Re: [CentOS] Mirror Problem

[David Nelson]

On Feb 16, 2018, at 05:36, Günther J. Niederwimmer  wrote:
> 
> Hello,
> I have thousands of this messages on my servers ??
> 
> Is this a Problem on my site or is the infrastructure broken??
> /etc/cron.hourly/0yum-hourly.cron:
> 
> Could not get metalink https://mirrors.fedoraproject.org/metalink?
> repo=epel-7=x86_64 error was
> 14: HTTPS Error 503 - Service Unavailable

Not just you. I’ve seen that error on my hourly yum check on my personal Linode 
server, though I haven’t been in a big hurry to investigate yet as it only 
appears once or twice a day. 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Does fail2ban protect anything other than SSH logins?

[David Nelson]

> On Mar 27, 2017, at 12:44, Robert Moskowitz  wrote:
> 
> I am looking at fail2ban, and all I see is it protecting remote logins to SSH.
> 
> Does it protect any other access to systems?  Well perhaps other than VNC 
> perhaps?
> 
> thank you


It can, but you have to either enable or create the rules. It could potentially 
monitor and protect just about anything that can be logged. 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wich web browser on CentOS6 ?

[David Nelson]

On 2/10/17 3:26 AM, Patrick Begou wrote:
/Is there a CentOS6 recommended web browser allowing continuous 
connections to olds and new base level (and local) system 
administration services ?


FYI you can download any previous release of Firefox from the URL below, 
and it will run right out of its own directory without being 'installed' 
per se. So you could find one that is compatible and keep it separate 
from the one you use for regular browsing. You'd probably want to run it 
as a different user on your box, and/or a separate profile.


http://ftp.mozilla.org/pub/firefox/releases/

Or if you don't want to worry about which user and profile you're in, 
you could try an equivalent release of SeaMonkey.


http://ftp.mozilla.org/pub/seamonkey/releases/

Either way it would enable you to have a more secure, up-to-date browser 
for regular use while also having one that is compatible with the other 
systems you need to use.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[David Nelson]

> Instead, a site located at the link https://gaibacoupontec.com
> was displayed with a message indicating that there was an urgent
> Firefox update required.  

Have you checked the user's Firefox profile for any unusual extensions? That 
would be my first suspicion. 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

[David Nelson]

It doesn't appear you have a ServerName or ServerAlias for the naked domains 
(sans subdomain), so they're both being answered by the first VirtualHost 
entry? 

> On Nov 20, 2016, at 9:24 AM, Walter H.  wrote:
> 
> Hello,
> 
> is Apache 2.2 which is part of the CentOS distribution capable of SNI?
> 
> I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15)
> just did  'yum update'
> 
> 
> in
> /etc/httpd/conf/httpd.conf
> 
> I've the following
> 
> NameVirtualHost ipaddr:443
> 
> Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
> Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf
> 
> both 'vhost'-files are like this:
> 
> 
> ServerAdmin webmaster@domain#.com
> 
> ServerName vhost.domain#.com:443
> ServerAlias box.domain#.com:443
> ServerAlias calcbox.domain#.com:443
> ServerAlias proxybox.domain#.com:443
> 
> ...
> SSLEngine on
> 
> SSLStrictSNIVHostCheck on
> 
> SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
> SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
> 
> ...
> 
> 
> only
> https://domain1.com/...
> works
> https://domain2.com/...
> results in a certificate CN mismatch ...
> 
> what is missing in my config.?
> 
> Thanks,
> Walter
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Airprint to old printer using Centos server

[David Nelson]

I use the DNS-SD approach as well and it works quite well. Provided that you 
run your own DNS, or are friendly with whoever does. (The records have to go in 
a zone that is in your clients’ search domain.) The advantage here is it works 
across networks/vlans and doesn’t require you to have any administrative 
control over the devices.

You could also create a .mobileconfig profile that specifies the location of 
the queues and install that on the iPads. You need to be using an MDM to push 
it out to your clients, or have a small enough number of devices that you can 
install the profile manually. (Or post the profile on a web server somewhere 
and tell your users to go there and install it themselves.) 

David


> On Oct 31, 2016, at 5:06 AM, Richard Grainger  wrote:
> 
> Hi Gary
> 
> I got this working in a previous role a while ago:
> http://thirdlineit.blogspot.co.uk/2011/12/active-directory-authenticated-airprint.html
> (ignore the authentication aspects).  I also managed to do it recently
> on my home network using Ubuntu, so the principle still works.
> Summary:
> 
> 1. Install CUPS
> 2. Enable IPP for the printer queues
> 3. To make the printers visible across subnets/VLANs/broadcast domains
> you can use DNS-SD instead of avahi.  Basically you just need to
> create special DNS records for each printer queue and this avoids
> having to forward avahi requests.  Here is one page that describes the
> process: 
> http://www.craig-tolley.co.uk/mini-projects/configuring-airprint-using-dns/
> ...but there are other guides out there.
> 
> Hope this helps!
> Richard
> 
> 
> On Mon, Oct 31, 2016 at 10:43 AM, Gary Stainburn  wrote:
>> Hi folks,
>> 
>> I've found a number of articles on setting up a Linux / CUPS / Avahi server 
>> to
>> allow airprinting, but they all seem to be quite old.
>> 
>> Two questions:
>> 
>> 1) Does anyone have a link for a more recent article, hopefully specifically
>> for Centos7.
>> 
>> 2) I'm on a structured, VLAN network.  Will I have to put a WIFI card into my
>> Centos server to give it a presence on the WIFI before this will work?
>> 
>> Gary
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Canon scanner LiDE 220

[David Nelson]

For what it's worth I use a commercial program called VueScan for 
old/unsupported scanners. I run it on a Mac but it's also available for Linux 
and Windows. Might be worth a shot if other avenues don't pan out. 


> On Aug 20, 2016, at 13:17, J Martin Rushton  
> wrote:
> 
> This scanner is supported according to the SANE page, but doesn't work
> on my up-to-date C7 system (updated 20 minutes ago).  The Canon web site
> is as expected - as useful as a chocolate tea pot.
> 
> Has anyone managed to get this to run, and if so can you share the
> secret please.
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] https and self signed

[David Nelson]

On Jun 15, 2016, at 8:02 AM, Valeri Galtsev  wrote:
> 
> I do not see neither starttls.com  nor letsencrypt.org 
>  between Authorities
> certificates. This means (correct me if I'm wrong) that client has to
> import one of these Certification Authorities certificates, otherwise
> server certificate signed by one of these authorities is on the same page
> with my private Certification Authority (which I used to run for over 10
> years, then in my kickstart I had my CA certificate imported into CA of
> clients - but other clients, like laptops had to download, install and
> trus my CA certificate). Of course, this is a notch better than
> "self-signed" server certificates, as you only need to import CA
> certificate once, whereas you will need to import self-signed server
> certificates for each of the servers...



For my personal needs I use free StartSSL certs and the authority appears as 
StartCom, Ltd. in Firefox.

In my experience it is already a trusted authority in most/all browsers. At 
least I didn’t have to manually trust it, and I haven’t run into one that 
complains about it.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FYI: http

[David Nelson]

On Jun 2, 2016, at 3:39 PM, Always Learning  wrote:
> 
> When the Internet is working, I never had a problem. So perhaps you are
> correct, Firefox is sending local domain names and everything typed into
> Firefox's URL slot to Google for people monitoring purposes ;-)
> 
> How can one disable this latest privacy abusing tactic ?


Go to Settings > Search and uncheck “Provide search suggestions”.

Or alternately just make sure that “Show search suggestions in location bar 
results” is turned off. (Not sure whether it is on by default...) 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HFSPlus Question

[David Nelson]

For what it's worth a non-ancient Mac can boot to Internet recovery by holding 
the Command and R keys while powering on. From there you can get a working 
Terminal (click the Utilities menu at the top of the screen) and run dd or try 
copying files to another drive, or whatever else you may want to try. 

> On May 31, 2016, at 18:59, Albert McCann  wrote:
> 
> In CentOS 7.2.1511 does the 3.10.0-327.18.2.el7.centos.plus.x86_64 (Plus)
> kernel read HFSPlus iMac drives? I don't see any hfsplus modules installed
> anywhere, so I suspect not. My sister's 17" iMac died, and I'm trying to
> recover the drive. If it spins up, I'd like to copy it with dd.
> 
> I see that Elrepo has kmod-hfsplus and hfsplus-tools, will these work with
> the Plus kernel? 
> 
> I still have to pull the drive from that infernal iMac case, so can't test
> yet.
> 
> Thank you for any clues, my Google-foo isn't finding anything on the Plus
> kernel and HFSPlus.
> 
> ---
> I yam Popeye of the Borg. Prepares ta beez askimiligrated.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Slow authentication on C7

[David Nelson]

On 4/12/16 12:15 PM, Todor Petkov wrote:


On 4/12/2016 7:56 PM, David Nelson wrote:

On 04/12/2016 09:51 AM, James Hogarth wrote:

To the OP enumerate is always painful, I'd remove that for a start.

This was my experience too, for what it's worth. When I first set up a
new system pointed at LDAP it was absurdly slow to authenticate. Setting
Enumerate to False in /etc/sssd/sssd.conf made all the difference.

Hello,

I had similar problem recently with Centos6 machine, which was in
another country and had ~100ms latency to the LDAP server.
When I did "id user", it took around 20 seconds. I did some debugging,
and when the user was not a member of additional groups, it was much
faster (5 seconds), but still slow.
It seems that for each member of a group, the client did a query to the
LDAP server. I put "ignore_group_members = true" in sssd.conf and now
it's much faster. Can you try this?

Regards,


In my particular case the server is already widely used so I'm not in a 
good position to test it. But next time I have to set up a new system 
that authenticates against LDAP, I'll be sure to do that!

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Slow authentication on C7

[David Nelson]

On 04/12/2016 09:51 AM, James Hogarth wrote:

To the OP enumerate is always painful, I'd remove that for a start.


This was my experience too, for what it's worth. When I first set up a 
new system pointed at LDAP it was absurdly slow to authenticate. Setting 
Enumerate to False in /etc/sssd/sssd.conf made all the difference.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos and automatic update on server

[David Nelson]

Personally I enable yum-cron on relatively simple configs without much that 
could break, for example a LAMP server. Especially when they are public-facing 
and thus have greater exposure to security threats. 

But I don't as often on things that are internal-only and/or have a more 
complex setup such as running software I had to compile from source.

> On Mar 11, 2016, at 10:41, Alessandro Baggi  
> wrote:
> 
> Hi list, I know that there are automatic update with yum-cron but never
> tried.
> In my experiences I never did automatic backup because if update was broken
> my installation will be broken and I wait some time before apply update.
> Today seems to be that automatic update are used more than before.
> What do you think about automatic update? It is a good practice on a
> server? What is your experiences?
> 
> Thanks in advance.
> 
> Alessandro
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bash: Samba: command not found

[David Nelson]

Assuming the install really worked, it sounds like it gets placed in some 
location that isn't in your default path. Perhaps some sub-directory in /opt? 

> On Jan 24, 2016, at 11:05, Henry McLaughlin  wrote:
> 
> I have installed Sernet Samba however after installation I cannot confirm
> the version:
> 
> samba -V
> bash: samba: command not found
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bind fails to start after update from 7.1 to 7.2

[David Nelson]

On Jan 5, 2016, at 1:03 PM, Emmett Culley  wrote:
> 
> I am seeing these lines for each domain in the systemd journal:
> 
> zone relationship123.com/IN: loading from master file relationship123.com.db 
> failed: file not found
> zone relationship123.com/IN: not loaded due to errors.
> _default/relationship123.com./IN: file not found

[snip]

Just a thought -- Could it have something to do with bad SELinux context for 
the file(s) in question? I know those kind of problems can cause errors that 
make it look like there are missing files or misconfigurations. I haven’t seen 
how that manifests when it comes to BIND, but it might be worth a look.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos7 Raspberry Pi 2 Login

[David Nelson]

On Tue, Dec 22, 2015 at 10:47 AM, Always Learning 
wrote:

>
> On Tue, 2015-12-22 at 10:31 -0800, david wrote:
>
> > >I'm not sure this is the right mailing list for the Centos7 port to
> > >Raspberry Pi.  On the chance that this is the right place...
>
> > UPDATE:
> > I answered my own question.
> > Login: root
> > Password: centos
> >
> > The reference article is at
> > https://wiki.centos.org/SpecialInterestGroup/AltArch/Arm32
> >
> > I should have done more research before asking the group.
>
> Thank you sincerely for making everyone, including me, aware they we can
> use C7 on a Pi 2 - just think of the electricity saving.
>
> Is it possible to run C6 on a Pi 2 ???
>


The 'official' ARM port is new in version 7. But there's also RedSleeve
Linux (I've never used personally) which is another EL port for ARM. And
they have/had a version 6.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IP table Restore

[David Nelson]

It would seem there's some kind of invalid configuration on line 2 of 
/etc/sysconfig/iptables

You'd have to post at least the first few lines of said file to learn more 
about what's actually causing it. 

> On Nov 24, 2015, at 22:18, Siva Prasad Nath  
> wrote:
> 
> Hi,
> If possible advice me for below error.
> 
> [root@ns1 sysconfig]# iptables-restore < /etc/sysconfig/iptables
> iptables-restore: line 2 failed
> 
> Thanks in advance.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Flash Update = No Flash

[David Nelson]

This may be relevant:
https://support.mozilla.org/en-US/kb/add-ons-cause-issues-are-on-blocklist

As a last resort you can go to about:config and set 
extensions.blocklist.enabled to false, then you have to be more aware of 
what plugins you're running and/or where you're allowing them to run.


On 10/13/15 2:59 PM, m.r...@5-cent.us wrote:

pro alias wrote:

None of my Centos 5 boxen can show flash since the update this morning.
Am I alone or do other people have this issue ??
Centos 7 boxes work properly. I haven't looked at RHEL 6 boxes yet.

Although I miss using flash on these boxes, it IS a great security
upgrade

Do you have noscript, or something like it? Check firefox, also, I think
it has some protection to turn off flash by default.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 7 on older macbook pro

[David Nelson]

This doesn't really help with your problem, but to address the specific 
question below: 

I run CentOS 7, and previously 6, on a Mac Pro (MacPro4,1). My experience has 
been good. I haven't bothered running anything to read hfs volumes as I'm not 
dual-booting it. I have a separate MacBook Pro machine for my OS X needs.

We run mostly CentOS for servers, but on the desktop side of things we are 
fairly Mac heavy. I wanted something decent to run a CentOS desktop and this 
hardware was available at the time. 

 
> On Sep 13, 2015, at 19:33, Keith Keller  
> wrote:
> 
> Does anyone else run a CentOS (not necessarily 7) on Apple hardware,
> particularly laptops (and not in a VM)?  If so, any pointers on making
> life easier?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Slow Printing HP-2025dn

[David Nelson]

Sort of a shot in the dark, but it sounds very much like a problem I saw using 
a LaserJet P2035 on Mac. It worked but took a couple minutes to print even the 
most basic output. I never found a solution using the proper driver, but I 
discovered it did print a lot faster if I picked the generic PCL driver. 


 On Apr 18, 2015, at 20:41, Mark LaPierre marklap...@gmail.com wrote:
 
 Hey All,
 
 You know how sometimes you have a problem but you just live with it?
 Well I've got one of those problems.  I have an HP-2025dn printer
 connected to my home network.  When I print a plain text document
 containing the text, this is a test, from my wife's Windows 7 machine
 using the text editor the print job finishes in less than 15 seconds.
 If I print two copies the second copy comes out so quickly after the
 first that the first one hasn't time enough to settle in the output tray
 before the next copy is already exiting the printer output slot.
 
 When I try to print from either my 32 bit or 64 bit Centos 6.6 machines
 it takes two minutes and 30 seconds, 2:30, to print the first copy and
 2:15 to print the second copy.  Again this is just a plain text message
 containing the words, this is a test, printed from gedit.
 
 I've just been living with this for a while now but tonight I got out
 the stop watch and tried to fix this issue.
 
 [mlapier@peach ~]$ rpm -qa | grep ^hp
 hplip-common-3.12.4-6.el6.x86_64
 hpijs-3.12.4-6.el6.x86_64
 hplip-libs-3.12.4-6.el6.x86_64
 [mlapier@peach ~]$
 
 [mlapier@peach ~]$ rpm -qa | grep ^cup
 cups-pk-helper-0.0.4-12.el6.x86_64
 cups-1.4.2-67.el6.x86_64
 cups-libs-1.4.2-67.el6.i686
 cups-libs-1.4.2-67.el6.x86_64
 [mlapier@peach ~]$
 
 When I select the option to combine multiple copies into one print job
 when printing from LibreOffice I always get multiple print jobs.  I'm
 not offered that option when printing multiple copies from gedit so I
 can't speak to that.  I do get multiple print jobs from gedit too.
 
 I did some googling but found nothing Linux related but I did find a
 couple of Windows references to slow printing with this printer on the
 HP site.  They pretty much said that this is not the speediest printer
 on the face of the earth so stop whining.
 
 I don't remember when this problem first appeared but I do remember that
 I used to be able to print a document from LibreOffice before in less
 than one minute but now it takes several minutes to print the same document.
 
 I know, I'm rambling again.  I would be more specific if I had any idea
 what the problem is.
 
 Does anyone out there have any idea how I can even determine where the
 problem is?
 
 -- 
_It 
   °v°
  /(_)\
   ^ ^  Mark LaPierre
 Registered Linux user No #267004
 https://linuxcounter.net/
 
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos