Re: [CentOS] Centos 7 (using iptables) removed firewalld
On Fri, Jun 01, 2018 at 06:50:28AM -0700, Kenneth Porter wrote: > > I suggest uploading your script to pastebin.com and putting the link in your > post to the list. That way long lines in your script will be preserved. > Pastebin is good for content where the formatting is important. Perhaps using a pastebin service that is not chock full of unwanted ads would be better. http://pastebin.centos.org as an example will not force ads on users. But yes, if one is unable to wrangle their MUA into not reformatting their text a pastebin service would be an excellent alternative. Good suggestion. John -- Our imagination is stretched to the utmost, not, as in fiction, to imagine things which are not really there, but just to comprehend those things which are there. -- Richard Phillips Feynman (1918-1988), American physicist, The Character of Physical Law (1965) pgp2swNv6NkD7.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 (using iptables) removed firewalld
Am 01.06.2018 um 18:41 schrieb Alexander Dalloz: [ ... ] Steve, you are right on this list with questions concerning CentOS 7. It is just the (repeated) formatting of your postings which makes it hard to reply with helpful on-topic answers. Just see yourself what you have sent so far: https://lists.centos.org/pipermail/centos/2018-June/169029.html Sorry, the first link should have been your initial posting https://lists.centos.org/pipermail/centos/2018-June/169023.html https://lists.centos.org/pipermail/centos/2018-June/169027.html https://lists.centos.org/pipermail/centos/2018-June/169029.html [ ... ] Regards Alexander ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 (using iptables) removed firewalld
Am 01.06.2018 um 17:24 schrieb Steve Frazier: I assumed this was a Centos 7 mailing list and I was looking for help with IPTABLEs.I have used mailing lists before. Copying a file to an email address didn't have that type of output. I apologize. First of all is this a Centos 7 Mailing list that I can ask for help or have I made a huge mistake? IF so, should I just attach the file to the email. Steve, you are right on this list with questions concerning CentOS 7. It is just the (repeated) formatting of your postings which makes it hard to reply with helpful on-topic answers. Just see yourself what you have sent so far: https://lists.centos.org/pipermail/centos/2018-June/169029.html https://lists.centos.org/pipermail/centos/2018-June/169027.html https://lists.centos.org/pipermail/centos/2018-June/169029.html Would you be willing yourself to decrypt such messages just to help someone else? And please, as this is a mailing list and as you can see from the archive, it is not necessary to quote everything of a previous list post. It is a mailing list and doing fine to be threaded, providing a historty. Quoting everything is just bloating the content. And reverse order of content is contrary usual reading top to bottom. Try to display your iptables rules for best readability on i.e. http://pastebin.centos.org/ with a live time setting of at least 1 week to be sure your content can be deciphered. Regards Alexander ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 (using iptables) removed firewalld
I assumed this was a Centos 7 mailing list and I was looking for help with IPTABLEs.I have used mailing lists before. Copying a file to an email address didn't have that type of output. I apologize. First of all is this a Centos 7 Mailing list that I can ask for help or have I made a huge mistake? IF so, should I just attach the file to the email. I apologize for the output, I had no idea. That's not the way it looked when I sent it. I am sorry. I am just looking for some help with IPTABLES on Centos 7. Please let me know and I won't send any more questions if I am not sending to the right list for help and not the right way. On Friday, June 1, 2018, 11:16:33 AM EDT, m.r...@5-cent.us wrote: Steve Frazier wrote: > Thank you. I apologize for sending something that could be read. There > are more examples in there that I had commented out. > Anyway, here is my working iptables-save. If someone could review my > output and let me know if I am missing anything and if the order of the > rules are the most secure they could be. > TIA. > Steve, Do you have any idea of what you're writing? Why are you emailing - this *is* an email list - with run-on lines? I mean, really, can you read what you sent, below? mark > Steve > > # Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 > 2018*mangle:PREROUTING ACCEPT [12219:2602452]:INPUT ACCEPT > [8766:2101480]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT > [7093:2183351]:POSTROUTING ACCEPT [7093:2183351]COMMIT# Completed on Fri > Jun 1 10:34:39 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 > 10:34:39 2018*nat:PREROUTING ACCEPT [3836:607509]:INPUT ACCEPT > [130:21132]:OUTPUT ACCEPT [42:19744]:POSTROUTING ACCEPT [40:19121]-A > POSTROUTING -o eth1 -j MASQUERADECOMMIT# Completed on Fri Jun 1 10:34:39 > 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 > 2018*filter:INPUT DROP [253:85405]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT > [7093:2183351]-A INPUT -m set --match-set blacklist src -j DROP-A INPUT -i > lo -j ACCEPT-A INPUT -s mypublicip1 -i eth0 -j ACCEPT-A INPUT -s > mypublicip2 -i eth0 -j ACCEPT-A INPUT -s myublicip3 -i eth0 -j ACCEPT-A > INPUT -s 192.168.20.0/23 -i eth1 -j ACCEPT-A INPUT -s myipprovider1 -i > eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -s myipprovider2 -i eth0 > -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -m state --state > RELATED,ESTABLISHED -j ACCEPT-A FORWARD -m set --match-set blacklist src > -j DROP-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j > ACCEPT-A FORWARD -i eth0 -o eth1 -j ACCEPT-A FORWARD -i eth1 -o eth1 -j > REJECT --reject-with icmp-port-unreachableCOMMIT# Completed on Fri Jun 1 > 10:34:39 2018~~ > > Steve > > > > > On Friday, June 1, 2018, 9:37:57 AM EDT, m.r...@5-cent.us > wrote: > > Steve Frazier wrote: >> Hello, >> I hope that I can ask some questions on this mailing list about >> IPTables. >> I am more familiar with IPTABLES instead of FIREWALLD. I disabled >> FIREWALLD and installed iptables-services. >> I have put together a script that I found on the web on how to set up a >> good set of IPTABLES rules to keep my server as secure as possible. > > That's *extremely* hard to read, esp. given that the numbered commands > would fail, as they don't seem to be comments. > > Could you run it, and then give us the o/p of iptables-save? > > mark > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 (using iptables) removed firewalld
I left out the RTP for voip. Here is my updated iptables-save *mangle:PREROUTING ACCEPT [343:37719]:INPUT ACCEPT [238:19550]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [157:14766]:POSTROUTING ACCEPT [157:14766]COMMIT# Completed on Fri Jun 1 11:12:17 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 11:12:17 2018*nat:PREROUTING ACCEPT [114:20124]:INPUT ACCEPT [7:670]:OUTPUT ACCEPT [13:1422]:POSTROUTING ACCEPT [0:0]-A POSTROUTING -o eth1 -j MASQUERADECOMMIT# Completed on Fri Jun 1 11:12:17 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 11:12:17 2018*filter:INPUT DROP [2:1285]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [157:14766]-A INPUT -m set --match-set blacklist src -j DROP-A INPUT -i lo -j ACCEPT-A INPUT -s mypublicip1 -i eth0 -j ACCEPT-A INPUT -s mypublicip2 -i eth0 -j ACCEPT-A INPUT -s mypublicip3 -i eth0 -j ACCEPT-A INPUT -s 192.168.20.0/23 -i eth1 -j ACCEPT-A INPUT -s myvoipprovider1-i eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -s myvoipprovider2 -i eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -p udp -m state --state NEW -m udp --dport 1:2 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A FORWARD -m set --match-set blacklist src -j DROP -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT-A FORWARD -i eth0 -o eth1 -j ACCEPT-A FORWARD -i eth1 -o eth1 -j REJECT --reject-with icmp-port-unreachableCOMMIT# Completed on Fri Jun 1 11:12:17 2018~ Thanks again. On Friday, June 1, 2018, 11:05:10 AM EDT, Steve Frazier wrote: Thank you. I apologize for sending something that could be read. There are more examples in there that I had commented out. Anyway, here is my working iptables-save. If someone could review my output and let me know if I am missing anything and if the order of the rules are the most secure they could be. TIA. Steve # Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 2018*mangle:PREROUTING ACCEPT [12219:2602452]:INPUT ACCEPT [8766:2101480]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [7093:2183351]:POSTROUTING ACCEPT [7093:2183351]COMMIT# Completed on Fri Jun 1 10:34:39 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 2018*nat:PREROUTING ACCEPT [3836:607509]:INPUT ACCEPT [130:21132]:OUTPUT ACCEPT [42:19744]:POSTROUTING ACCEPT [40:19121]-A POSTROUTING -o eth1 -j MASQUERADECOMMIT# Completed on Fri Jun 1 10:34:39 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 2018*filter:INPUT DROP [253:85405]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [7093:2183351]-A INPUT -m set --match-set blacklist src -j DROP-A INPUT -i lo -j ACCEPT-A INPUT -s mypublicip1 -i eth0 -j ACCEPT-A INPUT -s mypublicip2 -i eth0 -j ACCEPT-A INPUT -s myublicip3 -i eth0 -j ACCEPT-A INPUT -s 192.168.20.0/23 -i eth1 -j ACCEPT-A INPUT -s myipprovider1 -i eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -s myipprovider2 -i eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A FORWARD -m set --match-set blacklist src -j DROP-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT-A FORWARD -i eth0 -o eth1 -j ACCEPT-A FORWARD -i eth1 -o eth1 -j REJECT --reject-with icmp-port-unreachableCOMMIT# Completed on Fri Jun 1 10:34:39 2018~~ Steve On Friday, June 1, 2018, 9:37:57 AM EDT, m.r...@5-cent.us wrote: Steve Frazier wrote: > Hello, > I hope that I can ask some questions on this mailing list about IPTables. > I am more familiar with IPTABLES instead of FIREWALLD. I disabled > FIREWALLD and installed iptables-services. > I have put together a script that I found on the web on how to set up a > good set of IPTABLES rules to keep my server as secure as possible. That's *extremely* hard to read, esp. given that the numbered commands would fail, as they don't seem to be comments. Could you run it, and then give us the o/p of iptables-save? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 (using iptables) removed firewalld
Steve Frazier wrote: > Thank you. I apologize for sending something that could be read. There > are more examples in there that I had commented out. > Anyway, here is my working iptables-save. If someone could review my > output and let me know if I am missing anything and if the order of the > rules are the most secure they could be. > TIA. > Steve, Do you have any idea of what you're writing? Why are you emailing - this *is* an email list - with run-on lines? I mean, really, can you read what you sent, below? mark > Steve > > # Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 > 2018*mangle:PREROUTING ACCEPT [12219:2602452]:INPUT ACCEPT > [8766:2101480]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT > [7093:2183351]:POSTROUTING ACCEPT [7093:2183351]COMMIT# Completed on Fri > Jun 1 10:34:39 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 > 10:34:39 2018*nat:PREROUTING ACCEPT [3836:607509]:INPUT ACCEPT > [130:21132]:OUTPUT ACCEPT [42:19744]:POSTROUTING ACCEPT [40:19121]-A > POSTROUTING -o eth1 -j MASQUERADECOMMIT# Completed on Fri Jun 1 10:34:39 > 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 > 2018*filter:INPUT DROP [253:85405]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT > [7093:2183351]-A INPUT -m set --match-set blacklist src -j DROP-A INPUT -i > lo -j ACCEPT-A INPUT -s mypublicip1 -i eth0 -j ACCEPT-A INPUT -s > mypublicip2 -i eth0 -j ACCEPT-A INPUT -s myublicip3 -i eth0 -j ACCEPT-A > INPUT -s 192.168.20.0/23 -i eth1 -j ACCEPT-A INPUT -s myipprovider1 -i > eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -s myipprovider2 -i eth0 > -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -m state --state > RELATED,ESTABLISHED -j ACCEPT-A FORWARD -m set --match-set blacklist src > -j DROP-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j > ACCEPT-A FORWARD -i eth0 -o eth1 -j ACCEPT-A FORWARD -i eth1 -o eth1 -j > REJECT --reject-with icmp-port-unreachableCOMMIT# Completed on Fri Jun 1 > 10:34:39 2018~~ > > Steve > > > > > On Friday, June 1, 2018, 9:37:57 AM EDT, m.r...@5-cent.us > wrote: > > Steve Frazier wrote: >> Hello, >> I hope that I can ask some questions on this mailing list about >> IPTables. >> I am more familiar with IPTABLES instead of FIREWALLD. I disabled >> FIREWALLD and installed iptables-services. >> I have put together a script that I found on the web on how to set up a >> good set of IPTABLES rules to keep my server as secure as possible. > > That's *extremely* hard to read, esp. given that the numbered commands > would fail, as they don't seem to be comments. > > Could you run it, and then give us the o/p of iptables-save? > > mark > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 (using iptables) removed firewalld
Thank you. I apologize for sending something that could be read. There are more examples in there that I had commented out. Anyway, here is my working iptables-save. If someone could review my output and let me know if I am missing anything and if the order of the rules are the most secure they could be. TIA. Steve # Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 2018*mangle:PREROUTING ACCEPT [12219:2602452]:INPUT ACCEPT [8766:2101480]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [7093:2183351]:POSTROUTING ACCEPT [7093:2183351]COMMIT# Completed on Fri Jun 1 10:34:39 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 2018*nat:PREROUTING ACCEPT [3836:607509]:INPUT ACCEPT [130:21132]:OUTPUT ACCEPT [42:19744]:POSTROUTING ACCEPT [40:19121]-A POSTROUTING -o eth1 -j MASQUERADECOMMIT# Completed on Fri Jun 1 10:34:39 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 2018*filter:INPUT DROP [253:85405]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [7093:2183351]-A INPUT -m set --match-set blacklist src -j DROP-A INPUT -i lo -j ACCEPT-A INPUT -s mypublicip1 -i eth0 -j ACCEPT-A INPUT -s mypublicip2 -i eth0 -j ACCEPT-A INPUT -s myublicip3 -i eth0 -j ACCEPT-A INPUT -s 192.168.20.0/23 -i eth1 -j ACCEPT-A INPUT -s myipprovider1 -i eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -s myipprovider2 -i eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A FORWARD -m set --match-set blacklist src -j DROP-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT-A FORWARD -i eth0 -o eth1 -j ACCEPT-A FORWARD -i eth1 -o eth1 -j REJECT --reject-with icmp-port-unreachableCOMMIT# Completed on Fri Jun 1 10:34:39 2018~~ Steve On Friday, June 1, 2018, 9:37:57 AM EDT, m.r...@5-cent.us wrote: Steve Frazier wrote: > Hello, > I hope that I can ask some questions on this mailing list about IPTables. > I am more familiar with IPTABLES instead of FIREWALLD. I disabled > FIREWALLD and installed iptables-services. > I have put together a script that I found on the web on how to set up a > good set of IPTABLES rules to keep my server as secure as possible. That's *extremely* hard to read, esp. given that the numbered commands would fail, as they don't seem to be comments. Could you run it, and then give us the o/p of iptables-save? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 (using iptables) removed firewalld
--On Friday, June 01, 2018 1:01 PM + Steve Frazier wrote: I have attached the full script with the comments for what I am trying to do. I suggest uploading your script to pastebin.com and putting the link in your post to the list. That way long lines in your script will be preserved. Pastebin is good for content where the formatting is important. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 (using iptables) removed firewalld
Steve Frazier wrote: > Hello, > I hope that I can ask some questions on this mailing list about IPTables. > I am more familiar with IPTABLES instead of FIREWALLD. I disabled > FIREWALLD and installed iptables-services. > I have put together a script that I found on the web on how to set up a > good set of IPTABLES rules to keep my server as secure as possible. That's *extremely* hard to read, esp. given that the numbered commands would fail, as they don't seem to be comments. Could you run it, and then give us the o/p of iptables-save? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 (using iptables) removed firewalld
Le 01/06/2018 à 14:01, Steve Frazier a écrit : > I hope that I can ask some questions on this mailing list about IPTables. 1. Avoid replying to existing threads only to start a new thread. 2. Try to provide some very basic formatting. Like line breaks. 3. This being said, here's my own article about iptables vs. firewalld: https://blog.microlinux.fr/iptables/ Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 7 (using iptables) removed firewalld
Hello, I hope that I can ask some questions on this mailing list about IPTables. I am more familiar with IPTABLES instead of FIREWALLD. I disabled FIREWALLD and installed iptables-services. I have put together a script that I found on the web on how to set up a good set of IPTABLES rules to keep my server as secure as possible. I have two NICs. ETH0 and ETH1. ETHO is the internet and ETH1 is my internal network. I want to allow all ports from internal to external. I want to block pretty much all ports from the outside to the inside except from specific IP addresses. I also want to allow UDP ports 1-2 from anywhere all other ports are only allowed from specific IP addresses. Here is my script, if you don't mind could you make any corrections on what I should do or not do in my example? Perhaps the order in which I run my script. I have attached the full script with the comments for what I am trying to do. Please look at it and help me if you would, please. I am interested in the order that I have my rules (any suggestions or changes you would make if you were trying to use it) also, the items that I have included. There are a few IP addreses (mine) that I am allowing all opens incoming/outgoing. Otherwise only specific ports are allowed for specific IP addresses. TIA. Steve #!/bin/bash Exterior (Internet) Ethernet 0###EXIF="eth0" Interior (My network) Ethernet 1###IXIF="eth1" 1. Delete all existing rules###iptables -F 2. Set default chain policies###iptables -P INPUT DROPiptables -P FORWARD DROPiptables -P OUTPUT DROP 3. Block a specific ip-addressBLOCK_THIS_IP="x.x.x.x"iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP 4. Allow ALL incoming SSHiptables -A INPUT -i $EXIF -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT#iptables -A OUTPUT -o $EXIF -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT 5. Allow incoming SSH only from a specific networkiptables -A INPUT -i $EXIF -p tcp -s 192.168.200.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT#iptables -A OUTPUT -o $EXIF -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT 6. Allow incoming HTTPiptables -A INPUT -i $EXIF -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT#iptables -A OUTPUT -o $EXIF -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT # Allow incoming HTTPS#iptables -A INPUT -i $EXIF -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT#iptables -A OUTPUT -o $EXIF -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT 7. MultiPorts (Allow incoming SSH, HTTP, and HTTPS)iptables -A INPUT -i $EXIF -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT#iptables -A OUTPUT -o $EXIF -
Re: [CentOS] move LDAP service to new server
On Thursday 31 May 2018 17:13:49 Ulf Volmer wrote: > On Tue, May 29, 2018 at 03:57:43PM +0100, Gary Stainburn wrote: > > Is there any (easy to follow) instructions anywhere to tell me how to > > back up this service and restore it onto a new one? > > This is basically running slapcat on your old server and slapadd on the new > one. > > openldap config can be either stored as files on disk or inside of the LDAP > and must be handled separatly. > > best regards > Ulf Hi Ulf, Thank you for this. Once I stopped Googling 'move' and tried backup / restore instead I did manage to find quite a few postings about this. However whenever I tried to follow these postings I came up with errors after completing the move. In the end I shut down slapd on both the old and new servers, removed /etc/openldap and /var/lib/ldap, and then rsync'd the old files to the new one Once this was done, I restarted slapd on the old and new servers and both worked perfectly ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.5 gui login root only
Prasad K writes: > I have seen similar issues when user shell profiles like .bash_profile or > .bashrc has some errors. > Are users invoking other shells from their default shell ? this usually > breaks X11 start-up scripts. The same user can login find through the gui when the system was installed with the CentOS DVD directly. Package selection was the last option (create workstation or something) with most but not all extra package groups that are selectable at this point. This is a KVM machine, I have tried the default (cirrus) and vga, no change. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos