Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Gionatan Danti]

Il 2021-01-28 19:17 James Pearson ha scritto:

I don't know of another way of testing if this build fixes the issue ?


According to Qualys blog, sudoedit -s '\' `perl -e 'print "A" x 65536'` 
should core-dump on vulnerable versions.


I just tried on stock 6.10 and it core-dumps, indeed. Upgrading to the 
OL6 sudo package fixes the issue, indeed (no more core dump).


So it seems to work fine to me.
Thanks.

--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.da...@assyoma.it - i...@assyoma.it
GPG public key ID: FF5F32A8
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[James Pearson]

Barry Brimer:
>
> I just installed this on a previously fully updated CentOS Linux 6 (x86_64) 
> VM.
> The package installed fine, the sudo functionality still works but according 
> to
> the test described in the qualys advisory of running "sudoedit -s /”
> (without quotes) this system is still vulnerable.

I guess that is a question to ask those that support OL6 ?

I noticed the same - but I don't know if running 'sudoedit -s /' is an absolute 
measure of the vulnerability being fixed?

There is definitely a 'CVE-2021-3156' patch that is applied in the SRPM ...

I don't know of another way of testing if this build fixes the issue ?

James Pearson
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Barry Brimer]

I just installed this on a previously fully updated CentOS Linux 6 (x86_64) VM. 
The package installed fine, the sudo functionality still works but according to 
the test described in the qualys advisory of running "sudoedit -s /” (without 
quotes) this system is still vulnerable.

My CentOS Linux 7 (x86_64), CentOS Linux 8 (x86_64), and CentOS Stream 8 
(x86_64) VM running the actual CentOS package do not appear vulnerable running 
this test.

Migrating the previously mentioned CentOS Linux 6 vm to Oracle Linux and 
running the same test shows the fully updated Oracle Linux 6 to be vulnerable 
as well.

Has anyone else tried this? Do your results match or differ from mine?

Thanks,
Barry

On January 28, 2021 9:15:47 AM UTC, James Pearson  
wrote:
>Maxim Shpakov:
>>
>> You can use oracle linux 6 , it is still supported (till March 2021)
>
>Looks like Oracle's el6 sudo update is now available:
>
>https://yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.x86_64.rpm
>https://yum.oracle.com/repo/OracleLinux/OL6/latest/i386/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.i686.rpm
>http://oss.oracle.com/ol6/SRPMS-updates/sudo-1.8.6p3-29.0.2.el6_10.3.src.rpm
>
>* Tue Jan 26 2021 Qing Lin  -
>1.8.6p3-29.0.2.el6_10.3
>- backport the fix CVE-2021-3156.patch from ol7.
>
>James Pearson
>___
>CentOS mailing list
>CentOS@centos.org
>https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[James Pearson]

Maxim Shpakov:
>
> You can use oracle linux 6 , it is still supported (till March 2021)

Looks like Oracle's el6 sudo update is now available:

 
https://yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.x86_64.rpm
 
https://yum.oracle.com/repo/OracleLinux/OL6/latest/i386/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.i686.rpm
 http://oss.oracle.com/ol6/SRPMS-updates/sudo-1.8.6p3-29.0.2.el6_10.3.src.rpm

* Tue Jan 26 2021 Qing Lin  - 1.8.6p3-29.0.2.el6_10.3
- backport the fix CVE-2021-3156.patch from ol7.

James Pearson
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[James Pearson]

Christian Anthon>
> Centos-6 compatible packages are available from the official sudo
> webpage. It's a later version of sudo and I'm not sure if that will
> cause problems. I've tried installing it and so-far so-good.
>
> https://www.sudo.ws/download.html

One minor problem - if you have sudo configured to use LDAP (using 
/etc/sudo-ldap.conf), then upgrading using the sudo.ws RPM will rename 
/etc/sudo-ldap.conf as /etc/sudo-ldap.conf.rpmsave and stop sudo working with 
LDAP

Moving the original /etc/sudo-ldap.conf back fixes this - but it's a pity the 
sudo.ws RPM doesn't provide /etc/sudo-ldap.conf as a config file - which would 
prevent this happening

James Pearson
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Christian Anthon]

Centos-6 compatible packages are available from the official sudo 
webpage. It's a later version of sudo and I'm not sure if that will 
cause problems. I've tried installing it and so-far so-good.


https://www.sudo.ws/download.html

Cheers, Christian.

On 27/01/2021 08.38, Gionatan Danti wrote:

Hi all,
do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?

While CentOS 6 is now supported anymore, RedHat has it under its 
payedsupport agreement (see: 
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).


So I wonder if some community-packaged patch exists...
Thanks.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Maxim Shpakov]

I think it is just not released yet. OL6 is on support track still

On Wed, 27 Jan 2021 at 12:33, Simon Matter  wrote:

> > Hi
> >
> > You can use oracle linux 6 , it is still supported (till March 2021)
>
> But I don't find this sudo update or the recent openssl update in their
> repos? Is this for paying customers only or what?
>
> Simon
>
> >
> > On Wed, 27 Jan 2021 at 09:38, Gionatan Danti  wrote:
> >
> >> Hi all,
> >> do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?
> >>
> >> While CentOS 6 is now supported anymore, RedHat has it under its
> >> payedsupport agreement (see:
> >> https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).
> >>
> >> So I wonder if some community-packaged patch exists...
> >> Thanks.
> >>
> >> --
> >> Danti Gionatan
> >> Supporto Tecnico
> >> Assyoma S.r.l. - www.assyoma.it
> >> email: g.da...@assyoma.it - i...@assyoma.it
> >> GPG public key ID: FF5F32A8
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Gionatan Danti]

Il 2021-01-27 09:34 Walter H. ha scritto:

is that what you expect to find?
https://access.redhat.com/errata/RHSA-2021:0227


Yes, something similar...
Thanks.

--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.da...@assyoma.it - i...@assyoma.it
GPG public key ID: FF5F32A8
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Simon Matter]

> Hi
>
> You can use oracle linux 6 , it is still supported (till March 2021)

But I don't find this sudo update or the recent openssl update in their
repos? Is this for paying customers only or what?

Simon

>
> On Wed, 27 Jan 2021 at 09:38, Gionatan Danti  wrote:
>
>> Hi all,
>> do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?
>>
>> While CentOS 6 is now supported anymore, RedHat has it under its
>> payedsupport agreement (see:
>> https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).
>>
>> So I wonder if some community-packaged patch exists...
>> Thanks.
>>
>> --
>> Danti Gionatan
>> Supporto Tecnico
>> Assyoma S.r.l. - www.assyoma.it
>> email: g.da...@assyoma.it - i...@assyoma.it
>> GPG public key ID: FF5F32A8
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Maxim Shpakov]

Hi

You can use oracle linux 6 , it is still supported (till March 2021)

On Wed, 27 Jan 2021 at 09:38, Gionatan Danti  wrote:

> Hi all,
> do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?
>
> While CentOS 6 is now supported anymore, RedHat has it under its
> payedsupport agreement (see:
> https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).
>
> So I wonder if some community-packaged patch exists...
> Thanks.
>
> --
> Danti Gionatan
> Supporto Tecnico
> Assyoma S.r.l. - www.assyoma.it
> email: g.da...@assyoma.it - i...@assyoma.it
> GPG public key ID: FF5F32A8
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Walter H.]

is that what you expect to find?
https://access.redhat.com/errata/RHSA-2021:0227

On 27.01.2021 08:38, Gionatan Danti wrote:

Hi all,
do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?

While CentOS 6 is now supported anymore, RedHat has it under its 
payedsupport agreement (see: 
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).


So I wonder if some community-packaged patch exists...
Thanks.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 fix sudo CVE-2021-3156

[Gionatan Danti]

Hi all,
do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?

While CentOS 6 is now supported anymore, RedHat has it under its 
payedsupport agreement (see: 
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).


So I wonder if some community-packaged patch exists...
Thanks.

--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.da...@assyoma.it - i...@assyoma.it
GPG public key ID: FF5F32A8
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 6 vs 7

[Mark Milhollan]

On Tue, 31 Mar 2020, Divine Tanyingoh wrote:


On centos 6 I cannot ping the hostname and get a
reply without first resolving in the /etc/hosts file by adding a new entry:
192.168.0.47  server1.example.com.

But for centos 7 I am able to ping the hostname and get a reply even when I
have not made any changes to the /etc/hosts file. Why is there this
difference between centos 6 vs 7.


Sounds like mDNS/Avahi is not being used/referenced on/by 6.


/mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 6 vs 7

[Divine Tanyingoh]

Thanks

On Tue, 31 Mar 2020 at 11:26, Stephen John Smoogen  wrote:

> On Tue, 31 Mar 2020 at 13:22, Divine Tanyingoh 
> wrote:
>
> > Issue: After installing vms on vmware, I noticed a difference in behavior
> > between centos 6 vs 7. On centos 6 I cannot ping the hostname and get a
> > reply without first resolving in the /etc/hosts file by adding a new
> entry:
> > 192.168.0.47  server1.example.com.
> >
> > But for centos 7 I am able to ping the hostname and get a reply even
> when I
> > have not made any changes to the /etc/hosts file. Why is there this
> > difference between centos 6 vs 7.
> >
> >
> That sounds more like a questions for VMware forums than here.. something
> in vmware is populating some sort of 'DNS' for you to do this. I don't know
> of any change in EL6 and EL7 that would do this by itselfd.
>
>
>
> > Thank you for your assistance.
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> --
> Stephen J Smoogen.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 6 vs 7

[Stephen John Smoogen]

On Tue, 31 Mar 2020 at 13:22, Divine Tanyingoh 
wrote:

> Issue: After installing vms on vmware, I noticed a difference in behavior
> between centos 6 vs 7. On centos 6 I cannot ping the hostname and get a
> reply without first resolving in the /etc/hosts file by adding a new entry:
> 192.168.0.47  server1.example.com.
>
> But for centos 7 I am able to ping the hostname and get a reply even when I
> have not made any changes to the /etc/hosts file. Why is there this
> difference between centos 6 vs 7.
>
>
That sounds more like a questions for VMware forums than here.. something
in vmware is populating some sort of 'DNS' for you to do this. I don't know
of any change in EL6 and EL7 that would do this by itselfd.



> Thank you for your assistance.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] centos 6 vs 7

[Divine Tanyingoh]

Issue: After installing vms on vmware, I noticed a difference in behavior
between centos 6 vs 7. On centos 6 I cannot ping the hostname and get a
reply without first resolving in the /etc/hosts file by adding a new entry:
192.168.0.47  server1.example.com.

But for centos 7 I am able to ping the hostname and get a reply even when I
have not made any changes to the /etc/hosts file. Why is there this
difference between centos 6 vs 7.

Thank you for your assistance.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 6 iwl3945

[Ken Smith via CentOS]

Hi everyone,

I'm having a problem with an iwl3945 wireless adaptor in my laptop 
running Centos 6. Recently it has been failing to connect to a either 
2.4G or 5G Wi-Fi coming from a Draytek Wireless Router. It has usually 
managed to connect in the past although it has sometimes been a little 
temperamental. I'm not sure what has changed that has stopped it 
working. I've tried Kernels 2.6.32-754.24.34 down to 2.6.32-754.15.3 in 
Centos 6 without it working.


This machine also has an old Fedora Core 14 boot with Kernel 
2.6.35.14-97 that connects to Wi-Fi just fine. Also the laptop dual 
boots Win 7 and that also connects to Wi-Fi without issue.


How would I go about diagnosing this in the Centos 6 boot?

Thanks

Ken





--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-6 cannot get kvm guest to start - network error

[James B. Byrne via CentOS]

Need to start a virtual machine but missing nic is preventing this:

I have need to recover some data from a guest on host which has been
shutddown for some time.  The host had one of it nic removed at some
point.  It is not likely to be replaced either.

When I try to start the guest in question I get this:

error: Failed to start domain inet09.harte-lyne.ca
error: Cannot get interface MTU on 'br1': No such device


I tried editing (virsh edit guest) to remove the interface:


  
  
  
  


I saved the changes and tried to start the guest. but I got the same
error.  Then edited the guest config to say:


  
  
  


How do I configure this guest so it will start without the missing nic?

-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 SELinux question: inbound ssh.

[Gordon Messmer]

On 8/17/19 6:42 PM, Robert Heller wrote:

Is there some hack to get SELinux to cooperate with this scheme?



restorecon -r -v /var/lib/amanda/.ssh

I haven't tested this, but there *is* a context specified for that path 
in /etc/selinux/targeted/contexts/files/file_contexts.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 SELinux question: inbound ssh.

[Robert Heller]

OK, after beating my head against the wall for an hour or so, I finally 
figured out why I could not ssh from a MacMini (running MacOSX 10.11.6) to my 
Linux Desktop (running CentOS 6), using the amandabackup account with public 
key authentification.  SELinux!

It seems the SELinux won't allow this if the target user's "home" directory is 
does not have a _home_t security context.

It there some trick/hack to fix this *specifically* for the amandabackup 
account?

Right now the amandabackup $HOME is /var/lib/amanda/
and its security context is system_u:object_r:amanda_var_lib_t:s0

It of course needs to retain this for amanda to work. But I need to do
something non-standard: I am not able to build a *working* version of the
amanda client on the Mac. Despite what it says on the amanda.org website,
Amanda is basically not supported under BSD (MacOSX is basically BSD) and I am
not getting help on the Amanda mailing lists. I need to backup this machine,
so I am going to punt and resurect a script I was using before I started using
Amanda and do an independent backup process, but I want to put the backups on
the same disk that amandabackup is using and the disk is set up to be written
by amandabackup, so I want to use the amandabackup to write the files, using 
ssh from the amanda account on the Mac.

Is there some hack to get SELinux to cooperate with this scheme?  Or do I have 
to do something else?

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
hel...@deepsoft.com   -- Webhosting Services
 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6/EPel: Missing EPel package?

[Ulf Volmer]

On 18.05.19 20:14, Robert Heller wrote:
> The EPel repo has a *nearly* complete collection of QT5 packages.  One 
> important one that *seems* to be missing: qmake.
> 
> There does not seem to be a package containing qmake in the collection of QT5 
> packages for CentOS 6!

There is /usr/lib64/qt5/bin/qmake from package qt5-qtbase-devel.

Best regards
Ulf
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6/EPel: Missing EPel package?

[Robert Heller]

The EPel repo has a *nearly* complete collection of QT5 packages.  One 
important one that *seems* to be missing: qmake.

There does not seem to be a package containing qmake in the collection of QT5 
packages for CentOS 6!

I guess I can find the source code and build it (somehow)...

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
hel...@deepsoft.com   -- Webhosting Services
   
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and 389 Directory Server

[Leon Fauster via CentOS]

> Am 07.02.2019 um 19:16 schrieb Eugene Poole :
> 
> I'm not sure it this is the correct location to ask these questions, but ...
> 
> In the past when I worked for a living the place where I worked had thousands 
> of RHEL Linux servers on various hardware, but the access was controlled by 
> Windows Active Directory and a third party piece of software that was the 
> middle-man between the 2.
> 
> Now that I no longer work I'm trying to build a CentOS Linux environment 
> where the access is controlled by 389-Directory Server. But I have no 
> practical experience with 389-Directory Server (Question 1) so I'm looking 
> for a tutorial or 'How To' to put information into 389-DS from a machine that 
> is currently running? (Question 2) Can I export the 389-DS database to a LDIF 
> file, migrate my machine from CentOS 6 to CentOS 7 by doing a fresh CentOS 7 
> install. Install 389-DS and import the just created LDIF file?  I want to use 
> 389-DS (or OpenLDAP) because as my environment grows defining everything 
> locally is becoming hard to be exact.
> 
> Any comments will be helpful


https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html-single/identity_management_guide/

https://www.freeipa.org/page/Main_Page

--
LF

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 and 389 Directory Server

[Eugene Poole]

I'm not sure it this is the correct location to ask these questions, but ...

In the past when I worked for a living the place where I worked had 
thousands of RHEL Linux servers on various hardware, but the access was 
controlled by Windows Active Directory and a third party piece of 
software that was the middle-man between the 2.


Now that I no longer work I'm trying to build a CentOS Linux environment 
where the access is controlled by 389-Directory Server. But I have no 
practical experience with 389-Directory Server (Question 1) so I'm 
looking for a tutorial or 'How To' to put information into 389-DS from a 
machine that is currently running? (Question 2) Can I export the 389-DS 
database to a LDIF file, migrate my machine from CentOS 6 to CentOS 7 by 
doing a fresh CentOS 7 install. Install 389-DS and import the just 
created LDIF file?  I want to use 389-DS (or OpenLDAP) because as my 
environment grows defining everything locally is becoming hard to be exact.


Any comments will be helpful

TIA

--
Eugene Poole
Woodstock, Georgia

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Phil Perry]

On 16/01/2019 02:04, Jobst Schmalenbach wrote:

On Tue, Jan 15, 2019 at 07:43:02AM +, Phil Perry (ppe...@elrepo.org) wrote:

On 15/01/2019 01:29, Jobst Schmalenbach wrote:

On Mon, Jan 14, 2019 at 07:29:45AM +, Phil Perry (ppe...@elrepo.org) wrote:

On 14/01/2019 07:09, Jobst Schmalenbach wrote:

Below is my script for creating/updating an ipset to block my top 10
Hope that helps


Thanks, it did, cleared up conflicting info I found on the Internet.



Great.



I also wanted to go the "other way": disallow everything but 2 countries 
(AU,NZ).
There are even more conflicting ideas about how to do this, but I figured it 
out.



How you handle that will depend on the default policy of the chain.

I would use 2 rules - the first to accept connections from AU,NZ, and a 
second rule subsequently DROPing all other connections, as this will 
work regardless of the default policy of the chain and the intention of 
the rules is clear to anyone reading them.




Also I cannot see a difference in speed between using (maxmind)

   -A filter_countries -m geoip --src-cc AU,NZ -j ACCEPT

and (ipdeny)

   -A filter_countries -m set --set au.geoblock src -j ACCEPT

which is really good!



Yes, ipset is really efficient. My top 10 bad countries set above 
contains over 28,000 individual netblocks and runs on my EdgeRouter 
Lite, with a 500MHz embedded processor. The device is capable of Gigabit 
throughput, and I see no impact upon throughput with multiple iptables 
rules, many based on large ipsets.




Jobst





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Jobst Schmalenbach]

On Tue, Jan 15, 2019 at 07:43:02AM +, Phil Perry (ppe...@elrepo.org) wrote:
> On 15/01/2019 01:29, Jobst Schmalenbach wrote:
> > On Mon, Jan 14, 2019 at 07:29:45AM +, Phil Perry (ppe...@elrepo.org) 
> > wrote:
> > > On 14/01/2019 07:09, Jobst Schmalenbach wrote:
> Below is my script for creating/updating an ipset to block my top 10
> Hope that helps

Thanks, it did, cleared up conflicting info I found on the Internet.


I also wanted to go the "other way": disallow everything but 2 countries 
(AU,NZ).
There are even more conflicting ideas about how to do this, but I figured it 
out.


Also I cannot see a difference in speed between using (maxmind)

  -A filter_countries -m geoip --src-cc AU,NZ -j ACCEPT

and (ipdeny)

  -A filter_countries -m set --set au.geoblock src -j ACCEPT

which is really good!


Jobst



-- 
The future isn't what it used to be (it never was).

  | |0| |   Jobst Schmalenbach, General Manager
  | | |0|   Barrett & Sales Essentials
  |0|0|0|   +61 3 9533 , POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Phil Perry]

On 15/01/2019 01:29, Jobst Schmalenbach wrote:


On Mon, Jan 14, 2019 at 07:29:45AM +, Phil Perry (ppe...@elrepo.org) wrote:

On 14/01/2019 07:09, Jobst Schmalenbach wrote:

Hi

I use ipdeny's aggregated country lists to do the same thing:

http://www.ipdeny.com/ipblocks/data/aggregated/

I just feed this data directly into ipset/iptables via a script running on
my firewall (not a C6 box). ipset is a really efficient way of doing this.



Do you create a separate table, then feed every IP address (via ipset) into 
this chain?
Would you mind sharing this script?

thx
Jobst





Below is my script for creating/updating an ipset to block my top 10 
undesirable/abusive countries. It runs as a cron job up startup to 
initially populate it and again every X hours to update it on my 
EdgeRouter firewall device.


It can be relatively slow process creating very large sets, so we create 
a temp set and then swap the contents of the live set with the temp set 
and finally delete the temp set. This is a more efficient way of 
updating an existing set.


Once the ipset has been created, you can create rules in iptables to 
match against that set using -m set --match-set SETNAME.


Hope that helps

-- Phil


CountryList="cn ru ua kp kr br ro tr vn in"
if [ -e /tmp/countries.txt ]; then
rm /tmp/countries.txt
fi

for country in $CountryList; do
	curl -o /tmp/$country.txt 
http://www.ipdeny.com/ipblocks/data/aggregated/$country-aggregated.zone

cat /tmp/$country.txt >> /tmp/countries.txt
done

getnetblocks() {
cat < /tmp/cnblock.txt
sudo ipset -! -R < /tmp/cnblock.txt
sudo ipset -W geotmp COUNTRIES-BLOCK
sudo ipset -X geotmp

rm /tmp/cnblock.txt

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Kenneth Porter]

--On Monday, January 14, 2019 7:29 AM + Phil Perry  
wrote:



I use ipdeny's aggregated country lists to do the same thing:

http://www.ipdeny.com/ipblocks/data/aggregated/

I just feed this data directly into ipset/iptables via a script running
on my firewall (not a C6 box). ipset is a really efficient way of doing
this.


CentOS 7 uses firewalld which has direct support for ipsets in XML form. 
Hopefully the site will soon supply the data in that format. (But it's not 
hard to generate the files from their format.)


Note that a zip file of all the individual country files can be downloaded 
here:


http://www.ipdeny.com/ipblocks/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Jobst Schmalenbach]

On Mon, Jan 14, 2019 at 07:29:45AM +, Phil Perry (ppe...@elrepo.org) wrote:
> On 14/01/2019 07:09, Jobst Schmalenbach wrote:
> > Hi
> I use ipdeny's aggregated country lists to do the same thing:
> 
> http://www.ipdeny.com/ipblocks/data/aggregated/
> 
> I just feed this data directly into ipset/iptables via a script running on
> my firewall (not a C6 box). ipset is a really efficient way of doing this.


Do you create a separate table, then feed every IP address (via ipset) into 
this chain?
Would you mind sharing this script?

thx
Jobst



-- 
Computers are like air conditioners, they stop working properly if you open 
Windows!

  | |0| |   Jobst Schmalenbach, General Manager
  | | |0|   Barrett & Sales Essentials
  |0|0|0|   +61 3 9533 , POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Phil Perry]

On 14/01/2019 07:09, Jobst Schmalenbach wrote:

Hi

Specs in subject line: CentOS 6.X all latest patches), iptables 1.47, Apache2.2

I use the Geolite legacy databases together with iptables 1.47 to filter 
traffic for a variety of ports and only allow .AU traffic to have access.



I use ipdeny's aggregated country lists to do the same thing:

http://www.ipdeny.com/ipblocks/data/aggregated/

I just feed this data directly into ipset/iptables via a script running 
on my firewall (not a C6 box). ipset is a really efficient way of doing 
this.



Maxmind (https://dev.maxmind.com/geoip/geoip2/geolite2/) changed the default DB 
to the latest version which is GeoLite2, this leaves all users in need of the 
old Geolite Legacy database in the dark, they cannot update.

If I download a later version of xtables it will complain that it requires 
iptable>1.6 which I do not think I can get going on CentOS 6.X.


Is there a way that I can convert Geolite2 CSV files to Geolite Legacy CSV 
Files and then compile those into BE/LE?

Are there any other ways I can use Geolite2 on a CentOS 6.X system?

Does anyone have other ideas how to tackle this?

(this made me really sleep well!)


thanks
Jobst




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Jobst Schmalenbach]

Hi

Specs in subject line: CentOS 6.X all latest patches), iptables 1.47, Apache2.2

I use the Geolite legacy databases together with iptables 1.47 to filter 
traffic for a variety of ports and only allow .AU traffic to have access.

Maxmind (https://dev.maxmind.com/geoip/geoip2/geolite2/) changed the default DB 
to the latest version which is GeoLite2, this leaves all users in need of the 
old Geolite Legacy database in the dark, they cannot update.

If I download a later version of xtables it will complain that it requires 
iptable>1.6 which I do not think I can get going on CentOS 6.X.


Is there a way that I can convert Geolite2 CSV files to Geolite Legacy CSV 
Files and then compile those into BE/LE?

Are there any other ways I can use Geolite2 on a CentOS 6.X system?

Does anyone have other ideas how to tackle this?

(this made me really sleep well!)


thanks
Jobst


-- 
"XP: If you are nine years old you are just going to love it.  If you're a few 
years older you'll resent the choking paternalistic atmosphere of vapid 
gee-whiz kiddie entertainment (babysitting), euphemism and fake-friendly 
bullying."

  | |0| |   Jobst Schmalenbach,
  | | |0|   Barrett & Sales Essentials
  |0|0|0|   Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6: Logrotate / selinux problem

[Robert Heller]

Ever since a recent power failure I have been getting a Logrotate error.  My 
machine is on a UPS -- it shutdown cleanly, but I suspect that its BIOS/RTC 
battery is dead, since the machine came up thinking it was 1982 :-(.  I reset 
the clock and everything is fine, *except* I had to delete Logrotate's state 
files (which had bad dates).  But now Logrotate is raising the error:

error: error creating unique temp file: Permission denied

and audit.log contains these messages:

type=AVC msg=audit(1541925899.209:28416): avc:  denied  { create } for  
pid=5281 comm="logrotate" name="logrotate_temp.bPbOYF" 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1541925899.209:28416): arch=c03e syscall=2 
success=no exit=-13 a0=7ffdd2d613d0 a1=c2 a2=180 a3=0 items=0 ppid=5279 
pid=5281 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) ses=1865 comm="logrotate" exe="/usr/sbin/logrotate" 
subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)

It is (obviously) a selinux problem, but I don't know what file or directory 
needs to be fixed.  How to I find that out?

I turned on verbose in /etc/cron.daily/logrotate:

#!/bin/sh

/usr/sbin/logrotate -v /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi

and am getting this (typical) message from logrotate daily:

reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file apcupsd
reading config info for /var/log/apcupsd.events 
reading config file ConsoleKit
reading config info for /var/log/ConsoleKit/history 
reading config file cups
reading config info for /var/log/cups/*_log 
reading config file cyrus-imapd
reading config info for /var/log/imapd.log /var/log/auth.log 
reading config file dracut
reading config info for /var/log/dracut.log 
reading config file httpd
reading config info for /var/log/httpd/*log 
reading config file iscsiuiolog
reading config info for /var/log/iscsiuio.log 
reading config file libvirtd
reading config info for /var/log/libvirt/libvirtd.log 
reading config file libvirtd.lxc
reading config info for /var/log/libvirt/lxc/*.log 
reading config file libvirtd.qemu
reading config info for /var/log/libvirt/qemu/*.log 
reading config file mcelog
reading config info for /var/log/mcelog 
reading config file mysqld
reading config file named
reading config info for /var/named/data/named.run 
reading config file numad
reading config info for /var/log/numad.log 
reading config file ppp
reading config info for /var/log/ppp/connect-errors 
reading config file psacct
reading config info for /var/account/pacct 
reading config file sa-update
reading config info for /var/log/sa-update.log 
reading config file sssd
reading config info for /var/log/sssd/*.log 
reading config file syslog
reading config info for /var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler

reading config file wpa_supplicant
reading config info for /var/log/wpa_supplicant.log 
reading config file yum
reading config info for /var/log/yum.log 
reading config info for /var/log/wtmp 
reading config info for /var/log/btmp 

Handling 22 logs

rotating pattern: /var/log/apcupsd.events  weekly (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/apcupsd.events
  log does not need rotating

rotating pattern: /var/log/ConsoleKit/history  monthly (6 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/ConsoleKit/history
  log does not need rotating

rotating pattern: /var/log/cups/*_log  weekly (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/cups/access_log
  log needs rotating
considering log /var/log/cups/error_log
  log needs rotating
considering log /var/log/cups/page_log
  log needs rotating
rotating log /var/log/cups/access_log, log->rotateCount is 4
dateext suffix '-2018'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/cups/error_log, log->rotateCount is 4
dateext suffix '-2018'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/cups/page_log, log->rotateCount is 4
dateext suffix '-2018'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
fscreate context set to system_u:object_r:cupsd_log_t:s0
renaming /var/log/cups/access_log to /var/log/cups/access_log-2018
creating new /var/log/cups/access_log mode = 0600 uid = 0 gid = 7
fscreate context set to system_u:object_r:cupsd_log_t:s0
renaming /var/log/cups/error_log to /var/log/cups/error_log-2018
creating new /var/log/cups/error_log mode = 0600 uid = 0 gid = 7
fscreate context set to unconfined_u:object_r:cupsd_log_t:s0
renaming /var/log/cups/page_log to /var/log/cups/page_log-2018
creating new /var/log/cups/page_log mode = 0600 uid = 0 gid = 7
removing old log 

[CentOS] CentOS 6: meson/ninja in python36 requires python27

[wwp]

Hello there,


on a CentOS 6 box, in the need for `meson`, I've installed rh-python36
using yum, then meson and ninja using `pip3.6 install meson ninja`.

Later at run-time, while building atk 2.29.1:

$ meson --prefix /opt/atk _build
$ ninja-build -C _build

FAILED: atk/atkmarshal.c
/opt/gimp-2.8/bin/glib-genmarshal --prefix atk_marshal --output 
atk/atkmarshal.c --body ../atk/atkmarshal.list --include-header atkmarshal.h
/opt/rh/python27/root/usr/bin/python: error while loading shared libraries: 
libpython2.7.so.1.0: cannot open shared object file: No such file or directory
ninja: build stopped: subcommand failed.

Adding /opt/rh/python27/usr/lib64 to LD_LIBRARY_PATH works around this
problem, but I wonder if there isn't a dependency issue, or did I do
something wrong?


Regards,

-- 
wwp


pgplqNCNmemVQ.pgp
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 libvirt update?

[Matthew Phelps]

I hate to pester, but I have several VM hosts to reboot. Is this update on
its way for CO6?

https://access.redhat.com/errata/RHSA-2018:1669

The CO7 libvirt update went out, and the qemu CO6 updates as well. Any
reason the CO6 libvirt update is not out yet?

Thanks,
-- 
Matt Phelps
System Administrator, Computation Facility
Harvard - Smithsonian Center for Astrophysics
mphe...@cfa.harvard.edu, http://www.cfa.harvard.edu
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Johnny Hughes]

On 03/09/2018 12:46 PM, Peter Wood wrote:
> Hi Johnny,
> 
> Thank you for your reply.
> 
> It seems to me that my message may have came around as offensive but that
> was not my intend. I have basic understanding how things work and when I
> said CentOS I actually meant Red Hat and all its derivatives. I asked
> CentOS community because that's the community I'm member of. Not to say
> that CentOS is not secure or anything like that.
> 
> Anyway, I'm stuck with a few 32bit systems exposed to customers and I have
> to come up with an answer to their question about meltdown/spectre. At this
> point all I can say is that Red Hat hasn't patched 32bit systems but that
> is hard to believe so I assumed that I'm wrong and decided to ask the
> community.
> 
> Thank you,
> 
> -- Peter
> 

Not at all Peter .. I just wanted to take the opportunity to explain to
people what the CentOS Linux policy about security updates is and how we
handle security issues in CentOS Linux.

We strive to build updated source code as soon as it released by Red Hat
for RHEL .. BUT, we do no official testing for security (whether there
is an actual problem or not .. nor whether the updated source code fixes
said security problem).

We just build the source code as it comes out, when it is released, as
fast we we can.  We test that the resultant RPMs work and if we
introduce any inconsistencies in CentOS that do not exist in RHEL, we
try to fix and rebuild the packages.

But we don't make any claims that any security issues are fixed, or any
claims that CentOS Linux is fit for any purpose whatsoever.  CentOS
Linux us what it is .. a rebuild of the RHEL source code, as it is
released, modified to remove branding to comply with Red Hat's trademark
policy.  Nothing more, nothing less.

I am quite happy for people to discuss their testing of CentOS Linux for
Security issues and updates on this list (or where ever else they want),
with the understanding that there is no official testing performed or
assurance given by the CentOS Project with respect to security.

Again, I am not in any way offended or upset, not even in the slightest.
 I'm sorry if my email gave you that impression.

Thanks,
Johnny Hughes


> 
> On Fri, Mar 9, 2018 at 7:52 AM, Johnny Hughes  wrote:
> 
>> I have built all the source code releases from upstream for RHEL-6
>> regarding meltdown /spectre and released those into packages into the
>> CentOS Linux 6.9 updates repository.
>>
>> As to whether or not either Arch (x86_64 or i386) is or is not
>> vulnerable, the CentOS team does not test for or make claims concerning
>> security fitness.  What we do build the source code that is released
>> upstream.
>>
>> Users must test for (and validate) the security fitness of CentOS Linux
>> for their own usage profiles.  If you require fully tested solutions
>> with software assurance and validated security, that is what RHEL is
>> for, right?
>>
>>
>> You can read more about those issues here:
>> https://access.redhat.com/security/vulnerabilities/speculativeexecution
>>
>> Thanks,
>> Johnny Hughes
>>
>>
>> On 03/06/2018 04:35 PM, Peter Wood wrote:
>>> I have a clean install, fully updated CentOS 6 32-bit.
>>>
>>> When I run the Red Hat detection script:
>>> https://access.redhat.com/sites/default/files/spectre-
>> meltdown--a79614b.sh
>>>
>>> it finds that the system is vulnerable.
>>>
>>> Is this false positive or there is no patches for CentOS 6 32-bit
>> systems?
>>>
>>> Thank you,
>>>
>>> -- Peter




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Akemi Yagi]

On Mon, Mar 12, 2018 at 1:15 PM, Peter Wood  wrote:
> Awesome. Thank you.
>
> Embarrassing but I can't find the Q page with this question. Can you
> please post a link to it.
>
> Thanks,
>
> -- Peter

Here it is:

https://access.redhat.com/articles/3327321
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Peter Wood]

Awesome. Thank you.

Embarrassing but I can't find the Q page with this question. Can you
please post a link to it.

Thanks,

-- Peter

On Fri, Mar 9, 2018 at 11:16 AM, Akemi Yagi  wrote:

> On Fri, Mar 9, 2018 at 10:46 AM, Peter Wood 
> wrote:
>
> > Anyway, I'm stuck with a few 32bit systems exposed to customers and I
> have
> > to come up with an answer to their question about meltdown/spectre. At
> this
> > point all I can say is that Red Hat hasn't patched 32bit systems but that
> > is hard to believe so I assumed that I'm wrong and decided to ask the
> > community.
>
> According to a Q page about Meltdown and Spectre:
>
> Question - Is the patch available for 32 bit RHEL 6.9?
> Answer - 32-bit patches are pending, being of lower priority than our
> RHEL 5 work at this time.
>
> Apparently, it is not getting a high priority.
>
> Akemi
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Phil Perry]

On 09/03/18 19:16, Akemi Yagi wrote:

On Fri, Mar 9, 2018 at 10:46 AM, Peter Wood  wrote:


Anyway, I'm stuck with a few 32bit systems exposed to customers and I have
to come up with an answer to their question about meltdown/spectre. At this
point all I can say is that Red Hat hasn't patched 32bit systems but that
is hard to believe so I assumed that I'm wrong and decided to ask the
community.


According to a Q page about Meltdown and Spectre:

Question - Is the patch available for 32 bit RHEL 6.9?
Answer - 32-bit patches are pending, being of lower priority than our
RHEL 5 work at this time.

Apparently, it is not getting a high priority.

Akemi


I note Red Hat released el5 kernel updates on Wednesday for Meltdown and 
Spectre for both i386 and x86_64 architectures [RHSA-2018:0464-01], so 
maybe 32-bit rhel6 is next on the list (seems strange to me that Red Hat 
would prioritize RHEL5 over RHEL6, but there you go).


There is also a handy script to check the status on your systems here:

https://github.com/speed47/spectre-meltdown-checker

I do not have any el6 systems running so have not tried it on el6.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Akemi Yagi]

On Fri, Mar 9, 2018 at 10:46 AM, Peter Wood  wrote:

> Anyway, I'm stuck with a few 32bit systems exposed to customers and I have
> to come up with an answer to their question about meltdown/spectre. At this
> point all I can say is that Red Hat hasn't patched 32bit systems but that
> is hard to believe so I assumed that I'm wrong and decided to ask the
> community.

According to a Q page about Meltdown and Spectre:

Question - Is the patch available for 32 bit RHEL 6.9?
Answer - 32-bit patches are pending, being of lower priority than our
RHEL 5 work at this time.

Apparently, it is not getting a high priority.

Akemi
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Peter Wood]

Hi Johnny,

Thank you for your reply.

It seems to me that my message may have came around as offensive but that
was not my intend. I have basic understanding how things work and when I
said CentOS I actually meant Red Hat and all its derivatives. I asked
CentOS community because that's the community I'm member of. Not to say
that CentOS is not secure or anything like that.

Anyway, I'm stuck with a few 32bit systems exposed to customers and I have
to come up with an answer to their question about meltdown/spectre. At this
point all I can say is that Red Hat hasn't patched 32bit systems but that
is hard to believe so I assumed that I'm wrong and decided to ask the
community.

Thank you,

-- Peter


On Fri, Mar 9, 2018 at 7:52 AM, Johnny Hughes  wrote:

> I have built all the source code releases from upstream for RHEL-6
> regarding meltdown /spectre and released those into packages into the
> CentOS Linux 6.9 updates repository.
>
> As to whether or not either Arch (x86_64 or i386) is or is not
> vulnerable, the CentOS team does not test for or make claims concerning
> security fitness.  What we do build the source code that is released
> upstream.
>
> Users must test for (and validate) the security fitness of CentOS Linux
> for their own usage profiles.  If you require fully tested solutions
> with software assurance and validated security, that is what RHEL is
> for, right?
>
>
> You can read more about those issues here:
> https://access.redhat.com/security/vulnerabilities/speculativeexecution
>
> Thanks,
> Johnny Hughes
>
>
> On 03/06/2018 04:35 PM, Peter Wood wrote:
> > I have a clean install, fully updated CentOS 6 32-bit.
> >
> > When I run the Red Hat detection script:
> > https://access.redhat.com/sites/default/files/spectre-
> meltdown--a79614b.sh
> >
> > it finds that the system is vulnerable.
> >
> > Is this false positive or there is no patches for CentOS 6 32-bit
> systems?
> >
> > Thank you,
> >
> > -- Peter
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Johnny Hughes]

I have built all the source code releases from upstream for RHEL-6
regarding meltdown /spectre and released those into packages into the
CentOS Linux 6.9 updates repository.

As to whether or not either Arch (x86_64 or i386) is or is not
vulnerable, the CentOS team does not test for or make claims concerning
security fitness.  What we do build the source code that is released
upstream.

Users must test for (and validate) the security fitness of CentOS Linux
for their own usage profiles.  If you require fully tested solutions
with software assurance and validated security, that is what RHEL is
for, right?


You can read more about those issues here:
https://access.redhat.com/security/vulnerabilities/speculativeexecution

Thanks,
Johnny Hughes


On 03/06/2018 04:35 PM, Peter Wood wrote:
> I have a clean install, fully updated CentOS 6 32-bit.
> 
> When I run the Red Hat detection script:
> https://access.redhat.com/sites/default/files/spectre-meltdown--a79614b.sh
> 
> it finds that the system is vulnerable.
> 
> Is this false positive or there is no patches for CentOS 6 32-bit systems?
> 
> Thank you,
> 
> -- Peter
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 i386 - meltdown and spectre

[Peter Wood]

I have a clean install, fully updated CentOS 6 32-bit.

When I run the Red Hat detection script:
https://access.redhat.com/sites/default/files/spectre-meltdown--a79614b.sh

it finds that the system is vulnerable.

Is this false positive or there is no patches for CentOS 6 32-bit systems?

Thank you,

-- Peter
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: Yum downloadonly changes local source repositories (and CentOS 7)

[Danny Smit]

For what its worth, I managed to get around the problem with a small
patch on yum itself:


--- ORIG/usr/lib/python2.6/site-packages/yum/yumRepo.py 2017-03-22
05:32:26.0 +
+++ NEW/usr/lib/python2.6/site-packages/yum/yumRepo.py  2018-02-14
09:14:04.879902463 +
@@ -863,6 +863,7 @@ class YumRepository(Repository, config.R
text=text,
cache=cache,
size=package.size,
+copy_local=1,
)

def getHeader(self, package, checkfunc = None, reget = 'simple',


Although newer versions of yum do not rename the local package
anymore, it still does not copy/download the package into the desired
"downloaddir".
I will try to report that upstream.

Regards,
Danny


On Tue, Feb 13, 2018 at 6:05 PM, Danny Smit  wrote:
> Hi All,
>
> I'm trying to use yum with the downloadonly option to collect a set of
> packages including dependencies. I noticed that even on CentOS 6 the
> downloadonly option is currently a default feature of the core of yum
> itself, which is nice.
>
> However something strange occurs when one of the repositories to
> download from is a local repository, like:
>
> [custom-repo]
> name=My custom repo
> baseurl=file:///repositories/mycustomrepo/
>
> I added such a repo to my yum configuration and then executed:
>
> yum install -y --downloadonly --downloaddir=downloads  custom_package
>
> When executing the above the package in question is suddenly renamed from:
>
> /repositories/mycustomrepo/x86_64/custom_package-1.1-2.el6.x86_64.rpm
>
> to
>
> /repositories/mycustomrepo/x86_64/custom_package-1.1-2.el6
>
> Note that the architecture part and file extension are removed with
> the file in the local repo, where I wouldn't expect yum to even try to
> change something there.
> Also nothing is downloaded into the downloads dir as specified.
>
> Strangely when it concerns a package that comes from a repository that
> is configured as an http URL, the download option works flawlessly.
>
> Has anyone else seen this behavior? Is it a bug? Or is there a way around 
> this?
> Actually I would even prefer not having to run yum as root for this,
> unfortunately yum to require write access to lock files in /var/.
>
> Platform: CentOS 6.9  (also not working with CentOS 7, then it keeps
> the file intact, but doesn't download either)
> Yum: 3.2.29-81.el6.centos
>
> Kind regards,
> Danny
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6: Yum downloadonly changes local source repositories

[Danny Smit]

Hi All,

I'm trying to use yum with the downloadonly option to collect a set of
packages including dependencies. I noticed that even on CentOS 6 the
downloadonly option is currently a default feature of the core of yum
itself, which is nice.

However something strange occurs when one of the repositories to
download from is a local repository, like:

[custom-repo]
name=My custom repo
baseurl=file:///repositories/mycustomrepo/

I added such a repo to my yum configuration and then executed:

yum install -y --downloadonly --downloaddir=downloads  custom_package

When executing the above the package in question is suddenly renamed from:

/repositories/mycustomrepo/x86_64/custom_package-1.1-2.el6.x86_64.rpm

to

/repositories/mycustomrepo/x86_64/custom_package-1.1-2.el6

Note that the architecture part and file extension are removed with
the file in the local repo, where I wouldn't expect yum to even try to
change something there.
Also nothing is downloaded into the downloads dir as specified.

Strangely when it concerns a package that comes from a repository that
is configured as an http URL, the download option works flawlessly.

Has anyone else seen this behavior? Is it a bug? Or is there a way around this?
Actually I would even prefer not having to run yum as root for this,
unfortunately yum to require write access to lock files in /var/.

Platform: CentOS 6.9  (also not working with CentOS 7, then it keeps
the file intact, but doesn't download either)
Yum: 3.2.29-81.el6.centos

Kind regards,
Danny
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6 Samba 4 specific question

[Clint Dilks]

On Thu, Dec 14, 2017 at 10:00 AM, Kienker, Fred  wrote:

> I am setting up a Samba 4 installation on CentOS 6.9. I have installed
> the samba4, samba4-common, and samba4-libs with all of the dependencies
> using YUM which appear to be all of the samba4 packages which are
> available.
>
>
>
> In the /usr/bin directory I can find smbcontrol and smbstatus but the
> smbpasswd command is missing. Checking on a current CentOS 7 all three
> of these commands are found. Of course with this command missing it’s
> quite hard to set up standard Samba users in the .tdb file used in the
> Classic mode.
>
>
>
> Can someone enlighten me as to what I have done wrong?
>
> Best regards,
>
> Fred
>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


Hi,

It looks this should be provided by samba4-client, what result do you get
if you run

yum provides '/usr/bin/smbpasswd' ?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 6 Samba 4 specific question

[Kienker, Fred]

I am setting up a Samba 4 installation on CentOS 6.9. I have installed
the samba4, samba4-common, and samba4-libs with all of the dependencies
using YUM which appear to be all of the samba4 packages which are
available.

 

In the /usr/bin directory I can find smbcontrol and smbstatus but the
smbpasswd command is missing. Checking on a current CentOS 7 all three
of these commands are found. Of course with this command missing it’s
quite hard to set up standard Samba users in the .tdb file used in the
Classic mode.

 

Can someone enlighten me as to what I have done wrong?

Best regards, 

Fred 

 


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Sorin Srbu]

> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Mark
> Haney
> Sent: den 3 november 2017 18:03
> To: centos@centos.org
> Subject: Re: [CentOS] CentOS 6 P2V alternatives?
>
>
> I'll toss my two cents worth in having dealt with a similar situation
> recently (well 2015, but close enough).  If this server is /that/
> important, I'd really consider building a completely new virtual
> instance on the hypervisor of your choice.  Though, to be completely
> honest, Hyper-V is just awful in my testing. There are far more P2V
> options for VMWare, including it's own P2V software which I've not had
> particular trouble with in a half-decade, if you insist on a P2V migration.
>
> If we're just talking backups, Veeam for Hyper-V  (and ESXi) works
> really well and you can bring up the backed up VM on the fly if you need
> to recover data from it, or for DR/BC.  I've never had a problem with it
> and, at my last position, had it set to run the backups on a remote
> cloud in case of catastrophic damage to the office.  Of course, there's
> no such thing as too many backups, so critical data on a server like you
> have was replicated to a warm/cold site, or part of a cluster for DBs to
> make sure data integrity was kept and uptime maximized.

While Hyper-V is not ideal, it's good enough for our purpose. We made a choice 
a few years back to either completely rehaul our vm infrastructure or just 
hand it over to central IT at our university. The later option won, mostly 
because of the cost.
Since central IT uses Hyper-V, that's what we also use.

Building a completely new vm and somehow restore from backup the important 
parts, is what I'm looking at now.

Thanks for your feedback!


--
//Sorin
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Sorin Srbu]

> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Robert
> Nichols
> Sent: den 3 november 2017 14:46
> To: centos@centos.org
> Subject: Re: [CentOS] CentOS 6 P2V alternatives?
>
> How would you recover if that server were suddenly destroyed, let's say by a
> power supply failure that fried the motherboard and all the disks? If you 
> can't
> bring up a machine on new, bare iron starting with nothing but your backups
> and a CD or USB stick with a recovery tool, you need to seriously reconsider
> your backup strategy.

The important data is backed up properly.
I'm looking for a "quick fix" solution to clone the server as is. I'm pretty 
sure I can duplicate the setup for the license managers and intricate scripts, 
and what not. I'm just not too hot on spending a few weeks on this.

I'm aware of the fast - cheap - good pyramid. :-)

--
//Sorin
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Sorin Srbu]

> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of hw
> Sent: den 3 november 2017 12:10
> To: centos@centos.org
> Subject: Re: [CentOS] CentOS 6 P2V alternatives?
> 
> I think I would try to create a VM that has the physical disks passed through
> and also has access to whatever storage it´s supposed to reside on once the
> conversion to a VM is completed.  Then copy it from the physical disks to that
> storage.
> 
> Converting without shutting the machine down is probably not possible.
> Passing the disks through may give you the advantage that the downtime can be
> kept to a minimum.

I touched the physical disk solution briefly while looking around, but felt at 
the time it was a tad bit complicated.

I'll have another look at this.

Thanks for the feedback!
--
//Sorin
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Mark Haney]

On 11/03/2017 12:48 PM, Robert Nichols wrote:

On 11/03/2017 09:02 AM, hw wrote:

Robert Nichols wrote:


How would you recover if that server were suddenly destroyed, let's 
say by a power supply failure that fried the motherboard and all the 
disks? If you can't bring up a machine on new, bare iron starting 
with nothing but your backups and a CD or USB stick with a recovery 
tool, you need to seriously reconsider your backup strategy.


That´s a very good point.

What options are there to make complete and consistent backups of 
machines
and VMs while they are running?  Just shutting down a VM to make a 
backup
is troublesome because you sometimes need to run 'virsh shutdown xx' 
several
times for the VM to actually shut down, and I have VMs that do not 
shut down
no matter how often you try.  If you manage to shut down the VM, 
there is no
guarantee that it will actually restart when you try --- and that 
goes for
non-VMs as well.  Shutting them down manually frequently to make 
backups is

not an option, either.


Every backup tool that can be run on a physical machine can also be 
run in the VM. For databases that cannot be simply copied while they 
are active, there should be a way to generate a snapshot or other 
consistent representation that can be backed up and restored if 
necessary, and any database that does not provide such a capability 
should not be considered suitable for the task at hand. Long-running 
jobs should always have checkpoints to allow them to be continued 
should the machine crash. (I have such a job running right now. 
Coincidentally, it's verifying the consistency of 3 years of backups 
that I just reorganized.)


There is no "one size fits all" answer. The needs of a transaction 
processing system that can never, ever lose a transaction once it's 
been acknowledged are radically different from those of a system that 
can afford to lose an hours, or days, worth of work.




I'll toss my two cents worth in having dealt with a similar situation 
recently (well 2015, but close enough).  If this server is /that/ 
important, I'd really consider building a completely new virtual 
instance on the hypervisor of your choice.  Though, to be completely 
honest, Hyper-V is just awful in my testing. There are far more P2V 
options for VMWare, including it's own P2V software which I've not had 
particular trouble with in a half-decade, if you insist on a P2V migration.


If we're just talking backups, Veeam for Hyper-V  (and ESXi) works 
really well and you can bring up the backed up VM on the fly if you need 
to recover data from it, or for DR/BC.  I've never had a problem with it 
and, at my last position, had it set to run the backups on a remote 
cloud in case of catastrophic damage to the office.  Of course, there's 
no such thing as too many backups, so critical data on a server like you 
have was replicated to a warm/cold site, or part of a cluster for DBs to 
make sure data integrity was kept and uptime maximized.


--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.ha...@neonova.net
www.neonova.net

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Robert Nichols]

On 11/03/2017 09:02 AM, hw wrote:

Robert Nichols wrote:



How would you recover if that server were suddenly destroyed, let's say by a 
power supply failure that fried the motherboard and all the disks? If you can't 
bring up a machine on new, bare iron starting with nothing but your backups and 
a CD or USB stick with a recovery tool, you need to seriously reconsider your 
backup strategy.


That´s a very good point.

What options are there to make complete and consistent backups of machines
and VMs while they are running?  Just shutting down a VM to make a backup
is troublesome because you sometimes need to run 'virsh shutdown xx' several
times for the VM to actually shut down, and I have VMs that do not shut down
no matter how often you try.  If you manage to shut down the VM, there is no
guarantee that it will actually restart when you try --- and that goes for
non-VMs as well.  Shutting them down manually frequently to make backups is
not an option, either.


Every backup tool that can be run on a physical machine can also be run in the 
VM. For databases that cannot be simply copied while they are active, there 
should be a way to generate a snapshot or other consistent representation that 
can be backed up and restored if necessary, and any database that does not 
provide such a capability should not be considered suitable for the task at 
hand. Long-running jobs should always have checkpoints to allow them to be 
continued should the machine crash. (I have such a job running right now. 
Coincidentally, it's verifying the consistency of 3 years of backups that I 
just reorganized.)

There is no "one size fits all" answer. The needs of a transaction processing 
system that can never, ever lose a transaction once it's been acknowledged are radically 
different from those of a system that can afford to lose an hours, or days, worth of work.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[hw]

Robert Nichols wrote:

On 11/03/2017 06:09 AM, hw wrote:

Sorin Srbu wrote:

Hello all,

This week I've tested out a few ways to do a P2V on a rather ancient CentOS
6 server, in order to move it to a Hyper-V host.

So far my tests have failed rather spectacularly.
Initially I was set on doing a simple dd-routine, but was told that the
server cannot be taken off-line as it's being used daily, so had to look for
other solutions.

The disk setup is currently as follows:

Three 500 GB sata-disks, sda, sdb and sdc, are used to build a software raid
called md0. No LVM's here.

Sdd is a 120 GB drive, with partitions for boot, swap, home and /.
No LVM's here either.

The farthest I've gotten is with the Rear solution.
http://relax-and-recover.org/

The backup goes well, but recovery for some reason fails to create initramfs
with all the installed kernels, as well as failing with an error saying it
cannot find /boot/grub, after which the recovery terminates.

Virtualizing systems like this is kinda' new to me, having it done on
Windows only, and I'm not really sure
how to proceed when it's a CentOS system in question.

The physical CentOS-server runs a few license managers and nfs-shares that
server molecular modeling software, that are rather intricately set up (I
inherited this server some fifteen years ago).

Are there any easier ways to do a P2V at all?



I think I would try to create a VM that has the physical disks passed through
and also has access to whatever storage it´s supposed to reside on once the
conversion to a VM is completed.  Then copy it from the physical disks to that
storage.

Converting without shutting the machine down is probably not possible.


How would you recover if that server were suddenly destroyed, let's say by a 
power supply failure that fried the motherboard and all the disks? If you can't 
bring up a machine on new, bare iron starting with nothing but your backups and 
a CD or USB stick with a recovery tool, you need to seriously reconsider your 
backup strategy.


That´s a very good point.

What options are there to make complete and consistent backups of machines
and VMs while they are running?  Just shutting down a VM to make a backup
is troublesome because you sometimes need to run 'virsh shutdown xx' several
times for the VM to actually shut down, and I have VMs that do not shut down
no matter how often you try.  If you manage to shut down the VM, there is no
guarantee that it will actually restart when you try --- and that goes for
non-VMs as well.  Shutting them down manually frequently to make backups is
not an option, either.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Robert Nichols]

On 11/03/2017 06:09 AM, hw wrote:

Sorin Srbu wrote:

Hello all,

This week I've tested out a few ways to do a P2V on a rather ancient CentOS
6 server, in order to move it to a Hyper-V host.

So far my tests have failed rather spectacularly.
Initially I was set on doing a simple dd-routine, but was told that the
server cannot be taken off-line as it's being used daily, so had to look for
other solutions.

The disk setup is currently as follows:

Three 500 GB sata-disks, sda, sdb and sdc, are used to build a software raid
called md0. No LVM's here.

Sdd is a 120 GB drive, with partitions for boot, swap, home and /.
No LVM's here either.

The farthest I've gotten is with the Rear solution.
http://relax-and-recover.org/

The backup goes well, but recovery for some reason fails to create initramfs
with all the installed kernels, as well as failing with an error saying it
cannot find /boot/grub, after which the recovery terminates.

Virtualizing systems like this is kinda' new to me, having it done on
Windows only, and I'm not really sure
how to proceed when it's a CentOS system in question.

The physical CentOS-server runs a few license managers and nfs-shares that
server molecular modeling software, that are rather intricately set up (I
inherited this server some fifteen years ago).

Are there any easier ways to do a P2V at all?



I think I would try to create a VM that has the physical disks passed through
and also has access to whatever storage it´s supposed to reside on once the
conversion to a VM is completed.  Then copy it from the physical disks to that
storage.

Converting without shutting the machine down is probably not possible.


How would you recover if that server were suddenly destroyed, let's say by a 
power supply failure that fried the motherboard and all the disks? If you can't 
bring up a machine on new, bare iron starting with nothing but your backups and 
a CD or USB stick with a recovery tool, you need to seriously reconsider your 
backup strategy.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[hw]

Sorin Srbu wrote:

Hello all,

This week I've tested out a few ways to do a P2V on a rather ancient CentOS
6 server, in order to move it to a Hyper-V host.

So far my tests have failed rather spectacularly.
Initially I was set on doing a simple dd-routine, but was told that the
server cannot be taken off-line as it's being used daily, so had to look for
other solutions.

The disk setup is currently as follows:

Three 500 GB sata-disks, sda, sdb and sdc, are used to build a software raid
called md0. No LVM's here.

Sdd is a 120 GB drive, with partitions for boot, swap, home and /.
No LVM's here either.

The farthest I've gotten is with the Rear solution.
http://relax-and-recover.org/

The backup goes well, but recovery for some reason fails to create initramfs
with all the installed kernels, as well as failing with an error saying it
cannot find /boot/grub, after which the recovery terminates.

Virtualizing systems like this is kinda' new to me, having it done on
Windows only, and I'm not really sure
how to proceed when it's a CentOS system in question.

The physical CentOS-server runs a few license managers and nfs-shares that
server molecular modeling software, that are rather intricately set up (I
inherited this server some fifteen years ago).

Are there any easier ways to do a P2V at all?



I think I would try to create a VM that has the physical disks passed through
and also has access to whatever storage it´s supposed to reside on once the
conversion to a VM is completed.  Then copy it from the physical disks to that
storage.

Converting without shutting the machine down is probably not possible.  Passing
the disks through may give you the advantage that the downtime can be kept to
a minimum.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 P2V alternatives?

[Sorin Srbu]

Hello all,

This week I've tested out a few ways to do a P2V on a rather ancient CentOS
6 server, in order to move it to a Hyper-V host.

So far my tests have failed rather spectacularly.
Initially I was set on doing a simple dd-routine, but was told that the
server cannot be taken off-line as it's being used daily, so had to look for
other solutions.

The disk setup is currently as follows:

Three 500 GB sata-disks, sda, sdb and sdc, are used to build a software raid
called md0. No LVM's here.

Sdd is a 120 GB drive, with partitions for boot, swap, home and /. 
No LVM's here either.

The farthest I've gotten is with the Rear solution. 
http://relax-and-recover.org/

The backup goes well, but recovery for some reason fails to create initramfs
with all the installed kernels, as well as failing with an error saying it
cannot find /boot/grub, after which the recovery terminates.

Virtualizing systems like this is kinda' new to me, having it done on
Windows only, and I'm not really sure
how to proceed when it's a CentOS system in question.

The physical CentOS-server runs a few license managers and nfs-shares that
server molecular modeling software, that are rather intricately set up (I
inherited this server some fifteen years ago).

Are there any easier ways to do a P2V at all?

-- 
BW,
Sorin
---
# Sorin Srbu, Sysadmin
# Uppsala University
# Dept of Medicinal Chemistry
# Div of Org Pharm Chem
# Box 574
# SE-75123 Uppsala
# Sweden
#
# Phone: +46 (0)18-4714482
# Visit: BMC, Husargatan 3, D5:512b
# Web: http://www.orgfarm.uu.se
---
# O<  ASCII ribbon campaign - Against html E-mail 
# http://tinyurl.com/ascii-ribbon-campaign
#
# This message was not sent from an iProduct!
#
# Please consider the environment before printing this email.
# Join the campaign at http://thinkBeforePrinting.org
#
# MotD follows:
Spare yourself many hard falls; don't jump to conclusions

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 SCL - httpd24 still being updated?

[Eric]

On Sun, Oct 29, 2017 at 8:01 AM, Johnny Hughes  wrote:

> On 10/28/2017 03:57 PM, Eric wrote:
> > Hello,
> >
> > Specifically this is in reference to RHSA-2017:2483, which should
> increment
> > the httpd24 packages to 25-9 in the SCL.  The SA was released on August
> > 16th 2017, so it has some age to it, but there's no corresponding CESA on
> > it and the SCL for 6 still sits at the previous, 25-8.
> >
> > Some links for reference:
> > https://access.redhat.com/errata/RHSA-2017:2483
> >
> > Online repo:
> > http://mirror.centos.org/centos/6/sclo/x86_64/rh/httpd24/
> >
> > Has this packaged reached its end of updates in this repo?  It's a good
> set
> > of CVEs at 70+ days now.
> >
> > Additionally, and while I don't expect this to be in the CentOS repo yet
> > due to its young age, there's another update to httpd24 that was just
> > released four days ago, RHSA-2017:3018.
> >
> > Looking for insight, or my own self initiated face palm because I'm
> missing
> > something.
> >
>
> We do not release official CentOS CESAs for SIG content.
>
> As to why that has not been released, or if it will be, the SIG will
> have to answer that.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
>
Thank you Johnny.  Apologies, that comment right there makes me realize I
should have directed this at the SCL SIG .  I'll do that now.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 SCL - httpd24 still being updated?

[Johnny Hughes]

On 10/28/2017 03:57 PM, Eric wrote:
> Hello,
> 
> Specifically this is in reference to RHSA-2017:2483, which should increment
> the httpd24 packages to 25-9 in the SCL.  The SA was released on August
> 16th 2017, so it has some age to it, but there's no corresponding CESA on
> it and the SCL for 6 still sits at the previous, 25-8.
> 
> Some links for reference:
> https://access.redhat.com/errata/RHSA-2017:2483
> 
> Online repo:
> http://mirror.centos.org/centos/6/sclo/x86_64/rh/httpd24/
> 
> Has this packaged reached its end of updates in this repo?  It's a good set
> of CVEs at 70+ days now.
> 
> Additionally, and while I don't expect this to be in the CentOS repo yet
> due to its young age, there's another update to httpd24 that was just
> released four days ago, RHSA-2017:3018.
> 
> Looking for insight, or my own self initiated face palm because I'm missing
> something.
> 

We do not release official CentOS CESAs for SIG content.

As to why that has not been released, or if it will be, the SIG will
have to answer that.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 SCL - httpd24 still being updated?

[Eric]

Hello,

Specifically this is in reference to RHSA-2017:2483, which should increment
the httpd24 packages to 25-9 in the SCL.  The SA was released on August
16th 2017, so it has some age to it, but there's no corresponding CESA on
it and the SCL for 6 still sits at the previous, 25-8.

Some links for reference:
https://access.redhat.com/errata/RHSA-2017:2483

Online repo:
http://mirror.centos.org/centos/6/sclo/x86_64/rh/httpd24/

Has this packaged reached its end of updates in this repo?  It's a good set
of CVEs at 70+ days now.

Additionally, and while I don't expect this to be in the CentOS repo yet
due to its young age, there's another update to httpd24 that was just
released four days ago, RHSA-2017:3018.

Looking for insight, or my own self initiated face palm because I'm missing
something.

Thanks!
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 for ARM?

[Peter Kjellström]

On Sun, 22 Oct 2017 12:54:04 -0400
mark  wrote:

> Hi, folks,
> 
> So, I want to rebuild my "ancient" HP netbook, from the ancient
> ubuntu netbook remix. Is there an *ARM* .iso, or net install
> somewhere? I'm not finding it, googling. Lots of Raspberry Pi, but

Centos has two ARM efforts (both clearly listed on the altarch centos
wiki page):

 Active Arch Groups

ARM32 build as armv7 (and others), buildsystem details at
https://wiki.centos.org/SpecialInterestGroup/AltArch/Arm32

ARM64 built as aarch64 : details at
https://wiki.centos.org/SpecialInterestGroup/AltArch/AArch64

Your netbook is an armv7 (I think) but unlikely to work out of the box..

AARCH64/ARMv8 is something different entierly

/Peter K


...

>   mark
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 for ARM?

[mark]

Hi, folks,

   So, I want to rebuild my "ancient" HP netbook, from the ancient ubuntu 
netbook remix. Is there an *ARM* .iso, or net install somewhere? I'm not 
finding it, googling. Lots of Raspberry Pi, but


mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 6 Airprint using CUPS/Avahi

[Gary Stainburn]

I've set up another airprint server, but this time I've had to use Centos 6 
because of the age of the kit I'm using - an old 1U rack server.

I've configured CUPS and also Avahi. I've run airprint-generate.py and copied 
the .service files to /etc/avahi/services/

Everything looks fine until I try to print from my IPhone.  I usually test by 
trying to print an email.  As soon as I go to search / select a printer I get 
the following start to appear in /var/log/cups/error_log

E [29/Aug/2017:15:24:07 +0100] Request from "10.1.103.237" using invalid Host: 
field "harpo.local:631"

The printer list appears and I can select a printer and click on print. 
However nothing prints off, and I just keep getting the above error message.

I've tried setting 


[server]
host-name=harpo
domain-name=ringways.co.uk

in /etc/avahi/avahi-daemon.conf but that just prevents Avahi from starting.

Can anyone suggest what I need to do to get Avahi and CUPS to be friendly?

Gary

-- 
https://fundraise.cancerresearchuk.org/page/garys-march-march
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and crypttab

[Leon Fauster]

> Am 22.06.2017 um 21:05 schrieb m.r...@5-cent.us:
> 
> Folks,
> 
>   I have an issue: I've gotten that drive that I posted about the other
> day encrypted, and things were looking good... until there was a
> problem with another RAID attached to the box, and I wound up having to
> reboot.
> 
>   What had been /dev/sdb came up as /dev/sdc. So... is there any way
> other than using /dev/disk/by-uuid/ as the second field in
> /etc/crypttab to deal with this possibility?


Use UUID=xxx

cryptsetup luksUUID /dev/sdcx shows the corresponding ID

--
LF


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 and crypttab

[m . roth]

Folks,

   I have an issue: I've gotten that drive that I posted about the other
day encrypted, and things were looking good... until there was a
problem with another RAID attached to the box, and I wound up having to
reboot.

   What had been /dev/sdb came up as /dev/sdc. So... is there any way
other than using /dev/disk/by-uuid/ as the second field in
/etc/crypttab to deal with this possibility?

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6: cannot open gnome-session

[wwp]

Hello there,


trying to open Session settings in GNOME's System/Preferences, I get
this error:

=
Error opening current splash image.

The current splash image filename is:
/usr/share/pixmaps/splash/gnome-splash.png
=

I get this exact same error on 2 different CentOS 6 systems
(up-to-date).
On both systems, /usr/share/pixmaps/splash/ does not exist.

Did anybody already face that issue?

Creating the missing file (out of any .png) doesn't solve the problem:
I don't get the error anymore but the Session setting never open.


Regards,

-- 
wwp


pgp1uRepuhp2v.pgp
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and luksOpen

[m . roth]

Leon,

Leon Fauster wrote:
>> Am 20.06.2017 um 17:12 schrieb m.r...@5-cent.us:
>> Leon Fauster wrote:
 Am 20.06.2017 um 16:53 schrieb m.r...@5-cent.us:

 I've done that, and made the filesystem, but I can't mount it.

 CentOS 6.
 I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the
 luks UUID in /etc/fstab. I cannot find the command that tells it to
 create the device in /dev/mapper from the info in /etc/crypttab.
>>>
>>>
>>> MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE}
>>> luks-$(cryptsetup
>>> luksUUID ${MAPDEVICE})
>>
>> Something's not right. I did
>> cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb))
>> --key-file /etc/crypt.pw
>>
>> It did want the password, so I added --key-file, but it seems to have
>> created /dev/mapper/luks, not the full luksUUID that's in both crypttab
>> and fstab.
>
> unmap: cryptsetup luksClose /dev/mapper/luks
>
> and then try again with following correction
>
> NOT ...UUID $(/dev/sdb)
> ...UUID /dev/sdb

Thank you *very* much for the help, and such fast responses. Googling
hadn't been helpful

I'm good now (and will be documenting it for my manager and the other admin).

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and luksOpen

[Leon Fauster]

> Am 20.06.2017 um 17:12 schrieb m.r...@5-cent.us:
> 
> Leon Fauster wrote:
>>> Am 20.06.2017 um 16:53 schrieb m.r...@5-cent.us:
>>> 
>>> Upgraded a RAID. Copied everything from backup.
>>> 
>>> And then my manager said I had to encrypt the drive.
>>> 
>>> I've done that, and made the filesystem, but I can't mount it.
>>> 
>>> CentOS 6.
>>> I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the
>>> luks UUID in /etc/fstab. I cannot find the command that tells it to
>>> create the device in /dev/mapper from the info in /etc/crypttab.
>>> 
>>> Clues for the poor? Yes, the server will, at some point in the future,
>>> go to CentOS 7, but that needs my user to be off for a while, and his jobs
>>> run literally for weeks, with loads upwords of 30 on an HBS (honkin' big
>>> server)
>> 
>> MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup
>> luksUUID ${MAPDEVICE})
> 
> Something's not right. I did
> cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb))
> --key-file /etc/crypt.pw
> 
> It did want the password, so I added --key-file, but it seems to have
> created /dev/mapper/luks, not the full luksUUID that's in both crypttab
> and fstab.

unmap: cryptsetup luksClose /dev/mapper/luks

and then try again with following correction

NOT ...UUID $(/dev/sdb)
...UUID /dev/sdb

--
LF




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and luksOpen

[m . roth]

Leon Fauster wrote:
>> Am 20.06.2017 um 16:53 schrieb m.r...@5-cent.us:
>>
>> Upgraded a RAID. Copied everything from backup.
>>
>> And then my manager said I had to encrypt the drive.
>>
>> I've done that, and made the filesystem, but I can't mount it.
>>
>> CentOS 6.
>> I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the
>> luks UUID in /etc/fstab. I cannot find the command that tells it to
>> create the device in /dev/mapper from the info in /etc/crypttab.
>>
>> Clues for the poor? Yes, the server will, at some point in the future,
>> go to CentOS 7, but that needs my user to be off for a while, and his jobs
>> run literally for weeks, with loads upwords of 30 on an HBS (honkin' big
>> server)
>
> MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup
> luksUUID ${MAPDEVICE})

Something's not right. I did
cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb))
--key-file /etc/crypt.pw

It did want the password, so I added --key-file, but it seems to have
created /dev/mapper/luks, not the full luksUUID that's in both crypttab
and fstab.

mark

> MAPDEVICE=/dev/sdxy ; mount /dev/mapper/luks-$(cryptsetup luksUUID
> ${MAPDEVICE}) /mnt
>
> --
> LF
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and luksOpen

[Leon Fauster]

> Am 20.06.2017 um 16:53 schrieb m.r...@5-cent.us:
> 
> Upgraded a RAID. Copied everything from backup.
> 
> And then my manager said I had to encrypt the drive.
> 
> I've done that, and made the filesystem, but I can't mount it.
> 
> CentOS 6.
> I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the
> luks UUID in /etc/fstab. I cannot find the command that tells it to create
> the device in /dev/mapper from the info in /etc/crypttab.
> 
> Clues for the poor? Yes, the server will, at some point in the future, go
> to CentOS 7, but that needs my user to be off for a while, and his jobs
> run literally for weeks, with loads upwords of 30 on an HBS (honkin' big
> server)


MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup 
luksUUID ${MAPDEVICE})
MAPDEVICE=/dev/sdxy ; mount /dev/mapper/luks-$(cryptsetup luksUUID 
${MAPDEVICE}) /mnt

--
LF


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 and luksOpen

[m . roth]

Upgraded a RAID. Copied everything from backup.

And then my manager said I had to encrypt the drive.

I've done that, and made the filesystem, but I can't mount it.

CentOS 6.
I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the
luks UUID in /etc/fstab. I cannot find the command that tells it to create
the device in /dev/mapper from the info in /etc/crypttab.

Clues for the poor? Yes, the server will, at some point in the future, go
to CentOS 7, but that needs my user to be off for a while, and his jobs
run literally for weeks, with loads upwords of 30 on an HBS (honkin' big
server)

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [CentOS 6] Possible bug in updating glibc?

[Jonathan Billings]

On Fri, Jun 02, 2017 at 06:40:57AM -0400, Leam Hall wrote:
> I'm running a KVM host on updated CentOS 6. The guest is built from the
> CentOS 6.9 dvd1 with just @base and @core package groups.
> 
> When I went to install mysql it failed due to incompatibilities with the
> libcc versions. Updated just glibc and glibc-common and then installed
> mysql. Shortly there after it started to freeze and lost connection.
> 
> The KVM host is fairly beefy and mysql wasn't doing anything but running
> with no queries or data. I rebooted the guest and it still had lock up
> issues.
> 
> When I rebuilt the guest and did a full yum update, to include kernel and
> kernel-headers, it seemed to run fine.
> 
> It seems like there's a dependency between glibc(-common) and something
> else. Or do I misunderstand?

How did you update the software?  If you had just run 'yum install
mysql' it should have pulled in all the dependencies.  Did you run a
'yum update' before trying to install mysql?

Its possible that your mirrors are out of sync and your system is
talking to a mirror with older RPMs, but without an actual error log,
its hard to tell what's going on.

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] [CentOS 6] Possible bug in updating glibc?

[Leam Hall]

Hey all, not sure if this was operator error or what.

I'm running a KVM host on updated CentOS 6. The guest is built from the 
CentOS 6.9 dvd1 with just @base and @core package groups.


When I went to install mysql it failed due to incompatibilities with the 
libcc versions. Updated just glibc and glibc-common and then installed 
mysql. Shortly there after it started to freeze and lost connection.


The KVM host is fairly beefy and mysql wasn't doing anything but running 
with no queries or data. I rebooted the guest and it still had lock up 
issues.


When I rebuilt the guest and did a full yum update, to include kernel 
and kernel-headers, it seemed to run fine.


It seems like there's a dependency between glibc(-common) and something 
else. Or do I misunderstand?


Thanks!

Leam
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] {centos 6} errors in libvirtd, all sites down, need advice

[Leon Fauster]

> Am 29.05.2017 um 22:52 schrieb Political Gateway :
> 
> 2016-09-07 15:56:13.228+: 24704: error : virFileRewrite:507 :
> cannot write data to file '/var/run/libvirt/qemu/main.mywebsite.com.xml.new': 
> No space left on device

clearly stated - no space left on device.

--
LF






___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] {centos 6} errors in libvirtd, all sites down, need advice

[Political Gateway]

Today out of the blue...boom all sites down.

I use a bridge and virtual machines, 5 websites.

virsh shows me all machines are up and running, everything looks okay, 
but cannot get to sites.


Here are the errors listed in the log, condensed due to multiples of 
same errors.


there is some kid or error reading data, then there is some kind of 
network collision (bobnet, no idea what that is)


then it talks of cpus and out of room for data, but tons of room left...

any ideas i would be greatful


thanks

02:07:15.951: 28676: error : virNetSocketReadWire:911 : End of file 
while reading data: Input/output error
17:34:33.924: 2447: error : networkCheckRouteCollision:1673 : internal 
error Network is already in use by interface vbr0
18:03:54.050: 2413: info : libvirt version: 0.9.4, package: 23.el6_2.4 
(CentOS BuildSystem , 2012-01-17-10:52:29, 
c6b18n1.dev.centos.org)
18:03:54.050: 2413: error : virInterfaceDefParseXML:793 : XML error: 
bond interface misses the bond element
18:22:30.393: 2457: error : ifaceGetIndex:334 : internal error interface 
vnet0 does not exist
18:22:30.607: 2457: error : qemuAutostartDomain:165 : Failed to 
autostart VM 'mywebsite': internal error interface vnet0 does not exist
18:25:05.942: 3054: error : ifaceGetIndex:334 : internal error interface 
vnet0 does not exist
18:27:31.022: 3046: error : virNetworkObjIsDuplicate:1742 : operation 
failed: network 'bobnet' already exists with uuid 
85e167f9-4670-4f7c-68c7-caf2daeecc93
18:31:57.184: 3048: error : ifaceGetIndex:334 : internal error interface 
vnet0 does not exist
19:15:24.599: 3043: error : qemuMonitorIO:583 : internal error End of 
file from monitor
00:54:12.418: 7632: warning : qemuDomainObjStart:4649 : Ignoring 
incomplete managed state /var/lib/libvirt/qemu/save/mywebsite.save
11:51:27.639: 2157: error : qemuDomainSaveImageOpen:3914 : operation 
failed: failed to read qemu header
2014-03-24 19:03:00.182+: 2047: error : qemuDomainSetVcpusFlags:4245 
: invalid argument: requested vcpus is greater than max allowable vcpus 
for the domain: 3 > 2
2016-09-07 15:56:13.228+: 24704: error : virFileRewrite:507 : cannot 
write data to file '/var/run/libvirt/qemu/main.mywebsite.com.xml.new': 
No space left on device

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 dhcpd custom log issues

[Mark Haney]

I've done more testing and I've found something very interesting.  I've
tested logging with our entire string (which will be below) with slight
changes to the 'if' statement solely looking at the 'dhcp-message-type = '
parameter.  Of the four message types we routinely see some work and some
don't: (ie: if option dhcp-message-type = # { log...)

Message-Type 1 (DISCOVER): logging works
Message-Type 2 (OFFER):  logging does NOT work
Message-Type 3 (REQUEST) logging works
Message-Type 5 (ACK) logging does NOT work

And by 'does not work' I mean it doesn't log anything at all.  As if it's
not matching on those message types at all. I know they are being logged in
syslog, where all these messages are logged to, so I know we're getting
OFFERs and ACKs, as they are logged normally in syslog.

So, anyone have any idea WTF is going on here?  I suppose I could log based
on REQUEST, but I'm afraid our data would be inaccurate if a request isn't
ACK'd.

On Fri, May 26, 2017 at 2:04 PM, Mark Haney  wrote:

> Hi all,
>
> I've got an issue with C6's dhcpd custom logging that I cannot figure
> out.  Hopefully someone has an idea, or has seen a similar issue.  We have
> dhcpd logging to /var/log/messages a custom header (DHCPUSER:) with MAC, IP
> and Circuit-ID.
>
> I'll not bore you with the guts, so here's the beginning of that line in
> dhcpd.conf:
>
> if exists agent.circuit-id
>  {
> log (info, concat( "DHCPUSER:,", concat (suffix (concat ("0",
> binary-to-ascii.
>
> We log this specifically to have rsyslog dump that line (keyed on
> DHCPUSER) into a MySQL database for use by a web app our development team
> built so that our customers can get reports on their DHCP leases.  (Neonova
> provides help desk, engineering and Tier 2 and 3 tech support to rural ISPs
> in the US.)
>
> Our problem is that this method logs every entry that has the CID in the
> packet.  Which covers most DHCP requests.  As such, with our bigger
> customers, this logging bogs down MySQL (and the file system on older ext3
> based CentOS 6 boxes we have out in the field) to the point where, after a
> major outage and recovery, the DHCP server can't handle the load and people
> are unable to get new DHCP leases, resulting in calls to our help desk.
>
> What I want to do is have this data logged in the DHCPUSER line on the
> DHCPACK and only that.  For some reason, when I try replace the above with
> 'if option dhcp-message-type = 5', nothing is getting logged.  All the
> instances of this I've googled have similar, notably one from ~2008 that
> has:
>
>  if exists agent.circuit-id and dhcp-message-type = 3
>
> and that apparently worked fine.  I know the circuit-id is included in the
> ACK packet (tcpdump is your friend), but even on the check to log for only
> the dhcp message type 5 isn't working.
>
> Are the newer dhcpd versions different syntactically?  What's the correct
> method for logging on the DCHP Message type with the most recent C6
> version? (dhcp-4.1.1-53.P1.el6.centos.x86_64)
>
> Any ideas?
>
> --
> [image: photo]
> Mark Haney
> Network Engineer at NeoNova
> 919-460-3330 <(919)%20460-3330> (opt 1) • mark.ha...@neonova.net
> www.neonova.net 
>   
> 
>



-- 
[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.ha...@neonova.net
www.neonova.net 
  

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 dhcpd custom log issues

[Mark Haney]

Hi all,

I've got an issue with C6's dhcpd custom logging that I cannot figure out.
Hopefully someone has an idea, or has seen a similar issue.  We have dhcpd
logging to /var/log/messages a custom header (DHCPUSER:) with MAC, IP and
Circuit-ID.

I'll not bore you with the guts, so here's the beginning of that line in
dhcpd.conf:

if exists agent.circuit-id
 {
log (info, concat( "DHCPUSER:,", concat (suffix (concat ("0",
binary-to-ascii.

We log this specifically to have rsyslog dump that line (keyed on DHCPUSER)
into a MySQL database for use by a web app our development team built so
that our customers can get reports on their DHCP leases.  (Neonova provides
help desk, engineering and Tier 2 and 3 tech support to rural ISPs in the
US.)

Our problem is that this method logs every entry that has the CID in the
packet.  Which covers most DHCP requests.  As such, with our bigger
customers, this logging bogs down MySQL (and the file system on older ext3
based CentOS 6 boxes we have out in the field) to the point where, after a
major outage and recovery, the DHCP server can't handle the load and people
are unable to get new DHCP leases, resulting in calls to our help desk.

What I want to do is have this data logged in the DHCPUSER line on the
DHCPACK and only that.  For some reason, when I try replace the above with
'if option dhcp-message-type = 5', nothing is getting logged.  All the
instances of this I've googled have similar, notably one from ~2008 that
has:

 if exists agent.circuit-id and dhcp-message-type = 3

and that apparently worked fine.  I know the circuit-id is included in the
ACK packet (tcpdump is your friend), but even on the check to log for only
the dhcp message type 5 isn't working.

Are the newer dhcpd versions different syntactically?  What's the correct
method for logging on the DCHP Message type with the most recent C6
version? (dhcp-4.1.1-53.P1.el6.centos.x86_64)

Any ideas?

-- 
[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.ha...@neonova.net
www.neonova.net 
  

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 / Intel CPU support

[John Hodrien]

On Thu, 11 May 2017, Darr247 wrote:


If you disable Intel Speedstep in the BIOS it should lock the CPU to its
fastest speed, but you lose power saving during idle.


Could you possibly also find that you're more restricted in your use of
TurboBoost in that state (if indeed it works properly without speedstep), and
so find it runs slower for some workloads?

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 / Intel CPU support

[Darr247]

> Here's mine.  Interesting differences:

If you disable Intel Speedstep in the BIOS it should lock the CPU to its
fastest speed, but you lose power saving during idle.

On Thu, May 11, 2017 at 3:48 PM, ken  wrote:

> On 05/11/2017 12:45 PM, Leon Fauster wrote:
>
>> Am 11.05.2017 um 16:29 schrieb Leon Fauster :
>>>
>>> Am 11.05.2017 um 14:48 schrieb Leon Fauster :

 https://access.redhat.com/support/policy/intel

 shows mainly Xeon CPUs. What about

 Intel Core i7-6700 Quad-Core Skylake

 has the current EL6 variant support for it?

 Any experience? Feedback would be greatly appreciated.

>>>
>>> I found this
>>>
>>> linux-2.6.32-696.1.1.el6/arch/x86/kernel/setup.c
>>>
>>> 796 if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
>>> 797 ((boot_cpu_data.x86 == 6))) {
>>> 798 switch (boot_cpu_data.x86_model) {
>>> 799 case 94: /* Skylake-S */
>>> 800 case 86: /* Broadwell-DE SoC */
>>> 801 case 85: /* Purley */
>>> 802 case 79: /* Broadwell-EP and EX */
>>> 803 case 78: /* Skylake-Y */
>>> 804 case 77: /* Atom Avoton */
>>> 805 case 71: /* Broadwell-H */
>>> 806 case 70: /* Crystal Well */
>>> 807 break;
>>> 808 default:
>>> 809 if (boot_cpu_data.x86_model > 63) {
>>> 810 printk(KERN_CRIT
>>> 811"Detected CPU family %d model %d\n",
>>> 812boot_cpu_data.x86,
>>> 813boot_cpu_data.x86_model);
>>> 814 mark_hardware_unsupported("Intel CPU model");
>>> 815 }
>>> 816 break;
>>> 817 }
>>> 818 }
>>>
>>> not sure if "case 94: /* Skylake-S */" means support for Intel Core
>>> i7-6700 Quad-Core Skylake ...
>>>
>>
>> for the record:
>>
>> model 94 seems to be supported since EL6.7.
>>
>> A quick install could be booted without issues.
>>
>>
>> # cat /proc/cpuinfo | head -26 ; uname -a
>> processor   : 0
>> vendor_id   : GenuineIntel
>> cpu family  : 6
>> model   : 94
>> model name  : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
>> stepping: 3
>> microcode   : 85
>> cpu MHz : 3408.025
>> cache size  : 8192 KB
>> physical id : 0
>> siblings: 8
>> core id : 0
>> cpu cores   : 4
>> apicid  : 0
>> initial apicid  : 0
>> fpu : yes
>> fpu_exception   : yes
>> cpuid level : 22
>> wp  : yes
>> flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
>> mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall
>> nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology
>> nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2
>> ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt
>> tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch ida
>> arat epb xsaveopt pln pts dtherm hwp hwp_noitfy hwp_act_window hwp_epp
>> tpr_shadow vnmi flexpriority ept vpid fsgsbase bmi1 hle avx2 smep bmi2 erms
>> invpcid rtm rdseed adx
>> bogomips: 6816.05
>> clflush size: 64
>> cache_alignment : 64
>> address sizes   : 39 bits physical, 48 bits virtual
>> power management:
>>
>> Linux srv-s01.ccds.de 2.6.32-696.1.1.el6.x86_64 #1 SMP Tue Apr 11
>> 17:13:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>>
>> --
>> LF
>>
>
> Here's mine.  Interesting differences:
>
> # cat /proc/cpuinfo | head -26; uname -a
> processor: 0
> vendor_id: GenuineIntel
> cpu family: 6
> model: 94
> model name: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
> stepping: 3
> microcode: 0x9e
> cpu MHz: 899.945
> cache size: 6144 KB
> physical id: 0
> siblings: 8
> core id: 0
> cpu cores: 4
> apicid: 0
> initial apicid: 0
> fpu: yes
> fpu_exception: yes
> cpuid level: 22
> wp: yes
> flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
> cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx
> pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl
> xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor
> ds_cpl vmx est tm2 ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe
> popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm
> 3dnowprefetch ida arat epb pln pts dtherm hwp hwp_noitfy hwp_act_window
> hwp_epp intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust
> bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt
> xsaveopt xsavec xgetbv1
> bogomips: 5184.00
> clflush size: 64
> cache_alignment: 64
> address sizes: 39 bits physical, 48 bits virtual
> power management:
>
> Linux null.example.com 3.10.0-514.16.1.el7.x86_64 #1 SMP Wed Apr 12
> 15:04:24 UTC 2017 x86_64 

Re: [CentOS] CentOS 6 / Intel CPU support

[ken]

On 05/11/2017 12:45 PM, Leon Fauster wrote:

Am 11.05.2017 um 16:29 schrieb Leon Fauster :


Am 11.05.2017 um 14:48 schrieb Leon Fauster :

https://access.redhat.com/support/policy/intel

shows mainly Xeon CPUs. What about

Intel Core i7-6700 Quad-Core Skylake

has the current EL6 variant support for it?

Any experience? Feedback would be greatly appreciated.


I found this

linux-2.6.32-696.1.1.el6/arch/x86/kernel/setup.c

796 if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
797 ((boot_cpu_data.x86 == 6))) {
798 switch (boot_cpu_data.x86_model) {
799 case 94: /* Skylake-S */
800 case 86: /* Broadwell-DE SoC */
801 case 85: /* Purley */
802 case 79: /* Broadwell-EP and EX */
803 case 78: /* Skylake-Y */
804 case 77: /* Atom Avoton */
805 case 71: /* Broadwell-H */
806 case 70: /* Crystal Well */
807 break;
808 default:
809 if (boot_cpu_data.x86_model > 63) {
810 printk(KERN_CRIT
811"Detected CPU family %d model %d\n",
812boot_cpu_data.x86,
813boot_cpu_data.x86_model);
814 mark_hardware_unsupported("Intel CPU model");
815 }
816 break;
817 }
818 }

not sure if "case 94: /* Skylake-S */" means support for Intel Core i7-6700 
Quad-Core Skylake ...


for the record:

model 94 seems to be supported since EL6.7.

A quick install could be booted without issues.


# cat /proc/cpuinfo | head -26 ; uname -a
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 94
model name  : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
stepping: 3
microcode   : 85
cpu MHz : 3408.025
cache size  : 8192 KB
physical id : 0
siblings: 8
core id : 0
cpu cores   : 4
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 22
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc 
aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 fma cx16 
xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave 
avx f16c rdrand lahf_lm abm 3dnowprefetch ida arat epb xsaveopt pln pts dtherm 
hwp hwp_noitfy hwp_act_window hwp_epp tpr_shadow vnmi flexpriority ept vpid 
fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx
bogomips: 6816.05
clflush size: 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

Linux srv-s01.ccds.de 2.6.32-696.1.1.el6.x86_64 #1 SMP Tue Apr 11 17:13:24 UTC 
2017 x86_64 x86_64 x86_64 GNU/Linux

--
LF


Here's mine.  Interesting differences:

# cat /proc/cpuinfo | head -26; uname -a
processor: 0
vendor_id: GenuineIntel
cpu family: 6
model: 94
model name: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
stepping: 3
microcode: 0x9e
cpu MHz: 899.945
cache size: 6144 KB
physical id: 0
siblings: 8
core id: 0
cpu cores: 4
apicid: 0
initial apicid: 0
fpu: yes
fpu_exception: yes
cpuid level: 22
wp: yes
flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca 
cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall 
nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good 
nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 
monitor ds_cpl vmx est tm2 ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 
x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm 
abm 3dnowprefetch ida arat epb pln pts dtherm hwp hwp_noitfy 
hwp_act_window hwp_epp intel_pt tpr_shadow vnmi flexpriority ept vpid 
fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed 
adx smap clflushopt xsaveopt xsavec xgetbv1

bogomips: 5184.00
clflush size: 64
cache_alignment: 64
address sizes: 39 bits physical, 48 bits virtual
power management:

Linux null.example.com 3.10.0-514.16.1.el7.x86_64 #1 SMP Wed Apr 12 
15:04:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 / Intel CPU support

[Leon Fauster]

> Am 11.05.2017 um 16:29 schrieb Leon Fauster :
> 
>> Am 11.05.2017 um 14:48 schrieb Leon Fauster :
>> 
>> https://access.redhat.com/support/policy/intel
>> 
>> shows mainly Xeon CPUs. What about
>> 
>> Intel Core i7-6700 Quad-Core Skylake
>> 
>> has the current EL6 variant support for it?
>> 
>> Any experience? Feedback would be greatly appreciated.
> 
> 
> I found this
> 
> linux-2.6.32-696.1.1.el6/arch/x86/kernel/setup.c
> 
> 796 if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
> 797 ((boot_cpu_data.x86 == 6))) {
> 798 switch (boot_cpu_data.x86_model) {
> 799 case 94: /* Skylake-S */
> 800 case 86: /* Broadwell-DE SoC */
> 801 case 85: /* Purley */
> 802 case 79: /* Broadwell-EP and EX */
> 803 case 78: /* Skylake-Y */
> 804 case 77: /* Atom Avoton */
> 805 case 71: /* Broadwell-H */
> 806 case 70: /* Crystal Well */
> 807 break;
> 808 default:
> 809 if (boot_cpu_data.x86_model > 63) {
> 810 printk(KERN_CRIT
> 811"Detected CPU family %d model %d\n",
> 812boot_cpu_data.x86,
> 813boot_cpu_data.x86_model);
> 814 mark_hardware_unsupported("Intel CPU model");
> 815 }
> 816 break;
> 817 }
> 818 }
> 
> not sure if "case 94: /* Skylake-S */" means support for Intel Core i7-6700 
> Quad-Core Skylake ...


for the record:

model 94 seems to be supported since EL6.7. 

A quick install could be booted without issues.


# cat /proc/cpuinfo | head -26 ; uname -a
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 94
model name  : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
stepping: 3
microcode   : 85
cpu MHz : 3408.025
cache size  : 8192 KB
physical id : 0
siblings: 8
core id : 0
cpu cores   : 4
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 22
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc 
aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 fma cx16 
xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave 
avx f16c rdrand lahf_lm abm 3dnowprefetch ida arat epb xsaveopt pln pts dtherm 
hwp hwp_noitfy hwp_act_window hwp_epp tpr_shadow vnmi flexpriority ept vpid 
fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx
bogomips: 6816.05
clflush size: 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

Linux srv-s01.ccds.de 2.6.32-696.1.1.el6.x86_64 #1 SMP Tue Apr 11 17:13:24 UTC 
2017 x86_64 x86_64 x86_64 GNU/Linux

--
LF

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 / Intel CPU support

[Leon Fauster]

> Am 11.05.2017 um 14:48 schrieb Leon Fauster :
> 
> https://access.redhat.com/support/policy/intel
> 
> shows mainly Xeon CPUs. What about
> 
> Intel Core i7-6700 Quad-Core Skylake
> 
> has the current EL6 variant support for it?
> 
> Any experience? Feedback would be greatly appreciated.


I found this

linux-2.6.32-696.1.1.el6/arch/x86/kernel/setup.c

 796 if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
 797 ((boot_cpu_data.x86 == 6))) {
 798 switch (boot_cpu_data.x86_model) {
 799 case 94: /* Skylake-S */
 800 case 86: /* Broadwell-DE SoC */
 801 case 85: /* Purley */
 802 case 79: /* Broadwell-EP and EX */
 803 case 78: /* Skylake-Y */
 804 case 77: /* Atom Avoton */
 805 case 71: /* Broadwell-H */
 806 case 70: /* Crystal Well */
 807 break;
 808 default:
 809 if (boot_cpu_data.x86_model > 63) {
 810 printk(KERN_CRIT
 811"Detected CPU family %d model %d\n",
 812boot_cpu_data.x86,
 813boot_cpu_data.x86_model);
 814 mark_hardware_unsupported("Intel CPU model");
 815 }
 816 break;
 817 }
 818 }

not sure if "case 94: /* Skylake-S */" means support for Intel Core i7-6700 
Quad-Core Skylake ...

--
LF




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 / Intel CPU support

[Leon Fauster]

https://access.redhat.com/support/policy/intel

shows mainly Xeon CPUs. What about

Intel Core i7-6700 Quad-Core Skylake

has the current EL6 variant support for it?

Any experience? Feedback would be greatly appreciated.

Thanks,
LF



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[isdtor]

> Also, in case you're ever interested, I've written a script that 
> generates suitable IPv4-based filenames for pre-default usage:
> 
>https://github.com/heinlein/pxehex
 
gethostip ... I simply rebuilt the relevant C5 rpms for C6, 
system-config-netboot and system-config-netboot-cmd, IIRC.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[Pete Biggs]

> > > .../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
> > >   .../pxelinux.cfg/01-88-99-aa-bb-cc-dd
> > >   .../pxelinux.cfg/C0A8025B
> > >   .../pxelinux.cfg/C0A8025
> > >   .../pxelinux.cfg/C0A802
> > >   .../pxelinux.cfg/C0A80
> > >   .../pxelinux.cfg/C0A8
> > >   .../pxelinux.cfg/C0A
> > >   .../pxelinux.cfg/C0
> > >   .../pxelinux.cfg/C
> > >   .../pxelinux.cfg/default
> > > 
> > > The first are MAC addresses, etc.
> > It shouldn't time out on trying to retrieve a file if the TFTP server
> > is responding - each attempted retrieval should return a "not found"
> > rather than sitting there doing nothing. Trying symlinking the MAC
> > address filename to 'default' so it retrieves it first before any
> > timeout could have happened.
> 
> You'd think. And as I said, this has been working for years, on three or
> four OEM's hardware. Suddenly, there's this new box from Penguin that's
> IBM-based, and it's using  something called "openether.org" firmware, and
> it takes minutes between timeouts, instead of seconds. 

Yeah, different hardware tickling different bugs ...

> I'm talking to the
> OEM, but trying to figure out what's going on. I haven't found a timeout
> on the server side, though I suspect there is one, but I really *don't*
> want to make it 20 min. I've also just been googling, trying to find out
> if -mapfile for tftp will let me rename what it's looking for to
> "default", but that search is going nowhere, fast.

On the TFTP server can you not just do

  ln -s default b8945908-d6a6-41a9-611d-74a6ab80b83d

or 

  cp default b8945908-d6a6-41a9-611d-74a6ab80b83d

rather than playing with mapping files - just for testing purposes.

Have you tried pxelinux.0 instead of gpxelinux.0? Or possibly iPXE?

> > 
> > Also, you might like to try tcpdump to see what is actually happening
> > on the TFTP port.
> 
> I'm under the impression I know - the client *tells* me what it's looking
> for, in the order above, but it sits there, and sits there, before it
> tries the next option.
> 
I was more thinking of seeing if the server responds at all - the
symptoms you see look like the server either ignoring the commands or
just not seeing them. I would suggest that a firewall is in the way
somewhere or wrong subnet or something like that, but as you say, it's
working for other clients.

P.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[John R Pierce]

On 4/11/2017 2:01 PM, Bruce Ferrell wrote:
Whatever openether.org is, it sounds buggy. 



there's no such domain.there's a softether.org, which is a VPN 
package, and some kinda github.com/openether which appears to be 
Ethereum blockchain based distributed computing related.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[Bruce Ferrell]

On 04/11/2017 01:33 PM, m.r...@5-cent.us wrote:

Pete Biggs wrote:

We've been using pxeboot to pull up a menu, to build or rebuild
machines for years. We have this new server, and it fails. Times out.
What's happening is that it tries in this order
 .../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
.../pxelinux.cfg/01-88-99-aa-bb-cc-dd
.../pxelinux.cfg/C0A8025B
.../pxelinux.cfg/C0A8025
.../pxelinux.cfg/C0A802
.../pxelinux.cfg/C0A80
.../pxelinux.cfg/C0A8
.../pxelinux.cfg/C0A
.../pxelinux.cfg/C0
.../pxelinux.cfg/C
.../pxelinux.cfg/default

The first are MAC addresses, etc.

To be pedantic, the first one is a MAC address, the others are hex
versions of IP addresses - i.e. 192.168.2.91 (the discovered DHCP IP
address)

I understand all that.

  I want it to pull default. It takes
*minutes* to time out each option, so after a dozen or 15 min, when it
gets to defaul, tftp has timed it out.

It shouldn't time out on trying to retrieve a file if the TFTP server
is responding - each attempted retrieval should return a "not found"
rather than sitting there doing nothing. Trying symlinking the MAC
address filename to 'default' so it retrieves it first before any
timeout could have happened.

You'd think. And as I said, this has been working for years, on three or
four OEM's hardware. Suddenly, there's this new box from Penguin that's
IBM-based, and it's using  something called "openether.org" firmware, and
it takes minutes between timeouts, instead of seconds. I'm talking to the
OEM, but trying to figure out what's going on. I haven't found a timeout
on the server side, though I suspect there is one, but I really *don't*
want to make it 20 min. I've also just been googling, trying to find out
if -mapfile for tftp will let me rename what it's looking for to
"default", but that search is going nowhere, fast.

Also, you might like to try tcpdump to see what is actually happening
on the TFTP port.

I'm under the impression I know - the client *tells* me what it's looking
for, in the order above, but it sits there, and sits there, before it
tries the next option.

mark


Whatever openether.org is, it sounds buggy.

I do a lot of pxe and your post intrigued me so I poked around some and when I 
try openether.org, it redirects to www.openether.org and fails.

Might I suggest this page:

http://www.syslinux.org/wiki/index.php?title=PXELINUX.

There is some discussion of broken pxe stacks and just as a test for you, how 
about pxe on a floppy/cdrom/usb key?  I've done crazy things like that on 
occasion.

One other possibility that just occurred to me is it may not be a bug per se, but a UEFI pxe boot attempt... Which could do this too. I just *LOVE* UEFI pxe and someday I will find 
the person who thought it up in a dark alley and make them show me a universal setup.





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[m . roth]

Pete Biggs wrote:
>
>>We've been using pxeboot to pull up a menu, to build or rebuild
>> machines for years. We have this new server, and it fails. Times out.
>> What's happening is that it tries in this order
>> .../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
>>  .../pxelinux.cfg/01-88-99-aa-bb-cc-dd
>>  .../pxelinux.cfg/C0A8025B
>>  .../pxelinux.cfg/C0A8025
>>  .../pxelinux.cfg/C0A802
>>  .../pxelinux.cfg/C0A80
>>  .../pxelinux.cfg/C0A8
>>  .../pxelinux.cfg/C0A
>>  .../pxelinux.cfg/C0
>>  .../pxelinux.cfg/C
>>  .../pxelinux.cfg/default
>>
>> The first are MAC addresses, etc.
>
> To be pedantic, the first one is a MAC address, the others are hex
> versions of IP addresses - i.e. 192.168.2.91 (the discovered DHCP IP
> address)

I understand all that.
>
>>  I want it to pull default. It takes
>> *minutes* to time out each option, so after a dozen or 15 min, when it
>> gets to defaul, tftp has timed it out.
>
> It shouldn't time out on trying to retrieve a file if the TFTP server
> is responding - each attempted retrieval should return a "not found"
> rather than sitting there doing nothing. Trying symlinking the MAC
> address filename to 'default' so it retrieves it first before any
> timeout could have happened.

You'd think. And as I said, this has been working for years, on three or
four OEM's hardware. Suddenly, there's this new box from Penguin that's
IBM-based, and it's using  something called "openether.org" firmware, and
it takes minutes between timeouts, instead of seconds. I'm talking to the
OEM, but trying to figure out what's going on. I haven't found a timeout
on the server side, though I suspect there is one, but I really *don't*
want to make it 20 min. I've also just been googling, trying to find out
if -mapfile for tftp will let me rename what it's looking for to
"default", but that search is going nowhere, fast.
>
> Also, you might like to try tcpdump to see what is actually happening
> on the TFTP port.

I'm under the impression I know - the client *tells* me what it's looking
for, in the order above, but it sits there, and sits there, before it
tries the next option.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[Pete Biggs]

>We've been using pxeboot to pull up a menu, to build or rebuild
> machines for years. We have this new server, and it fails. Times out.
> What's happening is that it tries in this order
> .../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
>   .../pxelinux.cfg/01-88-99-aa-bb-cc-dd
>   .../pxelinux.cfg/C0A8025B
>   .../pxelinux.cfg/C0A8025
>   .../pxelinux.cfg/C0A802
>   .../pxelinux.cfg/C0A80
>   .../pxelinux.cfg/C0A8
>   .../pxelinux.cfg/C0A
>   .../pxelinux.cfg/C0
>   .../pxelinux.cfg/C
>   .../pxelinux.cfg/default
> 
> The first are MAC addresses, etc.

To be pedantic, the first one is a MAC address, the others are hex
versions of IP addresses - i.e. 192.168.2.91 (the discovered DHCP IP
address)

>  I want it to pull default. It takes
> *minutes* to time out each option, so after a dozen or 15 min, when it
> gets to defaul, tftp has timed it out.

It shouldn't time out on trying to retrieve a file if the TFTP server
is responding - each attempted retrieval should return a "not found"
rather than sitting there doing nothing. Trying symlinking the MAC
address filename to 'default' so it retrieves it first before any
timeout could have happened.

Also, you might like to try tcpdump to see what is actually happening
on the TFTP port.

P.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[Paul Heinlein]

On Tue, 11 Apr 2017, m.r...@5-cent.us wrote:


Hi, folks,

  We've been using pxeboot to pull up a menu, to build or rebuild
machines for years. We have this new server, and it fails. Times out.
What's happening is that it tries in this order
   .../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
.../pxelinux.cfg/01-88-99-aa-bb-cc-dd
.../pxelinux.cfg/C0A8025B
.../pxelinux.cfg/C0A8025
.../pxelinux.cfg/C0A802
.../pxelinux.cfg/C0A80
.../pxelinux.cfg/C0A8
.../pxelinux.cfg/C0A
.../pxelinux.cfg/C0
.../pxelinux.cfg/C
.../pxelinux.cfg/default

The first are MAC addresses, etc. I want it to pull default. It takes
*minutes* to time out each option, so after a dozen or 15 min, when it
gets to defaul, tftp has timed it out.


I've never seen that sort of delay before, but it's tough to strace an 
PXE environment. :-)



Now, our dhcpd config has this for pxeboot:
group
{
   allow booting;
   allow bootp;
   filename "gpxelinux.0";
   option-209 =  "pxelinux.cfg/default";
   option subnet-mask 255.255.254.0;
   option routers  ;
   default-lease-time 172800; # 2 days.
   max-lease-time 432000; # 5 days.


Do you have a next-server option that points to your tftp server? I've 
always hardcoded an IPv4 address into that setting:


group {
  # normal stuff
  next-server 10.11.12.13;
  filename "gpxelinux.0";
}

Also, in case you're ever interested, I've written a script that 
generates suitable IPv4-based filenames for pre-default usage:


  https://github.com/heinlein/pxehex

--
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 and pxeboot

[m . roth]

Hi, folks,

   We've been using pxeboot to pull up a menu, to build or rebuild
machines for years. We have this new server, and it fails. Times out.
What's happening is that it tries in this order
.../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
.../pxelinux.cfg/01-88-99-aa-bb-cc-dd
.../pxelinux.cfg/C0A8025B
.../pxelinux.cfg/C0A8025
.../pxelinux.cfg/C0A802
.../pxelinux.cfg/C0A80
.../pxelinux.cfg/C0A8
.../pxelinux.cfg/C0A
.../pxelinux.cfg/C0
.../pxelinux.cfg/C
.../pxelinux.cfg/default

The first are MAC addresses, etc. I want it to pull default. It takes
*minutes* to time out each option, so after a dozen or 15 min, when it
gets to defaul, tftp has timed it out.

Now, our dhcpd config has this for pxeboot:
group
{
allow booting;
allow bootp;
filename "gpxelinux.0";
option-209 =  "pxelinux.cfg/default";
option subnet-mask 255.255.254.0;
option routers  ;
default-lease-time 172800; # 2 days.
max-lease-time 432000; # 5 days.

I added that option-209, but it didn't take. I've been looking at the
docs, but if someone's can tell me off the top of their head what I need
to do, I'd appreciate it. This has become a high priority today

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, apcupsd

[Jonathan Billings]

On Fri, Apr 07, 2017 at 01:12:55PM -0400, m.r...@5-cent.us wrote:
> Hi, folks,
> 
>Anyone know what apcupsd is no longer in the EPEL repo for CentOS/RHEL
> 6? It's still in for 7.

As far as I can tell, the el6 EPEL package hasn't been built for a
while.

(looking at https://bodhi.fedoraproject.org/updates/?packages=apcupsd)

Perhaps you need to bug the EPEL maintainer to build it?

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6, apcupsd

[m . roth]

Hi, folks,

   Anyone know what apcupsd is no longer in the EPEL repo for CentOS/RHEL
6? It's still in for 7.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6, mini-SAS and eSATA

[m . roth]

We've got this Dell server. In it, we've got two LSI HBAs. Mini-SAS to one
RAID box. The other, cheapo RAID box, has eSATA. We got a
mini-SAS-to-eSATA cable - actually, it's one mini-SAS to three eSATA. The
systems sees not those disks.

Will this just not work, with the HBA, or is there a driver that will let
the what, mpt2SAS driver see the eSATA drives?

 mark


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6, 8, mplayer, "vector smash protection is enabled"

[m . roth]

This *just* started happening. Video works, but if I try to play streaming
audio, I get nothing. In .xsession-errors, I see that message, along with
others
Object::connect: No such slot
TaskManager::GroupManager::taskDestroyed(QObject*)
ALSA lib pulse.c:243:(pulse_connect) PulseAudio: Unable to connect:
Connection refused
###!!! [Parent][MessageChannel::Call] Error:
(msgtype=0xAA0001,name=PPluginInstance::Msg___delete__) Channel error:
cannot send/recv

Based on a brief google, it *appears* as though vector smash protection is
protecting me from playing music. Note that mplayer does play videos with
no audio (i.e., from our surveillance cameras in our secure rooms).

Can I turn it off, or is there something else blocking me? Let me note
that flash-plugin works to play music... except, as I noted last week, it
crashes every 15-20 minutes, so I was going to mplayer from the command
line

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, flash-plugin crashing - anyone have a clue?

[Liam O'Toole]

On 2017-02-01, m.r...@5-cent.us
 wrote:

[...]

> I just tried, both on 6.8 and 7.3, and yum tells me "nothing to do", so I
> can't downgrade. By the way, googling, I find it's been filed as a bug
> with upstream:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1411972
>
> mark

For what it's worth, the resource[1] mentioned in the bug report works
just fine without Flash. :-)

1: http://www.bbc.co.uk/radio/player/bbc_radio_three

-- 

Liam

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, flash-plugin crashing - anyone have a clue?

[m . roth]

Fred Smith wrote:
> On Wed, Feb 01, 2017 at 10:54:58AM -0500, m.r...@5-cent.us wrote:
>> I wrote:
>> Anyone else seeing this? I'm playing streaming media, and after about
10 or 15 min, flash-plugin crashes. I've had this happen today on
streams from two separate radio stations.
>> *
>>
>> So, is anyone else having this issue? Not only am I having it, but I'm
seeing it on other users, running CentOS 7. On my system, I see in my
logs
>> plugin-containe[17209]: segfault at 3e78991a13c4 ip 7f06e29fe522 sp
7ffe9b68de08 error 6 in libflashplayer.so[7f06e238d000+107b000]
>>
>> I'm running Version : 24.0.0.194 on CentOS 6.8, which appears to be
the same version as is running on CentOS 7, though I see it on
someone's 7.3 with flash-plugin 24.0.0.186. That's from Dec 10, and
that's about when, IIRC, I started seeing crashes.
>
> This may not be the same thing:
>
> I'm running Centos-7, up to date. Flash seems to mostly work fine,... I
can see videos on CNN, for example, as well as other places.
>
> however, I have a weekly online course that uses Adobe Connect,
> which requires flash. At least in the Firefox that ships with (and is
updated occasionally by) Centos, flash crashes whenever I try to open
Connect. If I back out the 24.x.x.x flash version and go back to the
11.x.x.x version it works fine.
>
I just tried, both on 6.8 and 7.3, and yum tells me "nothing to do", so I
can't downgrade. By the way, googling, I find it's been filed as a bug
with upstream:

https://bugzilla.redhat.com/show_bug.cgi?id=1411972

mark



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, flash-plugin crashing - anyone have a clue?

[Fred Smith]

On Wed, Feb 01, 2017 at 10:54:58AM -0500, m.r...@5-cent.us wrote:
> I wrote:
> Anyone else seeing this? I'm playing streaming media, and after about 10
> or 15 min, flash-plugin crashes. I've had this happen today on streams
> from two separate radio stations.
> *
> 
> So, is anyone else having this issue? Not only am I having it, but I'm
> seeing it on other users, running CentOS 7. On my system, I see in my logs
> plugin-containe[17209]: segfault at 3e78991a13c4 ip 7f06e29fe522 sp
> 7ffe9b68de08 error 6 in libflashplayer.so[7f06e238d000+107b000]
> 
> I'm running Version : 24.0.0.194 on CentOS 6.8, which appears to be
> the same version as is running on CentOS 7, though I see it on someone's
> 7.3 with flash-plugin
> 24.0.0.186. That's from Dec 10, and that's about when, IIRC, I started
> seeing crashes.
> 
> I can't believe that we're the only ones with the problem.
> 
> mark


This may not be the same thing:

I'm running Centos-7, up to date. Flash seems to mostly work fine,...
I can see videos on CNN, for example, as well as other places.

however, I have a weekly online course that uses Adobe Connect,
which requires flash. At least in the Firefox that ships with (and
is updated occasionally by) Centos, flash crashes whenever I try
to open Connect. If I back out the 24.x.x.x flash version and go
back to the 11.x.x.x version it works fine.

Fred

-- 
---
 .Fred Smith   /  
( /__  ,__.   __   __ /  __   : / 
 //  /   /__) /  /  /__) .+'   Home: fre...@fcshome.stoneham.ma.us 
//  (__ (___ (__(_ (___ / :__ 781-438-5471 
 Jude 1:24,25 -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, flash-plugin crashing - anyone have a clue?

[m . roth]

m.r...@5-cent.us wrote:
> I wrote:
> Anyone else seeing this? I'm playing streaming media, and after about 10
> or 15 min, flash-plugin crashes. I've had this happen today on streams
> from two separate radio stations.
> *
>
> So, is anyone else having this issue? Not only am I having it, but I'm
> seeing it on other users, running CentOS 7. On my system, I see in my logs
> plugin-containe[17209]: segfault at 3e78991a13c4 ip 7f06e29fe522 sp
> 7ffe9b68de08 error 6 in libflashplayer.so[7f06e238d000+107b000]
>
> I'm running Version : 24.0.0.194 on CentOS 6.8, which appears to be
> the same version as is running on CentOS 7, though I see it on someone's
> 7.3 with flash-plugin
> 24.0.0.186. That's from Dec 10, and that's about when, IIRC, I started
> seeing crashes.
>
> I can't believe that we're the only ones with the problem.
>

Note that I just looked, and I seem to be seeing GPF on CentOS 7.
kernel: traps: plugin-containe[14051] general protection ip:7f441b23bfaf
sp:7ffc39a76df0 error:0 in libflashplayer.so[7f441abc8000+107b000]

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6, flash-plugin crashing - anyone have a clue?

[m . roth]

I wrote:
Anyone else seeing this? I'm playing streaming media, and after about 10
or 15 min, flash-plugin crashes. I've had this happen today on streams
from two separate radio stations.
*

So, is anyone else having this issue? Not only am I having it, but I'm
seeing it on other users, running CentOS 7. On my system, I see in my logs
plugin-containe[17209]: segfault at 3e78991a13c4 ip 7f06e29fe522 sp
7ffe9b68de08 error 6 in libflashplayer.so[7f06e238d000+107b000]

I'm running Version : 24.0.0.194 on CentOS 6.8, which appears to be
the same version as is running on CentOS 7, though I see it on someone's
7.3 with flash-plugin
24.0.0.186. That's from Dec 10, and that's about when, IIRC, I started
seeing crashes.

I can't believe that we're the only ones with the problem.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, flash-plugin crashing

[Richard]

> Date: Monday, January 30, 2017 13:56:24 -0500
> From: m.r...@5-cent.us
>
> Anyone else seeing this? I'm playing streaming media, and after
> about 10 or 15 min, flash-plugin crashes. I've had this happen
> today on streams from two separate radio stations.
> 
>mark


Care to provide any specifics?

   - URL(s) of content that is causing the crashes
   - flash plugin release number
   - firefox version
   - OS version


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6, flash-plugin crashing

[m . roth]

Anyone else seeing this? I'm playing streaming media, and after about 10
or 15 min, flash-plugin crashes. I've had this happen today on streams
from two separate radio stations.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos