Re: [CentOS] Does e2fsck.conf contain "broken_system_clock = 1" per default on CentOS7?
On Sun, 31 Jul 2016 15:17:19 +0200 Gabriele Pohl wrote: > On Wed, 27 Jul 2016 09:46:02 +0100 (BST) > John Hodrien wrote: > > > On Tue, 26 Jul 2016, Gabriele Pohl wrote: > > > I now changed the value to 0 and rebooted. > > > > > > After that fsck based on Interval setting were done. > > > > > > Unfortunately that is not true for the root partition. > > > > I believe e2fsk happens both pre root mount, and post. You'll want to > > rebuild your initramfs to make it take effect for the root volume I'd > > guess. > > agreed as I see the config is included there: > > # lsinitrd | grep e2fsck > -rw-r--r-- 1 root root 112 Mar 5 2015 etc/e2fsck.conf > -rwxr-xr-x 3 root root0 Jun 25 06:56 usr/sbin/e2fsck > > I have to wait for the next maintenance downtime to verify. > > I will report the result then. With new initramfs also the root partition was checked. I opened a bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1365594 fyi and thanks for your help. Gabriele ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Does e2fsck.conf contain "broken_system_clock = 1" per default on CentOS7?
On Wed, 27 Jul 2016 09:46:02 +0100 (BST) John Hodrien <j.h.hodr...@leeds.ac.uk> wrote: > On Tue, 26 Jul 2016, Gabriele Pohl wrote: > > I now changed the value to 0 and rebooted. > > > > After that fsck based on Interval setting were done. > > > > Unfortunately that is not true for the root partition. > > For that I had to use maxCount settings to trigger fsck. > > I believe e2fsk happens both pre root mount, and post. You'll want to > rebuild your initramfs to make it take effect for the root volume I'd guess. agreed as I see the config is included there: # lsinitrd | grep e2fsck -rw-r--r-- 1 root root 112 Mar 5 2015 etc/e2fsck.conf -rwxr-xr-x 3 root root0 Jun 25 06:56 usr/sbin/e2fsck I have to wait for the next maintenance downtime to verify. I will report the result then. Thanks again for your help :) Cheers, Gabriele ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Does e2fsck.conf contain "broken_system_clock = 1" per default on CentOS7?
On Tue, 26 Jul 2016 16:21:00 +0100 (BST) John Hodrien <j.h.hodr...@leeds.ac.uk> wrote: > On Tue, 26 Jul 2016, Gabriele Pohl wrote: > > > on all of my CentOS7 VMs on different hypervisors > > the config file e2fsck.conf contains the line > > > > broken_system_clock = 1 > > > > Do you see similiar /default/ settings on > > your machines? Is it an issue only on VMs? > > I have no CentOS7 host on bare metal to compare. > > Same on real hardware. But you can check this yourself: > > $ rpm -qf /etc/e2fsck.conf > e2fsprogs-1.42.9-7.el7.x86_64 > $ rpm -V e2fsprogs > $ rpm -q e2fsprogs --scripts > $ thanks for the hint :) I now changed the value to 0 and rebooted. After that fsck based on Interval setting were done. Unfortunately that is not true for the root partition. For that I had to use maxCount settings to trigger fsck. fyi and cheers, Gabriele ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Does e2fsck.conf contain "broken_system_clock = 1" per default on CentOS7?
On Tue, 26 Jul 2016 17:03:52 +0200 Gabriele Pohl <g...@dipohl.de> wrote: > on all of my CentOS7 VMs on different hypervisors > the config file e2fsck.conf contains the line > > broken_system_clock = 1 > > I found this because on all of them, the > root partition was not checked triggered > by interval setting with tune2fs. I see this issue was already addressed for earlier fedora versions in bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=963283 fyi and still interested to read your observations in CentOS7 Release Gabriele ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Does e2fsck.conf contain "broken_system_clock = 1" per default on CentOS7?
Hi, on all of my CentOS7 VMs on different hypervisors the config file e2fsck.conf contains the line broken_system_clock = 1 I found this because on all of them, the root partition was not checked triggered by interval setting with tune2fs. Do you see similiar /default/ settings on your machines? Is it an issue only on VMs? I have no CentOS7 host on bare metal to compare. Thanks and cheers, Gabriele ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] output of "ls" (was: Re: Postgrey on CentOS 6)
On Fri, 22 Apr 2016 16:05:52 + Richard Mannwrote: > > What does the "." at the right side > > of the attributes list mean? > > > > Following the file mode bits is a single character that specifies > whether an alternate access method such as an access control list > applies to the file. When the character following the file mode > bits is a space, there is no alternate access method. When it is > a printing character, then there is such a method. > > GNU `ls' uses a `.' character to indicate a file with an SELinux > security context, but no other alternate access method. > > A file with any other combination of alternate access methods is > marked with a `+' character. ah, I only had a look at the man page of "ls", but this explanation can be found by info coreutils 'ls invocation' I will expand my search to info pages from now on ;( Sorry for the noise and thanks for your hint! Gabriele pgpxKQXxUpMPi.pgp Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] output of "ls" (was: Re: Postgrey on CentOS 6)
On Sat, 23 Apr 2016 02:23:28 +1200 Peter <pe...@pajamian.dhs.org> wrote: > On 23/04/16 02:13, Gabriele Pohl wrote: > > I administer a postfix mail server on CentOS 6. > > Now I want to setup another with similar configuration. > > > > But the postgrey package is no longer available in Epel > > for this CentOS release as I have seen now: > > https://admin.fedoraproject.org/pkgdb/package/rpms/postgrey/ > > > > 2. Can you give advice for an alternative setup > >of greylisting for postfix on CentOS 6? > > Postgrey is largely obsoleted by postscreen which comes with postfix > versions 2.8 and up. You can get the latest postfix (including > postscreen) for CentOS 6 from GhettoForge (www.ghettoforge.org). Thanks for your help and so quickly :) I decided to try with current version of postgrey from projects github repository. https://github.com/schweikert/postgrey/releases/tag/version-1.36 as I want to avoid using more 3rd party repos. Doing the first steps in manual installation (create directory and user) I found out, that I lack from knowledge on "ls" output.. There is a difference that I don't understand. What does the "." at the right side of the attributes list mean? directory manually created on the shell: drwxr-x--x 2 postgrey postfix 4096 Apr 22 17:19 /var/spool/postfix/postgrey/ created by package installation: drwxr-x--x. 2 postgrey postfix 4096 Apr 13 16:23 /var/spool/postfix/postgrey I used this commands to create the first one # mkdir /var/spool/postfix/postgrey # chmod 751 /var/spool/postfix/postgrey # groupadd --gid 493 postgrey # useradd --system --gid 493 --uid 493 --home /var/spool/postfix/postgrey -M --shell /sbin/nologin postgrey # chown postgrey /var/spool/postfix/postgrey # chgrp postfix /var/spool/postfix/postgrey Can you give explanation what is causing the difference compared to the package created directory? Gabriele pgpn_djcuCwMc.pgp Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Postgrey on CentOS 6
Hi, I administer a postfix mail server on CentOS 6. Now I want to setup another with similar configuration. But the postgrey package is no longer available in Epel for this CentOS release as I have seen now: https://admin.fedoraproject.org/pkgdb/package/rpms/postgrey/ 1. Will I have to make an upgrade of the existing mail server to get security patches again or is it not critical to use the old package? 2. Can you give advice for an alternative setup of greylisting for postfix on CentOS 6? Cheers, Gabriele pgpUQAt2lMbCi.pgp Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lunar notation in crontab
On Sun, 6 Dec 2015 02:25:53 -0800 Alice Wonderwrote: > On 12/06/2015 02:23 AM, ken wrote: > > Crontab offers many refined facilities for Western calendaring, but none > > for traditional Eastern-- lunar-- designations. > > This could be very useful in biology where a lot of cycles are lunar based. It can also be useful for female sysadmins to schedule cleaning jobs to times when she is eager for this sort of work in the according phases of her menstrual cycle :) When a lot of users are interested in the feature, the appropriate addressee for the enhancement request are the Developers: https://fedorahosted.org/cronie/ Thanks for sharing the idea ~ Gabriele ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bacula backup system
Hi Allessandro and all Bacula users and especially to (potential) Bacula contributors, On Mon, 11 May 2015 20:49:08 +0200 Alessandro Baggi alessandro.ba...@gmail.com wrote: In my last request I have asked info about backuppc and other backup solutions. After some test I have choosen bacula. Concerning the topic Free Software I read that the relations between the FSFE and Kern Sibbald changed. https://fsfe.org/news/2015/news-20150414-01.en.html Since 2006, the FSFE has been the fiduciary for the copyrights held by developers in the Bacula.org software, on the basis of a Fiduciary License Agreement (FLA) Effective the 6th of March 2015, the FLA between Kern Sibbald and FSFE has been terminated at the request of Kern Sibbald. The FSFE is committed to ensuring to the best of its ability that Bacula.org software remains Free Software, and can only regret that Kern Sibbald in this way chose to terminate the FLA. In the Copyright Assignment Agreement that Contributors have to sign http://www.bacula.org/downloads/CAA-bacula.en.pdf I found the the following -- 8 -- Contributors .. grants a License, including, .. 5. the right to use, reproduce, redistribute and make derivative works of the Software under other including non-free licenses. -- 8 -- I wouldn't like to sign this. To whom it may concern and kind regards, Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] yum-plugin-security
Hi all, I have difficulties to understand the output of yum-plugin-security. I am on a X86_64 machine and when I query for security updates, yum lists i686 packages, that I don't have installed. # yum check-update --security Loaded plugins: changelog, fastestmirror, security Loading mirror speeds from cached hostfile * base: centos.mirror.linuxwerk.com * epel: mirrors.n-ix.net * extras: centos.mirror.sharkservers.co.uk * updates: centos.mirror.sharkservers.co.uk Limiting package lists to security relevant ones No packages needed for security; 34 packages available cyrus-sasl-devel.i686 2.1.23-15.el6_6.1 updates cyrus-sasl-lib.i6862.1.23-15.el6_6.1 updates device-mapper-multipath-libs.i686 0.4.9-80.el6_6.1 updates libXfont.i686 1.4.5-4.el6_6 updates nss-softokn.i686 3.14.3-18.el6_6 updates nss-softokn-freebl.i6863.14.3-18.el6_6 updates perl-libs.i686 4:5.10.1-136.el6_6.1 updates I would have expected, that it will list no packages, as it's statement is No packages needed for security When I run the query with no filtering on security relevant packages, it shows the X86_64 versions of the above listed packages. Do we have a problem of inconsistent data in the repo? Are only the i686 packages marked with security-update flag? # yum check-update Loaded plugins: changelog, fastestmirror, security Loading mirror speeds from cached hostfile * base: centos.mirror.linuxwerk.com * epel: mirrors.n-ix.net * extras: centos.mirror.sharkservers.co.uk * updates: centos.mirror.sharkservers.co.uk cyrus-sasl.x86_64 2.1.23-15.el6_6.1 updates cyrus-sasl-devel.x86_642.1.23-15.el6_6.1 updates cyrus-sasl-lib.x86_64 2.1.23-15.el6_6.1 updates .. device-mapper-multipath-libs.x86_640.4.9-80.el6_6.1 updates .. libXfont.x86_641.4.5-4.el6_6 updates .. nss-softokn.x86_64 3.14.3-18.el6_6 updates nss-softokn-freebl.x86_64 3.14.3-18.el6_6 updates .. perl-libs.x86_64 4:5.10.1-136.el6_6.1 updates Cheers and thanks for your explanation / instruction Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 12:44:57 + (GMT) Nux! n...@li.nux.ro wrote: This plugin does not work on CentOS, at least not yet, there were previous discussions. e.g. http://centos-devel.1051824.n5.nabble.com/CentOS-devel-yum-plugin-security-and-shellshock-td5710031.html HTH yes it helped thanks! Although the state of the thing itself is not very helpful :( My intention was to automatically get warned, when there are pending security updates. I therefore reworked the yum plugin of Munin [1] But as I see now, this will not work for CentOS as long as the data (a working updateinfo.xml) is not existent in the repos.. I will add a note in the Munin yum plugin to inform other CentOS users about this #fail. It would be good to add such a hint also in the CentOS package of the yum-plugin-security. Until now there is no info about the no-op nor in the man page neither under /usr/share/doc. Shall I create a bug report addressing the missing doc? Or will it get answered with won't fix as the fix would need to fork an own CentOS version of the plugin, so no longer simply copy the package from upstream (rh) # rpm -ql yum-plugin-security /etc/yum/pluginconf.d/security.conf /usr/lib/yum-plugins/security.py /usr/lib/yum-plugins/security.pyc /usr/lib/yum-plugins/security.pyo /usr/share/doc/yum-plugin-security-1.1.30 /usr/share/doc/yum-plugin-security-1.1.30/COPYING /usr/share/man/man8/yum-security.8.gz Cheers, Gabriele [1] https://github.com/munin-monitoring/munin/commits/devel/plugins/node.d.linux/yum.in ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 08:00:50 -0600 Johnny Hughes joh...@centos.org wrote: On 11/22/2014 05:49 AM, Gabriele Pohl wrote: I have difficulties to understand the output of yum-plugin-security. # yum check-update --security CentOS only tests that things work when doing all updates ... it does not test any other grouping of packages. when I install the updates I usually install all pending updates btw. As written in my other mail, the intention is to get triggered when security updates are pending. fyi and cheers, Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 12:07:00 -0600 Frank Cox thea...@melvilletheatre.com wrote: On Sat, 22 Nov 2014 15:32:32 +0100 Gabriele Pohl wrote: As written in my other mail, the intention is to get triggered when security updates are pending. why not set up something to watch the centos-announce list, parse the subject lines for Security, and then do whatever you need to do after that. because I want the alert for my individual machines. So the proposed method is no solution for an automagical trigger :) As said in my earlier mail I use Munin for system monitoring and want the raven to croak when a node has pending security updates: http://gallery.munin-monitoring.org/distro/plugins/node.d.linux/yum.html But thanks for sharing your idea ~ Cheers, Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 13:17:59 -0600 Frank Cox thea...@melvilletheatre.com wrote: On Sat, 22 Nov 2014 19:52:30 +0100 Gabriele Pohl wrote: because I want the alert for my individual machines. So the proposed method is no solution for an automagical trigger :) You still can do that without expending too much effort. Although the proposal you made is /possible/ to implement, I will not do it, because I think that this is the wrong way to solve the issue. One way would be to monitor centos-announce, parse the subject lines, copy the security update filenames to a text or database file. (sqlite is made for this kind of thing.) You can either keep a list on each machine or have a central data repository, whichever suits you best. Pardon me, but I think it is madness to maintain the info outside of yum. And your method is not suitable to use within Munin monitoring. And a Munin capable solution is what I am looking for with highest priority. Then all you need to do is have each machine run yum check-update on whatever timed basis you wish. Capture the list of pending updates, compare it against your database, and then do your thing. I don't like to spend time in creating ugly workarounds.. and therefore would highly appreciate if the CentOS-Developers will add the data to the yum repositories. Then I can use Munin to monitor the pending security packages also for CentOS as now only for my RHEL machines. All the best and thanks again, Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 17:10:40 -0600 John R. Dennison j...@gerdesas.com wrote: On Sat, Nov 22, 2014 at 11:41:17PM +0100, Gabriele Pohl wrote: I don't like to spend time in creating ugly workarounds.. and therefore would highly appreciate if the CentOS-Developers will add the data to the yum repositories. Then I can use Munin to monitor the pending security packages also for CentOS as now only for my RHEL machines. It's not that simple. Please have a look at the list archives in the past couple months where this was addressed. The threads were either here or on the centos-devel mailing list. thanks to Nux! who posted the following link in the first reply of this thread: Begin forwarded message: Date: Sat, 22 Nov 2014 12:44:57 + (GMT) From: Nux! n...@li.nux.ro To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] yum-plugin-security This plugin does not work on CentOS, at least not yet, there were previous discussions. e.g. http://centos-devel.1051824.n5.nabble.com/CentOS-devel-yum-plugin-security-and-shellshock-td5710031.html I read this thread and also another, which is refered to therein: http://lists.centos.org/pipermail/centos-devel/2014-September/011893.html If memory serves the primary factor that is holding this up is a space requirements issue; the threads can shed more light on it, however. To tell the truth, as a person who is not familiar with the internal structures and procedures of tree building and maintenance of the repositories, I don't really understand why it should be so difficult to handle a security-update flag for the update packages, but I have to believe the experts, who make statements on this topic. Here is what I picked up when reading the thread from devel list: 1. For a valid approach data for all packages over the complete history of the major version is needed. 2. At the time the data is only sent to the announce mailing list and it will need a big effort with also manual work to collect all the data back from there. 3. it would add significantly to the size required to mirror CentOS and require a redesign of how we do trees completely (we currently only push the latest tree for each live major version). (Johnny Hughes) 4. The developers fear that the yum-plugin-security functions may seduce people to only install the security relevant packages, which can cause problems. 5. The tools used by scientific linux repo maintainers, who support a security classification, are availabe under free software license. https://cdcvs.fnal.gov/redmine/projects/python-updateinfo My personal view is represented by the mails of Kevin Stange in this thread. And I still hope that the issue will be solved by integrating the security update flag into the CentOS repositories in the future. so far and thanks for your replies to all contributors in this thread, Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos