Re: [CentOS] vfstp and renaiming of files with ftp client
On 13/07/2017 14:38, Götz Reinicke - IT Koordinator wrote: Am 13.07.17 um 14:46 schrieb Pete Biggs: I have a vsftp server and two users for up and download. If user Alice uploads a file, the owner is set to Alice as expected "-rw-r--r-- alice ftpuploadgroup" Now Bob can login to the same folder and is able to rename the uploaded file. Bob can also rename an uploaded folder, but can't rename a file in that folder I'm confused, as I don't get why this is possible at all. What are the permissions and ownership on the directory the uploads go in? If its group is 'ftpuploadgroup' and has group write permissions than any member of that group can rename files in that directory. If a user creates a directory, then that will have rwxr-xr-x permissions so they won't be able to rename files within that directory. The permissions for the upload folder are drwx-wx--- and the owner is Bob group is ftpuploadgroup Alice is member of that group, but should only drop files in. The files are ownd by Alice, and I'm bit iritated, taht Bob can rename tham ... as Bob only has read permision (from the group) The files in a subfolder have the same permissions and Bob cant change tham... Thanks for your feedback . /G He does not have read only permission from the group. He is the folder owner and so can change things within that folder. You need to change the folder to something other than Bob. The sub dir does not have the same permissions. Alice is the owner. What is the end goal you want. E.g. Bob and Alice and can upload, Bob can read files both he and Alice upload but Alice can only read her files. Perhaps we can suggest permissions that would do what you want? Regards, Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT]multi-master DNS
On 27/06/2017 00:49, James A. Peltier wrote: Bind does not have a method to do multi-master replication. All updates must be done via an intermediary service (database). In our case, we've used containers and Consul for providing a highly available DNS service. A container will fire up and race for the master lock. It will dump the contents of the database into its named configurations and assuming it has the lock will assume the IP address of the master. Others just come up as slaves. If the master lock is not renewed after a given period of time another container can acquire the lock and become master by assuming the IP address of master (VRRP/VRID/KeepAliveD) Hi James, Do you have any more info on this setup? I'm in the middle of looking at changing our DNS service and was thinking of containerising them for the improved deployment flexibility it offers. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bind update flubbed somehow? (resolved)
On 06/06/2017 15:07, Jason Welsh wrote: ugh, the upgrade changed the owner from named to root on /var/named where my zone files are and therefore named could not read the zone files.. How embarrassing.. ;) Jason That will happen every time named is restarted (it is part of the start up script) move your zones to something like /var/named/master/ or /var/named/slave depending. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anaconda/kickstart: bonding device not created as expected
On 18/04/2017 15:54, Frank Thommen wrote: Hi, I am currently struggling with the right way to configure a bonding device via kickstart (via PXE). I am installing servers which have "eno" network interfaces. Instead of the expected bonding device with two active slaves (bonding mode is balance-alb), I get a bonding device with only one active slave and an independent, non-bonded network device. Also the bonding device gets its MAC address from the second instead of from the first device. I appreciate any hint (or rtfm with the name of the correct fm ;-) on how to achieve the desired setup through kickstart. Please find the used PXE and kickstart settings and resulting network configuration below. I did this with CentOS 7.2.1511. We cannot go further due to Infiniband and lustre drivers which are currently only supported for this CentOS 7.x version Cheers frank -- The used PXE configuration is LABEL CentOS-7 kernel centos-7/vmlinuz append initrd=centos-7/initrd.img ip=dhcp nameserver=xx.xx.xx.xx ksdevice=eno1 inst.repo=http://our.mirror.server/7/os/x86_64 inst.ks.sendmac inst.ks=http://our.kickstart.server/ks.cgi and the network settings in the kickstart file are network --device bond0 --bondslaves=eno1,eno2 --bondopts=mode=balance-alb --bootproto=dhcp --hostname=myhost --activate I would have expected to get a bonding device with eno1 and eno2 as slave devices, the bonding device inheriting the MAC address from eno1 (otherwise DHCP won't work). Instead the result is a bonding device with eno2 as - sole - slave device and eno1 as a single active device with the main IP address of the host: bond0: flags=5187mtu 1500 inet6 fe80::42f2:e9ff:fec7:b5f1 prefixlen 64 scopeid 0x20 ether 40:f2:e9:c7:b5:f1 txqueuelen 0 (Ethernet) RX packets 29 bytes 5274 (5.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 39 bytes 3486 (3.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno1: flags=4163 mtu 1500 inet xx.xx.xx.xx netmask 255.255.255.0 broadcast xx.xx.xx.xx inet6 fe80::42f2:e9ff:fec7:b5f0 prefixlen 64 scopeid 0x20 ether 40:f2:e9:c7:b5:f0 txqueuelen 1000 (Ethernet) RX packets 4303 bytes 798163 (779.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1686 bytes 481585 (470.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 16 eno2: flags=6211 mtu 1500 ether 40:f2:e9:c7:b5:f1 txqueuelen 1000 (Ethernet) RX packets 29 bytes 5274 (5.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 39 bytes 3486 (3.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 17 The ifcfg-files look basically ok, but there are two for the eno1 device. ifcfg of the bonding device: $ cat ifcfg-bond0 # Generated by parse-kickstart IPV6INIT="yes" DHCP_HOSTNAME="myhost" NAME="Bond connection bond0" BONDING_MASTER="yes" BOOTPROTO="dhcp" BONDING_OPTS="mode=balance-alb" DEVICE="bond0" TYPE="Bond" ONBOOT="yes" UUID="35910614-4a7c-43c9-8e44-dcf44b783358" $ ifcfg of the two slave devices $ cat ifcfg-bond0_slave_1 # Generated by parse-kickstart NAME="bond0 slave 1" MASTER="35910614-4a7c-43c9-8e44-dcf44b783358" HWADDR="40:f2:e9:c7:b5:f0" TYPE="Ethernet" ONBOOT="yes" UUID="f3a0a007-861c-42b6-8264-6efba62232ce" $ $ cat ifcfg-bond0_slave_2 # Generated by parse-kickstart NAME="bond0 slave 2" MASTER="35910614-4a7c-43c9-8e44-dcf44b783358" HWADDR="40:f2:e9:c7:b5:f1" TYPE="Ethernet" ONBOOT="yes" UUID="ee3f7c84-d4cb-412e-887d-6b1c753eb913" $ ifcfg of eno1 (which physically has the MAC address 40:f2:e9:c7:b5:f0, which is the same as ifcfg-bond0_slave_1 $ cat ifcfg-eno1 # Generated by dracut initrd NAME="eno1" DEVICE="eno1" ONBOOT=yes NETBOOT=yes UUID="d20645a0-8093-45f3-9630-d0249f76726b" IPV6INIT=yes BOOTPROTO=dhcp TYPE=Ethernet DNS1="192.55.188.177" $ Hi Frank, This is from my satellite kickstart where I'm building the bond at the point of PXE booting, and using static (I'm working on doing this with DHCP and tagged VLANs but currently cant get to the hardware needed since messing up the BMC config :( ) LABEL linux KERNEL boot/RedHat-7.3-x86_64-vmlinuz APPEND initrd=boot/RedHat-7.3-x86_64-initrd.img ks=http://example.com/host.ks ks.device=bootif network ks.sendmac bond=bond0:eno1,eno2:mode=802.3ad vlan=bond0.10:bond0 ip=10.10.0.2::10.10.0.1:255.255.255.0:host.example.com:bond0.10:none nameserver=10.10.0.1 Then in the KS we have network --bootproto=static --device=link --gateway=10.10.0.1 --hostname=host.example.com --ip=10.10.0.2 --nameserver=10.10.0.1,10.11.0.1 --netmask=255.255.255.0 It should be fairly simple to convert that to use DHCP as
Re: [CentOS] How do I confirm importing repo key without user intervention?
On 13/03/2017 04:38, Yuri Kanivetsky wrote: ...Check out the full typescript of what happens when installing passenger, please: https://gist.github.com/x-yuri/1dc92db44f89253679ab44f6c3de125c Regards, Yuri In my kickstart scripts I call yum with yum -t -y -e 0 This just works for me. -t may be what you are looking for. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7/GNOME 3 customise top panel
On 14/10/2016 15:45, Toralf Lund wrote: On 14/10/16 16:23, Tris Hoar wrote: On 14/10/2016 13:39, Toralf Lund wrote: Hi, Is there any way to customise the top panel in CentOS 7 with GNOME 3 (which I recently tried for the first time)? Specifically, I want to add "application launchers", as it will make start-up faster than the standard alternatives. (Because you can move the mouse directly to the right place - you don't have to carry out another action, wait for icons or menu items to pop up, look for the right one etc first.) People on the web talk about a "context" menu that opens if you use some kind of weird combination of right mouse-click and Alt, Windows key, Ctrl, left click, Alt Gr or whatever, but there seems to be no way to make that happen on CentOS. I found an answer of sorts in https://urldefense.proofpoint.com/v2/url?u=https-3A__www.centos.org_forums_viewtopic.php-3Ft-3D47957=CwICAg=KV_I7O14pmwRcmAVyJ1eg4Jwb8Y2JAxuL5YgMGHpjcQ=Q0oqxzgUp3xCCIiJDwS-RbNDndQ-KZDhj8wwveNoqU4=BxVT4fC5-ld_lFoIcV_OwlpkAWG-qCjrKVYMcYoQGzc=bnrSG3ad2veUCGecX3vTMEbjyXprqn1AGP1ok0TmLVc= - In straight Gnome Shell -- CentOS 7 defaults to a modified version using extensions -- the panel *is* locked. Visit extensions.gnome.org to see if something there is useful. - but I don't think I quite understand it. I mean, the ability to add extensions is nice, but if the panel is locked, isn't an "unlock" function what I should be looking for? This doesn't quite sound like an "extension". Or is the actual menu everyone talks about itself an extension? If that's the case, surely isn't there some other way to make the changes? If the standard panel allows stuff to be added, there must be a standard way to do it, right? Also, if I do need extensions, I'd prefer to install it via the package manager system rather than through a special web interface... Does anyone know more about this? Any help would be appreciated. - Except, that is, I don't really need anyone to suggest switching to MAME or some other alternative desktop. I might end up doing just that, but it really bugs me that I can't get functionality that's supposed to be there to work... - Toralf Hi Toralf, Have a look at https://urldefense.proofpoint.com/v2/url?u=https-3A__extensions.gnome.org_=CwICAg=KV_I7O14pmwRcmAVyJ1eg4Jwb8Y2JAxuL5YgMGHpjcQ=Q0oqxzgUp3xCCIiJDwS-RbNDndQ-KZDhj8wwveNoqU4=BxVT4fC5-ld_lFoIcV_OwlpkAWG-qCjrKVYMcYoQGzc=KEcKgPQYo6TSlJrKF4krI90szNC5QTVlVnIsUDdWsWU= specificity https://urldefense.proofpoint.com/v2/url?u=https-3A__extensions.gnome.org_extension_6_applications-2Dmenu_=CwICAg=KV_I7O14pmwRcmAVyJ1eg4Jwb8Y2JAxuL5YgMGHpjcQ=Q0oqxzgUp3xCCIiJDwS-RbNDndQ-KZDhj8wwveNoqU4=BxVT4fC5-ld_lFoIcV_OwlpkAWG-qCjrKVYMcYoQGzc=hudrg7rSGBGWTdezYPyROGgrIzPhhPRxs5YYgH2dmDg= Maybe I should have been a bit more specific; I don't want launchers in a menu accessed from the panel - I want the icons to appear directly in the panel itself. Ok, I think I understand now. Does this not work? https://extensions.gnome.org/extension/4/panel-favorites/ also look at Gnome Tweak Tool which lets you make some other changes to how Gnome 3 works. I tried this earlier, but didn't find any setting related to what I want. That application Menu I believe will work on C7 (I'm using F24 as my desktop) The menu is actually there already - the relevant extension seems to be pre-installed. In the Fedora version, what happens if you press Alt and right-click on the panel? If the answer is "nothing", how about "Windows"+Alt+right-click or Ctrl+Alt+right-click? Those do nothing for me either. - Toralf Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7/GNOME 3 customise top panel
On 14/10/2016 13:39, Toralf Lund wrote: Hi, Is there any way to customise the top panel in CentOS 7 with GNOME 3 (which I recently tried for the first time)? Specifically, I want to add "application launchers", as it will make start-up faster than the standard alternatives. (Because you can move the mouse directly to the right place - you don't have to carry out another action, wait for icons or menu items to pop up, look for the right one etc first.) People on the web talk about a "context" menu that opens if you use some kind of weird combination of right mouse-click and Alt, Windows key, Ctrl, left click, Alt Gr or whatever, but there seems to be no way to make that happen on CentOS. I found an answer of sorts in https://www.centos.org/forums/viewtopic.php?t=47957 - In straight Gnome Shell -- CentOS 7 defaults to a modified version using extensions -- the panel *is* locked. Visit extensions.gnome.org to see if something there is useful. - but I don't think I quite understand it. I mean, the ability to add extensions is nice, but if the panel is locked, isn't an "unlock" function what I should be looking for? This doesn't quite sound like an "extension". Or is the actual menu everyone talks about itself an extension? If that's the case, surely isn't there some other way to make the changes? If the standard panel allows stuff to be added, there must be a standard way to do it, right? Also, if I do need extensions, I'd prefer to install it via the package manager system rather than through a special web interface... Does anyone know more about this? Any help would be appreciated. - Except, that is, I don't really need anyone to suggest switching to MAME or some other alternative desktop. I might end up doing just that, but it really bugs me that I can't get functionality that's supposed to be there to work... - Toralf Hi Toralf, Have a look at https://extensions.gnome.org/ specificity https://extensions.gnome.org/extension/6/applications-menu/ also look at Gnome Tweak Tool which lets you make some other changes to how Gnome 3 works. That application Menu I believe will work on C7 (I'm using F24 as my desktop) Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gigE -> 100Mb problems
On 11/10/2016 09:14, John R Pierce wrote: On 10/10/2016 11:21 PM, Gordon Messmer wrote: On 10/10/2016 09:31 PM, John R Pierce wrote: oh. Yeah, the entire "net-tools" package is deprecated. I tend to forget which of the two (ethtool or mii-tool) is in that set. # Avoid using any of these: $ rpm -ql net-tools /bin/dnsdomainname /bin/domainname /bin/hostname /bin/netstat /bin/nisdomainname /bin/ypdomainname /sbin/ether-wake /sbin/ifconfig /sbin/ipmaddr /sbin/iptunnel /sbin/mii-diag /sbin/mii-tool /sbin/nameif /sbin/plipconfig /sbin/route /sbin/slattach ok, so the mii-* stuff is deprecated (as is route, ifconfig, netstat, and arp? sigh). apparently the network administrator went ahead and forced the switch port to use gigE, so its no longer in the 'broken' state of autonegotiating 100baseT. Just for comparison this is a server that is set to auto negotiate [root@sch-mwg-01 access.log]# mii-tool eth0 eth0: negotiated 100baseTx-FD, link ok [root@sch-mwg-01 access.log]# ethtool eth0 Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supported pause frame use: Symmetric Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: Symmetric Advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 1 Transceiver: internal Auto-negotiation: on MDI-X: off Supports Wake-on: pumbg Wake-on: g Current message level: 0x0007 (7) drv probe link Link detected: yes Note that mii-tool is reporting incorrectly. That server is currently processing ~500Mbit/s. Of the tools listed above, the only one I still extensively use is netstat as ss, its replacement, is IMO not very nice. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] RHEL 5 EOL
Hi List, As an FYI Red Hat have announced the 1 year EOL notice for RHEL 5. Anyone still using CentOS 5 would do well to start planning on upgrading to 6 or 7. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a way to detect/validate DHCP static IP assignment?
On 30/03/2016 18:08, David Copperfield wrote: Hi, We have tens of networks(VLANs) in data center with a central Linux DHCP server. each network has their router to do the DHCP relay. So, the DHCP server's configuration files has tens 'subnet' statements. Because PXE booting is standard in whole data center, there are also thousands of static MAC-IP mapping 'host' statements in dhcp configuration. The big challenge with a central dhcp server is how to detect typo in the thousands of MAC-IP 'host' statements? -- a single char/digit typo here will fail a PXE booting or download wrong post-installation snippets. Is there a tool to validate all 'host' statements from another Linux box? I tried nagios check-dhcp plugin, with a series of real MAC addresses(for hosts in other different networks). Surprisingly, the IP address came back were not the static IP addresses in 'host' statement, but dynamic addresses in the pool defined for this particular network (where I ran check-dhcp from). check_dhcp was run with the following arguments: /usr/lib64/nagios/plugins/check_dhcp --verbose --server= --interface=eth0 --mac= --unicast remove --unicast doesn't help but just see more DHCP replys. Interestingly, with a same MAC address, and the above same command, from two Centos boxes on different network there will be different dynamic IPs! instead the static IP defined with 'host' statement. So, how can we validate static IP assignment? Thanks. Best,David, Hi David, You need to use check_dhcp_relayed.pl (https://github.com/timb07/check_dhcp_relayed) if you wish to test for a reservation outside of the servers subnet, otherwise the DHCP server will assume you are on the local range and issue from that subnet. Also as an FYI Forman (http://theforeman.org) can do things like building VM's and Physical servers and integrates with DHCP to create static DHCP reservations for PXE booting servers which should eliminate typos. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Pi 2 Alternatives
On 04/02/2016 15:33, Chris Olson wrote: We have a requirement for a new application that will be used fixed, portable, and mobile. The hardware requirements drive the need for networking as well as some general purpose and special purpose interfaces. The software requirements are quite simple in comparison to many of our much larger systems with similar hardware requirements. We are not significantly restricted in choice of storage peripherals or other devices that may be needed. We believe that a small, single board computer will meet all requirements as long as it can run Linux. We have identified the need for approximately six prototyping units to support the initial production of about 200 to 300 operational systems. Our development and deployment time frame does not drive the need for an extremely rapid product decision, and there are pre-planned upgrade cycles over the next five years. An internal group has achieved a significant head of steam in support of using the Pi 2 Model B. The support enthusiasm may be partly technical and partly the hype associated with jumping into the Pi community. The number of suppliers does appear to support our supply chain and sustainment requirements, however the Linux available for the Pi 2 does not appear to be optimal. It would be better if there were choices that include a standard Linux distribution such as CentOS. This certainly seems like one of those situations where a trade of single board computer products is appropriate and achievable. There are products similar to the Pi 2 capable of running a more standard Linux distribution that we might consider. Does anyone have an experience-based single board computer recommendation? Thanks in advance for any product recommendations. Not sure if you are aware of this https://wiki.centos.org/SpecialInterestGroup/AltArch/Arm32 But that might help the Pi fit your needs. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Squid as interception HTTPS proxy under CentOS 7
On 04/02/2016 13:24, C. L. Martinez wrote: Hi all, I am trying to configure squid as a interception HTTPS proxy under CentOS 7. At every https request, I am receiving a certificate error. My current config for squid is: # My localnet acl localnet src 172.22.55.0/28 acl localnet src 172.22.58.0/29 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 #http_port 3128 # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # My custom configuration http_port 8079 http_port 8080 intercept https_port 8081 ssl-bump intercept generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid/custom.private cert=/etc/squid/custom.cert # Anonymous proxy forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all # SSL Bump Config always_direct allow all ssl_bump server-first all sslproxy_cert_error deny all sslproxy_flags DONT_VERIFY_PEER I have tried disabling "sslproxy_cert_error" and "sslproxy_flags" directives, without luck. Any ideas about what am I doing wrong? Thanks. Do you have a copy of the Root CA you are using to re-encrypt the SSL stream installed in the browser? Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ICMP outoging traffic at centos 6.7
On 06/01/2016 15:56, Shital Sakhare wrote: Yes, now I am dropping packets in OUTPUT chain for type 3. Initially, I implemented the chain to drop type 0 and 8. But it wont worked and the packets were hitting at firewall for multiple ICMP requests. I didn't Understand the problem. After posting here I go through all the types of ICMP types where I understand to drop packets for "Host unreachability" . Thanks for your help Mr. Gordon . On Wed, Jan 6, 2016 at 8:47 PM, Gordon Messmerwrote: On 01/06/2016 05:47 AM, Shital Sakhare wrote: Thanks, Dropped the ICMP type 3 port. Now question to find the cause. Well, based on your tcpdump output, it looks like your rules were rejecting unrelated packets, or tcp/443 packets. It's hard to be sure since the ICMP was the first packet, so you didn't show the packet it was actually replying to. The ICMP traffic is a result of rejecting rather than dropping that traffic. That is, I think you're looking at the problem wrong. The ICMP traffic is simply the result of a choice you made. Are you dropping type 3 in the output chain? I assume you also have rules in the INPUT chain, and one of them reads something like this: -A INPUT -j REJECT --reject-with icmp-host-prohibited When traffic matches this rule your server will respond with an ICMP request. it sounds like you now have added a rule blocking your server from sending these responses. You should investigate what is matching the INPUT rule as it could be malicious activity that should be blocked further upstream from you (e.g. at the perimeter firewall) and if you wish to stop your server sending these responses you should change the rule to DROP instead of REJECT. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] install rrdtools-devel / rrdtool-perl
On 26/11/2015 17:58, Leandro wrote: Im very sorry. You were right, yum install works flawlessly for rrdtool, rrdtool-devel and rrdtool-perl packages. I tryed on a fresh centos7 install. The problem is that my Os is not a centos7 instead is a redhat 7. Since I dont have any support for this , I asked some help here. I thought that repositories are the same for fedora,redhat and centos. My mistake ... I dont know what to do now. Thankyou!! On 26/11/15 14:20, John Hodrien wrote: yum list rrdtool --show-duplicates ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos * This message has been checked for viruses by the Birmingham Grid for Learning. For guidance on good e-mail practice, e-mail viruses and hoaxes please visit: http://www.bgfl.org/emailaup * RHEL uses RHN for system updates etc. You will need the following reops enabled for those files: Red Hat Enterprise Linux 7 Server (RPMs) Red Hat Enterprise Linux 7 Server - Optional (RPMs) To access RHN you will need a support agreement with Red Hat. You could use the packages from Centos, but it would be better to just rebuild the server if you are going down that route. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] install rrdtools-devel / rrdtool-perl
On 26/11/2015 18:22, John R Pierce wrote: On 11/26/2015 10:18 AM, Tris Hoar wrote: To access RHN you will need a support agreement with Red Hat. You could use the packages from Centos, but it would be better to just rebuild the server if you are going down that route. long ago, far away, I successfully converted several RHEL boxes to CentOS by making a list of all the RPMs and replacing them with the centos equivalents, after removing the RHN related packages and manually installing the CentOS equivalents. But I think it was RHEL 3 or 4 when I last did this. I've done the same in with RHEL5 and it worked fine, but its not something I'd do to a production system. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] getting a CentOS6 VM on VMware ESXi platform to recognize a new disk device
On 04/11/2015 20:59, John R Pierce wrote: On 11/4/2015 12:52 PM, Boris Epstein wrote: I don't get this for some reason... not even sure why. ESXi's default behaviour seems to be to allow hotplug, that does not seem to be deactivated. I am just not sure. Wonder if this could be the Centos 7 vs 6 - perhaps that is what I ought to test for. what virtual SCSI controller type are you using for these VM's? Mine are 'paravirtual'. Also, what guest OS and VM hardware version is the guest running as? Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EFI netboot to kickstart install
On 22/10/2015 03:25, Grant Street wrote: Hello All Up until now we have been using standard PXE boot to do kick start installs of centos boxes. With recent machines however they come by default as EFI boot. We can set them to legacy but I would like to solve this before this option goes away. Just wondering if anyone has any experience setting up a net boot server that can be used to kickstart EFI machines? Thanks Grant Hi Grant, As a guess it is due to the partition scheme you are using in your kickstart (this was the issue for me at least) Try something like part /boot --fstype="xfs" --fsoptions="nodev,noexec,nosuid" --size=500 --ondisk=sda part /boot/efi --fstype="efi" --size=200 --ondisk=sda Along with your other mount points etc. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using a CentOS 6 Machine as a gateway/router/home server
On 29/06/2015 16:59, Max Pyziur wrote: On Sun, 28 Jun 2015, John R Pierce wrote: On 6/28/2015 3:49 PM, Max Pyziur wrote: I also seem to need to load iptable_nat nf_nat_ftp via rc.local Is this correct? only if you're running some Linux build from the 1990s. nothing on RHEL/CentOS should need anything in rc.local Then what is the appropriate way to ensure that these modules are loaded? Should they be placed in the /etc/init.d/iptables script? IPTABLES_MODULES=iptable_nat ip_nat_ftp ip_conntrack ip_conntrack_ftp or somewhere else? Thanks Max It should do it automatically for you. Try it. Editing system init scripts is rarely recommended. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] specify port on check_memcached.pl
On 24/05/2015 15:36, Tim Dunphy wrote: Hey guys, I'm trying use check_memcached.pl to monitor a couple of memcached services running on two ports. I have my command definition setup like this: # 'check_memcached' command definition define command { command_name check_memcached command_line $USER1$/check_memcached.pl -H $HOSTADDRESS$ -p $ARG1$ } And I have my service definitions setup like this: # Define a service to check memcached on web1 (just the basics for right now). define service{ use local-service ; Name of service template to use host_name web1 service_description Check Memcached 11211 contact_groups linux-admins check_command check_memcached!web1.example.com !11211 notifications_enabled 1 } # Define a service to check memcached on web1 (just the basics for right now). define service{ use local-service ; Name of service template to use host_name web1 service_description Check Memcached 11212 contact_groups linux-admins check_command check_memcached!web1.example.com !11212 notifications_enabled 1 } And if I run both checks manually they succeed: [root@monitor1:/usr/local/nagios/etc/objects/servers] #../../../libexec/ check_memcached.pl -H web1.example.com -p 11211 MEMCACHE OK: memcached 1.4.22 on web1.example.com:11211, up 22 minutes 52 seconds [root@monitor1:/usr/local/nagios/etc/objects/servers] #../../../libexec/ check_memcached.pl -H web1.example.com -p 11212 MEMCACHE OK: memcached 1.4.22 on web1.example.com:11212, up 12 minutes 2 seconds Yet, in my nagios web interface, I'm getting this error: Check Memcached 11211 https://nagios.jokefire.com/nagios/cgi-bin/extinfo.cgi?type=2host=web1service=Check+Memcached+11211 CRITICAL 05-24-2015 14:28:31 0d 0h 10m 19s 4/4 CRITICAL ERROR - Can not connect to '162.243.60.6' on port 0 Check Memcached 11212 https://nagios.jokefire.com/nagios/cgi-bin/extinfo.cgi?type=2host=web1service=Check+Memcached+11212 CRITICAL 05-24-2015 14:29:12 0d 0h 11m 8s 4/4 CRITICAL ERROR - Can not connect to '162.243.60.6' on port 0 I thought I could specify the command in the service definition like this: check_memcached!web1.example.com!11211 To reproduced the command as it's executed on the command line. How can I specify the port correctly here? Thanks, Tim Hi Tim, Your command specification is wrong. It will get the -H attribute from the host_name you should not specify it on the check_command and By doing so what you have effectively done is write: check_memcached.pl -H web1.example.com -p web1.example.com 11211 if you enable debug_level=2048 you should be able to see the commands that Nagios is creating. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] I Have Multiple Ips But Can Only Telnet to One Interface. Not the subinterface. How to Fix?
On 20/05/2015 11:41, Mike McKoy wrote: [root@mail1 log]# netstat -plnt |grep :25 tcp 0 0 172.30.1.113:25 0.0.0.0:* LISTEN 18800/master tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 18800/master You are not listening on 172.30.1.65 you need to edit the postfix config to listen on either 0.0.0.0 or both IP's Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nagios check_local_disk failing
On 14/05/2015 02:42, Tim Dunphy wrote: Hey all, I have a local disk check defined which is giving me an error: Current Status: UNKNOWN (for 0d 0h 1m 38s)Status Information:Unknown argument Usage: check_disk -w limit -c limit [-W limit] [-K limit] {-p pathPerformance Data:-x device} [-C] [-E] [-e] [-f] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ] [-t timeout] [-u unit] [-v] [-X type] [-N type] [-n] I have a local check setup like this in the server's config: define service{ use local-service ; Name of service template to use host_name monitor1 service_description Root Partition check_command check_local_disk!20%!10%!/ } It's attempting to do a local disk check on the nagios server itself. Not an NRPE check. This is the command definition: # 'check_local_disk' command definition define command{ command_namecheck_local_disk command_line$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -x $ARG4$ } Can someone please tel me where I'm going wrong? Thanks, Tim You need to remove the 4th argument if you are not using it [root@nagios plugins]# ./check_disk -w 20 -c 10 -p / -x ./check_disk: option requires an argument -- 'x' Unknown argument Usage: check_disk -w limit -c limit [-W limit] [-K limit] {-p path | -x device} [-C] [-E] [-e] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ] [-t timeout] [-u unit] [-v] [-X type] [root@nagios plugins]# ./check_disk -w 20 -c 10 -p / DISK OK - free space: / 20848 MB (92% inode=97%);| /=1670MB;23711;23721;0;23731 Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7 and fstab
On 14/05/2015 10:16, Alessandro Baggi wrote: Hi List, I've installed C7.1 and today configuring fstab for another disk I get this: UUID=d5ff30df-9e1d-4fc8-99b6-845ffa6509db / xfs defaults0 0 UUID=052f75bc-0513-45e0-a01f-06c9a698469f /mnt/data xfs defaults0 0 UUID=732dafbd-2f14-4dd6-8513-1504b13302f1 swapswap defaults0 0 Fields fs_freq and fs_passno are all set to 0. This fstab was generated by the installer and not yet modified. To reproduce this, I've installed a minimal centos on a VM and the same problem persists. I don't know if this is a bug or if there is a new system that does not require the last two field on C7 REL 1503. Someone has the same problem? THanks in advance. This is the default when using the xfs filesystem Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox 38 and Older TLS sites
On 13/05/2015 11:12, Johnny Hughes wrote: All, Red Hat released the source code for Firefox 38. We have (or willbe today) releasing this for CentOS-5, CentOS-6, and CentOS-7. It does not, by default, connect to https sites with TLS less than 1.2. This means it will not connect to sites on CentOS-5, for example .. there are many others. In any event, here is a wiki article that explains potential issues and workarounds: http://wiki.centos.org/TipsAndTricks/Firefox38onCentOS Thanks, Johnny Hughes Hi Johnny, My reading of https://access.redhat.com/node/1422403 is Firefox 38 will connect to sites using TLS 1.0 and 1.1. But ONLY if the server correctly negotiates the connection. This should only effect sites that close the initial connection due to not understanding TLS 1.2. A quick test connecting to a RHEL5 server over HTTPS with Firefox 38 shows it has established a TLS 1.0 connection so this should not really effect CentOS 5. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] semi-OT: t-bird mime type on .pdf attachment is wrong
On 22/04/2015 19:25, m.r...@5-cent.us wrote: I was sending my manager a copy of a form, and attached it (not inline), using -t-bird, and he complains it didn't want to open. Looking at the message source, t-bird had decided that the mime type was all/allfiles, though the name ended in .pdf. I've searched via the config editor, and I've been googling, and not finding anything. (I just *adore* the current google: I have +all/allfiles in the search terms, and in the para it displays on a hit I see all somethingorother, with the word all bolded) Anyone got ideas? I've looked in .thunderbird/blah.default/mime_types.rdf, and everything looks good in there. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos * This message has been checked for viruses by the Birmingham Grid for Learning. For guidance on good e-mail practice, e-mail viruses and hoaxes please visit: http://www.bgfl.org/emailaup * Did you check the mime type of the file? just because it says PDF does not make that true. You can use file to check it. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
On 24/03/2015 18:54, Les Mikesell wrote: On Tue, Mar 24, 2015 at 1:26 PM, Frank Cox thea...@melvilletheatre.com wrote: On Tue, 24 Mar 2015 12:56:27 -0500 Les Mikesell wrote: Doesn't anyone have a list of the oldest kernel version for each Centos version you could be running and still avoid known problems? The best answer to your question is the latest version, since previous versions all have known issues of one kind or another. It's not a great idea to run outdated Centos systems with known bugs of any kind. I can't argue with that (then again, you were running that buggy code before and happy with it), but having to reboot frequently is not ideal either, particularly on machines where scheduling downtime is a fairly involved process. I'm looking for the compromise with the least pain involved. Hi Les, https://access.redhat.com/labs/leapsecond/leap_vulnerability.sh If you don't have a subscription then the key bits from the script are: # RHEL 4 needs to be after -89 # RHEL 5 needs to be after -164 # RHEL 6 Affected Versions # 6 GA: All Versions # 6.1: Versions before -131.30.2 # 6.2: Versions before -220.25.1 # 6.3: Versions before -279.5.2 and that the tzdata should be from 2015 Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tasks in /etc/cron.daily on CentOS 7?
On 11/03/2015 15:17, Niki Kovacs wrote: Hi, I just configured SquidAnalyzer, a nifty little network statistics tool that I'm using mainly in school networks to monitor network usage. I want to run the '/usr/bin/squid-analyzer' script once a day. I took a peek in /etc/cron.daily, and the package already installed an /etc/cron.daily/0squidanalyzer script. I wanted to know at what time CentOS ran the cron.daily scripts, so I typed crontab -l, but there was only no cronjobs defined for root. Here's how things look on a public Slackware64 14.0 server I administrate: # crontab -l ... # Run hourly cron jobs at 47 minutes after the hour: 47 * * * * /usr/bin/run-parts /etc/cron.hourly 1 /dev/null # # Run daily cron jobs at 4:40 every day: 40 4 * * * /usr/bin/run-parts /etc/cron.daily 1 /dev/null # # Run weekly cron jobs at 4:30 on the first day of the week: 30 4 * * 0 /usr/bin/run-parts /etc/cron.weekly 1 /dev/null # # Run monthly cron jobs at 4:20 on the first day of the month: 20 4 1 * * /usr/bin/run-parts /etc/cron.monthly 1 /dev/null How is this handled on CentOS 7? Cheers, Niki CentOS / RHEL 7 use anacron for this [root@server~]# cat /etc/anacrontab # /etc/anacrontab: configuration file for anacron # See anacron(8) and anacrontab(5) for details. SHELL=/bin/sh PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root # the maximal random delay added to the base delay of the jobs RANDOM_DELAY=45 # the jobs will be started during the following hours only START_HOURS_RANGE=3-22 #period in days delay in minutes job-identifier command 1 5 cron.daily nice run-parts /etc/cron.daily 7 25 cron.weekly nice run-parts /etc/cron.weekly @monthly 45 cron.monthlynice run-parts /etc/cron.monthly Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
On 18/02/2015 07:17, aditya hilman wrote: Hi folks, I've already configured split DNS for internal-view and external-view. Also already configured the master - slave dns. But i've problem with external-view zone transfer. Based on the logs, the master notify to slave using the public ip, which is not accessible by master to transfering the zone over public ip. Is it possible to transfer zone over local ip for external-view ? Thanks. Hi Adit, If you are not already using TSIG's in your views I suggest you look at this guide http://blog.hudecof.net/posts/2014/02/07/bind9-with-views-and-tsig-axfr.html It shows how to use TSIG's to identify the views so you can slave both of them to the secondary. also you want to add to the options section on the master also-notify { slaves-IP; }; This make it tell the slave to update its zone. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Zone file not written to slave DNS server
On 14/01/2015 03:56, Emmett Culley wrote: On 01/13/2015 12:10 PM, Mateusz Guz wrote: Have you found a solution? Did u allow master dns server to update the slave in /etc/named.conf ? -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of John R Pierce Sent: Monday, January 12, 2015 7:02 AM To: centos@centos.org Subject: Re: [CentOS] Zone file not written to slave DNS server On 1/11/2015 9:28 PM, Emmett Culley wrote: I have mostly succeeded in getting master and slave DNS servers operational. Mostly, because the zone file is not written when a zone is updated on the master server when the notify and transfer process happens. The slave DNS server gets the changes to the modified zone, but the slave zone file remains as before. I've found a few tutorials and lots of discussions, many of which talk about the slave's zone file getting written upon transfer, but none mention what configuration option would cause the slave's files to get updated. The master is on a Cantos 6 server and the slave is on a Cantos 7 machine. does the named service have write access to the slave directory ? chown named.named /path-to-named/slave oh, is your slave chrooted? are you looking in the right directory, eg, /var/named/chroot/var/named/slave ? I am seeing the following in the log: Jan 13 12:08:44 g1 named[16370]: 13-Jan-2015 12:08:44.792 general: info: zone mydomain.com/IN: Transfer started. Jan 13 12:08:44 g1 named[16370]: 13-Jan-2015 12:08:44.885 xfer-in: info: transfer of 'mydomain.com/IN' from xx.xx.xxx.xxx#53: connected using 66.208.208.151#40226 Jan 13 12:08:44 g1 named[16370]: 13-Jan-2015 12:08:44.948 general: info: zone mydomain.com/IN: transferred serial 112 Jan 13 12:08:44 g1 named[16370]: 13-Jan-2015 12:08:44.948 xfer-in: info: transfer of 'mydomain.com/IN' from xx.xx.xxx.xxx#53: Transfer completed: 1 messages, 38 records, 898 bytes, 0.063 secs (14253 bytes/sec) Jan 13 12:08:44 g1 named[16370]: 13-Jan-2015 12:08:44.949 notify: info: zone mydomain.com/IN: sending notifies (serial 112) Yet the slaves/mydomain.com.db file does not get updated. There must be an option I am not setting correctly. Slave config: Global: options { allow-notify { mas.ter.IPa.ddr; }; allow-transfer { mas.ter.IPa.ddr; }; Neither of these are needed on slave servers. . . . }; Per zone: zone mydomain.com. IN { type slave; file slaves/mydomain.com.db; masters { mas.ter.IPa.ddr; }; }; Master config: Global: options { allow-transfer { sla.ve.IP.net/28; 127.0.0.1; }; also-notify { sla.ve.IPa.ddr; }; This is not needed on the master server, unless the slave is not listed in the zone, or if the salve is on a different IP to the on defined in the zone (e.g. if the slave is behind a NAT and DNS lists it's NAT IP) allow-update { none; }; notify explicit; . . . }; I also tried it with allow-update set to slaves IP address, even though I was sure that option was about dynamic DNS, not zone transfer to a slave. Of course that didn't work either. Emmett You should check the permissions on the slaves folder to make sure named can write to it, also you should check if you have SElinux enabled, and if so check that the slaves folder is labelled as named_cache_t For example: [root@ns5 ~]# ll -Zd /var/named/slaves drwxrwx---. named named system_u:object_r:named_cache_t:s0 /var/named/slaves [root@ns5 ~]# ll -d /var/named/slaves drwxrwx---. 2 named named 4096 Jan 14 10:47 /var/named/slaves Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos7 ds-389
On 25/11/2014 16:52, Johan Vermeulen wrote: Hello All, I'm looking at setting up ds-389 on both Centos6.6 en Centos7, both minimal installs with epel repo enabled. When running yum search ds-389 on Centos7 I get only 3 packages, 389-ds-base 389-ds-base-devel 389-ds-base-libs On Centos6.6 I get the whole list: 389-ds.noarch : 389 Directory, Administration, and Console Suite 389-ds-base.x86_64 : 389 Directory Server (base) 389-ds-base-devel.i686 : Development libraries for 389 Directory Server 389-ds-base-devel.x86_64 : Development libraries for 389 Directory Server 389-ds-base-libs.i686 : Core libraries for 389 Directory Server 389-ds-base-libs.x86_64 : Core libraries for 389 Directory Server 389-ds-console.noarch : 389 Directory Server Management Console 389-ds-console-doc.noarch : Web docs for 389 Directory Server Management Console 389-dsgw.x86_64 : 389 Directory Server Gateway (dsgw) Is this a change in policy? I apologise if this has been answered before. A quick google did not provide an answer. Greetings, Johan Half the those packages are for i686 which is not longer a supported architecture in 7, and many of the others are from epel 389-ds-base.x86_64 1.2.11.15-48.el6_6 rhel-x86_64-server-6 389-ds-base-devel.x86_64 1.2.11.15-48.el6_6 rhel-x86_64-server-optional-6 389-ds-base-libs.x86_64 1.2.11.15-48.el6_6 rhel-x86_64-server-6 Is what I see on one of my RHEL6 servers. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] outside ssh connection from two different ISP's
On 11/11/2014 23:43, Les Mikesell wrote: On Tue, Nov 11, 2014 at 5:08 PM, Chris Beattie cbeat...@geninfo.com wrote: On 11/11/2014 2:27 PM, Steve Clark wrote: Buy second NIC and then the original script Jack Baily provided would work. I'm outside my area of expertise here, but is there a reason you couldn't fake a second network card by assigning two IP addresses to the one interface? I recall that the OP had two routers on opposite ends of the same subnet. If each router used its own subnet and everything was connected by a hub instead of a switch, then wouldn't the server know which way the packets needed to go out? Or a switch that knows VLANs, but that might be needlessly complex. I realize that means installing a hub instead of a second network card, so I'm just asking for my own edification. There's no difference between a hub and switch with respect to routing. It might be possible to do something with a 2nd ip address in the same subnet used as the target of the port-forwarding from the other router along with policy based routing to make packets with that source ip take the other route. But that would introduce complications for normal outbound traffic. It may depend on the point of having the 2nd connection. Normally cable is so much faster than dls that you would always prefer it unless it was down. If the dsl is just for emergency inbound use you might run a VM configured with the other gateway as the default - maybe even set up openvpn there for fairly transparent access to the rest of the LAN. Surely the easiest thing would be to setup a jump host. Essentially, 1 or 2 servers, if you want resiliency, which you can SSH on to from the internet, and then from there access the rest of the network. This gives the benefit of reducing the number of servers that have SSH exposed. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems when using tc.
On 26/03/2014 07:27, jason.z...@sumscope.com wrote: On 3/25/2014 11:47 PM, jason.z...@sumscope.com wrote: [jason@localhost network]$ sudo tc filter add dev eth0 parent 0: protocol ip u32 match ip dport 2323 0x flowid 1:0 RTNETLINK answers: Operation not supported tc is extremely picky and hard to debug with such lovely specific errors. (= blatant sarcasm) This is an example TC script I used to use. This has port matching included. http://pastebin.com/4ytunLSu It's been a few years since I looked at tc (this comes from a rhel3 server) But IIRC it worked fine. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disk space warning (gdu-notification-daemon type) for remote systems
On 12/03/2014 09:07, Toralf Lund wrote: On 11/03/14 16:16, Les Mikesell wrote: On Tue, Mar 11, 2014 at 9:49 AM, Toralf Lund toralf.l...@pgs.com wrote: I think you should build a monitoring system (nagios, xymon, opennms, several others or perhaps your own if you're feeling far too adventurous) instead. right now all you care about is disk space, but eventually someone will want to also check for certain processes, open ports, logfile entries, something and you could spend the time now to put in the hooks for more advanced things and get people in the habit of checking a monitoring system on a regular basis. In general, that might make sense, but please consider the fact that I'm not talking about a general server system. It's a machine dedicated to running a server component on one specific software package, and will only ever be contacted by a handful of display machines running a GUI component of the same piece of software. Then you need to look at the features of the specific GUI and its transport to the server to see what options it provides for popup messages. I can easily add a check to software itself. But like I said, I want to avoid re-inventing the wheel. So if there is something built into the system that will do the job for me... Personally, I'd still recommend something more general that would generate email or text message alerts to the right set of people. It is fairly rare for 'users' to be interested in fixing system problems and even if that happens to be the case now for this particular box it may not always be. Trust me, this is a highly customised setup with very special users, and this won't change just like that. A more general system is not an entirely bad idea, but I think it would only make sense if implemented at a larger scale based on a system-wide policy (there is much else going on in the same network.) Which I'm not sure will happen right now... - Toralf You could use the Nagios check_disk plugin to monitor the disk usage. This gives easy to use response codes and could be wrapped in a script that sends an email if if runs low on space. put in cron to run every 10 minutes or something like that and it will do what you are looking for. You can get the plugin from epel and it is trivial to install and use. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 + Quagga + SELinux
On 05/03/2014 19:11, Les Mikesell wrote: On Wed, Mar 5, 2014 at 9:19 AM, Daniel J Walsh dwa...@redhat.com wrote: man zebra_selinux ... If you want to allow zebra daemon to write it configuration files, you must turn on the zebra_write_config boolean. Disabled by default. setsebool -P zebra_write_config 1 Is there some global registration facility for selinux context names or are you the only one that knows them all? You can see all the se booleans by running getsebool -a Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Howto to capture taskset output command
On 26/02/2014 13:45, C. L. Martinez wrote: On Wed, Feb 26, 2014 at 1:40 PM, sjt5atra sjt5a...@gmail.com wrote: On Feb 26, 2014, at 8:28 AM, C. L. Martinez carlopm...@gmail.com wrote: On Wed, Feb 26, 2014 at 12:40 PM, Steven Tardy sjt5a...@gmail.com wrote: On Wed, Feb 26, 2014 at 6:57 AM, C. L. Martinez carlopm...@gmail.comwrote: if [ $cpu_affinity == $cpu_affinity_ok ]; then are you comparing strings or integers? # man test STRING1 = STRING2 the strings are equal INTEGER1 -eq INTEGER2 INTEGER1 is equal to INTEGER2 Thanks Steven, but it doesn't works also .. Using if [ $cpu_affinity -eq $cpu_affinity_ok ]; then ./cpu_affinitty: line 7: [: taskset -p -c 27756 | awk '{ print }': integer expression expected Yes, since you are double quoting you are using strings. Try using a single = sign instead of your original double equal sign. Ok, problem solved. With this compare function: if [[ $bro_cpu_affinity == *$cpu_affinity_ok* ]]; then works ok ... sjt5atra, using a single =, it doesn't works ... The issues are to do with your variable expansion [root@srvman ~]# cpu_affinity=taskset -p -c `cat /var/run/crond.pid` | awk '{print $6}' [root@srvman ~]# echo $cpu_affinity taskset -p -c 2532 | awk '{print }' I think your script is still broken, as you are now just looking for any number matching $cpu_affinity_ok in $cpu_affinity. You should be able to do an integer comparison for your if statement. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Selinux TFTP question [was: (no subject)]
On 16/11/2013 21:46, Andrew Holway wrote: [root@ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot directory system_u:object_r:tftpdir_t:s0 /tftpboot/.* all files system_u:object_r:tftpdir_t:s0 /usr/sbin/atftpd regular file system_u:object_r:tftpd_exec_t:s0 /usr/sbin/in\.tftpdregular file system_u:object_r:tftpd_exec_t:s0 /var/lib/tftpboot(/.*)?all files system_u:object_r:tftpdir_rw_t:s0 /var/lib/tftpboot/etc(/.*)?all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/grub(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/images(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/memdisk regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/menu\.c32regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/ppc(/.*)?all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/pxelinux\.0 regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/pxelinux\.cfg(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/s390x(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/yaboot regular file system_u:object_r:cobbler_var_lib_t:s0 Could someone tell me why: /var/lib/tftpboot(/.*)? - is using (/.*)? This covers /var/lib/tftpboot and all files under it and gives them the label tftpdir_rw_t /tftpboot/.* - is using .* This covers all files under /tftpboot/ giving them the label tftpdir_t. There is a separate entry for the directory: /tftpboot directory system_u:object_r:tftpdir_t:s0 As to why the difference I've no idea as looking at other root dirs with semanage fcontext -l I can see most of them use (/.*)? which makes sense. Thanks, Andrew ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Regards, Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IBM Storwize V3700 storage - device names
On 07/11/2013 21:14, Todor Petkov wrote: Hello, I have IBM Storwize V3700 storage, connected to 2 IBM x3550 M4 servers via fiber channel. The servers are with QLogic ISP2532-based 8Gb Fibre Channel to PCI Express HBA cards and run Centos 5.10 When I export a volume to the servers, each of them sees the volume twice, i.e /dev/sdb and /dev/sdc, with the same size. Previously I have installed many systems with IBM DS3500 series of storage and the servers see one disk per export. I am using the MPP drives from this package: http://support.netapp.com/NOW/public/apbu/oemcp/apbu_lic.cgi/public/apbu/oemcp/09.03.0C05.0652/rdac-LINUX-09.03.0C05.0652-source.tar.gz I came upon the IBM site, saying to configure multipath (I never did it for DS3500 series). When I did, a new device came, /dev/dm-7, but my goal is to have one /dev/sdX type of device and no device mapper. I read that Storwize support DMP RDAC, and DS support MPP RDAC, but does anyone else have experience with such setup and can give an advice/hint? Thanks in advance. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I's been a while since I set this up, and this on on XIV, not v3700 (which we also have but it only has VMware connected to it) but this is a RHEL 5.10 box, so is reasonably compatible. This is, IMO, normal behaviour for a multipath device. For example on one of our boxes if I run: [root@server ~]# multipath -ll mpath0 (20017380011ea0c74) dm-2 IBM,2810XIV [size=224G][features=1 queue_if_no_path][hwhandler=0][rw] \_ round-robin 0 [prio=1][active] \_ 3:0:0:1 sdb 8:16 [active][ready] \_ 3:0:1:1 sdc 8:32 [active][ready] \_ 3:0:2:1 sdd 8:48 [active][ready] \_ 3:0:3:1 sde 8:64 [active][ready] \_ 3:0:4:1 sdf 8:80 [active][ready] \_ 3:0:5:1 sdg 8:96 [active][ready] \_ 4:0:0:1 sdh 8:112 [active][ready] \_ 4:0:1:1 sdi 8:128 [active][ready] \_ 4:0:2:1 sdj 8:144 [active][ready] \_ 4:0:3:1 sdk 8:160 [active][ready] \_ 4:0:4:1 sdl 8:176 [active][ready] \_ 4:0:5:1 sdm 8:192 [active][ready] You can see there are 12 sdx devices, but that all maps to just 1 LUN. With multipathd installed and running this all maps to a single volume under /dev/mpath/mpath0 which I then use LVM to manage: --- Physical volume --- PV Name /dev/mpath/mpath0 VG Name vg_data PV Size 224.00 GB / not usable 4.00 MB Allocatable yes (but full) PE Size (KByte) 4096 Total PE 57343 Free PE 0 Allocated PE 57343 PV UUID GY4ekC-KuXE-LyW6-kiHB-F9g6-ivB2-BD01Ih This all works fine and allows us to loose paths to the SAN with out disruption to the servers. There is no reason to be using /dev/sdx devices to control your underlying hardware, and is in fact coincided bad practice as there is no assurance that when the server next boots it will detect the hardware in the same order. You should really be using UUIDS or device labels to address your storage as that is immutable between boots. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] - problem gcc with yum
On 10/10/2013 12:26, Earl Ramirez wrote: On Thu, 2013-10-10 at 13:23 +0200, Paolo De Michele wrote: hi all, today, I have this problem: # yum install gcc Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: ftp.hosteurope.de * epel: mirror.de.leaseweb.net * extras: ftp.hosteurope.de * updates: ftp.hosteurope.de Setting up Install Process Resolving Dependencies -- Running transaction check --- Package gcc.x86_64 0:4.4.7-3.el6 will be installed -- Processing Dependency: libgomp = 4.4.7-3.el6 for package: gcc-4.4.7-3.el6.x86_64 -- Processing Dependency: cpp = 4.4.7-3.el6 for package: gcc-4.4.7-3.el6.x86_64 -- Processing Dependency: glibc-devel = 2.2.90-12 for package: gcc-4.4.7-3.el6.x86_64 -- Processing Dependency: cloog-ppl = 0.15 for package: gcc-4.4.7-3.el6.x86_64 -- Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.4.7-3.el6.x86_64 -- Running transaction check --- Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed -- Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 -- Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 --- Package cpp.x86_64 0:4.4.7-3.el6 will be installed -- Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-3.el6.x86_64 --- Package glibc-devel.x86_64 0:2.12-1.107.el6_4.4 will be installed -- Processing Dependency: glibc-headers = 2.12-1.107.el6_4.4 for package: glibc-devel-2.12-1.107.el6_4.4.x86_64 -- Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.107.el6_4.4.x86_64 --- Package libgomp.x86_64 0:4.4.7-3.el6 will be installed -- Running transaction check --- Package glibc-headers.x86_64 0:2.12-1.107.el6_4.4 will be installed -- Processing Dependency: kernel-headers = 2.2.1 for package: glibc-headers-2.12-1.107.el6_4.4.x86_64 -- Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.107.el6_4.4.x86_64 --- Package mpfr.x86_64 0:2.4.1-6.el6 will be installed --- Package ppl.x86_64 0:0.10.2-11.el6 will be installed -- Finished Dependency Resolution Error: Package: glibc-headers-2.12-1.107.el6_4.4.x86_64 (updates) Requires: kernel-headers = 2.2.1 Error: Package: glibc-headers-2.12-1.107.el6_4.4.x86_64 (updates) Requires: kernel-headers You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest Do you have the kernel-headers install? If not yum install kernel-headers This should resolve the issue because it's required but missing. how can I fix? thanks in advance As yum does the depsolving it should install the kernel-headers for you. It's more likely that there is something in your yum conf that is excluding updates to kernel-headders. I'd check your config files. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Wacom hotplug Xorg crash
On 07/12/2012 23:09, James Pearson wrote: We're seeing a number of Xorg crashes with CentOS 6.2 when using a Wacom tablet shared between two machines (the other machine is running Windows) via a KVM Xorg crashes after switching the KVM back to the CentOS box I've tried googling for this issue - and have found: https://access.redhat.com/knowledge/solutions/148183 Which has a similar backtrace (although not identical) to ones we are seeing (see below) - but no further info is given on that webpage - but appears to indicated that more info might (?) be available if I have a Red Hat Subscription login - which I don't ... Would it be possible for someone that does have access to let me know if there is any more Red Hat Knowledge Base information about this issue? A sample backtrace we have seen is: Backtrace: 0: /usr/bin/Xorg (xorg_backtrace+0x28) [0x4546f8] 1: /usr/bin/Xorg (0x40+0x58429) [0x458429] 2: /lib64/libpthread.so.0 (0x3db6a0+0xf4a0) [0x3db6a0f4a0] 3: /usr/lib64/xorg/modules/input/wacom_drv.so (0x7fc69c2c6000+0x48e6) [0x7fc69c2ca8e6] 4: /usr/lib64/xorg/modules/input/wacom_drv.so (0x7fc69c2c6000+0x4ac9) [0x7fc69c2caac9] 5: /usr/lib64/xorg/modules/input/wacom_drv.so (0x7fc69c2c6000+0x4b2d) [0x7fc69c2cab2d] 6: /usr/bin/Xorg (0x40+0x5f077) [0x45f077] 7: /usr/bin/Xorg (0x40+0x1158b3) [0x5158b3] 8: /lib64/libpthread.so.0 (0x3db6a0+0xf4a0) [0x3db6a0f4a0] 9: /lib64/libpthread.so.0 (open64+0x10) [0x3db6a0ed10] 10: /usr/lib64/xorg/modules/input/wacom_drv.so (0x7fc69c2c6000+0x84ec) [0x7fc69c2ce4ec] 11: /usr/bin/Xorg (0x40+0x61f41) [0x461f41] 12: /usr/lib64/xorg/modules/input/wacom_drv.so (0x7fc69c2c6000+0xd746) [0x7fc69c2d3746] 13: /usr/lib64/xorg/modules/input/wacom_drv.so (0x7fc69c2c6000+0x885b) [0x7fc69c2ce85b] 14: /usr/bin/Xorg (0x40+0x61f41) [0x461f41] 15: /usr/bin/Xorg (0x40+0x142099) [0x542099] 16: /usr/lib64/libhal.so.1 (0x3dc2c0+0xbc08) [0x3dc2c0bc08] 17: /lib64/libdbus-1.so.3 (dbus_connection_dispatch+0x336) [0x3db82109d6] 18: /lib64/libdbus-1.so.3 (0x3db820+0x10ca9) [0x3db8210ca9] 19: /usr/bin/Xorg (0x40+0x13f84b) [0x53f84b] 20: /usr/bin/Xorg (WakeupHandler+0x4b) [0x42421b] 21: /usr/bin/Xorg (WaitForSomething+0x1ef) [0x452d5f] 22: /usr/bin/Xorg (0x40+0x2ccf2) [0x42ccf2] 23: /usr/bin/Xorg (0x40+0x21ebb) [0x421ebb] 24: /lib64/libc.so.6 (__libc_start_main+0xfd) [0x3db621ecdd] 25: /usr/bin/Xorg (0x40+0x21a49) [0x421a49] Segmentation fault at address (nil) Thanks James Pearson Hi James, Redhat suggest to update the wdaemon package to version 0.17-2.el6. they also reverence this errata http://rhn.redhat.com/errata/RHEA-2011-1625.html Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS lookup delay with centos postfix
On 26/07/2012 02:40, David McGuffey wrote: On Jul 25, 2012, at 21:27, Joseph L. Casale jcas...@activenetwerx.com wrote: DNS lookups default to using 53/udp, and only use 53/tcp for zone transfers. could it be 53/udp is being lost/blocked between this host and your ns1 ? Unfortunately that is a common misconception. Tcp is used far more often than only as stated such as for size of request exceeding udp response size etc... Bottom line is both ports are needed, not just for zone xfers. Except that the malware guys have figured out how to abuse port 53. Security recommendation is to block TCP unless you're running a DNS server. And also block oversize port 53 UDP packets. Blocking oversize UDP packets is a very bad idea. EDNS is used for a lot of look ups these days due to DNSSEC, and so blocking oversize UDP packets will force you to use TCP to get many of your DNS requests. Dave M Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php4 under Centos6
On 12/06/2012 21:45, Michael Kress wrote: Am 12.06.2012 22:39, schrieb Reindl Harald: Am 12.06.2012 22:19, schrieb Michael Kress: Hello, is there any way of getting php4 installed on Centos6? I'd like to install it in an apache/fastcgi environment. Has anybody got a link to a description/howto describing a clean install? I failed compiling the original php4 tar ball and failed relocating the php binary. PHP4 IS DEAD SINCE A LONG TIME DO NOT USE PHP4 - THROW AWAY CRAP WHICH DOES NOT WORK WITH PHP5 BECAUSE IT IS UNMAINTAINED AND UNSECURE oh yes, forgot the disclaimer with the above text. Regards Michael I'm assuming that this would only be for a very specific issue that you have, and not externally facing. If so and I had to use something this old, I'd just use CentOS 3 http://vault.centos.org/3.9/ That came with php-4.3.2. the dep list that you would need to resolve to make the RPM work correctly on CentOS 6 is quite long. Regards, Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best way to duplicate a live Centos 5 server?
On 08/06/2012 17:33, Emmanuel Noobadmin wrote: I've got a CentOS 5 server that I want to migrate over into a virtualized instance. The problem is I need to minimize downtime so was trying to figure out a way to live clone the original. Initially, I thought I could do this via exporting an iSCSI target from the virtual host, create a MD raid 1 array on the C5 server, wait for it to sync, then shutdown the physical server and switch to the virtual one. But after getting iSCSI working... I realize I could not create a md device on a mounted disk. Unfortunately this old C5 wasn't setup with md raid 1 originally so I can't just add a the iSCSI target as an additional member for a triplicate. So I remembered DRBD was supposed to be used for replication. But after getting things set up, running the drbd-admin create-md command gave me this scary warning it will destroy data on the disk. Apparently because drbd writes meta data to the drive. So that appears to be a no go too. Am I missing something glaringly obvious here, or is the only way I'm going be able to migrate is to shutdown the C5 server for a few hours while duping the old drives? Would greatly appreciate any pointers how best to do this. You don't say what virtualisation platform you are using is, but if it's VMware, then you can use VMware converter to do the migration. This can, if you want, clone the physical computer into VMware, shut down the physical computer and bring up the new virtual instance. All whilst the physical remained up. I've used it for a few Linux boxes, where I've wanted a quick dev version of an existing server and its been fine. I guess, you could try pulling it into an ESXi host, and then exporting that in a format whatever virtualisation program it is you use supports... Regards, Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Block outgoing connections for certaing uids (root, apache, nobody)
On 04/04/2012 10:21, Tony Mountifield wrote: In articlecaadeywhp3mjspc-mo7aewzsxsq9phibpho2iu3bo8i0ttji...@mail.gmail.com, Alexander Farberalexander.far...@gmail.com wrote: Good morning With iptables in CentOS 5 and 6 Linux - how can you please prevent processes running as root, apache or nobody from initiating outgoing connections? On CentOS 5 Linux I've tried putting these lines into /etc/sysconfig/iptables: -A OUTPUT -m owner --uid-owner root -j DROP -A OUTPUT -m owner --uid-owner apache -j DROP -A OUTPUT -m owner --uid-owner nobody -j DROP but unfortunately get the error: # sudo service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: iptables-restore v1.4.7: owner: Bad value for --uid-owner option: apache Error occurred at line: 27 Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FAILED] Perhaps it doesn't do a username lookup and only understands numeric userids? Try: -A OUTPUT -m owner --uid-owner 0 -j DROP -A OUTPUT -m owner --uid-owner 48 -j DROP -A OUTPUT -m owner --uid-owner 99 -j DROP (I think those values are standard on CentOS) Bear in mind that preventing root connections would stop you doing any kind of updating using yum, unless you have a previous rule allowing http. Cheers Tony This would also stop the server being able to use DNS, and would likely break other things. I'd be wary of stopping root talking out of the network. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firefox and IronPort
On 21/02/2012 15:58, m.r...@5-cent.us wrote: A couple of weeks ago, I got an autogenerated email from the mail folks here, telling me they'd quarantined what they thought was spam. The last time I got one of these was a month or month and a half ago, and I had no problem. This time, however, I get a 500 error. When I pulled up firefox's error console, and clicked on the link, I got servername elided: server does not support RFC 5746, see CVE-2009-3555 I'm told they're running Cisco's IronPort. It appears the patch came out a year and a half or so ago. However, I also found a post where someone, apparently running on Windows, couldn't get to a site they needed to, either with IE 9 or FF10.somethingorother, until they downgraded. The support folks report they can get there, from Windows boxes. I've tried Mozilla's workarounds, in about:config, but no joy. My ff is up to date, including both patches from last week, and as those were critical, I'm very loathe to downgrade. a) Is anyone else seeing this? b) Any thoughts on whether it's an IronPort issue, or whether it might be a bug (new or reintroduced) browser problem? From my experiences with IronPort (admittedly from 3 years ago) I'd say blame that. The software is horribly buggy at best. Tris mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos * This message has been checked for viruses by the Birmingham Grid for Learning. For guidance on good e-mail practice, e-mail viruses and hoaxes please visit: http://www.bgfl.org/emailaup * * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bind slave sync takes long
On 22/11/2011 12:58, Götz Reinicke wrote: Hi, I do have two DNS servers running bind 9.7.3. One master, one slave. If I add/update a record on the master, it takes up to more or less 20 hours until that change is transferred to the slave. That is a long time for me :-) May be I got some settings wrong which would sync much faster ... ? What could be wrong? What might I check? Thanks for any suggestion and hint! Regards . Götz It sounds like the the slave is not getting notifies when the master is updated. I'd check the NS records first to make sure both master and slave are listed. Is this server providing external DNS behind a NAT? It could be that you are trying to to zone transfers over the external IP to 2 servers on the same external firewall. in this case, you can add the also-notify { internal ip of slave}; stanza to the named.conf to force it to notify the slave on updates. Tris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux policy remnant according to /bin/ls on CentOS 6.0 box
Jon, Its worth noting in C6 that you really should avoid using RPM to add/remove stuff and stick with yum. Yum now supports rolling back and forward package changes, but this is broken if you do things with RPM. Tris On 20/09/2011 18:48, Jon Detert wrote: I installed CentOS 6.0 on 2 different x86_64 boxen. Both originally had selinux installed and enabled. I never touched selinux other than to remove as much of it as I could via rpm -e. As far as I can tell, here are the remaining packages that have something to do with it: # rpm -qa | grep -iE 'sel|pol' checkpolicy-2.0.22-1.el6.x86_64 libselinux-2.0.94-2.el6.x86_64 libsepol-2.0.41-3.el6.x86_64 polkit-0.96-2.el6_0.1.x86_64 # Both boxen have those packages. However: 1) box1 still has files in /selinux whereas box2's /selinux is empty; 2) ls -l on box1 shows a '.' at the end of file/directory, which means a SELinux security context applies, according to https://fedoraproject.org/wiki/Fedora_11_FAQ#Why_does_ls_show_a_dot_.28..29_or_a_plus_.28.2B.29_at_the_end_on_the_file_modes_for_some_files.3F Any idea why box1 still seems to have an selinux policy applied, and how to un-apply it? Thanks, Jon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos * This message has been checked for viruses by the Birmingham Grid for Learning. For guidance on good e-mail practice, e-mail viruses and hoaxes please visit: http://www.bgfl.org/emailaup * * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RHEL 5.6 is out
Hi List, In case any of you are wondering when RHEL5.6 will be out our satellite server has just pulled down a copy (with bind97 and php53 :) so I'd expect an official announcement fairly soon. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.5 -software updater-break in download
On 25/11/2010 16:44, Johan Scheepers wrote: Good day, New to centos, New install . Using - Software updater While updating - downloading 73 updates there was a break in the download. The break happened close to the end. Now when using software updater again will it start all over again? Go on where the break happened? Could not find on google this issue Kindly some advice please. Thanks, Regards Johan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos * This message has been checked for viruses by the Birmingham Grid for Learning. For guidance on good e-mail practice, e-mail viruses and hoaxes please visit: http://www.bgfl.org/emailaup * Hi Johan, Yum should just re-download the required packages. As Yum downloads data it stores it in /var/cache/yum/**repo** (where repo is a subfolder for each repository) If you wish to remove this cache you can run something like yum clean all. Regards, Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos