Re: [CentOS] sendmail, port 465/587, auth and imap
Hi replying to myself as I figured it (ouch!) I had the correct stuff in the saslauth file: # this is VIA IMAP MECH=rimap FLAGS="-O localhost -r" but I forgot to exclude the FLAGS line which was at the end of that file: # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. # make sure you dont have double flags in here. FLAGS= wiping FLAGS to null and sasl is complaining with Starting saslauthd: saslauthd[20677] :set_auth_mech : failed to initialize mechanism rimap Bugger. Jobst On Wed, Feb 23, 2011 at 06:18:28PM +1100, Jobst Schmalenbach (jo...@barrett.com.au) wrote: > Hi. > > Apologies to the list for sending this twice as > I forgot to enter a proper subject line, I wanted > to write the content first and then make > up the subject line ;-) > > > > I am trying to configure sendmail that is looks up the users > credentials to allow them to send email via that server > via an imap server on the same machine when sending email > while on the road. > > > I can send email when specifying a user that is stored > in the servers /etc/shadow ... no problem but I cannot > get my head around it how to do make saslauth OR sendmail > lookup the user via the imap daemon. > > > This is the working config (mc) for the sendmail daemon > when using a locally created user (I knock the PLAIN off > once I got it to work): > > define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5') > TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5') > DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s') > etc. > > > How can I make sendmail (or saslauth) to get the user > credentials via an imap server running on the same machine > (the credentials are from an internal samba server) so I > do not need to enter users details twice? > > > > Jobst > > > > > > > > -- > 186,262 miles/second : Not just a good idea, it's the LAW. > > | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager > | | |0| Barrett Consulting Group P/L & The Meditation Room P/L > |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos -- My Carpenter has a 1956 VW Beetle. He still can go to any place in Australia, use any Oil, spark plugs, pertol, tires, wiper blades, etc available today with a car that old. If only software would be like that. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to optimize CentOS XEN dom0?
On Wed, Feb 23, 2011 at 9:06 AM, yonatan pingle wrote: > you should have a look at your I/O disk status. > > try with iostat -dx 5 to see the disk utilization info over time. > when it comes to slowdown on a virtual environment on a Desktop grade > machine, i suspect disk I/O latency and bottleneck as a cause. Thanx, I don't know how to interpret the results (yet), but here's the current output: Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util sda 0.0027.20 0.00 6.80 0.00 448.0065.88 0.000.59 0.35 0.24 sda1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 sda2 0.0027.20 0.00 6.80 0.00 448.0065.88 0.000.59 0.35 0.24 dm-0 0.00 0.00 0.00 27.80 0.00 222.40 8.00 0.010.35 0.09 0.24 dm-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-2 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-3 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-4 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-5 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-6 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-7 0.00 0.00 0.00 0.40 0.00 6.4016.00 0.000.00 0.00 0.00 dm-8 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-9 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-10 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-11 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-12 0.00 0.00 0.00 2.80 0.0097.6034.86 0.000.00 0.00 0.00 dm-13 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-15 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-16 0.00 0.00 0.00 3.00 0.00 121.6040.53 0.000.00 0.00 0.00 dm-17 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 Although, most of those values change the whole time, as such: Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util sda 0.00 1.00 0.00 0.80 0.0017.6022.00 0.000.00 0.00 0.00 sda1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 sda2 0.00 1.00 0.00 0.80 0.0017.6022.00 0.000.00 0.00 0.00 dm-0 0.00 0.00 0.00 1.40 0.0011.20 8.00 0.000.00 0.00 0.00 dm-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-2 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-3 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-4 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-5 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-6 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-7 0.00 0.00 0.00 0.40 0.00 6.4016.00 0.000.00 0.00 0.00 dm-8 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-9 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-10 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-11 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-12 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-13 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-15 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 dm-17 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.000.00 0.00 0.00 > > check that your disk is running at
Re: [CentOS] security cameras
On Tue, Feb 22, 2011 at 9:31 PM, Always Learning wrote: > > On Tue, 2011-02-22 at 18:04 -0800, John R Pierce wrote: > >> TCP/IP cameras would work with any OS, most just FTP or whatever the >> pictures to a webserver you provide, or they run their own server and >> you can wget the pics off them. but I've never seen any IP cameras I'd >> call really cheap. Panasonic makes a nice line of them, some even have >> remote pan/zoom via a http interface. > > Try Ebay especially the Chinese, including Hong Kong, suppliers. For > example compared to the English prices the Chinese prices are much > cheaper. However one has to wait 2 to 3 weeks for postal delivery. > > Delivery to the USA is usually quicker than to England. The Chinese > preferred payment currency is USD. Been there, done that. You're often much better off with known brands, like Logitech, for simple webcams on your existing server. I've used this effectively for rack security in a datacenter: as long as you're not polling the webcams constantly, they're not too bad of a bandwidth pig, either. They've been around long enough to be stable and workable in Linux, as well. If you want a full-blown remote TCP monitoring system, look at Axis. They're historically very Linux compatible, they have all the features you might want, and while they're not cheap they have all the features you might need. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
Check bluecherry.net I've have for Topica cameras running for over three years. No problems and good people to deal with. Eddie > -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Nico Kadel-Garcia > Sent: Wednesday, February 23, 2011 7:50 AM > To: CentOS mailing list > Subject: Re: [CentOS] security cameras > > On Tue, Feb 22, 2011 at 9:31 PM, Always Learning > wrote: > > > > On Tue, 2011-02-22 at 18:04 -0800, John R Pierce wrote: > > > >> TCP/IP cameras would work with any OS, most just FTP or > whatever the > >> pictures to a webserver you provide, or they run their own > server and > >> you can wget the pics off them. but I've never seen any > IP cameras > >> I'd call really cheap. Panasonic makes a nice line of them, some > >> even have remote pan/zoom via a http interface. > > > > Try Ebay especially the Chinese, including Hong Kong, > suppliers. For > > example compared to the English prices the Chinese prices are much > > cheaper. However one has to wait 2 to 3 weeks for postal delivery. > > > > Delivery to the USA is usually quicker than to England. The Chinese > > preferred payment currency is USD. > > Been there, done that. You're often much better off with > known brands, like Logitech, for simple webcams on your > existing server. I've used this effectively for rack security > in a datacenter: as long as you're not polling the webcams > constantly, they're not too bad of a bandwidth pig, either. > They've been around long enough to be stable and workable in > Linux, as well. > > If you want a full-blown remote TCP monitoring system, look at Axis. > They're historically very Linux compatible, they have all the > features you might want, and while they're not cheap they > have all the features you might need. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Air Conditioning - ON!
On Feb 22, 2011, at 3:35 PM, Ian Murray wrote: > Only joking. I take your point, but the critical fixes being held up for a > dot > release isn't really very Enterprise friendly either. I think it fair to say > that CentOS is not suitable for the enterprise unless the servers are > non-public, on a secure network and the risk of internal hacking is low. That > is > just an unfortunate nature of a rebuild project but it does make the release > time a sensitive matter. > > Karanbir tweeted during FOSDEM that the Belgian police use CentOS. As > everyone > who is paying attention knows that any exploit that RedHat has released an > updated package for post is 5.6 is sat waiting to be exploited on those > police > servers because it won't make the CentOS repositories until 5.6 is out. I > wonder > if the Belgian police know that. > > So if anybody can be bothered to check the errata from upstream and want > to > do some mischief.fill your boots... > > http://toolbar.netcraft.com/site_report?url=http://www.polfed-fedpol.be The best thing CentOS gives you is choice. If your critical machines need updates in a more timely manner, then put RHEL on them. For those that don't put CentOS on them and save $$$. Free is free and it comes free of warranty or guarantee or any other tee. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
Nico Kadel-Garcia wrote: > On Tue, Feb 22, 2011 at 9:31 PM, Always Learning > wrote: >> >> On Tue, 2011-02-22 at 18:04 -0800, John R Pierce wrote: >> >>> TCP/IP cameras would work with any OS, most just FTP or whatever the >>> pictures to a webserver you provide, or they run their own server and >>> you can wget the pics off them. but I've never seen any IP cameras >>> I'd call really cheap. Panasonic makes a nice line of them, some even >>> have remote pan/zoom via a http interface. > If you want a full-blown remote TCP monitoring system, look at Axis. > They're historically very Linux compatible, they have all the features > you might want, and while they're not cheap they have all the features > you might need. At work, we use the package motion. Does everything, including writing .avi? .asf? files to the home directory which is nsf mounted. Trivial load on the network for monitoring. We've got *really* cheap old webcams. Do see if you can get USB 1.1, not 1.0 mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On Wed, Feb 23, 2011 at 4:12 PM, wrote: > Nico Kadel-Garcia wrote: >> On Tue, Feb 22, 2011 at 9:31 PM, Always Learning >> wrote: >>> >>> On Tue, 2011-02-22 at 18:04 -0800, John R Pierce wrote: >>> TCP/IP cameras would work with any OS, most just FTP or whatever the pictures to a webserver you provide, or they run their own server and you can wget the pics off them. but I've never seen any IP cameras I'd call really cheap. Panasonic makes a nice line of them, some even have remote pan/zoom via a http interface. > >> If you want a full-blown remote TCP monitoring system, look at Axis. >> They're historically very Linux compatible, they have all the features >> you might want, and while they're not cheap they have all the features >> you might need. > > At work, we use the package motion. Does everything, including writing > .avi? .asf? files to the home directory which is nsf mounted. Trivial load > on the network for monitoring. > > We've got *really* cheap old webcams. Do see if you can get USB 1.1, not > 1.0 > > mark > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > I've been following this thread closely, and am interested in setting up some surveillance in the office using Linux as well. What open source software can I use for large streams, like upto 256 on Linux? We currently use Indigo, which is super expensive and runs on Windows. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to optimize CentOS XEN dom0?
On Feb 23, 2011, at 3:42 AM, Rudi Ahlers wrote: > On Wed, Feb 23, 2011 at 9:06 AM, yonatan pingle > wrote: >> you should have a look at your I/O disk status. >> >> try with iostat -dx 5 to see the disk utilization info over time. >> when it comes to slowdown on a virtual environment on a Desktop grade >> machine, i suspect disk I/O latency and bottleneck as a cause. > > Thanx, I don't know how to interpret the results (yet), but here's the > current output: > > Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz > avgqu-sz await svctm %util Knowing the columns helps here, rrqm/s and wrqm/s, mean read/write requests merged a second, shows how well scheduler is merging contiguous io operations r/s and w/s, read/write io operations a second rsec/s and wsec/s, read/write sectors a second, I usually use the -k option so it displays as kilobytes a second avgrq-sz, shows average request size in the unit of choice, here being sectors, I wish it'd separate reads from writes, but oh well avgqu-sz, average amount of io operations waiting for service, smaller is better await, average time an io operation waited on queue to be serviced in ms, again smaller is better svctm, last time it took to service an io operation, how long the drive took to perform the operation from when it left queue to when a result was returned %util, the estimated drive utilization based on svctm, await and avgqu-sz For lockups though I'd look at dmesg and xen log, xmlog I think is the command. The number one reason for lockups though is most likely memory contention between domUs and dom0. What are you running in dom0? What are your memory reservations like? -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On Tue, 22 Feb 2011, ken wrote: > I heard about some inexpensive security cameras which get their power > through the same cat5 cable which delivers the data/pictures (which > would simplify wiring tremendously). Does anyone know about these? Do > they work with Linux, particularly CentOS? > > > tnx 4 tips. > I've been meaning to try ZoneMinder (www.zoneminder.com) for some time but have not just yet. In any case there is some good info on cameras in a few places on that site, "Hardware Compatibility List" section of the forum for one. -- Mike :wq ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
> I heard about some inexpensive security cameras which get their power > through the same cat5 cable which delivers the data/pictures (which would > simplify wiring tremendously). Does anyone know about these? Do they > work with Linux, particularly CentOS? I have a security camera, though not powered through the cat5, will have to check that out... Anyway, I'd recommend these sites: http://www.zoneminder.com/ http://www.cctvcamerapros.com/ Right now I have my camera attached to an RF modulator and splitter which merges the signal onto the coax run on channel 65 so I can watch it on my TV. As far as integrating with Linux, would check out Zone Minder link above, otherwise if you modulate onto your TV stream like I did you can then just use mythtv or any capture program if you wanted to schedule captures, etc. Have fun, Josh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unicode in C++
On Tue, 22 Feb 2011 19:51:38 -0500, Nico Kadel-Garcia wrote: > On Tue, Feb 22, 2011 at 5:37 PM, Michael D. Berger > wrote: >> On my CentOS box, in C++ programs, is there a way to print Unicode >> characters? >> >> Thanks, >> Mike. > > Why do you want to? Off topic. > And what sort of monitor or client are you using? > Xterm, Putty, NX, SSH, Xterm. > And what do you mean by "print"? Do you mean send to a printer, or get > them to display correctly on your screen? cout << << endl; and they will appear on my screen, or: ofstream os("myfile"); os << << endl; And they will appear in myfile which may them be printed or edited with vi. Thanks, Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Alternative to cPanel
Hello all, I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo'd running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I'm also just going to use the default packages (bind, postfix, etc) instead of the DJB stuff. Main requirements are fairly straightforward: 1. able to add/manage domains, ssl cert management, manage DNS records 2. able to manage email accounts and anti-spam settings 3. able to add/manage mysql and pgsql (nice to have) 4. user management - ftp/ssh accounts, password change, etc. 5. nice to have: add a wordpress blog / xcart store to a site 6. nice to have: users have own login to do some of the above for their domain only 7. nice to have: integrated website stats (awstats or equiv) 8. not optional - should have a focus on security Stuff like viewing logs, automated billing, hosting plans, managing backups, bandwidth monitoring, uploading web pages, managing server patches, adding new software, etc. I don't mind leaving off or doing myself. Willing to pay a license, but not a huge budget. I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive. Josh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unicode in C++
On Tue, 22 Feb 2011 23:53:20 +0100, Nicolas Thierry-Mieg wrote: > Michael D. Berger wrote: >> On my CentOS box, in C++ programs, is there a way to print Unicode >> characters? > > google knows... I haven't found it. Please see the other response I just sent for clarification of what I need. Thanks, Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] squashfs in the hundreds of GB range
Hello listmates, I am running mksquashfs trying to archive a 400GB+ directory. It has already taken about a day and the resultant archive is only about 40GB thus far and the command is not done yet. Has anyone made a squashfs that size? Is it normal for the process to take this long? If it is not - what am I doing wrong. I am using the most basic syntax: mksquashfs The process is running at 100% CPU. Thanks for any and all help. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On Wed, Feb 23, 2011 at 2:49 PM, Trutwin, Joshua wrote: > > I was leaning towards webmin/virtualmin but thought I'd check with this list > for any suggestions. Had bad experiences with Plesk from a while > ago so leaving that off the table. We have experience with cPanel > through another fail host, it's ok but too much stuff and too > expensive. +1 for Virtualmin. People will brag that it's insecure etc, but it has always done the job for me and I have more than 100 installations of it. I never had security problems because of it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On 02/22/2011 09:02 PM B.J. McClure wrote: > Not sure it will answer your question but there was an article in > December 2010 issue of Linux Magazine re surveillance cameras and linux. > > HTH. > > B.J. > > BJ, I looked around Linux Mag's site for quite a while, did a couple searches, and browsed the contents Dec 2010 and quite a few issues before and after that, but couldn't find any article about selecting and/or setting up surveillance cameras... except one on implementing motion detection in cameras. Is that the one you were thinking of? Still, thanks much. I'll probably come back to that one later. If some other info source comes to you, I'd be glad to hear about it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unicode in C++
On Wed, Feb 23, 2011 at 02:44:11PM +, Michael D. Berger wrote: > On Tue, 22 Feb 2011 19:51:38 -0500, Nico Kadel-Garcia wrote: > > > On Tue, Feb 22, 2011 at 5:37 PM, Michael D. Berger > > wrote: > >> On my CentOS box, in C++ programs, is there a way to print Unicode > >> characters? > >> > > And what sort of monitor or client are you using? > > Xterm, Putty, NX, SSH, > > Xterm. Make sure to use uxterm, not xterm. (Should be included with any installation of xterm.) > > > And what do you mean by "print"? Do you mean send to a printer, or get > > them to display correctly on your screen? > >cout << << endl; > > and they will appear on my screen, or: > >ofstream os("myfile"); >os << << endl; > > And they will appear in myfile which may them be printed or > edited with vi. Depending upon the characters, you may not be able to get them in a console, but as long as you're using X, they should appear in an xterm. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
Wed Feb 23 10:49:46 EST 2011, RHEL 6, Linux 2.6.18-194.32.1.el5 athlon On Wed, 2011-02-23 at 10:30 -0500, ken wrote: > On 02/22/2011 09:02 PM B.J. McClure wrote: > > Not sure it will answer your question but there was an article in > > December 2010 issue of Linux Magazine re surveillance cameras and linux. > > > > HTH. > > > > B.J. > > > > > > BJ, I looked around Linux Mag's site for quite a while, did a couple > searches, and browsed the contents Dec 2010 and quite a few issues > before and after that, but couldn't find any article about selecting > and/or setting up surveillance cameras... except one on implementing > motion detection in cameras. Is that the one you were thinking of? Sorry about that. I cannot find the article on their website. Page 30 in the paper version by Marcel Gagne. Did have some stuff on motion detection but article was broader than that and the links at the end of the article might be useful, especially this one: http://www.lavrsen.dk/foswiki/bin/view/Motion/WorkingDevices Good luck. B.J. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
> Date: Wed, 23 Feb 2011 10:30:56 -0500 > From: geb...@mousecar.com > To: centos@centos.org > Subject: Re: [CentOS] security cameras > > On 02/22/2011 09:02 PM B.J. McClure wrote: > > Not sure it will answer your question but there was an article in > > December 2010 issue of Linux Magazine re surveillance cameras and linux. > > > > HTH. > > > > B.J. > > > > > > BJ, I looked around Linux Mag's site for quite a while, did a couple > searches, and browsed the contents Dec 2010 and quite a few issues > before and after that, but couldn't find any article about selecting > and/or setting up surveillance cameras... except one on implementing > motion detection in cameras. Is that the one you were thinking of? > > Still, thanks much. I'll probably come back to that one later. If some > other info source comes to you, I'd be glad to hear about it. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos The article starts on page 30 of the December 2010 issue of Linux Magazine. The article is titled "Webcam Surveillance". Len ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unicode in C++
On Wed, Feb 23, 2011 at 02:46:24PM +, Michael D. Berger wrote: > On Tue, 22 Feb 2011 23:53:20 +0100, Nicolas Thierry-Mieg wrote: > > > Michael D. Berger wrote: > >> On my CentOS box, in C++ programs, is there a way to print Unicode > >> characters? > > > > google knows... > > I haven't found it. Strange. "Using Unicode in C/C++": http://evanjones.ca/unicode-in-c.html pops on top of a plain search for "unicode c++" in Google: http://www.google.it/search?q=unicode+c%2B%2B Mihai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] LVM problem after adding new (md) PV
Hello, I have a weird problem after adding new PV do LMV volume group. It seems the error comes out only during boot time. Please read the story. I have couple of 1U machines. They all have two, four or more Fujitsu-Siemens SAS 2,5" disks, which are bounded in Raid1 pairs with Linux mdadm. First pair of disks has always two arrays (md0, md1). Small md0 is used for booting and the rest - md1 is used as PV for volume group (vg0). When I need to enlarge the volume, I just add 2 new disks, create a raid 1 array of their whole space I add it as another mdX to vg0. That has been working fine since yesterday. I received new disks branded by Toshiba (Toshiba bought Fujitsu-Simens hdd business) which were supposed to be added as disk no 3 and 4. As far as I remember I've done everything in the same way as before: - They come out as sdc and sdd, so I - fdisk /dev/sdc, created one primary parition of whole space, type fd - the same with /dev/sdd - mdadm --create /dev/md2 -R -l 1 -n 2 /dev/sdc1 /dev/sdd1 - array has been created and syncronized - pvcreate /dev/md2 - vgextend vg0 /dev/md2 and it looks fine: -- # cat /proc/mdstat Personalities : [raid1] md1 : active raid1 sdb2[1] sda2[0] 140488320 blocks [2/2] [UU] md2 : active raid1 sdd1[1] sdc1[0] 292961216 blocks [2/2] [UU] md0 : active raid1 sdb1[1] sda1[0] 3148608 blocks [2/2] [UU] -- # pvdisplay --- Physical volume --- PV Name /dev/md1 VG Name vg0 PV Size 133.98 GB / not usable 11.62 MB Allocatable yes PE Size (KByte) 32768 Total PE 4287 Free PE 1695 Allocated PE 2592 PV UUID AufZRm-QbFC-xRj1-OxwW-Z2w2-qbkM-qzoEcP --- Physical volume --- PV Name /dev/md2 VG Name vg0 PV Size 279.39 GB / not usable 14.94 MB Allocatable yes PE Size (KByte) 32768 Total PE 8940 Free PE 8940 Allocated PE 0 PV UUID qeDW2q-nq5b-Yh5U-5sKY-7Rkd-1UXh-LAxL8j -- # vgdisplay --- Volume group --- VG Name vg0 System ID Formatlvm2 Metadata Areas2 Metadata Sequence No 1010 VG Access read/write VG Status resizable MAX LV0 Cur LV8 Open LV 2 Max PV0 Cur PV2 Act PV2 VG Size 413.34 GB PE Size 32.00 MB Total PE 13227 Alloc PE / Size 2592 / 81.00 GB Free PE / Size 10635 / 332.34 GB VG UUID 5cF1dk-1CMM-qiuf-CyNY-aCmw-8Hx8-4iO12I -- # lvdisplay --- Logical volume --- LV Name/dev/vg0/d0v VG Namevg0 LV UUIDq7zmrV-EykH-jPzR-smYJ-eehh-3Gbx-ebu5wK LV Write Accessread/write LV Status available # open 1 LV Size3.00 GB Current LE 96 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:0 [...] this part may be skiped as it's very long an irrelevant. There are no errors here. -- And now please take a look what happens during boot: [...] scsi0 : ioc0: LSISAS1078 C2, FwRev=01180400h, Ports=1, MaxQ=276, IRQ=20 mptsas: ioc0: attaching ssp device: fw_channel 0, fw_id 1, phy 0, sas_addr 0x50e01f975022 Vendor: FUJITSU Model: MBB2147RC Rev: 0105 Type: Direct-Access ANSI SCSI revision: 05 SCSI device sda: 287277984 512-byte hdwr sectors (147086 MB) sda: Write Protect is off SCSI device sda: drive cache: write back SCSI device sda: 287277984 512-byte hdwr sectors (147086 MB) sda: Write Protect is off SCSI device sda: drive cache: write back sda: sda1 sda2 sd 0:0:0:0: Attached scsi disk sda mptsas: ioc0: attaching ssp device: fw_channel 0, fw_id 2, phy 1, sas_addr 0x50e01f602f42 Vendor: FUJITSU Model: MBB2147RC Rev: 0105 Type: Direct-Access ANSI SCSI revision: 05 SCSI device sdb: 287277984 512-byte hdwr sectors (147086 MB) sdb: Write Protect is off SCSI device sdb: drive cache: write back SCSI device sdb: 287277984 512-byte hdwr sectors (147086 MB) sdb: Write Protect is off SCSI device sdb: drive cache: write back sdb: sdb1 sdb2 sd 0:0:1:0: Attached scsi disk sdb mptsas: ioc0: attaching ssp device: fw_channel 0, fw_id 3, phy 2, sas_addr 0x5392b8028856 Vendor: TOSHIBA Model: MBF2300RC Rev: 0107 Type: Direct-Access
[CentOS] additional info
I forgot to mention that after creation of md2 I've added a new line to /etc/mdadm.conf: # cat /etc/mdadm.conf DEVICE partitions MAILADDR root ARRAY /dev/md0 level=raid1 num-devices=2 UUID=91518bd3:79953138:f203f159:f2795fde ARRAY /dev/md1 level=raid1 num-devices=2 UUID=5b6722ca:b325344b:4ab40fc6:c3f1d6b4 ARRAY /dev/md2 level=raid1 num-devices=2 UUID=45e2f59b:1be94f42:5d55c385:da4faf78 # mdadm --examine --scan ARRAY /dev/md0 level=raid1 num-devices=2 UUID=91518bd3:79953138:f203f159:f2795fde ARRAY /dev/md1 level=raid1 num-devices=2 UUID=5b6722ca:b325344b:4ab40fc6:c3f1d6b4 ARRAY /dev/md2 level=raid1 num-devices=2 UUID=45e2f59b:1be94f42:5d55c385:da4faf78 -- Tomasz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On 23/02/11 16:24, Lucian wrote: > On Wed, Feb 23, 2011 at 2:49 PM, Trutwin, Joshua wrote: > +1 for Virtualmin. > People will brag that it's insecure etc, but it has always done the > job for me and I have more than 100 installations of it. I never had > security problems because of it. That one user with more than 100 installations haven't experienced security issues with a product doesn't mean that there is no security issues. It can just as much mean nobody tried to hack any of those installations, or that they have tried but not succeeded yet, or that there are no security issues ... but to distinguish this, then you need to have more solid arguments than "I haven't experienced it" ... because you might not have experienced it _yet_. kind regards, David Sommerseth ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
US-CERT encourages users and administrators using the affected versions of BIND to upgrade to BIND 9.7.3. Optionally, one can wait on a backport. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On Wed, Feb 23, 2011 at 4:49 PM, Trutwin, Joshua wrote: > Hello all, > > > > I'm looking to setup a new CentOS box for a buddy of mine who > wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my > own on a Debian box he colo’d running a basterdized qmail/tinydns and custom > built httpd/mysql/etc (I was young). It worked ok but time to move on and I > don't have time to maintain all those packages. I also don't have > time to write another CP or port my PoS to it. I’m also just going to use > the > > default packages (bind, postfix, etc) instead of the DJB stuff. > > Main requirements are fairly straightforward: > > 1. able to add/manage domains, ssl cert management, manage DNS records > 2. able to manage email accounts and anti-spam settings > 3. able to add/manage mysql and pgsql (nice to have) > 4. user management - ftp/ssh accounts, password change, etc. > 5. nice to have: add a wordpress blog / xcart store to a site > 6. nice to have: users have own login to do some of the above for their > domain only > 7. nice to have: integrated website stats (awstats or equiv) > 8. not optional - should have a focus on security > > Stuff like viewing logs, automated billing, hosting plans, managing backups, > bandwidth monitoring, uploading web pages, managing server patches, > adding new software, etc. I don't mind leaving off or doing myself. Willing > to > > pay a license, but not a huge budget. > > I was leaning towards webmin/virtualmin but thought I'd check with this list > for any suggestions. Had bad experiences with Plesk from a while > ago so leaving that off the table. We have experience with cPanel > through another fail host, it's ok but too much stuff and too > expensive. > > Josh > > ___ How many domains do you need to manage that cPanel is too expensive? Have you looked at the free alternatives, like: ehcp Webmin + Virtualmin vhcs ISPConfig etc? -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Larry Vaden > Sent: Wednesday, February 23, 2011 12:27 PM > To: CentOS mailing list > Subject: > [CentOS]http://www.securityweek.com/high-severity-bind-vulnera > bility-advisory-issued > > US-CERT encourages users and administrators using the affected > versions of BIND to upgrade to BIND 9.7.3. > > Optionally, one can wait on a backport. Optionally, start BIND with the parameter to restrict BIND to one thread (-n 1). This prevents the deadlock which, though fatal to BIND when it happens, is a remote probability. *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
Larry Vaden wrote: > US-CERT encourages users and administrators using the affected > versions of BIND to upgrade to BIND 9.7.3. > > Optionally, one can wait on a backport. Larry, go away. You don't seem to contribute anything at all to the list, other than your obnoxiousness, and your desire to start flamewars, which presumably give you some kind of jollies. Yes, most of us saw this today on slashdot, if nowhere else. I would expect RH to have the fix out in a day or two, and CentOS to have it out the same day. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On 11-02-23 09:49 AM, Trutwin, Joshua wrote: Hello all, I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo'd running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I'm also just going to use the default packages (bind, postfix, etc) instead of the DJB stuff. I recently ran across DTC (gplhost.com). It seems to have all the major bells and whistles, but I have not made it far enough down the "Back Burner Todo List" to actually check it out myself yet. Originally, I heard about it on FLOSS Weekly on the Twit Network: http://twit.tv/floss144 Andy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On 23.2.2011 18:27, Larry Vaden wrote: > US-CERT encourages users and administrators using the affected > versions of BIND to upgrade to BIND 9.7.3. > > Optionally, one can wait on a backport. Ahhh! Have a look at the relevant bugzilla ticket at https://bugzilla.redhat.com/show_bug.cgi?id=679496 and read ...snip This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6. snap... -- Best Regards, Markus Falb signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On 02/23/2011 12:55 PM, m.r...@5-cent.us wrote: > Larry Vaden wrote: >> US-CERT encourages users and administrators using the affected >> versions of BIND to upgrade to BIND 9.7.3. >> >> Optionally, one can wait on a backport. > > Larry, go away. You don't seem to contribute anything at all to the list, > other than your obnoxiousness, and your desire to start flamewars, which > presumably give you some kind of jollies. > > Yes, most of us saw this today on slashdot, if nowhere else. I would > expect RH to have the fix out in a day or two, and CentOS to have it out > the same day. > >mark Mark, I don't want to raise the drama, so please don't take this wrong. In this case though, I do think that a warning on the ML about a security issue is justified. You can't be too careful. That said, Larry, your recent messages to the list have been problematic. Reactions like this to your messages should be a pretty clear indication that your messages have been less than contributing to the community. Take a step back and think about your posts until stress has diminished. Everyone else; I'll admit right off that I am just another user. That said, there are list admins. If there are issues with a given poster, please locate these admins and send a private email. This is equal parts effective and helps to keep the drama to a minimum. With this, I'll withdraw from this discussion. -- Digimer E-Mail: digi...@alteeve.com AN!Whitepapers: http://alteeve.com Node Assassin: http://nodeassassin.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On Tue, 22 Feb 2011, ken wrote: > To: CentOS Mailing List > From: ken > Subject: [CentOS] security cameras > > I heard about some inexpensive security cameras which get their power > through the same cat5 cable which delivers the data/pictures (which > would simplify wiring tremendously). Does anyone know about these? Do > they work with Linux, particularly CentOS? AFAIK there are different options you can take with this. Webcam USB camera or a PAL/NTS CCTV camera with a phono or BNC connector. Use a PCI based video capture card to connect CCTV cameras to. Not sure about the software to use though. Use a stand alone DVR - digital Video recorder to capture and record sound/video, as well as simultaneous monitor and IP broadcast over the net. Some of these boxes run Linux and an integral web server. You can also manage and control the DVR across the net. You might find these links helpfull: http://www.henrys.co.uk/cctv.htm http://en.wikipedia.org/wiki/Digital_Video_Recorders I think you will get far better video quality using CCTV cameras than a webcam on a USB port. Kind Regards, Keith Roberts - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On 02/23/11 10:16 AM, Keith Roberts wrote: > I think you will get far better video quality using CCTV > cameras than a webcam on a USB port. you may think that, but those solutions you mentioned are all NTSC composite video, while even a $30 USB webcam now days is 2 megapixels or higher. anyways, the OP wants cameras that connect to the network and get their power off the ethernet cable, not a USB or a CCTV camera. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On 2/23/2011 9:49 AM, Trutwin, Joshua wrote: I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive. Josh Josh, I have been running webmin/virtualmin/usermin for a number of years. A few things factored into my decision. The main one was I didn't want to be stuck inside of a 'box'. So far, 'almost anything' you want to do via command line has no interference with what is done via the interface. Also, within most of the modules, is the ability to simply open the config files for the service and do direct edits. The Webmin project is very active. If you have a problem or perceived bug, and no one else gets around to answering, you will normally hear back from Jamie Cameron the man behind it all, within hours of making a post. That is very rare these days. Basically, I find the system very flexible and highly configurable. In fact, there are several of my ideas for the system that have been put into place. In fact one, years ago, was to get the CentOS OS recognized within the system and it was done and of course still does. The downside is that the interfaces are a bit geeky. One thing I would like to see is a total rewrite of all the module interfaces in Usermin in an attempt to better define things for the layman. Yes, the end user can do things that you allow. No, most end users won't really understand what they're trying to do. I think those 'boxes' in Plesk and cPanel better address those items due to the nature of 'boxes'. When I say 'boxes', I'm referring to the Windows world config boxes that pop up forcing you down a particular road with no method for customizations. John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On Wed, Feb 23, 2011 at 5:18 PM, David Sommerseth wrote: > That one user with more than 100 installations haven't experienced security > issues with a product doesn't mean that there is no security issues. I absolutely agree. Didn't want to imply Webmin is "unhackable"; it's just not that bad as some people say it is. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On 2/23/2011 12:36 PM, John R Pierce wrote: > On 02/23/11 10:16 AM, Keith Roberts wrote: >> I think you will get far better video quality using CCTV >> cameras than a webcam on a USB port. > > you may think that, but those solutions you mentioned are all NTSC > composite video, while even a $30 USB webcam now days is 2 megapixels or > higher. > > anyways, the OP wants cameras that connect to the network and get their > power off the ethernet cable, not a USB or a CCTV camera. Trendnet has some. You'd need to get the java plugin working to view them in a linux browser - not sure about full-time recording software. If you don't have enough to justify a POE switch, you can get individual power bricks that plug into the line to add power at a convenient place. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
> I don't want to raise the drama, so please don't take this wrong. In > this case though, I do think that a warning on the ML about a security > issue is justified. You can't be too careful. > Except that this issue does not affect BIND in rhel and thus CentOS therefore making it yet more pointless drivel from the OP. He obviously has a fascination with the BIND version in rhel but after reading all his nonsense and looking at the texoma site I doubt it had anything to do with the alleged hack of his server. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On Wed, Feb 23, 2011 at 6:47 PM, John Hinton wrote: >The Webmin project is very active. If you have > a problem or perceived bug, and no one else gets around to answering, you > will normally hear back from Jamie Cameron the man behind it all, within > hours of making a post. That is very rare these days. Yup, their support is awesome, at least this was my experience. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
> +1 for Virtualmin. > People will brag that it's insecure etc, but it has always done the job for me > and I have more than 100 installations of it. I never had security problems > because of it. Thanks for all the posts. Curious about the "people will brag that it's insecure" - is there a poor track record of security problems with webmin? I noticed these: http://www.webmin.com/security.html http://tensixtyone.com/perma/woes-of-webmin http://doxfer.webmin.com/Webmin/SecuringWebmin I certainly don't plan to allow access to webmin save for a couple selected IP's and I'm not surprised to see any web application have security vulnerabilities. But if it's on par with something like phpbb as far as security problems go, I'll probably look elsewhere. Josh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On 2/23/2011 12:18 PM, David Sommerseth wrote: > > That one user with more than 100 installations haven't experienced security > issues with a product doesn't mean that there is no security issues. > > It can just as much mean nobody tried to hack any of those installations, > or that they have tried but not succeeded yet, or that there are no > security issues ... but to distinguish this, then you need to have more > solid arguments than "I haven't experienced it" ... because you might not > have experienced it _yet_. > > > kind regards, > > David Sommerseth > You are right David. The more you run on a server, the more you are vulnerable. That said, every control panel I have read about also has a history of security issues. So does just about every other 'server' application at one time or another. Each time this discussion comes up, security is mentioned. I don't want to start something here... I run some sendmail servers and some postfix servers. I find it odd that folks talk about the long history of security issues with sendmail. Well, sendmail has a "long history". Postfix does not. Both seem to address any issues rapidly and that is what matters. Both seem to be very robust. There is another real world side to this. There is always some percentage of a chance that you will be taken down due to a security issue. There is always a percentage of a chance that you will be taken down by a system admin that lacks experience in some area. I would say system admins break things far more often than the outside world. And, in the real world of hosting, we are constantly 'pressed' for a 'Control Panel'. Clients simply expect it these days. I would dare say that those 'percentages' of uptime are greater with a control panel and an average admin, and any security issues that come with that, vs. no control panel and maybe a really dumb thing being done by someone. Heck, I'm generally my own worst enemy on my systems. Not that the outside world hasn't done some things to me over the years. Still a good point David. Adding anything like this does provide other ways in. I can say that having been on the Webmin list for about 7 or 8 years, very rarely has there been something critical to address. Most have been compatibility issues with various OSs. John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On 2/23/2011 2:04 PM, Trutwin, Joshua wrote: >> +1 for Virtualmin. >> People will brag that it's insecure etc, but it has always done the job for >> me >> and I have more than 100 installations of it. I never had security problems >> because of it. > Thanks for all the posts. > > Curious about the "people will brag that it's insecure" - is there a poor > track record of security problems with webmin? > > I noticed these: > > http://www.webmin.com/security.html > http://tensixtyone.com/perma/woes-of-webmin > http://doxfer.webmin.com/Webmin/SecuringWebmin > > I certainly don't plan to allow access to webmin save for a couple selected > IP's and I'm not surprised to see any web application have security > vulnerabilities. But if it's on par with something like phpbb as far as > security problems go, I'll probably look elsewhere. No where close! And I know that from a few phpbb installs being hacked on some of my webmin servers. LOL!!! John Hinton > Josh > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
Many thanks to Markus Falb for publishing his excellent research - the same research that Larry could also have done. "This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6." James Hogarth wrote: > He obviously has a fascination with the BIND version ... Larry doesn't. Larry is desperate to win 'approval' or 'praise' from others. He means well. Larry should seek help, confide in someone and unload all his problems privately and confidentially. Then he will be, and feel, a lot better. Great to know this list has good researchers like Markus Falb. With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unicode in C++
The same as on any other Linux box. Some important tips for beginners: * Don't forget to set your locale appropriately at the beginning of your program. * Use ONE encoding CONSISTENTLY (utf-8 or utf-16) inside your program, and trans-code appropriately to/from outer encodings (all such transcoding should happen at the IO edges). If using UTF-16, make sure you standardise on an byte order if you are storing the files. UTF-8 doesn't have that issue. US-ASCII is also UTF-8 (the reverse is not true). * Do not mix data representations. As much as you can, try to stay with either wide-characters (where every character is represented as a single 32-bit codepoint) or multi-byte (eg. UTF-8, UTF-16). * Yes, UTF-16 is also a multi-byte character set. * Learn about Unicode Normalisation: it is important when comparing strings. It is VERY IMPORTANT when comparing strings in a security context. * Software you will want to learn: libiconv for transcoding. IBM's Components for Unicode (ICU). This is a large suite of commonly needed Unicode algorithms that libc doesn't have. Hope it helps, Cameron On 23/02/2011, at 11:37 AM, Michael D. Berger wrote: > On my CentOS box, in C++ programs, is there a way to print > Unicode characters? > > Thanks, > Mike. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
> > I certainly don't plan to allow access to webmin save for a couple selected > > IP's and I'm not surprised to see any web application have security > > vulnerabilities. But if it's on par with something like phpbb as far as > > security > > problems go, I'll probably look elsewhere. > No where close! And I know that from a few phpbb installs being hacked on > some of my webmin servers. LOL!!! Haha same (pristing phpbb, latest source, hacked in weeks). I don't even know what to compare to phpbb - phpnuke maybe? I won't even bother mentioning a certain DNS server as it's already being discussed ad nauseum. :) Anyway - OT now. Appreciate the feedback on the thread, I have some research to do... Josh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On Wed, Feb 23, 2011 at 1:03 PM, James Hogarth wrote: > > Except that this issue does not affect BIND in rhel and thus CentOS > therefore making it yet more pointless drivel from the OP. Please take off the blinders and realize there are lots of folks (some x% of a million or more) on this list who compile from current source in order to minimize their risks and are therefore the subject audience. On the one hand, you have Paul Vixie and crew (authors of BIND) and US_CERT saying "US-CERT encourages users and administrators using the affected versions of BIND to upgrade to BIND 9.7.3." On the other hand, you have "don't bother me with reality, I'm comfortable, am not affected and don't want to read messages to those who are affected." Wisdom from a top security manager at Internet2 was presented on this list. Ignore his advice all you want. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On Wed, Feb 23, 2011 at 1:14 PM, Always Learning wrote: > > Many thanks to Markus Falb for publishing his excellent research - the > same research that Larry could also have done. > > "This issue did not affect the versions of bind as shipped with > Red Hat Enterprise Linux 4, 5, or 6." You are overlooking those on the list who are affected. Enuf said. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
2011/2/23 Larry Vaden : > On Wed, Feb 23, 2011 at 1:03 PM, James Hogarth > wrote: >> >> Except that this issue does not affect BIND in rhel and thus CentOS >> therefore making it yet more pointless drivel from the OP. > > Please take off the blinders and realize there are lots of folks (some > x% of a million or more) on this list who compile from current source > in order to minimize their risks and are therefore the subject > audience. It is not wise to install packages from sources because it messes the package management. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
> Please take off the blinders and realize there are lots of folks (some x% of a > million or more) on this list who compile from current source in order to > minimize their risks and are therefore the subject audience. > > On the one hand, you have Paul Vixie and crew (authors of BIND) and > US_CERT saying "US-CERT encourages users and administrators using the > affected versions of BIND to upgrade to BIND 9.7.3." On the other hand, you > have "don't bother me with reality, I'm comfortable, am not affected and > don't want to read messages to those who are affected." I've only been subscribed here a week and this topic seems very heated, so sorry if this stirs the pot up again, but don't patches for these things get back-ported? So even if you're running bind v9.5.1 on CentOS/upstream 4/5.x you'd still have security fixes like those in this article backported right? And yeah I suppose rolling your own is always an option but in my experience it's to easy to get behind. This seems more like a Slackware approach tho, nothing against Slack of course! Josh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On 2/23/2011 1:21 PM, Larry Vaden wrote: > On Wed, Feb 23, 2011 at 1:03 PM, James Hogarth > wrote: >> >> Except that this issue does not affect BIND in rhel and thus CentOS >> therefore making it yet more pointless drivel from the OP. > > Please take off the blinders and realize there are lots of folks (some > x% of a million or more) on this list who compile from current source > in order to minimize their risks and are therefore the subject > audience. Someone who thinks they can do things better themselves than RH does it probably isn't going to take advice from a random mail list poster. And when you compile your own source you take on the responsibility of tracking updates yourself. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On Wed, Feb 23, 2011 at 1:25 PM, Eero Volotinen wrote: > > It is not wise to install packages from sources because it messes the package > management. Agreed; that is why folks like Jeff Johnson and John Stanley share their knowledge about how to do it such that your outcome doesn't occur. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] massive mirror errors
I'm trying to ... yum groupinstall "Development Tools" on a reasonably current 5.5 system and getting massive mirror failures... is there a problem, or is this my employer's network messing up? (45/74): rpm-build-4.4.2.3-20.el5_5.1.i386.rpm | 302 kB 00:03 http://mirror.singleedge.com/pub/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.nwresd.org/pub/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://hpc.arc.georgetown.edu/mirror/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.its.uidaho.edu/pub/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.flhsi.com/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.highspeedweb.net/CentOS/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.atlanticmetro.net/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://ftp.lug.udel.edu/pub/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm: [Errno 14] HTTP Error 404: Not found Trying other mirror. http://mirror.vcu.edu/pub/gnu%2Blinux/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm: [Errno 12] Timeout: Trying other mirror. http://mirrors.greenmountainaccess.net/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.singleedge.com/pub/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.nwresd.org/pub/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://hpc.arc.georgetown.edu/mirror/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.its.uidaho.edu/pub/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.flhsi.com/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.highspeedweb.net/CentOS/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.atlanticmetro.net/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://ftp.lug.udel.edu/pub/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm: [Errno 4] IOError: Trying other mirror. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] massive mirror errors
On 02/23/11 11:53 AM, John R Pierce wrote: > I'm trying to ... > > yum groupinstall "Development Tools" on a reasonably current 5.5 system > and getting massive mirror failures... is there a problem, or is this > my employer's network messing up? fyi, yum clean all seems to have fixed it. fastestmirrors musta been messed up. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On Wed, 2011-02-23 at 13:23 -0600, Larry Vaden wrote: > On Wed, Feb 23, 2011 at 1:14 PM, Always Learning wrote: > > > > Many thanks to Markus Falb for publishing his excellent research - the > > same research that Larry could also have done. > > > >"This issue did not affect the versions of bind as shipped with > >Red Hat Enterprise Linux 4, 5, or 6." > > You are overlooking those on the list who are affected. Enuf said. Larry, I suspect the vast majority of Centos 5 users simply install Centos software. They do not routinely install non-Centos versions to replace Centos versions. This list is about Centos versions of software - hence its simple title, the "Centos Mailing List". If a user installs non-Centos versions of software it is for the user to take extra precautions if case of bugs affecting non-Centos software. If you had done the necessary research Centos users would not get alarmed at serious reports of dangerous bugs in Centos software. Your posting clearly inferred the dangers affected the Centos version which, it subsequently transpired, was untrue. I hope you can understand this point that there is a distinct difference between Centos application software and non-Centos application software running on the Centos operating system. With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On Wed, Feb 23, 2011 at 07:28:15PM +, Trutwin, Joshua wrote: [ > Larry Vaden wrote: (please don't snip attributions)] > > Please take off the blinders and realize there are lots of folks (some x% > > of a > > million or more) on this list who compile from current source in order to > > minimize their risks and are therefore the subject audience. If they have compiled from source then it is by definition not a CentOS issue. > > On the one hand, you have Paul Vixie and crew (authors of BIND) and > > US_CERT saying "US-CERT encourages users and administrators using the > > affected versions of BIND to upgrade to BIND 9.7.3." Anyone running a CentOS-provided version of BIND is not using an affected version. > > On the other hand, you > > have "don't bother me with reality, I'm comfortable, am not affected and > > don't want to read messages to those who are affected." Those messages are offtopic on this mailing list, so I sympathize with people who have the attitude you describe. Someone who had more credibility with the list might be able to post offtopic messages (which they would have marked [OT]) without causing a flamewar. > I've only been subscribed here a week and this topic seems very heated, so > sorry if this stirs the pot up again, but don't patches for these things get > back-ported? So even if you're running bind v9.5.1 on CentOS/upstream 4/5.x > you'd still have security fixes like those in this article backported right? If you're running BIND 9.5.1, you are not susceptible to the bug that Larry posted at all. In general, security bugs that are applicable to RHEL packages are patched upstream then rebuilt and released by CentOS. > And yeah I suppose rolling your own is always an option but in my experience > it's to easy to get behind. This seems more like a Slackware approach tho, > nothing against Slack of course! Rolling one's own is an option for any distribution, including CentOS. But rolling one's own by definition removes those packages from the support stream for that distro, so should be taken into consideration when deciding whether to roll one's own or not. --keith -- kkel...@wombat.san-francisco.ca.us pgpfJ3cDXHMbA.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openldap problems authenticating
On 23.02.2011 00:49, Tim Dunphy wrote: > Hello list, > > I am running an openldap 2.4 server under FreeBSD that was working > well until the config was tweaked by someone on the team without > properly documenting their work > > # /usr/local/etc/ldap.con on ldap server (FreeBSD 8.1) > > host LBSD.summitnjhome.com > base dc=summitnjhome,dc=com > sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com > binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com > bindpw {SSHA}secret > scope sub > pam_password exop > nss_base_passwd ou=staff,dc=summitnjhome,dc=com > nss_base_shadow ou=staff,dc=summitnjhome,dc=com > > # grep for ldap account shows ldap account on the ldap server itself succeeds > > [root@LBSD2:/usr/local/etc/openldap] #getent passwd | grep walbs > walbs:secret/:1002:1003:Walkiria Soares:/home/walbs:/usr/local/bin/bash > [root@LBSD2:/usr/local/etc/openldap] #grep walbs /etc/passwd > [root@LBSD2:/usr/local/etc/openldap] # > > # /etc/ldap.conf on ldap client (centos 5.5) > > host LBSD2.summitnjhome.com > base dc=summitnjhome,dc=com > sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com > binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com > bindpw {crypt}secret Is the value of bindpw in /etc/ldap.conf actually a crypt hash? It should be cleartext. HTH, Deyan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advis ory-issued
On Wed, 23 Feb 2011, Larry Vaden wrote: > Please take off the blinders and realize there are lots of folks (some > x% of a million or more) on this list who compile from current source > in order to minimize their risks and are therefore the subject > audience. and it is on topic in this venue, just how? You might as well exhort: - Look both ways before crossing the street - Always buckle your seatbelt - Never use an ISP that requires provising sufficient personal information as needed to facilitate identity theft [1]; and solicts credit card information without any indication of PCI/CISP controls or privacy policy [2] Mailman provides for 'per poster' moderation. It's time here, I think -- Russ herrold 1. http://www.texoma.net/it/pricing.html "All suscribers [sic] must supply their choice of social security or driver's license number for unique identification within our accounting system" 2. https://secure.texoma.net/make_payment.php ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advis ory-issued
R P Herrold wrote: > On Wed, 23 Feb 2011, Larry Vaden wrote: > >> Please take off the blinders and realize there are lots of folks (some >> x% of a million or more) on this list who compile from current source >> in order to minimize their risks and are therefore the subject >> audience. > > and it is on topic in this venue, just how? You might as well > exhort: > Mailman provides for 'per poster' moderation. It's time here, > I think Moderator - here's a second vote to moderate Larry *out*. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On Wed, Feb 23, 2011 at 11:27 AM, Larry Vaden wrote: > US-CERT encourages users and administrators using the affected > versions of BIND to upgrade to BIND 9.7.3. > > Optionally, one can wait on a backport. This message is RECALLED even though: 1) US-CERT used the word "affected." 2) the "optionally" was directed to those who might have used RHEL/CentOS' excellent facility to draw in code from other repos. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On 23.2.2011 21:47, Larry Vaden wrote: > On Wed, Feb 23, 2011 at 11:27 AM, Larry Vaden > wrote: >> US-CERT encourages users and administrators using the affected >> versions of BIND to upgrade to BIND 9.7.3. >> >> Optionally, one can wait on a backport. > > This message is RECALLED even though: > > 1) US-CERT used the word "affected." > 2) the "optionally" was directed to those who might have used > RHEL/CentOS' excellent facility to draw in code from other repos. You dont got it ? Another try: There will be no backport, because bind in RHEL/CentOS is not affected. But yes, optionally one can wait... -- Best Regards, Markus Falb, waiting... signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: please moderade or remove Larry Vaden
Can an admin please moderate ALL posts from Larry Vaden, or remove him from the list? -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On 2/23/2011 2:23 PM, Larry Vaden wrote: > On Wed, Feb 23, 2011 at 1:14 PM, Always Learning wrote: >> Many thanks to Markus Falb for publishing his excellent research - the >> same research that Larry could also have done. >> >> "This issue did not affect the versions of bind as shipped with >> Red Hat Enterprise Linux 4, 5, or 6." > You are overlooking those on the list who are affected. Enuf said. Larry, Did you get your broken nameserver(s) fixed? Or are you maybe just complaining here trying to get a new release out which more than likely will not fix your issue, but it is easier to blame CentOS than to look at your install? If so, you more than likely will be let down when you find there is no magic wand in a new update. That said... I personally believe that upstream provides a rather stock install of bind, perhaps meant more for an intranet than the internet? Bind just might be the single hardest part of running a webserver. But, I spent a number of days reading on hardening bind and then the testing and moving into production. Larry, have you done this? If texoma.net is one of the affected domains, I note that there are some problems with DNS for that domain. The 2 level3.net nameservers are not providing either full or maybe correct information. If this is the case for other domain you manage, this is a serious problem and as DNS can be rather finicky, might be the root of your entire perceived problem. And, if you think you had an injection, please do some googling on hardening bind. There is a lot of good information out there. To me, this is what is needed today and is well beyond a standard bind installation done by CentOS. If in fact texoma.net is an example of the problem with all of the domains under your control, please fix your own house and quit complaining here until you have cleaned up things on your end. What I see has 0 to do with the bind version on CentOS. In fact, if you don't fix this before an upgrade, you may have a larger mess afterwards. I don't envy the task as I know very well that this is not easy. Alternatively, maybe you should consider using a service such as dnsmadeeasy... although they recently experienced a significant downtime themselves due to a huge DoS attack coming in from all over the world. Is it possibly a bit hypocritical to complain about other people's houses being dirty when you live in a dirty house yourself? Best, John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advis ory-issued
On Wed, Feb 23, 2011 at 2:43 PM, R P Herrold wrote: > > - Never use an ISP that requires provising sufficient personal > information as needed to facilitate identity theft [1]; and > solicts credit card information without any indication of PCI/CISP > controls or privacy policy [2] Thanks for the constructive criticism. The pricing page has been taken down until it can be updated. The language is from 1995. Wrt the payment mechanism, that will take longer to fix, but we will fix it. We will also look at BCPs wrt privacy. Again, thanks for the constructive criticism. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Air Conditioning - ON!
On Feb 22, 2011, at 2:56 PM, Johnny Hughes wrote: > On 02/22/2011 02:35 PM, Ian Murray wrote: >> >> >> I did think about that when when I made my earlier comment. The trouble is >> is >> that it obviously isn't working because we have these list flame-ups. > > I think 8 million unique machines disagree with you assessment. Who > knows, maybe all 8 million are wrong and the 10-20 people who are > discussing it on this list are right. Zing! Not to mention I'd think the Belgian police might be more concerned at your invitation for mischief on their systems. Just because CentOS is a relatively small operation compared to commercial offerings or maybe other community offerings, does not mean that it is any less suited for critical applications. Perhaps the CentOS project could use some more man power to insure updates are not stalled because a key player is unavailable at the wrong time, but I don't think it's a situation that only CentOS suffers from. With CentOS it is perhaps more visible -- we know when the update was available upstream and how long it took to show up in CentOS repos. This is less obvious upstream, unless you are paying close attention to every individual Open Source project that upstream draws from... in which case perhaps you could use some of that time contributing to CentOS. Problem solved. -- Ryan Ordway E-mail: rord...@oregonstate.edu Unix Systems Administrator rord...@library.oregonstate.edu OSU Libraries, Corvallis, OR 97331Office: Valley Library #4657 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
Larry Vaden wrote on Wed, 23 Feb 2011 13:21:23 -0600: > Please take off the blinders and realize there are lots of folks (some > x% of a million or more) on this list who compile from current source > in order to minimize their risks and are therefore the subject > audience. Nonsense, there is no "minimization of risk" by doing so. Please don't argue about the worthiness of your information. It's been said to you time and again that most here do not wish to see that kind of "information". Thanks. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On Wed, Feb 23, 2011 at 4:49 PM, Trutwin, Joshua wrote: > Hello all, > > > > I'm looking to setup a new CentOS box for a buddy of mine who > wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my > own on a Debian box he colo’d running a basterdized qmail/tinydns and custom > built httpd/mysql/etc (I was young). It worked ok but time to move on and I > don't have time to maintain all those packages. I also don't have > time to write another CP or port my PoS to it. I’m also just going to use > the > > default packages (bind, postfix, etc) instead of the DJB stuff. > > Main requirements are fairly straightforward: > > 1. able to add/manage domains, ssl cert management, manage DNS records > 2. able to manage email accounts and anti-spam settings > 3. able to add/manage mysql and pgsql (nice to have) > 4. user management - ftp/ssh accounts, password change, etc. > 5. nice to have: add a wordpress blog / xcart store to a site > 6. nice to have: users have own login to do some of the above for their > domain only > 7. nice to have: integrated website stats (awstats or equiv) > 8. not optional - should have a focus on security > > Stuff like viewing logs, automated billing, hosting plans, managing backups, > bandwidth monitoring, uploading web pages, managing server patches, > adding new software, etc. I don't mind leaving off or doing myself. Willing > to > > pay a license, but not a huge budget. > > I was leaning towards webmin/virtualmin but thought I'd check with this list > for any suggestions. Had bad experiences with Plesk from a while > ago so leaving that off the table. We have experience with cPanel > through another fail host, it's ok but too much stuff and too > expensive. > > Josh > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > Hey there, some are run with ispconfig some with cPanel , some use DirectAdmin control panel , DirectAdmin which proven itself to be a reliable hosting panel "layman friendly" , would be my suggestion. if you are talking about hosting your own stuff, it won't be needed ,but when it comes to providing third party access to the account, cPanel or DirectAdmin are the best choice. -- Best Regards, Yonatan Pingle RHCT | RHCSA | CCNA1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
Larry Vaden wrote on Wed, 23 Feb 2011 14:47:13 -0600: > This message is RECALLED Please stop this! Please understand that there is a reply button on your mail client, use it! Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On Thu, 2011-02-24 at 00:31 +0100, Kai Schaetzl wrote: > Larry Vaden wrote on Wed, 23 Feb 2011 14:47:13 -0600: > > > This message is RECALLED > > Please stop this! Please understand that there is a reply button on your > mail client, use it! I thought 'recall' was a Micro$oft facility. Centos is a Linux system. I don't think it runs on Micro$oft. My systems simply ignore all 'recalls'. >From Larry's web site: http://www.texoma.net/it/contact_us.html ab...@texoma.net to report violations of netiquette -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On Feb 23, 2011, at 2:04 PM, "Trutwin, Joshua" wrote: >> +1 for Virtualmin. >> People will brag that it's insecure etc, but it has always done the job for >> me >> and I have more than 100 installations of it. I never had security problems >> because of it. > > Thanks for all the posts. > > Curious about the "people will brag that it's insecure" - is there a poor > track record of security problems with webmin? > > I noticed these: > > http://www.webmin.com/security.html > http://tensixtyone.com/perma/woes-of-webmin > http://doxfer.webmin.com/Webmin/SecuringWebmin > > I certainly don't plan to allow access to webmin save for a couple selected > IP's and I'm not surprised to see any web application have security > vulnerabilities. But if it's on par with something like phpbb as far as > security problems go, I'll probably look elsewhere. One nice thing, depending on how you look at it, about webmin is it's in Perl so it's easy to customize and audit (if you have enough time). You could conceivably strip it down to the bare essentials needed and audit it line by line to give you some comfort level. Then run it with selinux enabled and everything properly labeled so if someone does break it they can't get too far. Just make sure for Internet facing services it isn't setup to allow access to essential system configs, where even selinux wouldn't help you. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
>From Larry's web site: http://www.texoma.net/it/contact_us.html >ab...@texoma.net to report violations of netiquette To quote Rodney King.."Can't we all just get along?" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On Feb 23, 2011, at 3:42 PM, David Brian Chait wrote: > >> From Larry's web site: http://www.texoma.net/it/contact_us.html > >> ab...@texoma.net to report violations of netiquette > > To quote Rodney King.."Can't we all just get along?" Yea its like Dork Wars 2011. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On Wed, Feb 23, 2011 at 9:12 AM, wrote: > Nico Kadel-Garcia wrote: >> On Tue, Feb 22, 2011 at 9:31 PM, Always Learning >> wrote: >>> >>> On Tue, 2011-02-22 at 18:04 -0800, John R Pierce wrote: >>> TCP/IP cameras would work with any OS, most just FTP or whatever the pictures to a webserver you provide, or they run their own server and you can wget the pics off them. but I've never seen any IP cameras I'd call really cheap. Panasonic makes a nice line of them, some even have remote pan/zoom via a http interface. > >> If you want a full-blown remote TCP monitoring system, look at Axis. >> They're historically very Linux compatible, they have all the features >> you might want, and while they're not cheap they have all the features >> you might need. > > At work, we use the package motion. Does everything, including writing > .avi? .asf? files to the home directory which is nsf mounted. Trivial load > on the network for monitoring. > > We've got *really* cheap old webcams. Do see if you can get USB 1.1, not > 1.0 > > mark Yeah, I know that one. I wrote some of the early RPM's for it. It had integration issues way back at RedHat 6.2, but has improved a lot since then. Amusingly, someone I worked with was insisting, *insisting* that anything that came out in newer kernels, they could backport to their modified 2.0.x optimized kernel, because *of course* their patches were so clever and so important that they could never be ported forward, a newer kernel could never hope to match it. But good USB and webcam support was only workable in the 2.2. kernels, backporting it to 2.0 was ridiculously infeasible. And the "upgrade versus backport war" was on!!! We seeing the same things with new features in RHEL/CentOS releases, such as Samba features and OpenSSH major releases and Bind. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unicode in C++
On Wed, Feb 23, 2011 at 9:44 AM, Michael D. Berger wrote: > On Tue, 22 Feb 2011 19:51:38 -0500, Nico Kadel-Garcia wrote: > >> On Tue, Feb 22, 2011 at 5:37 PM, Michael D. Berger >> wrote: >>> On my CentOS box, in C++ programs, is there a way to print Unicode >>> characters? >>> >>> Thanks, >>> Mike. >> >> Why do you want to? > > Off topic. *Very* relevant. If it's for a specific app, or for parsing inputs from web forms, or handling Kanji from PDF for pstext output, or emacs editing over a serial port, it matters. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
Trutwin, Joshua wrote: > Hello all, Hi, Josh. The CentOS lists are really not the appropriate place for this thread. No doubt there are many members of the CentOS community who can and will help. However, I'm quite certain that CentOS is wholly separate from the other, so threads on the CentOS lists should only pertain to CentOS. Perhaps those willing to assist you might contact you personally. Just a friendly suggestion from a user. Regards. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] current bind version
Hi. I have had an enquiry from the Network and Security guy. He wants to know why CentOS 5.5 /RHEL 5 is using a very old version of bind "bind-chroot-9.3.6-4.P1.el5_5.3" when the latest release that has many security fixes is on 9.7.3 . I understand that its to maintain a known stable platform by in introducing new elements etc .. Is there an official explanation / document that I can direct him to. Thanks Greg Machin Systems Administrator - Linux Infrastructure Group, Information Services ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: Ecommerce hosting
Would appreciate some suggestions for ecommerce hosting. Been using, cough, cough, godaddy, for about 5 or 6 yrs but in the last year or so, they really suck. Did the hosting myself for a while prior to going with godaddy but I don't have time to babysit. Seems godaddy would rather spend millions advertising during the Super Bowl than put that money to good use. TIA!! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On Wed, Feb 23, 2011 at 9:08 PM, Machin, Greg wrote: > Hi. > > I have had an enquiry from the Network and Security guy. He wants to know > why CentOS 5.5 /RHEL 5 is using a very old version of bind > “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many > security fixes is on 9.7.3 . I understand that its to maintain a known > stable platform by in introducing new elements etc .. Is there an official > explanation / document that I can direct him to. The "bind97" packages is in RHEL 5.6. RedHat pubishes such major component upgrades as separate packages, so people using the older version get updates, but who want the major upgrades are free to install them and get separate support. Our faithful CentOS maintainers have not yet completed their publication of CentOS 5.6. I'm sure they'd appreciate your help doing so, although I've had some difficulty reverse engineering enough of their build structure to parallel their work. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On Thu, 2011-02-24 at 15:08 +1300, Machin, Greg wrote: > I have had an enquiry from the Network and Security guy. He wants to > know why CentOS 5.5 /RHEL 5 is using a very old version of bind > “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many > security fixes is on 9.7.3 . I understand that its to maintain a known > stable platform by in introducing new elements etc .. Is there an > official explanation / document that I can direct him to. It is my understanding the security issue neither affects the Red Hat version of Bind nor the Centos derivative for operating system releases 4 and 5. This subject was mentioned here with some passion in the last 48 hours but I don't keep copies. Please suggest to your "guy" he needs to do some Googling to find recent emails from this mailing list and other sources which may provide further information. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On 02/24/2011 01:08 PM, Machin, Greg wrote: Hi. I have had an enquiry from the Network and Security guy. He wants to know why CentOS 5.5 /RHEL 5 is using a very old version of bind "bind-chroot-9.3.6-4.P1.el5_5.3" when the latest release that has many security fixes is on 9.7.3 . I understand that its to maintain a known stable platform by in introducing new elements etc .. Is there an official explanation / document that I can direct him to. Hi Greg Probably an idea to point your N&S guys at the RH 'backporting' Page - https://access.redhat.com/security/updates/backporting/?sc_cid=3093 Basically, the version is kept the same to minimise impact on users, whilst bugfixes and security errata from future versions are 'backported' to the version that ships with the relevant RHEL version. Also worthwhile pointing them at the BIND CVE in the Redhat Bugzilla, which advises on the impact on the RHEL versions - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0414 Regards Steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Ecommerce hosting
If you want a full virtual host I'm running on Linode without an issues so far. Been with them for a year and a half. www.linode.com Greg Machin Systems Administrator - Linux Infrastructure Group, Information Services Open Polytechnic | Kuratini Tuwhera Phone +64 4 914 5254 or 0508 650200 ext 5254 | Fax +64 4 913 5759 3 Cleary Street, Waterloo | Private Bag 31914, Lower Hutt 5040 http://www.openpolytechnic.ac.nz Please consider the environment before printing this email. -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Thomas Dukes Sent: Thursday, 24 February 2011 3:19 p.m. To: CentOS Subject: [CentOS] OT: Ecommerce hosting Would appreciate some suggestions for ecommerce hosting. Been using, cough, cough, godaddy, for about 5 or 6 yrs but in the last year or so, they really suck. Did the hosting myself for a while prior to going with godaddy but I don't have time to babysit. Seems godaddy would rather spend millions advertising during the Super Bowl than put that money to good use. TIA!! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On Feb 23, 2011, at 9:08 PM, "Machin, Greg" wrote: > Hi. > > I have had an enquiry from the Network and Security guy. He wants to know why > CentOS 5.5 /RHEL 5 is using a very old version of bind > “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many > security fixes is on 9.7.3 . I understand that its to maintain a known stable > platform by in introducing new elements etc .. Is there an official > explanation / document that I can direct him to. > Please check out: https://access.redhat.com/security/updates/backporting/?sc_cid=3093 RHEL maintains application binary interfaces during the lifetime of their releases. Only for applications that can no longer be feasibly maintained through backporting (ie firefox) do they update the version mid release. A lot of people don't understand the backporting way of maintaining a stable platform across a release, it took me a while to appreciate it. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
Thank you all for helping to clarify this. Thanks Greg Machin Systems Administrator - Linux Infrastructure Group, Information Services From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Ross Walker Sent: Thursday, 24 February 2011 3:51 p.m. To: CentOS mailing list Cc: Subject: Re: [CentOS] current bind version On Feb 23, 2011, at 9:08 PM, "Machin, Greg" wrote: Hi. I have had an enquiry from the Network and Security guy. He wants to know why CentOS 5.5 /RHEL 5 is using a very old version of bind “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many security fixes is on 9.7.3 . I understand that its to maintain a known stable platform by in introducing new elements etc .. Is there an official explanation / document that I can direct him to. Please check out: https://access.redhat.com/security/updates/backporting/?sc_cid=3093 RHEL maintains application binary interfaces during the lifetime of their releases. Only for applications that can no longer be feasibly maintained through backporting (ie firefox) do they update the version mid release. A lot of people don't understand the backporting way of maintaining a stable platform across a release, it took me a while to appreciate it. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unicode in C++
On Wed, 23 Feb 2011 17:01:37 +0100, Mihai T. Lazarescu wrote: [...] Thanks, I did a slightly different search and I didn't get such good results. Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On 02/23/11 6:08 PM, Machin, Greg wrote: > > Hi. > > I have had an enquiry from the Network and Security guy. He wants to > know why CentOS 5.5 /RHEL 5 is using a very old version of bind > “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many > security fixes is on 9.7.3 . I understand that its to maintain a known > stable platform by in introducing new elements etc .. Is there an > official explanation / document that I can direct him to. > > to put it bluntly, your security guy is pretty much worthless as such if he thinks security is audited by checking version numbers. sadly, this is too common. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Ecommerce hosting
On Wed, 23 Feb 2011 21:18:59 -0500 Thomas Dukes wrote: > Would appreciate some suggestions for ecommerce hosting. Depends on what you want. I use beanstream for the bit of stuff that I do. -- MELVILLE THEATRE ~ Melville Sask ~ www.melvilletheatre.com www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On Feb 23, 2011, at 10:23 PM, John R Pierce wrote: > On 02/23/11 6:08 PM, Machin, Greg wrote: >> >> Hi. >> >> I have had an enquiry from the Network and Security guy. He wants to >> know why CentOS 5.5 /RHEL 5 is using a very old version of bind >> “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many >> security fixes is on 9.7.3 . I understand that its to maintain a known >> stable platform by in introducing new elements etc .. Is there an >> official explanation / document that I can direct him to. >> >> > > to put it bluntly, your security guy is pretty much worthless as such if > he thinks security is audited by checking version numbers. > > sadly, this is too common. Let's face it most auditors these days are just accountants with Infosys Mgmt text books. The ridiculously high levels of regulations has created a demand for auditors that can no longer be filled by competent IT skilled auditors. Oh well these are the days. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ls returns file doesn't exist, find finds it??
Howdy, I am getting some errors with find and ls command - such that find is able to see a file whereas ls says the file doesn't exist. Initially I was trying find and ls together as: # find ./ -type f -mtime +15 | xargs ls Similar behavior is seen even when I execute both commands separately. Any thoughts on what might be wrong here? -- thanks, neubyr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls returns file doesn't exist, find finds it??
On 24/02/11 15:54, neubyr wrote: > Howdy, > > I am getting some errors with find and ls command - such that find is > able to see a file whereas ls says the file doesn't exist. Initially I > was trying find and ls together as: > # find ./ -type f -mtime +15 | xargs ls > > Similar behavior is seen even when I execute both commands separately. > Any thoughts on what might be wrong here? white space or weird chars could be causing problems. try find ./ -type f -mtime +15 -print0 | xargs -0 ls Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls returns file doesn't exist, find finds it??
On Wed, Feb 23, 2011 at 11:54 PM, neubyr wrote: > Howdy, > > I am getting some errors with find and ls command - such that find is > able to see a file whereas ls says the file doesn't exist. Initially I > was trying find and ls together as: > # find ./ -type f -mtime +15 | xargs ls > Instead of piping to xargs, try: find . -type f -mtime +15 -exec ls {} \; ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls returns file doesn't exist, find finds it??
On Thu, Feb 24, 2011 at 01:22:41AM -0500, Kwan Lowe wrote: > Instead of piping to xargs, try: > find . -type f -mtime +15 -exec ls {} \; Or get rid of child processes entirely: find . -type f -mtime +15 -ls John -- What lies behind us and what lies before us are tiny matters compared to what lies within us. -- Ralph Waldo Emerson pgpwEN8dL7aYI.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras (not USB, not CCTV)
On 02/23/2011 01:36 PM John R Pierce wrote: > On 02/23/11 10:16 AM, Keith Roberts wrote: >> I think you will get far better video quality using CCTV >> cameras than a webcam on a USB port. > > you may think that, but those solutions you mentioned are all NTSC > composite video, while even a $30 USB webcam now days is 2 megapixels or > higher. > > anyways, the OP wants cameras that connect to the network and get their > power off the ethernet cable, not a USB or a CCTV camera. > Yes. True. I'm not interested in either USB or CCTV. Ethernet cams are much better and smarter technology and, from what I hear, easier to install and set up. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redirecting traffic using iptables
You are correct, I used section 6.1. Its working now thanks On Mon, Jan 31, 2011 at 01:49:08PM +0100, Giles Coochey (gi...@coochey.net) wrote: > On 31/01/2011 13:46, Jobst Schmalenbach wrote: > >Hi. > > > >I have two internet connections, the ADSL2+ is very > >very cheap (but fast 10mb) and I want to use the SHDSL (2mb) > >only for mail,ssh,http OUT and the ADSL2+ only for > >surfing. > > > >I all works fine if people specify the proxy in the > >browser, but in case like flash it of no use. > > > >Further if I can make the 80/443 traffic go through > >the proxy only, its an added bonus. If this can be > >done, fine. Bue I want all 80/443 traffic go through host2. > > > >SHDSL ADSL2+ > > -- --- > > host 1 host2 > > SQUID > > -- --- > > || > > > > host3 > > > > | > > eth1 > > > >On host 3 I have been trying to do this with IPtables, but I am stuck, > >I tried to utilise squid too, does not work > > > >tried: > > > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to > > $PROXY:3128 > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to > > $PROXY:3128 > > > >browser tell me "invalid request". > > > >All I want is to redirect all traffic through host2 if ports 443 and 80 > >are encountered, thats all. If it goes through the proxy it is an > >added bonus, but not required. > > > > > >ANy ideas, anyone? > > > > > Read the transparent proxy howto... you may need to do SNAT as well as DNAT. > http://tldp.org/HOWTO/TransparentProxy-6.html > > -- > Best Regards, > > Giles Coochey > NetSecSpec Ltd > NL T-Systems Mobile: +31 681 265 086 > NL Mobile: +31 626 508 131 > GIB Mobile: +350 5401 6693 > Email/MSN/Live Messenger: gi...@coochey.net > Skype: gilescoochey > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos -- Time flies like the wind. Fruit flies like a banana. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos