime,nolock,bg,nfsvers=3,intr,tcp,actimeo=1800 0


The box may even hung during reboot, which has never happened in the past.

It needs a hard reboot (via VM admin console) to boot again.

I have confirmed the above behavior multiple times.

Please advise me on how to resolve this situation. We are very much 
dependent on NFS mounts.


Is it a known bug? (As far as I could search, I didn't came up with 
something.)


The earlier bug report appears resolved: 
https://bugzilla.redhat.com/show_bug.cgi?id=1454876


Can I safely/easily revert to 7.3?

Thanks in advance,
Nick

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] upgrade to 7.4 ZFS issue

[Thomas Roth]

Hi all,

I have a server running 7.3 using the zfs-kmod packages from zfsonlinux.org.
For the update to 7.4, I followed https://github.com/zfsonlinux/zfs/wiki/RHEL-&-CentOS: removal of all zfs - and related packages and installation of 
the zfs-release.7.4.noarch.rpm

Afterwards, yum will find almost all packages from that repository - except for the 
zfs-0.7.1-1.el7_4.x86_64.rpm itself ("ZFS command line utilities").
However, the package is there, I can get it via wget!
Of course I tried cleaning yum + caches, not removing the zfs packages, removing them before reboot, removing them after booting into  3.10.0-693 - 
all of which makes no difference.


On a fresh installation (aka starting with 7.4), this problem does not occur.


Regardless of any ZFS specifics, what could cause yum to exclude one single 
package file from an otherwise perfectly accessible repo?

Cheers,
Thomas
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux prevents lighttpd from printing

[Daniel Walsh]

On 09/22/2017 06:58 AM, hw wrote:


PS: Now I found this:


type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : 
proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp
type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 
syscall=setgroups success=no exit=EPERM(Operation not permitted) 
a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 
pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root suid=root 
fsuid=root egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) 
ses=unset comm=sendmail exe=/usr/sbin/exim 
subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc:  denied  { 
setgid } for  pid=19418 comm=sendmail capability=setgid 
scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=capability


type=SYSCALL msg=audit(09/15/2017 12:12:14.551:31746) : arch=x86_64 
syscall=open success=yes exit=7 a0=0x7ffd1659ec70 a1=O_RDONLY a2=0x0 
a3=0x9 items=0 ppid=27605 pid=27633 auid=unset uid=lighttpd 
gid=lighttpd euid=lighttpd suid=lighttpd fsuid=lighttpd egid=lighttpd 
sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset comm=lpr 
exe=/usr/bin/lpr.cups subj=system_u:system_r:httpd_sys_script_t:s0 
key=(null)
type=AVC msg=audit(09/15/2017 12:12:14.551:31746) : avc:  denied { 
open } for  pid=27633 comm=lpr path=/etc/cups/lpoptions dev="sdb2" 
ino=153957 scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
type=AVC msg=audit(09/15/2017 12:12:14.551:31746) : avc:  denied { 
read } for  pid=27633 comm=lpr name=lpoptions dev="sdb2" ino=153957 
scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file



So I can see that sending email and printing was denied -- which I 
already

found out --- and I don´t have any idea how to allow it.


hw wrote:

Johnny Hughes wrote:

On 09/20/2017 07:19 AM, hw wrote:

hw wrote:


Hi,

how do I allow CGI programs to print (using 'lpr -P some-printer
some-file.pdf') when
lighttpd is being used for a web server?

When selinux is permissive, the printer prints; when it´s enforcing,
the printer
does not print, and I´m getting the log message '/bin/lpr: Permission
denied'.

'getsebool -a | grep http' doesn´t show any boolean I could make out
to be responsible
for this.

Any idea what I need to do/change to allow printing without disabling
selinux?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Nobody knows?



Look in your audit logs while in permissive mode and you should see the
issue in there, the wiki has details:

https://wiki.centos.org/HowTos/SELinux#head-798c98ef37cb8a00425a048152113b7a7dc14f1b 



Thanks!  I´m guessing I´m supposed to use ausearch to search for 
something, and

I don´t know what to search for.

So far, lighttpd can not print and can not send emails (using 
MIME::Lite) unless

selinux is permissive.  Using

'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i'

, I only get


type=PROCTITLE msg=audit(09/21/2017 14:08:40.569:559) : 
proctitle=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
type=SYSCALL msg=audit(09/21/2017 14:08:40.569:559) : arch=x86_64 
syscall=open success=no exit=EACCES(Permission denied) 
a0=0x559fc8094740 
a1=O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_TRUNC|O_CLOEXEC a2=0644 a3=0x7 
items=0 ppid=1 pid=14081 auid=unset uid=root gid=root euid=root 
suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) 
ses=unset comm=lighttpd exe=/usr/sbin/lighttpd 
subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(09/21/2017 14:08:40.569:559) : avc:  denied { 
write } for  pid=14081 comm=lighttpd name=www dev="sda2" ino=64608 
scontext=system_u:system_r:httpd_t:s0 
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir



Any idea what I would need to search for, or how to figure out what I 
would

need to allow?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


First thing to enable httpd to send mail, you can turn on the send mail 
boolean.


# setsebool -P httpd_can_sendmail 1

The ability to print you would need to add custom rules.

# grep lpr /var/log/audit/audit.log | audit2allow -R -M myprint

# semodule -i myprint.pp

If you get another failure on lpt, you might have to run these commands 
a couple of times.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux prevents lighttpd from printing

[hw]

PS: Now I found this:


type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : 
proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp
type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 
syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 
a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 
auid=unset uid=lighttpd gid=lighttpd euid=root suid=root fsuid=root 
egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset comm=sendmail 
exe=/usr/sbin/exim subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc:  denied  { setgid } for 
 pid=19418 comm=sendmail capability=setgid  
scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=capability

type=SYSCALL msg=audit(09/15/2017 12:12:14.551:31746) : arch=x86_64 
syscall=open success=yes exit=7 a0=0x7ffd1659ec70 a1=O_RDONLY a2=0x0 a3=0x9 
items=0 ppid=27605 pid=27633 auid=unset uid=lighttpd gid=lighttpd euid=lighttpd 
suid=lighttpd fsuid=lighttpd egid=lighttpd sgid=lighttpd fsgid=lighttpd 
tty=(none) ses=unset comm=lpr exe=/usr/bin/lpr.cups 
subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
type=AVC msg=audit(09/15/2017 12:12:14.551:31746) : avc:  denied  { open } for  pid=27633 
comm=lpr path=/etc/cups/lpoptions dev="sdb2" ino=153957 
scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
type=AVC msg=audit(09/15/2017 12:12:14.551:31746) : avc:  denied  { read } for  pid=27633 
comm=lpr name=lpoptions dev="sdb2" ino=153957 
scontext=system_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file


So I can see that sending email and printing was denied -- which I already
found out --- and I don´t have any idea how to allow it.


hw wrote:

Johnny Hughes wrote:

On 09/20/2017 07:19 AM, hw wrote:

hw wrote:


Hi,

how do I allow CGI programs to print (using 'lpr -P some-printer
some-file.pdf') when
lighttpd is being used for a web server?

When selinux is permissive, the printer prints; when it´s enforcing,
the printer
does not print, and I´m getting the log message '/bin/lpr: Permission
denied'.

'getsebool -a | grep http' doesn´t show any boolean I could make out
to be responsible
for this.

Any idea what I need to do/change to allow printing without disabling
selinux?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Nobody knows?



Look in your audit logs while in permissive mode and you should see the
issue in there, the wiki has details:

https://wiki.centos.org/HowTos/SELinux#head-798c98ef37cb8a00425a048152113b7a7dc14f1b


Thanks!  I´m guessing I´m supposed to use ausearch to search for something, and
I don´t know what to search for.

So far, lighttpd can not print and can not send emails (using MIME::Lite) unless
selinux is permissive.  Using

'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i'

, I only get


type=PROCTITLE msg=audit(09/21/2017 14:08:40.569:559) : 
proctitle=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
type=SYSCALL msg=audit(09/21/2017 14:08:40.569:559) : arch=x86_64 syscall=open 
success=no exit=EACCES(Permission denied) a0=0x559fc8094740 
a1=O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_TRUNC|O_CLOEXEC a2=0644 a3=0x7 items=0 
ppid=1 pid=14081 auid=unset uid=root gid=root euid=root suid=root fsuid=root 
egid=root sgid=root fsgid=root tty=(none) ses=unset comm=lighttpd 
exe=/usr/sbin/lighttpd subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(09/21/2017 14:08:40.569:559) : avc:  denied  { write } for  pid=14081 
comm=lighttpd name=www dev="sda2" ino=64608 
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 
tclass=dir


Any idea what I would need to search for, or how to figure out what I would
need to allow?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux prevents lighttpd from printing

[hw]

Johnny Hughes wrote:

On 09/20/2017 07:19 AM, hw wrote:

hw wrote:


Hi,

how do I allow CGI programs to print (using 'lpr -P some-printer
some-file.pdf') when
lighttpd is being used for a web server?

When selinux is permissive, the printer prints; when it´s enforcing,
the printer
does not print, and I´m getting the log message '/bin/lpr: Permission
denied'.

'getsebool -a | grep http' doesn´t show any boolean I could make out
to be responsible
for this.

Any idea what I need to do/change to allow printing without disabling
selinux?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Nobody knows?



Look in your audit logs while in permissive mode and you should see the
issue in there, the wiki has details:

https://wiki.centos.org/HowTos/SELinux#head-798c98ef37cb8a00425a048152113b7a7dc14f1b


Thanks!  I´m guessing I´m supposed to use ausearch to search for something, and
I don´t know what to search for.

So far, lighttpd can not print and can not send emails (using MIME::Lite) unless
selinux is permissive.  Using

'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i'

, I only get


type=PROCTITLE msg=audit(09/21/2017 14:08:40.569:559) : 
proctitle=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
type=SYSCALL msg=audit(09/21/2017 14:08:40.569:559) : arch=x86_64 syscall=open 
success=no exit=EACCES(Permission denied) a0=0x559fc8094740 
a1=O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_TRUNC|O_CLOEXEC a2=0644 a3=0x7 items=0 
ppid=1 pid=14081 auid=unset uid=root gid=root euid=root suid=root fsuid=root 
egid=root sgid=root fsgid=root tty=(none) ses=unset comm=lighttpd 
exe=/usr/sbin/lighttpd subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(09/21/2017 14:08:40.569:559) : avc:  denied  { write } for  pid=14081 
comm=lighttpd name=www dev="sda2" ino=64608 
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 
tclass=dir


Any idea what I would need to search for, or how to figure out what I would
need to allow?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] owncloud on CentOS - I have problems installing/updating recently

[Sorin Srbu]

> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of James
> Hogarth
> Sent: den 22 september 2017 12:14
> To: CentOS mailing list 
> Subject: Re: [CentOS] owncloud on CentOS - I have problems
> installing/updating recently
> 
>> I know that many prefer EPEL packages but sometimes life gets ahead of
us...
> 
> So far as owncloud in EPEL/CentOS is concerned it's not actually lagging
> that badly ... the most recent 9.1.X release is 9.1.6 and it's only a few
> minor bugfixes for the large part over the 9.1.5 in the EPEL repo.
> 
> https://owncloud.org/changelog/
> 
> Do note that when I push 9.1.6 (which will be soon now I have a little
> time) it'll probably be close to the last owncloud package in EPEL7 at the
> least ... I'll include an EOL/retirement notice in the package when I get
> around to it and will mail here and epel-devel and epel-announce mailing
> lists.
> 
> The 10.x release of owncloud bumps the minimum PHP version to 5.6 ...
> which
> is obviously not in base repos and I'm not permitted to depend on packages
> in SCL or 3rd party repos in EPEL.
> 
> The nextcloud package is in a worse state as things stand ... the version
> that can be in EPEL is officially EOL ... I'll push out a 10.0.6 release
> soon with the EOL notice and email about this. From 11 onwards they
require
> PHP5.6+ as well.
> 
> For now my recommendation for owncloud or nextcloud is to use their most
> recent manual tarball/zip install and PHP 7.1 from your preferred choice
of
> IUS, RemiRepo or SCL ... or run their official containers.
> 
> I hope to have a container option soon(ish) as part of the Fedora
Container
> Service initiative that would allow you to run the Fedora based version
> easily, which would bypass the PHP version issues but that needs me to
> have time to get all the dependency issues sorted and carry out the Fedora
> upgrades.
> 
> Reminder that I have a job and family and 2 year old daughter ... time to
> do all this is precious and if you want to see this happen then help is
> always welcome :)
> 
> James


Just to make sure, I in no way complain about how things are with EPEL. I'm
happy as is.

Take your time with the family, they are indeed precious. 
Failed OC and php installs and tests on the end-user side can be redone. :-)

--
//Sorin
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] owncloud on CentOS - I have problems installing/updating recently

[James Hogarth]

On 22 September 2017 at 06:28, Sorin Srbu  wrote:

> > -Original Message-
> > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Valeri
> > Galtsev
> > Sent: den 21 september 2017 17:25
> > To: CentOS mailing list 
> > Subject: Re: [CentOS] owncloud on CentOS - I have problems
> > installing/updating recently
> >
> >
> > On Thu, September 21, 2017 1:00 am, Sorin Srbu wrote:
> > >> -Original Message-
> > >> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Nicolas
> > >> Kovacs
> > >> Sent: den 20 september 2017 18:55
> > >> To: centos@centos.org
> > >> Subject: Re: [CentOS] owncloud on CentOS - I have problems
> > >> installing/updating recently
> > >>
> > >> > Does anybody have any suggestion? Am I the only one (thus, making my
> > >> > "pilot error"), or others have the same? Did someone find
> workaround?
> > >>
> > >> The SUSE repository works perfectly. There has been a transition
> period
> > >> with overlapping dependencies in this repository and EPEL. What I did
> > >> was simply remove all packages and reinstall the owncloud-client
> > >> package. This repository is also always up-to-date, whereas the EPEL
> > >> package is regularly lagging behind.
> > >
> > > Not just you Valeri. Thought it was a bit fishy as well, but figured
> I'd,
> > > as
> > > Nicolas mentions, doing a uninstall and then reinstall things might
> solve
> > > the
> > > problems.
> > >
> >
> > Thanks Nicolas and Sorin! Once I learned from you about another source of
> > owncloud packages (EPEL), I found my way out of suse repository timing
> out
> > on me...
> >
> > Valeri
>
> You're welcome.
>
> I also use the yum-priorities plugin. I find it sometimes plays tricks on
> me.
> You might want to look into that and shuffle the set priorities, if you use
> it as well
>
> --
> //Sorin
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

I know that many prefer EPEL packages but sometimes life gets ahead of us...

So far as owncloud in EPEL/CentOS is concerned it's not actually lagging
that badly ... the most recent 9.1.X release is 9.1.6 and it's only a few
minor bugfixes for the large part over the 9.1.5 in the EPEL repo.

https://owncloud.org/changelog/

Do note that when I push 9.1.6 (which will be soon now I have a little
time) it'll probably be close to the last owncloud package in EPEL7 at the
least ... I'll include an EOL/retirement notice in the package when I get
around to it and will mail here and epel-devel and epel-announce mailing
lists.

The 10.x release of owncloud bumps the minimum PHP version to 5.6 ... which
is obviously not in base repos and I'm not permitted to depend on packages
in SCL or 3rd party repos in EPEL.

The nextcloud package is in a worse state as things stand ... the version
that can be in EPEL is officially EOL ... I'll push out a 10.0.6 release
soon with the EOL notice and email about this. From 11 onwards they require
PHP5.6+ as well.

For now my recommendation for owncloud or nextcloud is to use their most
recent manual tarball/zip install and PHP 7.1 from your preferred choice of
IUS, RemiRepo or SCL ... or run their official containers.

I hope to have a container option soon(ish) as part of the Fedora Container
Service initiative that would allow you to run the Fedora based version
easily, which would bypass the PHP version issues but that needs me to
have time to get all the dependency issues sorted and carry out the Fedora
upgrades.

Reminder that I have a job and family and 2 year old daughter ... time to
do all this is precious and if you want to see this happen then help is
always welcome :)

James
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum: complete list of groups

[Volker]

On 22.09.2017 11:30, John Hodrien wrote:
> On Fri, 22 Sep 2017, Volker wrote:
> 
>> Some groups are missing. E.g. network-file-system-client, multimedia
>>
>> Does anyone know, how to get a complete list?
> 
> Some groups are marked as not visible, so you need to make it show you
> hidden
> groups:
> 
> yum grouplist hidden

Thanks :-)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum: complete list of groups

[John Hodrien]

On Fri, 22 Sep 2017, Volker wrote:


Some groups are missing. E.g. network-file-system-client, multimedia

Does anyone know, how to get a complete list?


Some groups are marked as not visible, so you need to make it show you hidden
groups:

yum grouplist hidden

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] yum: complete list of groups

[Volker]

Hello,

yum lists only some of the groups as available

# yum group list
Loaded plugins: fastestmirror, langpacks, nvidia
[nvidia]: No NVIDIA display devices found
Loading mirror speeds from cached hostfile
 * base: ftp.plusline.de
 * elrepo: ftp.nluug.nl
 * extras: mirror.wiuwiu.de
 * updates: ftp.plusline.de
Available Environment Groups:
   Minimal Install
   Compute Node
   Infrastructure Server
   File and Print Server
   Basic Web Server
   Virtualization Host
   Server with GUI
   GNOME Desktop
   KDE Plasma Workspaces
   Development and Creative Workstation
Installed Groups:
   Development Tools
   Legacy UNIX Compatibility
   Security Tools
   System Administration Tools
Available Groups:
   Compatibility Libraries
   Console Internet Tools
   Graphical Administration Tools
   Scientific Support
   Smart Card Support
   System Management
Done

Some groups are missing. E.g. network-file-system-client, multimedia

Does anyone know, how to get a complete list?


Regards
Volker

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos