Re: [CentOS] Re: Installing Postfix/Dovecot [SOLVED]

[Ned Slider]

Giulio Troccoli wrote:



Giulio Troccoli wrote:
I have just installed CentOS 5.1 on my home server and I am trying to 
set a mail server.


I have diligently followed the instructions on the Wiki - How To on 
the CentOS website (http://wiki.centos.org/HowTos/postfix). However I 
cannot send internal email (I haven't yet tried externally).


Do you have any suggestions on what to check? To test it I used two 
normail user: giulio and federica. I logged in as federica and sent an 
email to giulio with the mail programme. Is this correct (i.e. using 
the mail programme)?


There is one thing that I don't quite understand from the 
instructions. In section 3.1 it's suggested to set


mynetworks = 192.168.0.0/24, 127.0.0.0/8

in the /etc/postfix/main.cf file. My home network however is 
192.168.69.0 and actually the IP assigned to any computers in the 
networks start from 192.168.69.20. So I changed mynetworks to 
192.168.69.0/24 and also 192.168.69.19/30 (as my server IP address is 
actully 192.168.69.25). I don't think this is the cause of my problem 
anyway, because it didn't work even with the value suggested by the 
Wiki page.


Thanks for you help
Giulio


Well,

after putting the correct settings in /etc/postfix/main.cf

mynetworks = 192.168.69.0/24, 127.0.0.0/8

AND commented out the line

#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp

restarted postfix and I can download my email with Thunderbird. I cannot 
read them on the server with mail but I don't care about that


Thanks everybody for your help
Giulio


Hi Giulio,

First up, glad to hear you have it working. I apologize for being late 
to join the discussion - it was just pointed out to me.


I am the author of the postfix/dovecot Wiki guide. If you feel the guide 
is inaccurate or misleading in any way, or any aspects could be improved 
to make it easier to follow or understand, please do not hesitate to 
offer feedback - we are always looking to constantly improve the quality 
of documentation.


I'm not sure why you needed to commented out mailbox_transport = 
lmtp:unix:/var/lib/imap/socket/lmtp, this should have been commented out 
by default unless you'd uncommented it at some point.


Regards,

Ned

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IMAP security

[Ned Slider]

Anne Wilson wrote:
I have port 143 open so that I can get my mail when away from home.  
Occasionally, though, my router reports things like


Thu, 2008-03-27 02:00:11 - TCP Packet - Source:200.122.134.9,3821 
Destination:88.97.17.41,143 - [IMAP rule match]
Thu, 2008-03-27 05:39:49 - TCP Packet - Source:140.127.181.141,3461 
Destination:88.97.17.41,143 - [IMAP rule match]
Thu, 2008-03-27 16:10:03 - TCP Packet - Source:80.88.161.125,2352 
Destination:88.97.17.41,143 - [IMAP rule match]




If you open ports, you will see folks scanning them - it's inevitable. A 
public mail server will attract interest from those wishing to exploit it.


Looking at those addresses in whois, I don't see any good reason for these, 
and I'm concerned in case they are relays.  Advice?




Those looking for relays would be more interested in the smtp port 25. 
The IMAP port is the port you connect to to receive your mail. As long 
as your imap server (dovecot, courier-imap) is fully patched and 
presumably secure then you should be OK.


Advice - one potential weakness is that by default your username and 
password is likely being sent in plain text (not a good idea!). Someone 
could potentially intercept your username and password and access/use 
your email account. If that username/password is also your system 
account then potentially that could be compromised too.


There are a number of things you can do to harden your security. You 
could set up an additional user account with nologin for email so if the 
username/password does get compromised it's limited to purely email. You 
could run imap services on a non-standard port (security through 
obscurity), or firewall the connection to only allow trusted IP 
addresses (works if you always conect from known trusted IP addresses). 
None of these solutions are perfect, so probably the best method is to 
encrypt the connection using SSl. See howto here (for postfix/dovecot):


http://wiki.centos.org/HowTos/postfix_sasl

Hope that helps,

Ned

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IMAP security

[Ned Slider]

Anne Wilson wrote:
These, it seems, are outgoing packets.  Why, then, have they got those source 
addresses?  Is someone managing to bounce packets through my mail server to 
hide their tracks?


Presumably those logs are for incoming connections in your router (looks 
like a netgear log to me). The source IP address is the address of the 
host trying to connect to your imap service (port 143)


I've never seen many of these, just the occasional one.  Sometimes they seem 
to relate to an ntp source.  Often they seem to come from a university site.  
I think the fact that I don't see many means that I'm not being used as an 
open relay, but I'm not 100% confident of that.  I'd like to understand 
what's happening.




Again, "being an open relay" refers to spammers being able to send (or 
relay) mail through your smtp server (port 25). IMAP is a protocol for 
you to retrieve mail, not send it.


You can check your mail server is not acting as an open relay here:

http://www.abuse.net/relay.html

It's probably a good idea to check each time you change something in 
/etc/postfix/main.cf if you are not 100% sure.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Securing SSH

[Ned Slider]

Tim Alberts wrote:
So I setup ssh on a server so I could do some work from home and I 
think the second I opened it every sorry monkey from around the world 
has been trying every account name imaginable to get into the system.


What's a good way to deal with this?



The Wiki has an article here on just this:

http://wiki.centos.org/HowTos/Network/SecuringSSH

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] backup to disk

[Ned Slider]

Ray Leventhal wrote:

Hi,

I'm looking for common practices for backing up user data to disk.  My 
user data is all in /home.  I'm also interested in what folks are doing 
for things backing up os and configs.


Any pointers on setting up rsync, cpio, etc would be appreciated.  
Pointers to good how-to's especially welcome.


Currently we're using Arkeia Network Backup (commercial product with 
which I am in no way affiliated), and it's great, but with disk space so 
cheap, I'd love to be able to take my current non-raid setup and find a 
way to get up and running quickly in the case of some failures.




In a mixed Linux/Windows environment, I deployed a Linux backup server 
and mounted users data directories on the backup server using smb/cifs 
and then did a "local" rsync of the mounted dirs to the backup dir (easy 
to run as a cron job each night). Further backups may then be written to 
removable storage for off site storage or additional disks in case of 
drive failure. I like rsync for backing up changing data sets such as 
users data.


To negate the risks/downtime associated with hard drive failure, I 
cloned the original OS setup using dd to spare HDs and locked them in 
the safe. Primary drive failure would require replacement of the drives 
(and a system update) and restoring data from the latest backups, 
although there's no reason one couldn't run 2 near identical backup 
servers side by side if the hardware is available.


There are simply so many different ways one could implement a backup 
strategy depending on hardware available, what software you're 
comfortable with, whether you want to script your own or use a backup 
package, the type of data you need to back up etc. The *important* thing 
is that you're comfortable with your backup procedure, it meets your 
needs, it's performed regularly, it's tested and it works.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] atrpms nvidia cannot load

[Ned Slider]

Sam Beam wrote:

Hi guys - brand new 5.1 install here and quite happy - but...

The nv driver did not work at all for me, fritzy stripes and dots. This is a 
GeForce 7300 LE which was working happily dual-head under FC6 with the livna 
nvidia RPMs


So I looked around and it seemed like the ATRpms repo via yum was the best 
option for CentOS. This is what I installed, it worked great with the 
xorg.conf from the old system.


But then I did a 'yum update' to the system and got a new kernel from 
centosplus (?). 

Now the nvidia module won't load. It's not happy with the new kernel. I am at 
a loss as to how to make it happy?


what is the best way to install the closed-source drivers? direct from nvidia? 
recomplile them? Is there some gap between updates kernel and the atrpms 
modules?




Hi Sam,

I would recommend the nvidia driver on RPMForge as it's a dkms-based 
driver, meaning that it gets automatically rebuilt upon a kernel upgrade.


You'd need to enable the RPMForge repo, see here:

http://wiki.centos.org/Repositories

and then install dkms and the nvidia driver for your card

yum install dkms nvidia-x11-drv

Check that the dkms_autoinstaller service is set to run at the 
appropriate run levels and you should be good to go (you may need to 
first uninstall the existing ATRpms driver package). Oh - you'll 
probably also need the devel stuff present on your system such as 
kernel-headers, kernel-devel and gcc etc for the driver to compile.


Hope that helps.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] atrpms nvidia cannot load

[Ned Slider]

Sam Beam wrote:


Thanks Ned that works great! I'd never heard of dkms before. the best!



Glad you got it working. For reference:

http://linux.dell.com/projects.shtml#dkms

but I confess to not really understanding how it works, just that it does!

for the record, here is what I did since I was already running under the new 
updated kernel:






all is well! will test the autoinstaller later. This rocks thanks


The real test will come after the next kernel update, but it should all 
"just work" :)


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DKMS

[Ned Slider]

John wrote:

Alan,

I knew of the Dell article, as I have all of those saved for reference.
[1] I was just wondering if you knew of any that were for someone knew
to Linux. You know the Microsoft type tutorials that have screenshot
with them. That's the question I get asked a lot of times from around my
home area. 


In turn when these users that are new to Linux they get discouraged when
they can't visualy see pictures or have to edit some text file. They
just use to doing things the M$ Way. CentOS could have a much broader
user base (Huge), the biggest user base around if simple things like
this could be done. i realize though it take volunteers to do this on
the wiki.



Hi John,

Apologies for not being Alan ;)

As an occasional Wiki author, I thought I'd offer you my personal 
insight on this topic. I try to write articles/documentation that is 
broad reaching hence why it tends to be command line based - not 
everyone has a GUI installed, so any guide that relies on GUI methods 
instantly fails to reach a section of the community. I firmly believe 
well written command line based documentation can and should be easy to 
follow, even for the novice user.


Also, IMHO GUI-based tools are not always a good thing. I remember 
struggling with the horrible up2date GUI interface in my Red Hat Linux 
days. It was only a GUI frontend to RPM (??) but it was buggy as hell. 
It didn't take me long to figure out it was far easier to manually 
download updates by ftp and apply them with 'rpm -Fvh *.rpm'. Things 
evolve and now we can simply do 'yum update'. Why add an additional 
layer of complexity where it isn't needed?


Whilst I sympathise with your observation, and I'm sure we all know 
users like that, CentOS isn't Windows and I wouldn't want it to be. I 
would rather we try to educate users to the Linux way of doing things 
rather than turn Linux into a Windows clone. I guess I feel the same 
about documentation to an extent.


Ned

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DKMS

[Ned Slider]

John wrote:



The catch here is feeding the new user little by little. Ease them into
it and they will never know it
I am not saying turn CentOS into a Windows Clone. Yes, I agree educating
the user to the linux way of doing things



Some good feedback John.

I'm thinking the choice of distro is key for the first time user. They 
need as much stuff to just work as possible so limiting the amount of 
tasks they need to initially perform to get the box running 
satisfactorily. Distros that have a strict interpretation of open 
source/GPL and don't include 3rd party proprietary drivers, plugins, 
applications etc probably aren't the easiest for new users. I believe 
there are distros out there that either include these by default or aim 
to make it very easy for users to add/enable them. Maybe one of these 
types of distros would be more suitable than CentOS, and allow new users 
a more shallow learning curve. Then, when they are a little more 
comfortable with their new OS they can think about migrating to a more 
"mature" distro such as CentOS.


I often say to new users that learning Linux is like learning to speak a 
new language. Just because you are fluent in English, doesn't mean you 
will be able to pick up a novel written in French/German/Spanish and 
immediately read and/or understand it. The same is true here - those 10+ 
years of experience you have using Windows counts for nothing and 
doesn't entitle you to pick up a Linux CD and be able to use it - the 
learning curve is steep. I think people's expectations are unrealistic 
if they think they can throw in a Linux CD and expect to achieve 
everything they were able to do in Windows in a weekend.


TBH, Windows is no different - you show me an average home user that's 
never used Windows before who could configure a network or printer. Just 
because PCs are sold as consumer items, doesn't make it so. If you went 
out and bought a new car, would you expect to be able to drive it home 
if you'd never had a driving lesson? I could go on with the analogies 
but I suspect I'm preaching to the converted and you understand the point :)




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Building a 64bit rpm

[Ned Slider]

Akemi Yagi wrote:

On Tue, Apr 8, 2008 at 10:34 AM, Frank Cox <[EMAIL PROTECTED]> wrote:

On Tue, 08 Apr 2008 19:29:01 +0200
 Rudi Ahlers <[EMAIL PROTECTED]> wrote:

 > I build mine as root ( a normal user account gave me some erorrs), and
 > all seems well?

 Use yum to install rpmdevtools.  Then rpmdev-setuptree will do all of the work
 that's required to build rpms as a user.


I suppose rpmdevtools is only available from EPEL.  But the following
procedures will do the job:

cd
mkdir -p rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
echo "%_topdir %(echo $HOME)/rpmbuild" > .rpmmacros

Then as root, yum install rpm-build



Johnny wrote a nice article here about building SRPMs:

http://www.linuxhelp.net/forums/How_to_Build_Enterprise_Srpms_t3384.html

Never had any problems since following Johnny's advice :)

You can modify Johnny's scripts to build for different targets (i386, 
i686, x86_64 etc). For a build target of x86_64, you may want to specify 
-m64.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange reboots

[Ned Slider]

Linux wrote:


# ps ax
  PID TTY  STAT   TIME COMMAND

 2994 ?Ss 0:00 sshd: [EMAIL PROTECTED]/2

 4028 pts/2Ss+0:00 -bash

 5603 ?Ss 0:00 sshd: [EMAIL PROTECTED]/0
 5625 pts/0Ss 0:00 -bash


Two root logins via ssh - are these both you? The first looks early in 
the boot process.


I'm sure I don't need to say you shouldn't really be logging in directly 
as root. Better to disable root logins by ssh - login as a regular user 
and su to root.


http://wiki.centos.org/HowTos/Network/SecuringSSH

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hardware problem with 5.6

[Ned Slider]

On 14/01/11 17:22, mahmoud mansy wrote:
> hey every one i got the centos 5.5  and the following problem occuered:
> 1- the video display doesnot probe my card right.
> 2- the wireless card doesnot installed .
>
>
> my laptop is dell studio1569:
> (
> display card is intel hd arrandle , the wireless card is intel
> advanced centrino n6200 series )
> but the fedora 14 did it will with both also the ubuntu?

The Intel Wireless WiFi Link 6200AGN and 6300AGN Adapters are supported 
by the iwlagn driver in 5.5 and 5.6.

You will need the appropriate firmware installed, in this case 
iwl6000-firmware available from elrepo.org:

http://elrepo.org/tiki/iwl6000-firmware

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nvidia failure with new kernel

[Ned Slider]

On 17/01/11 18:44, Jason Brown wrote:
> The kernel modules are only for that kernel, so anytime you update it
> you also have to reinstall the nvidia drivers.
>

Alternatively, you could use the nvidia driver packages from elrepo.org:

http://elrepo.org/tiki/kmod-nvidia

which are kABI-tracking kmod packages that work seamlessly over a kernel 
update. They even work with the new 5.6 kernel and there are packages 
for el6 too.

If you do decide to switch to the elrepo packages, please make sure you 
*uninstall* the current NVIDIA provided driver first. The page above has 
details on how to do that.

Hope that helps.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nvidia failure with new kernel

[Ned Slider]

On 17/01/11 20:08, Michael D. Berger wrote:
> On Mon, 17 Jan 2011 19:07:03 +0000, Ned Slider wrote:
>
>> On 17/01/11 18:44, Jason Brown wrote:
>>> The kernel modules are only for that kernel, so anytime you update it
>>> you also have to reinstall the nvidia drivers.
>>>
>>>
>> Alternatively, you could use the nvidia driver packages from elrepo.org:
>>
>> http://elrepo.org/tiki/kmod-nvidia
>>
>> which are kABI-tracking kmod packages that work seamlessly over a kernel
>> update. They even work with the new 5.6 kernel and there are packages
>> for el6 too.
>>
>> If you do decide to switch to the elrepo packages, please make sure you
>> *uninstall* the current NVIDIA provided driver first. The page above has
>> details on how to do that.
>>
>> Hope that helps.
>
> After looking at the recommended web site, I did the uninstall,
> and then ran:
>
> yum --disablerepo=\* --enablerepo=elrepo install kmod-nvidia nvidia-x11-
> drv 2>&1 | tee el.log
>
> I got:
>Loaded plugins: fastestmirror
>Error getting repository data for elrepo, repository not found
>
> It seems that there may be another step.
>

Please see the Getting Started instructions here:

http://elrepo.org/


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Let's talk about HTTPS Everywhere

[Ned Slider]

On 19/01/11 18:42, John R. Dennison wrote:
> On Wed, Jan 19, 2011 at 10:33:59AM -0800, Mark wrote:
>> Let's talk about CentOS on this list, shall we?
>
>   Presumably the OP is running firefox on CentOS.  So... how it this
>   not about CentOS?
>
>

You are kidding, right?

I do my accounts on CentOS - does that make this a suitable venue to 
discuss my tax returns?

The SNR of this list is shocking and encouraging the above doesn't help 
any. This thread is already 10 posts and contains not one single 
relevant (to this list) piece of information.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unable to connect to wireless network

[Ned Slider]

On 04/02/11 22:51, Always Learning wrote:
>
> On Fri, 2011-02-04 at 21:45 +0530, Jatin wrote:
>
>> I just installed the CentOS 5.5 version on my toshiba laptop. I did the
>> configuration that i had for the wireless settings but still i could not
>> connect to my home wireless network. So someone please guide me on how i
>> can connect my laptop to my wireless home network.
>
> Hi Jatin,
>
> I'm a kind of "expert" on this. In the last 2 weeks I've done 2 laptops
> and one notebook.  The biggest problem is Centos may not have the
> necessary wifi drivers. Centos 5.5 kernel is 2.6.18. Some wifi drivers
> were added to the Linux kernel 2.6.27.
>

Red Hat constantly backports updated drivers into each update set. The 
kernel in 5.3 contained support for many new wireless devices as did the 
5.5 kernel. The current CentOS kernel bears little to no resemblance to 
a stock 2.6.18 kernel wrt wireless support.

Drivers for devices not directly supported by the kernel (and many 
wireless firmware packages) can be found at elrepo.org.

Once we know the device then I'm sure we can point the OP in the right 
direction.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fan speed control on Supermicro X8DAL board with CentOS

[Ned Slider]

On 06/02/11 07:00, Chuck Munro wrote:
> Hello folks,
>
> I'm having a difficult time trying to figure out why the CPU cooling
> fans run at full speed on my Supermicro X8DAL-3 motherboard.  There
> doesn't seem to be any variable speed (the fans are PWM compatible) ...
> they either idle at almost nothing, or suddenly burst into a
> high-pitched scream that gets my ears bleeding after a few seconds.
> Once they jump to warp-10, they remain there.
>
> The "Super-I/O" chip on this board is a Winbond W83627DHG which does the
> temperature and voltage monitoring.
>
> Is anyone aware of which driver or kernel module I need for that chip in
> order to get control of the fans?  The Supermicro web site and the
> board's manual aren't any help.  Fresh installs of CentOS-5.5 and RHEL-6
> don't exert any control by default.  Installing the lm_sensors package
> and probing with the 'sensors' command didn't help either.
>
> Slowly going deaf ...
>
> Chuck


Hi Chuck,

The correct kernel module for your chipset is w83627ehf.ko. I'm not sure 
the driver actually controls fan speed, I thought it was more for 
monitoring (fan speeds, temps, voltages) but I could be wrong. My 
current system (not a Supermicro) controls variable fan speed from 
options within the BIOS. I can enable/disable fan speed control and 
select either voltage or PWM based control.

The stock w83627ehf driver in RHEL5.5 is oldish (they were updated in 
5.5 I think but are still over a year old now). ELRepo.org have an 
updated driver available (kmod-w83627ehf) based on a backport from 
kernel-2.6.34. I've just checked upstream and a few more patches have 
been committed since kernel-2.6.34 and the current kernel-2.6.37 so I'll 
look at updating the elrepo driver with those latest patches.

Hope that helps.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fan speed control on Supermicro X8DAL board with CentOS

[Ned Slider]

On 06/02/11 17:15, Chuck Munro wrote:
> On Sun, 06 Feb 2011 12:09:12 +0000  Ned Slider wrote:
>>
>> On 06/02/11 07:00, Chuck Munro wrote:
>>>> Hello folks,
>>>>
>>>> I'm having a difficult time trying to figure out why the CPU cooling
>>>> fans run at full speed on my Supermicro X8DAL-3 motherboard.  There
>>>> doesn't seem to be any variable speed (the fans are PWM compatible) ...
>>>> they either idle at almost nothing, or suddenly burst into a
>>>> high-pitched scream that gets my ears bleeding after a few seconds.
>>>> Once they jump to warp-10, they remain there.
>>>>
>>>> The "Super-I/O" chip on this board is a Winbond W83627DHG which does the
>>>> temperature and voltage monitoring.
>>>>
>>>> Is anyone aware of which driver or kernel module I need for that chip in
>>>> order to get control of the fans?  The Supermicro web site and the
>>>> board's manual aren't any help.  Fresh installs of CentOS-5.5 and RHEL-6
>>>> don't exert any control by default.  Installing the lm_sensors package
>>>> and probing with the 'sensors' command didn't help either.
>>>>
>>>> Slowly going deaf ...
>>>>
>>>> Chuck
>>
>> Hi Chuck,
>>
>> The correct kernel module for your chipset is w83627ehf.ko. I'm not sure
>> the driver actually controls fan speed, I thought it was more for
>> monitoring (fan speeds, temps, voltages) but I could be wrong. My
>> current system (not a Supermicro) controls variable fan speed from
>> options within the BIOS. I can enable/disable fan speed control and
>> select either voltage or PWM based control.
>>
>> The stock w83627ehf driver in RHEL5.5 is oldish (they were updated in
>> 5.5 I think but are still over a year old now). ELRepo.org have an
>> updated driver available (kmod-w83627ehf) based on a backport from
>> kernel-2.6.34. I've just checked upstream and a few more patches have
>> been committed since kernel-2.6.34 and the current kernel-2.6.37 so I'll
>> look at updating the elrepo driver with those latest patches.
>>
>> Hope that helps.
>>
>>
> Thanks Ned!  I did go through the board's BIOS menus several times and
> could find only one fan control option, which ranges from always-fast
> for maximum performance to almost-silent for workstation use.  No matter
> what the setting, the fans may start out slow but eventually jump to
> high speed.  Updating the BIOS to the latest version made no difference.
>I also noticed that at all times the BIOS reports the CPU temperatures
> as "Low" no matter what the fan speed.  The coolers are always cold to
> the touch.
>
> I sure hope I don't have a defective board ... it's a royal pain to have
> to remove one from a large server.  I booted Ubuntu but the live-CD
> version doesn't have a working 'fancontrol' utility.  I'd be tempted to
> install Ubuntu Server but I much prefer staying with CentOS and KVM to
> match all of the guest virtual machines it'll be running.
>
> Time to go through the mobo manual with a fine-tooth comb.  :-)
>
> Chuck
>

You're welcome Chuck.

Your question prompted me to update the elrepo kmod-w83627ehf driver 
package to the latest upstream source (kernel-2.6.37):

http://lists.elrepo.org/pipermail/elrepo/2011-February/000488.html

By all means give that package a try, but I'm not convinced it will 
address your problem in this case. Either way, it should be relatively 
quick and painless to test - updated packages should be available shortly.

Maybe someone with more experience of this particular Supermicro M/B 
will pop up on the list :-)

Regards,

Ned

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH AllowUser WildCard

[Ned Slider]

On 07/02/11 06:08, Stephen Cox wrote:
> Is it possible to allow a user to login from an changing hostname like:
>
> username@*hoststringfixed.com
>

man sshd_config

AllowUsers
This keyword can be followed by a list of user name patterns, separated 
by spaces. If specified, login is allowed only for user names that match 
one of the patterns. `*' and `?' can be used as wildcards in the 
patterns. Only user names are valid; a numerical user ID is not 
recognized. By default, login is allowed for all users. If the pattern 
takes the form USER@HOST then USER and HOST are separately checked, 
restricting logins to particular users from particular hosts.


So wild cards can be used although it doesn't specifically state they 
can be used with the HOST part. Try it and see, my guess is it will work.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH AllowUser WildCard

[Ned Slider]

On 08/02/11 18:13, Stephen Cox wrote:
> On Tue, Feb 8, 2011 at 6:52 PM, Gordon Messmer  wrote:
>> You'll need to set up DNS properly for this to work.
>
> It is mobile Broadband... So that will not be not possible.
>

Is there a reason you have to include the host part? Why can't you just 
allow the user part only for that user?


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how will CentOS handle the perftools 1.7 vs. 1.6 issue?

[Ned Slider]

On 10/02/11 02:05, Larry Vaden wrote:
> In order to avoid a cross post, the following background quote is from
> scientific-linux-us...@fnal.gov:
>
> 
> On Wed, Feb 9, 2011 at 11:27 AM, Ewan Mac Mahon  wrote:
>>
>> I'm a little bit hazy on the details, but there are some slides from the
>> meeting here[1]:
>>   
>> http://indico.cern.ch/getFile.py/access?contribId=8&sessionId=1&resId=1&materialId=slides&confId=106641
>
> On Wed, Feb 9, 2011 at 12:41 PM, Chris Jones
>   wrote:
>>
>> I would say a bug in tcmalloc, not SL or RHEL. See for instance
>>
>> 
>>
>> The fix is to move to google perftools 1.7
>
> 
>
> Because of a problem with not running the current BIND release a
> couple of weeks ago, I would like to ask:
>
> a) is RedHat likely to choose to backport the fix to 1.6 or will it
> adopt 1.7 or leave as is until 5.7 or later as it has done with BIND?
>
> b) will Centos and/or SL follow RH exactly or will their approaches differ?
>
> IOW, how far does the "binary compatiblity" policy extend?
>

Bug for bug - if the bug is in RHEL-5.6 then it will be in CentOS too.

If it's important to you, file a bug upstream with Red Hat and get it 
fixed. The fix will naturally flow back downstream to CentOS.

Of course CentOS does have the freedom to do things differently to Red 
Hat if they want to, but if they do generally it will be outside of the 
main base/updates) repositories.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Any update on 5.6 / 6?

[Ned Slider]

On 18/02/11 15:12, Larry Vaden wrote:
> On Fri, Feb 18, 2011 at 7:13 AM, Johnny Hughes  wrote:
>> On 02/18/2011 02:26 AM, Pasi Kärkkäinen wrote:
>>> On Wed, Feb 16, 2011 at 07:15:32AM -0600, Johnny Hughes wrote:

 Red Hat still has not put several of the sources in their public tree
 either.

>>>
>>> So CentOS6 cannot be released, or even built completely before
>>> those missing src.rpms are released?
>>
>> Theoretically, it can not be built, so certainly not *released*, until
>> we have all the SRPMS, no.
>>
>> If said SRPMS are on one of the release Source ISOs, then we have them
>> available there, if they are not then we are stuck.
>
> Johnny,
>
> Does
> contain anything y'all need that you don't already have?
>

No disrespect Larry, but pulling missing SRPM packages from Scientific 
Linux is not the answer. The answer lies in comparing those packages 
available on Red Hat's public ftp servers with those in the distro and 
filing bugs against the missing SRPM packages. Red hat are usually quick 
to respond to such issues.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Will CentOS become obsolete now because of the changes Red Hat is implementing?

[Ned Slider]

On 05/03/11 10:07, Rudi Ahlers wrote:
> This post appeared on another forum:
>
> Will CentOS become obsolete now because of the changes Red Hat is 
> implementing?
>



>
> But CentOS founder Russ Herold insists the change is not a big issue.
> "Private local trial builds of the released RHEL 6 sources by me and
> others have proceeded with no major problems. I just do not see that
> the changes as some earth-shattering change. I just think [the patches
> will be] incrementally more difficult to figure out," he says.
>
> "Nothing in Red Hat's new approach prevents a person from running a
> local version-control system, containing the pristine kernel at point
> A, and the Red Hat variant which we might call point B. Then one runs
> a 'diff' in that version-control system between A and B, and starts
> reading the diffs to see what is happening. Over time, both the
> pristine kernel, and the patched Red Hat versions will vary, and one
> will get a sense for which 'diff' parts matter, and which are cosmetic
> cleanups."
>



>
> Full story here : http://www.channelregister.co.uk/201...ode_packaging/
>

full non-truncated link:

http://www.channelregister.co.uk/2011/03/04/red_hat_twarts_oracle_and_novell_with_change_to_source_code_packaging/

>
> Can any of the CentOS team please comment on this?
>

Which part of Russ Herold's ("CentOS founder") comments above did you 
not read?

Come on, this whole story is total nonsense and has been responded to a 
number of times. Red Hat are legitimately protecting their business 
model against competitors (namely, Oracle and Novel) and the changes 
have no impact towards rebuilders. This is a good thing - if Red Hat 
doesn't exist the CentOS doesn't exist.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Epel and yum downgrade : possible ?

[Ned Slider]

On 08/03/11 15:53, Philippe Naudin wrote:
> Hello,
>
> Is it possible to downgrade to an old version of a package on epel ? I
> am in troubles with the new dokuwiki-0-0.6.20101107.a.el5, and cannot
> find dokuwiki-0-0.4.20091225.c.el5.noarch...
>
> Thanks,
>

You will need to install the "yum-allowdowngrade" package if it's not 
already installed to allow yum to do this.

Then simply run:

yum downgrade dokuwiki

which should downgrade to the previously available version

Hope that helps.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Epel and yum downgrade : possible ?

[Ned Slider]

On 08/03/11 16:55, Ned Slider wrote:
> On 08/03/11 15:53, Philippe Naudin wrote:
>> Hello,
>>
>> Is it possible to downgrade to an old version of a package on epel ? I
>> am in troubles with the new dokuwiki-0-0.6.20101107.a.el5, and cannot
>> find dokuwiki-0-0.4.20091225.c.el5.noarch...
>>
>> Thanks,
>>
>
> You will need to install the "yum-allowdowngrade" package if it's not
> already installed to allow yum to do this.
>
> Then simply run:
>
> yum downgrade dokuwiki
>
> which should downgrade to the previously available version
>

Replying to myself... I neglected to mention this relies on the 
repository keeping old versions available for you to "downgrade" to.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] modprobe :: not finding existing .ko

[Ned Slider]

On 18/03/11 16:49, m.r...@5-cent.us wrote:
> Adrian Sevcenco wrote:
>> Hi! I try to load an module that it is found in curent
>> /lib/modules/`uname -r` tree ...
>> root@sevcenco: ~ # ls -l /lib/modules/`uname
>> -r`/kernel/drivers/crypto/padlock-*
>> -rwxr--r-- 1 root root 14296 Mar 16 19:37
>> /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-aes.ko
>> -rwxr--r-- 1 root root 10808 Mar 16 19:37
>> /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-sha.ko
>>
>> but if i try :
>> root@sevcenco: ~ # modprobe -v padlock-aes.ko
>> FATAL: Module padlock_aes.ko not found.
> 
> Here's a question: what kernel are you running? The most current CentOS
> 5.5 is 2.6.18-194.32.1.el5, while you're pointing to 2.6.38-0, unless I
> misunderstand how the elrepo modules are installed.
>

That's not an elrepo kmod, it's an elrepo kernel (kernel-ml) he is running:

http://elrepo.org/tiki/kernel-ml
http://elrepo.org/linux/kernel/el5/

Elrepo also provide the latest stable (currently 2.6.38) and latest long 
term (2.6.35.11) kernels from upstream built and packaged for RHEL5. 
These aren't recommended for production use but may prove useful for 
testing hardware and/or troubleshooting purposes.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] The delays on CentOS 5.6 are causing EPEL incompatibilities

[Ned Slider]

On 20/03/11 15:23, Nico Kadel-Garcia wrote:
> There are significant components of the upstream 5.6 release which are
> stuck behind the CentOS 5.6 release process, but are now incorporated
> in EPEL 5 components. In particular, the "php53" package is now
> necessary for the "drupal6" EPEL components, due to the long out of
> date PHP 5.1 in the default upstream vendor's codebase.
>
> I see that some of these components are available in the "testing"
> repository at http://dev.centos.org/centos/5/CentOS-Testing.repo. But
> this isn't published with centos-release. fasttrack is. Would it be
> reasonable to push these "testing" components over to "fasttrack"?
> Given our "upstream vendor's" policy of making all the updates
> available to all the previous releases in their main "channels", I'm
> not sure there's any reason not to present them, at least to the
> fasttrack" channel, and migrate them from "fasttrack" to "updates" as
> necessary.
>
> Other components for such fasttrack publication might include bind97,
> which some CentOS users have been asking for.

We've had this discussion before - the fasttrack repository is a rebuild 
of the upstream FasTrack channel, nothing more. Except it's never 
actually been populated for CentOS-5.

The correct place for these packages is in os/5.6 when released. In the 
meantime they have been publicly released to testing for those who want 
early access (fasttrack access if you prefer) or who want to test and 
provide feedback.

Incompatibilities between EPEL and CentOS caused due to the delay in 
releasing 5.6 are a matter for EPEL to resolve. CentOS are doing their 
best to resolve the issue their end by getting 5.6 out as fast as possible.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] The delays on CentOS 5.6 are causing EPEL incompatibilities

[Ned Slider]

On 23/03/11 03:41, John R. Dennison wrote:
> On Wed, Mar 23, 2011 at 04:22:36AM +0100, Dag Wieers wrote:
>>
>> CentOS 4.8 (95 days late) and CentOS 5.3 (69 days late) have been the worst
>> delays. But now CentOS 5.6 is already at 69 days and CentOS 6.0 is past
>> 133 days delay, an all time record (not counting CentOS 2 :-)).
>
>   You keep tossing out "late".  "late" implies a published deadline
>   and I've yet to see one.  I see "best effort" and "will try"
>   comments in many places, but never a published deadline.  So,
>   why the focus on "late"?
>
>

I see time-lines clearly published in this FAQ on the CentOS website:

https://www.centos.org/modules/smartfaq/faq.php?faqid=7

Quote:
"How long after redhat publishes a fix does it take for CentOS to 
publish a fix?

Our goal is to have individual RPM packages available on the mirrors 
within 72 hours of their release, and normally they are available within 
24 hours.

Occassionally packages are delayed for various reasons.

On rare occasions packages may be built and pushed to the mirrors but 
not available via yum. (This is because yum-arch has not been run on the 
master mirror. This may happen when issues with upstream packages are 
discovered shortly after their release, and if releasing the package 
would break it's functionality.)

Update Sets (see this FAQ) will have Security Errata released was stated 
above, while the BugFix and Enhancement errata are actually tested more 
rigorisly and released after the new ISO for the Update Set is produced. 
This will normally be within 2 weeks of the Update Set release."


The above FAQ creates an expectation of 2 weeks being the norm. Equally 
it is not unreasonable to define any release made after two weeks to be 
"late" (or later than hoped if you prefer) by the developers own hopes 
and expectations.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6 Update?

[Ned Slider]

On 07/04/11 14:41, David Sommerseth wrote:
> On 07/04/11 15:11, Radu Gheorghiu wrote:
>> On 04/07/2011 03:58 PM, Max Hetrick wrote:
>>> On 04/07/2011 08:41 AM, Johnny Hughes wrote:
>>>
 Please try to maintain some semblance of professionalism when you post
 to this list.
>>> This coming from someone who frequently tells people to "SHUT UP" and go
>>> away and use something else. I guess that's far more professional than
>>> others trying to open up communications between a projects members and
>>> the developers.
>>>
>> Fully agree. This attitude has lead many companies I know to drop CentOS
>> in favour of other distros. This project is sure not going in the right
>> direction.
>> I know, I'm going to be told to use something else, I know I know, I'm
>> looking for alternatives.
>
> Fully agree!  Which is why I'm investigating a migration to Scientific
> Linux.  It doesn't provide 100% binary compatibility, compared to CentOS.
>   But I'm also not using software packages which should depend on that.
>

Ahem, but as far as I'm aware, CentOS (at least 5) has never provided 
100% binary compatibility either (yes, I've checked).

Don't get me wrong, this isn't a criticism of CentOS, sometimes it's 
just not possible to maintain 100% binary compatibility when RHEL is 
built and linked against some package version that have never been made 
publicly available. Anyone who has ever rebuilt packages from RHEL will 
know and understand this.

CentOS AIMS to be 100% binary compatible and for the most part it is, 
but I'm tired of seeing this misnomer repeated over and over like some 
holy grail. Personally I'm with Russ on this one that whilst an 
admirable goal I think the importance of binary compatibility is 
sometimes overstated and often misunderstood.

BTW I've not checked SL binaries so I have no idea if their distribution 
is any more or less binary compatible with upstream than CentOS but it's 
easy enough to do so for anyone interested.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6 Update?

[Ned Slider]

On 07/04/11 21:38, Les Mikesell wrote:
> On 4/7/2011 3:04 PM, Ned Slider wrote:
>>
>> CentOS AIMS to be 100% binary compatible and for the most part it is,
>> but I'm tired of seeing this misnomer repeated over and over like some
>> holy grail. Personally I'm with Russ on this one that whilst an
>> admirable goal I think the importance of binary compatibility is
>> sometimes overstated and often misunderstood.
>
> Plus, if there is anything that is broken about what you get by
> rebuilding RHEL src rpms under RHEL, it should be made public and either
> fixed or acknowleged as the intended outcome.
>

Huh? Red Hat never claimed RHEL to be self hosting wrt (re)building itself.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6 Update?

[Ned Slider]

On 08/04/11 03:06, Lucian wrote:
> On Fri, Apr 8, 2011 at 1:00 AM, Jerry Franz  wrote:
>> On 04/07/2011 03:52 PM, Scott Silva wrote:
>>>
>>> The GPL says they must release source. It doesn't say they have to also
>>> release any magic spells they use to compile it.
>>>
>>
>> Actually, it *does*. If the code was released with missing 'magic fairy
>> dust' required to actually compile the GPL derived binaries they
>> release, they would be in violation of GPL2 section 3.
>>
>> You should read http://gpl-violations.org/faq/sourcecode-faq.html to
>> understand the implications of the GPL on source code release. You want
>> to read the sections on 'What are "scripts used to control
>> compilation"?' and 'What are "scripts used to control installation"?'
>
> Interesting. I wonder how would RedHat respond to this.


As I seem to have started this little subsection of the thread, please 
let me give just one small example to help clarify the situation as it 
appears there is still a lot of misunderstanding surrounding this issue.

Let's look at kernel modules, kmod packages. They are built against one 
specific kernel and then weak link against all other kernels that are 
kABI compatible. For example, in CentOS 5.6,
kmod-gfs is built against the 5.6 base release kernel:

$ rpm -qlp kmod-gfs-0.1.34-15.el5.centos.x86_64.rpm
/lib/modules/2.6.18-238.el5
/lib/modules/2.6.18-238.el5/extra
/lib/modules/2.6.18-238.el5/extra/gfs
/lib/modules/2.6.18-238.el5/extra/gfs/gfs.ko

but when we compare that to the upstream package:

$ rpm -qlp kmod-gfs-0.1.34-15.el5.x86_64.rpm
/lib/modules/2.6.18-223.el5
/lib/modules/2.6.18-223.el5/extra
/lib/modules/2.6.18-223.el5/extra/gfs
/lib/modules/2.6.18-223.el5/extra/gfs/gfs.ko

we see it's been built against a 2.6.18-223.el5 kernel. This was a beta 
kernel and was never officially released so CentOS has no way to rebuild 
their package against this kernel. Hence, not 100% binary compatible.

There is absolutely NO responsibility on Red Hat to release that kernel 
that was part of their build environment.

The package builds fine for CentOS against the release kernel. In all 
likelihood it will function identically to the upstream packages, but 
there is always a possibility that some weird corner-case bug will 
affect one package that doesn't affect the other.

This situation with kmod packages is not at all uncommon as Red Hat 
invariably release kmods built against pre-release kernels and don't 
rebuild them against the release kernel for GA. There are other examples 
where packages might have been built against an unreleased version of 
glibc or whatever but again these packages generally function fine, and 
identically to upstream, but there is always a very small possibility 
they might not function identically bug for bug. That's not to say the 
RHEL package is any more right or wrong than the CentOS package, just 
that they are different and hence by definition not 100% binary compatible.

I hope that helps clarify some of the confusion surrounding this issue.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables package issue

[Ned Slider]

On 08/04/11 19:49, Joseph L. Casale wrote:
> I just did a test install off a netinstall iso to a mirror repo which left
> no /etc/sysconfig/iptables file in place.
>
> So a quick check:
> # yum whatprovides /etc/sysconfig/iptables --disablerepo=\* --enablerepo=base 
> --enablerepo=updates --disableplugin=\*
> No Matches found
>
> Without that file iptables doesn't start as per the init script. Anyone
> know what may be awry?
>
> Thanks,
> jlc
>

/etc/sysconfig/iptables is created or owned by any package, it's created 
by running the iptables-save command. Try running iptables-save.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables package issue

[Ned Slider]

On 08/04/11 20:56, Ned Slider wrote:
> On 08/04/11 19:49, Joseph L. Casale wrote:
>> I just did a test install off a netinstall iso to a mirror repo which left
>> no /etc/sysconfig/iptables file in place.
>>
>> So a quick check:
>> # yum whatprovides /etc/sysconfig/iptables --disablerepo=\* 
>> --enablerepo=base --enablerepo=updates --disableplugin=\*
>> No Matches found
>>
>> Without that file iptables doesn't start as per the init script. Anyone
>> know what may be awry?
>>
>> Thanks,
>> jlc
>>
>
> /etc/sysconfig/iptables is created or owned by any package, it's created
> by running the iptables-save command. Try running iptables-save.
>

Oops, sorry, I meant /etc/sysconfig/iptables *isn't* created or owned by 
any package.

Apologies.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] New CentOS ToDo Page Required

[Ned Slider]

On 09/04/11 11:36, Mister IT Guru wrote:
> Due to recent list traffic, it seems that we need to have a new todo
> list! I propose the following
>
> 1) Nuke current todo page
> 2) Create new todo page
> 3) Clear out ancient todo items
>   a) Get rid of the items that are no longer relevant
>   b) Reword those that are
> 4) Update Wiki
>   a) Gasp as the magnitude at the job
>   b) Inject coffee, add ego - write mini todo and propose to list
>   c) Expand on b) till the list stops quibbling
>   d) Find volunteers, and get cracking on Updating the wiki
>
>
>
> Any ideas? Anyone want to comment?
>

I'm not sure this is the correct list for this (being Wiki related), or 
at the very least this should be CCd to the centos-docs list too.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can a company help, officially?

[Ned Slider]

On 11/04/11 20:16, Digimer wrote:
>
> /putting on asbestos pants.
>
> each release is more complex than the last. The web of dependency grows,
> so the reverse-engineering takes longer and longer.
>

This is just complete nonsense. You clearly have no understanding of the 
processes involved in rebuilding RHEL. CentOS doesn't reverse-engineer 
anything, they simply rebuild the upstream sources. It's not rocket science.

> Perhaps the tact to take is to apply pressure to the upstream provider
> to release the build details? I am sure that many folks who start with
> CentOS, grow to be large and move to RH proper. So there is, I would
> venture, an argument to be made that RH providing this info to CentOS
> and helping CentOS thrive would be beneficial for their business.
>

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can a company help, officially?

[Ned Slider]

On 11/04/11 22:38, Les Mikesell wrote:
> On 4/11/2011 4:02 PM, Ned Slider wrote:
>> On 11/04/11 20:16, Digimer wrote:
>>>
>>> /putting on asbestos pants.
>>>
>>> each release is more complex than the last. The web of dependency grows,
>>> so the reverse-engineering takes longer and longer.
>>>
>>
>> This is just complete nonsense. You clearly have no understanding of the
>> processes involved in rebuilding RHEL. CentOS doesn't reverse-engineer
>> anything, they simply rebuild the upstream sources. It's not rocket science.
>
> It's not simple...


Which part isn't simple?

You rebuild a SRPM package in mock - that's simple, largely thanks to 
mock and rpmbuild.

You compare said rebuilt package to upstream's - that's simple, Johnny 
even provides a script to do it.

95% plus of packages rebuild perfectly first time, those are really simple.

A small percentage of packages need rebuilding against the correct 
libraries or package versions. RPM provides you with all the tools you 
need to figure this out. It's laborious, it's repetitive, it's boring, 
sometimes it's time-consuming but it's really NOT difficult.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can a company help, officially?

[Ned Slider]

On 12/04/11 00:03, Dag Wieers wrote:
> On Mon, 11 Apr 2011, Les Mikesell wrote:
>
>> On 4/11/2011 5:32 PM, Ned Slider wrote:
>>>
>>>>> This is just complete nonsense. You clearly have no understanding of the
>>>>> processes involved in rebuilding RHEL. CentOS doesn't reverse-engineer
>>>>> anything, they simply rebuild the upstream sources. It's not rocket 
>>>>> science.
>>>>
>>>> It's not simple...
>>>
>>> Which part isn't simple?
>>
>> The part where you guess why your build doesn't match the upstream binary.
>
> If it was simple, why would it take 86 days or 6 months ? I would like to
> have an answer to that. Either it is hard, and more people could help fix
> issues. Or it is simple and the CentOS developers have been slacking ?
>

In fairness, I did say it could be time consuming. I don't know what 
took 86 days.

> Anyone from the QA team interested to share some information on what
> happened during QA ?
>

The QA team are not permitted to comment on such matters as QA is a 
closed process.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can a company help, officially?

[Ned Slider]

On 12/04/11 17:04, Karanbir Singh wrote:
> Hi Ned,
>
> On 04/11/2011 10:02 PM, Ned Slider wrote:
>>> each release is more complex than the last. The web of dependency grows,
>>> so the reverse-engineering takes longer and longer.
>> This is just complete nonsense. You clearly have no understanding of the
>> processes involved in rebuilding RHEL. CentOS doesn't reverse-engineer
>> anything, they simply rebuild the upstream sources. It's not rocket science.
>
> He's not completely wrong; getting dep ordering with missing
> intermediaries isn't trivial. If upstream takes upto 50 days from
> release to drop a srpm, we need to consider implications in both
> directions right ? and at that point ( it has happened ) we might be
> looking at rebuilds from 50+X days. Where X might even be 20 - 45 days

Fair point :-)

> itself. in 5.3's release time we had to traceback to a fastrack built
> package from 5.1's days.
>

Well, I've said it before - if you built the FasTrack packages as they 
are released upstream then you wouldn't need to track back months trying 
to build it out of sequence. The same thing happened this time around 
too with a kde update I believe. Even if you don't release those 
FasTrack packages, if you at least build them during the life of 5.6 for 
example, when 5.7 gets released you'll have 10, 20, 50 or however many 
packages pre-built, tested and ready to ship and not have to maybe go 
back in time recreating build roots to build them. Generally it's just 
so much easier to build stuff in sequence as it's released by upstream 
rather than trying to rebuild it out of sequence 6 months after the event.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum update - missing dependencies

[Ned Slider]

On 13/04/11 05:22, Dvorkin, Asya wrote:
> Hi everyone,
>
> I just upgraded to 5.6 and keep on getting the following error message:
>
> [root@rwjafs1 ~]# yum update
> Loaded plugins: fastestmirror, priorities
> Loading mirror speeds from cached hostfile
>   * base: centos.mirror.nac.net
>   * extras: mirror.batblue.com
>   * updates: mirror.atlanticmetro.net
> Setting up Update Process
> Resolving Dependencies
> -->  Running transaction check
> --->  Package kmod-openafs.i686 0:1.4.12-1.1.2.6.18_194.26.1.el5 set to be 
> installed
> -->  Processing Dependency: kernel-i686 = 2.6.18-194.26.1.el5 for package: 
> kmod-openafs
> -->  Finished Dependency Resolution
> kmod-openafs-1.4.12-1.1.2.6.18_194.26.1.el5.i686 from openafs has depsolving 
> problems
>-->  Missing Dependency: kernel-i686 = 2.6.18-194.26.1.el5 is needed by 
> package kmod-openafs-1.4.12-1.1.2.6.18_194.26.1.el5.i686 (openafs)
> Error: Missing Dependency: kernel-i686 = 2.6.18-194.26.1.el5 is needed by 
> package kmod-openafs-1.4.12-1.1.2.6.18_194.26.1.el5.i686 (openafs)
>   You could try using --skip-broken to work around the problem
>   You could try running: package-cleanup --problems
>  package-cleanup --dupes
>  rpm -Va --nofiles --nodigest
>
> [root@rwjafs1 ~]# package-cleanup --problems
> Setting up yum
> Reading local RPM database
> Processing all local requires
> No problems found
> [root@rwjafs1 ~]# uname -r
> 2.6.18-238.5.1.el5
> [root@rwjafs1 ~]# more /etc/redhat-release
> CentOS release 5.6 (Final)
>
>
> A bit of history  Last time yum update was done on that box,  due to 
> Hyper V issues, kernel crashed.  I now know how to fix it, but back then we 
> just went to a previous kernel version (modified grub.conf), which I believe 
> now causes my current problems.
>
> This box's main responsibility has to do with afs, so installing afs related 
> package is kind of important..
>
> Thank you!
> Asya
>

It looks like you are using OpenAFS packages built for a specific kernel 
- in this case the 5.5 kernel-2.6.18-194.26.1.el5. My guess would be 
that in updating to 5.6, yum has automatically removed that older kernel.

You need to get kmod-openafs packages that match the version of your 
currently running kernel. Where did you get these packages as they are 
not a part of CentOS?



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpmbuild: definition of the %prep script

[Ned Slider]

On 18/04/11 17:31, Volker Poplawski wrote:
> On 04/18/2011 06:15 PM, Joseph L. Casale wrote:
>>> in which file is the %prep script defined?
>>
>> Defined in the spec file.
>
> You're right.
>
>
> Actually I'm trying to figure out where these lines originate from
>
> Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.86989
> + umask 022
> + cd /home/user/rpmbuild/BUILD
> + LANG=C
> + export LANG
>
> The setting of LANG messes up my build, which relies on Utf8.
>
>

see:

/usr/lib/rpm/redhat/macros


# Bad hack to set $LANG to C during all RPM builds
%prep \
%%prep\
LANG=C\
export LANG\
unset DISPLAY\
%{nil}

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to install binutils-devel on Centos Linux 5.5

[Ned Slider]

On 21/04/11 11:14, Frank Chang wrote:
>
> Good morning, I am trying to install binutils-devel on Centos Linux 5.5 so 
> that we can obtain lib liberty required by the oprofile-0.9.6 Linux profiler.
>Using root , I enter: yum local install 
> binutils-devel-2.20.51.0.7-6.fc14.i686.rpm. Then I get the message: Public 
> key for binutils-devel-2.20.51.0.7-6.fc14.i686.rpm is not installed. Please 
> tell me where I get the  Public key for 
> binutils-devel-2.20.51.0.7-6.fc14.i686.rpm . Thank you.   
>   
>
>

Why are you trying to install a Fedora 14 package on CentOS 5.5? Oh, 
it's probably because you're trying to install a later version of 
oprofile that again isn't a part of CentOS. The error you get is 
because, unsurprisingly, you don't have the GPG key installed for Fedora 
14 on your CentOS system.

This isn't a CentOS issue so you're on your own here.

Good luck.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba can't access dir - SELinux problem?

[Ned Slider]

On 25/04/11 09:49, Alexander Farber wrote:
> Hello,
>
> I was using CentOS 5.5 as a "playground" VM at my WinXP notebook
> and now I'm migrating to a new CentOS 5.6 install
> and everything has worked well - except samba.
>
> I have this very permissive config to export my ~/src dir:
>
> # cat /etc/samba/smb.conf
> [global]
> guest ok= yes
> guest account   = afarber
> security= share
> hosts allow = 172.16.6. 127.0.0.1
>
> [src]
> path = /home/afarber/src
> public = yes
> writable = yes
> printable = no
>
> But in the new install it has stopped working and prints:
>
> # tail /var/log/samba/smbd.log
> [2011/04/25 01:36:37, 0] smbd/service.c:make_connection_snum(1013)
>'/home/afarber/src' does not exist or permission denied when
> connecting to [src] Error was Permission denied
>
> I've checked permissions and installed rpms -
>   they're all the same
> (and smbd runs as "root", doesn't it?)
>
> Is this maybe a SELinux setting problem?
>
> # tail /var/log/audit/audit.log (only at the new VM)
> type=AVC msg=audit(1303720863.712:53): avc:  denied  { search } for
> pid=6737 comm="smbd" name="/" dev=sda3 ino=2
> scontext=user_u:system_r:smbd_t:s0
> tcontext=system_u:object_r:home_root_t:s0 tclass=dir
>
> type=SYSCALL msg=audit(1303720863.712:53): arch=c03e syscall=4
> success=no exit=-13 a0=2b79380c9620 a1=7fff35dfe9f0 a2=7fff35dfe9f0
> a3=ea items=0 ppid=6543 pid=6737 auid=500 uid=500 gid=0 euid=500
> suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) ses=2
> comm="smbd" exe="/usr/sbin/smbd" subj=user_u:system_r:smbd_t:s0
> key=(null)
>
> # ls -aldZ /home/afarber/src  (same result at both old and new VMs)
> drwxrwxr-x  afarber afarber user_u:object_r:user_home_t  /home/afarber/src
>
> # ls -aldZ /home/afarber/
> drwx--  afarber afarber user_u:object_r:user_home_dir_t  /home/afarber/
>
> Does anybody please know a magic command here?
>
> Thank you
> Alex

Alex,

Try the following command, and make sure it's set to "on" to allow users 
home dirs to be shared by samba:

$ /usr/sbin/getsebool -a | grep samba_enable_home_dirs
samba_enable_home_dirs --> on

If not, you can turn it on with:

setsebool -P samba_enable_home_dirs on


See here for more information:

http://wiki.centos.org/HowTos/SELinux
http://wiki.centos.org/TipsAndTricks/SelinuxBooleans



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FYI - pci_mmcfg_init kernel error after upgrading to 5.6

[Ned Slider]

On 25/04/11 15:44, Windsor Dave L. (AdP/TEF7.1) wrote:
> On 4/25/2011 10:26 AM, Johnny Hughes wrote:
>> On 04/25/2011 08:58 AM, Windsor Dave L. (AdP/TEF7.1) wrote:
>>> Just thought I'd pass along an error I received this weekend after
>>> upgrading two servers to 5.6.  Both are HP Proliant DL380 servers
>>> running 64-bit, but one is a G6 model and one is a G7.  After the
>>> upgrade and the reboot to the 2.6.18-238.9.1.el5 kernel, both servers
>>> displayed the following error at boot:
>>>"pci_mmcfg_init marking 256MB space uncacheable."
>>>
>>> Some Googling found me the following link:
>>>https://partner-bugzilla.redhat.com/show_bug.cgi?id=581933
>>>
>>> There are apparently performance implications due to this issue.
>>> Fortunately, the solution is simple:  just boot with the kernel parameter
>>>acpi_mcfg_max_pci_bus_num=on
>>>
>>> If everyone is already familiar with this, please ignore. :-)
>>>
>>
>> Supposedly this issue is fixed in the 5.6 kernel ... not introduced in it :D
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=581933
>>
>> However, the advise is good regardless of version of kernel.
>>
>
>
> Yes, I saw the reference to RHEL 5.5 in the bug description, but I never
> saw the message before the upgrade to CentOS 5.6.  Hardware differences,
> I guess.  The bug description mentions a Dell Precision.
>
> Best Regards,
>
> Dave Windsor
>

I saw and reported the issue during QA for CentOS-5.6.

I think it's quite widespread, I saw it on generic Intel-based motherboards.

I've not had any issues applying the documented "fix" and have been 
running that since January.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] exim FASTTRACK

[Ned Slider]

On 30/04/11 17:57, Markus Falb wrote:
> CentOS just announced an exim FASTTRACK package
>
> http://lists.centos.org/pipermail/centos-announce/2011-April/017438.html
> http://rhn.redhat.com/errata/RHBA-2011-0443.html
>
> While I am not interested in local_scan() or man pages,
> Bugzilla #606272 looks mysterious because I can not find information
> about it.
> https://bugzilla.redhat.com/show_bug.cgi?id=606272
>
> The only information I see is comment 16 which is referring back
> to the RHBA.
>
> Does anyone have some insight ? What is #606272 about ?
> Maybe I should ask Upstream Vendor ? Is it normal that information about
> fasttracked packages is not available publicly ?
>
>

The Fastrack release ONLY addresses the local_scan() and man page issues 
to which you refer; see here:

https://rhn.redhat.com/errata/RHBA-2011-0443.html

The other issue was addressed in a previous bug fix errata:

http://rhn.redhat.com/errata/RHBA-2010-0522.html

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] community communication

[Ned Slider]

On 03/05/11 09:12, John R. Dennison wrote:
> On Tue, May 03, 2011 at 12:59:03AM -0700, Akemi Yagi wrote:
>>
>> Forum Announcement is yet another place you may want to check:
>
> Forums, mailing lists, twitter feeds...
>
> Enough is enough.
>
> Can we _please_ consolidate such status updates, the few times they
> appear, at _one_ location?  People should not have to play guessing
> games as to where status updates may or may not appear, nor should they
> have to be checking a minimum of 3 sources to locate such information.
>

Erm, I thought that's exactly what Alan was doing - on the forums. He 
pulls all the information together and posts it in that thread. I'm sure 
we've had this discussion before.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] No sound on HP 8540w, guidance requested

[Ned Slider]

On 07/05/11 16:22, David wrote:
> Dear Experts
>
> I have been unsuccessful getting the sound to work on a HP Mobile
> Workstation HP 8540w.
>
> Here's a brief rundown of where I am
>
> I did a clean new install of Centos 5.6 from DVD, using the Gnome
> Desktop option and no optional modules.
> I enabled the firewall, but disabled SELINUX.
>
> I installed three files from elrepo to make the wireless adaptor
> work, and specified the video adaptor using the Gnome ->  System ->
> Preferences ->  Display panel.
>

Hi David,

If you're already familiar with elrepo then I'd suggest you try their 
updated alsa sound drivers.

yum --enanlerepo=elrepo install kmod-alsa

and reboot.

Also, don't forget to check your sound device isn't muted. The ALSA docs 
state:

Note: All mixer channels are muted by default. You must use a native
   or OSS mixer program to unmute appropriate channels (for example a
   mixer from the alsa-utils package).

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] No sound on HP 8540w, guidance requested

[Ned Slider]

On 07/05/11 17:28, Ned Slider wrote:

fixing my own typo

>
> yum --enanlerepo=elrepo install kmod-alsa
>

yum --enablerepo=elrepo install kmod-alsa

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] No sound on HP 8540w, guidance requested

[Ned Slider]

On 07/05/11 20:32, David wrote:
>
> I got two recommendations:
> a) Used 'alsamixer' to unmute all channels.  The were, as a responder
> suggested, muted.
> b) Installed kmod-alsa from elrepo.  It produced a bunch of warnings
> which I ignored.
> c) I performed lspci | grep -i audio, and got
>
> 00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset
> High Definition Audio (rev 06)
> 01:00.1 Audio device: nVidia Corporation High Definition Audio
> Controller (rev a1)

Hmm, any idea why you have 2 audio controllers?

> I am not sure where to go from here.

Next you need to identify the Vendor:Device ID pairing for your 
device(s) above and then search for a driver that supports them.

If I show you by example, on MY hardware, perhaps you can follow along 
for yours...

You already did:

# lspci | grep -i audio
00:1b.0 Audio device: Intel Corporation 82801I (ICH9 Family) HD Audio 
Controller (rev 02)

so now take the PCI ID (first part above) and query it for the 
Vendor:Device ID pairing:

# lspci -n | grep '00:1b.0'
00:1b.0 0403: 8086:293e (rev 02)

and take the Vendor:Device ID pairing (8086:293e in my example) and 
search for a matching driver supporting that device:


# grep -i 8086 /lib/modules/*/modules.alias | grep -i 293e
/lib/modules/2.6.18-128.el5/modules.alias:alias 
pci:v8086d293Esv*sd*bc*sc*i* snd-hda-intel
/lib/modules/2.6.18-164.el5/modules.alias:alias 
pci:v8086d293Esv*sd*bc*sc*i* snd-hda-intel
/lib/modules/2.6.18-194.el5/modules.alias:alias 
pci:v8086d293Esv*sd*bc*sc*i* snd-hda-intel
/lib/modules/2.6.18-238.9.1.el5/modules.alias:alias 
pci:v8086d293Esv*sd*bc*sc*i* snd-hda-intel
/lib/modules/2.6.18-238.el5/modules.alias:alias 
pci:v8086d293Esv*sd*bc*sc*i* snd-hda-intel
/lib/modules/2.6.18-53.el5/modules.alias:alias 
pci:v8086d293Esv*sd*bc*sc*i* snd-hda-intel
/lib/modules/2.6.18-92.el5/modules.alias:alias 
pci:v8086d293Esv*sd*bc*sc*i* snd-hda-intel

which shows me the snd-hda-intel driver present in kernel-2.6.18-53.el5 
onwards supports my hardware.

Now do the same for your hardware and show us the results.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Am I being to paranoid?

[Ned Slider]

On 08/05/11 23:31, John Hinton wrote:
>
> I know Fail2Ban is not a CentOS standard package, but it would be nice
> if we could build a place on the CentOS website where rules could be
> shared. Each environment is a bit different and so the rules need to be
> adapted. I have found the need for edits even between CentOS 3, 4 and 5
> boxes.
>

That would be the CentOS Wiki.

http://wiki.centos.org/

Feel free to jump on over to the centos-docs list and create a page 
describing how to install, configure and write custom rules. You can 
also document the differences between CentOS 3, 4 and 5. Sounds like an 
ideal topic for a HowTo guide.

Being a Wiki, others can then easily add and share their rules too.

Then every time someone asks about Fail2Ban we can refer them to your 
documentation :-)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Running SSH on a different port

[Ned Slider]

ML wrote:
> HI All,
> 
> With my new firewall in place, it has opened my eyes to how much  
> traffic gets blocked in a single day and also what are the most active  
> rules. I get *a lot* of requests for port 22.
> 
> How does one switch ssh ports? What is a good port to use? What  
> ramifications does it have when I need to ssh in? Is it as simple as  
> ssh u...@hots:port?
> 

Pretty much everything you need to know about SSH is on the Wiki here:

http://wiki.centos.org/HowTos/Network/SecuringSSH

Why don't people use the Wiki? These same topics come up over and over 
again, and no one ever refers to the resources available on the Wiki?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Running SSH on a different port (with SELinux)

[Ned Slider]

Jorge Fábregas wrote:
> Hello everyone,
> 
> Now after the recent discussion on running SSH on a different port,  I 
> decided 
> to start a new thread but with SELinux involved.
> 
> Assuming that you have SELinux enabled, and that you changed the default port 
> for SSHD, let say for 1234, when I restart SSHD I don't get any AVC denials.
> 
> This is the output of:  semanage -l port | grep ssh  
> ssh_port_t tcp  22
> 
> I thought (based on previous SELinux readings) that in order to allow SSHD on 
> a non-default port you needed to:
> 
> semanage port -a -t ssh_port_t -p tcp 1234
> 
> That was the theory I read :) Now in practice it seems it is not implemented 
> yet, or at least by the time RHEL5 came out. Does anyone knows?
> 

The SSH daemon runs as an unconfined service in SELinux (at least on 
RHEL4 and 5), so SELinux has no effect on SSH. Same as a bash shell runs 
unconfined.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Packages in 5.4 older than 5.3 updates, and no 5.4 updates available?

[Ned Slider]

Stephen Harris wrote:
> I've been checking the updates tree for 5.4 and notice that they're empty.



> 
> Is this merely a case that the 5.4 updates tree hasn't yet been pushed
> out and these changes should show up in the near future (when?)...

Yes, and the announcement email said 5.4 updates should appear in the 
next 48 to 96h after release (which happens to be right about now).




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DoveCot and Postfix Setup? or Zimbra?

[Ned Slider]

ML wrote:
> Hi All,
> 
> I have not really setup e-mail serving on Linux before by myself. I have a 
> setup now where it was setup for me running Dovecot and postfix. The setup 
> works. I want to set this up again on my own system.
> 
> Does anyone have a good tutorial?
> 

Yes, on the CentOS Wiki:

http://wiki.centos.org/HowTos/postfix

> Zimbra...does it replace dovecot and postfx setup?
> 

I believe so.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] startssl and CA autority

[Ned Slider]

fakessh wrote:
> 
>> how to incorporate the certificates in postfix?
>>

Does this help?

http://wiki.centos.org/HowTos/postfix_sasl


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless

[Ned Slider]

Davy Leon wrote:
> Hi
> 
> There is no encryption and my neighbour knows about it, we are just trying 
> to build an small network for our computers.
> Centos doesn't recognize the USB device. I just plug ot in and nothing 
> happens.
> 
> Any suggestions?
> 
> David
> 

What chipset does the device use? Elrepo has drivers and firmware for 
many wireless devices.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless

[Ned Slider]

Davy Leon wrote:
> [r...@linux ~]# lsusb
> Bus 001 Device 004: ID 0846:6a00 NetGear, Inc. WG111 WiFi (v2)
> Bus 001 Device 001: ID :
> Bus 001 Device 002: ID 046d:c016 Logitech, Inc. M-UV69a Optical Wheel Mouse
> Bus 002 Device 001: ID :
> 
> so, is Realtek RTL-8187L chipset
> 

As suspected, grepping modules.alias shows that Vendor:Device ID to 
match rtl8187.ko:

grep 0846 /lib/modules/2.6.18-164.6.1.el5/modules.alias | grep -i 6a00
alias usb:v0846p6A00d*dc*dsc*dp*ic*isc*ip* rtl8187

so try loading the module:

modprobe rtl8187

if it's not already loaded.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos-release srpm

[Ned Slider]

Shad L. Lords wrote:
> Back on Oct 31st Karanbir said he would take care of the missing 
> centos-release srpm.  It still hasn't shown up on any of the mirrors. 
> Is this ever going to be fixed?
> 
> -Shad

Did you (or anyone) file a bug? If so, it would be useful to link to it 
here.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] via vb 8001 : vt1211 driver

[Ned Slider]

On 12/28/2009 09:18 PM, Adrian Sevcenco wrote:
> Hi! I have an vb8001 and i try to make the lm_sensors to work .. i
> upgraded to latest version and in the end doesn't find the vt1211
> driver ... is it packaged somewhere? (maybe elrepo but it doesn't find
> any vt1211 nor 1211 related packages) (of course this is on an Centos 5.4)
> Thanks,
> Adrian
>
> P.S. i tried to post to lm_sensors mail list but it seem that it is not
> working (nor http://lists.lm-sensors.org/mailman/listinfo/lm-sensors)
>
>

Hi Adrian,

If you make a request at elrepo.org (either on the bug tracker or 
mailing list), then I'm sure I can backport the vt1211 driver for you 
and make it available at elrepo.org. From a quick look, lm_sensors (in 
5.4) appears to already support vt1211 so you should just need the 
kernel module for it.

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] trying to get lm_sensorts to work

[Ned Slider]

On 12/31/2009 10:41 PM, Akemi Yagi wrote:
> On Thu, Dec 31, 2009 at 2:04 PM, Jerry Geis  wrote:
>> hi all,
>>
>> I am trying to get lm_sensors to work.
>>
>> did the yum install lm_sensors
>> service lm_sensors start
>>
>> sensor -s
>> and it says no sensors found.
>>
>> did lsmod | grep it87 and
>> it87   57061  0

Did you run sensors-detect, and if so, which variant of it87 did it detect?

>
> You may want to read this forum thread:
>
> https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=24010&forum=38
>
> and give the packages from ELRepo a try.
>
> Akemi

Indeed. The standard it87 driver in 5.4 only supports IT8705F and 
IT8712F. I backported additional support for IT8716F, IT8718F, IT8720F 
and IT8726F Super I/O chips into the it87 module in ELRepo (kmod-it87), 
which will also automatically update lm_sensors as a dependency from the 
same repo.

I reported this upstream over 18 months ago and it's now scheduled to be 
fixed in 5.5, maybe.

https://bugzilla.redhat.com/show_bug.cgi?id=446061
https://bugzilla.redhat.com/show_bug.cgi?id=448223

In the meantime, the ELRepo package has the latest updated driver for 
this hardware.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPTABLEs and port scanning

[Ned Slider]

On 01/05/2010 03:30 PM, James B. Byrne wrote:
> I see many entries in /var/log/secure similar to these:
>
> . . .
> /var/log/secure.1:Dec 31 08:00:55 gway01 sshd[7220]: Received
> disconnect from 93.89.144.31: 11: Bye Bye
> /var/log/secure.1:Dec 31 08:00:58 gway01 sshd[7221]: Failed password
> for root from 93.89.144.31 port 60100 ssh2
> /var/log/secure.1:Dec 31 08:00:58 gway01 sshd[7222]: Received
> disconnect from 93.89.144.31: 11: Bye Bye
> /var/log/secure.1:Dec 31 08:01:02 gway01 sshd[7223]: Failed password
> for root from 93.89.144.31 port 60962 ssh2
> /var/log/secure.1:Dec 31 08:01:02 gway01 sshd[7224]: Received
> disconnect from 93.89.144.31: 11: Bye Bye
> /var/log/secure.1:Dec 31 08:01:05 gway01 sshd[7227]: Failed password
> for root from 93.89.144.31 port 33612 ssh2
> /var/log/secure.1:Dec 31 08:01:05 gway01 sshd[7228]: Received
> disconnect from 93.89.144.31: 11: Bye Bye
> /var/log/secure.1:Dec 31 08:01:09 gway01 sshd[7229]: Failed password
> for root from 93.89.144.31 port 34504 ssh2
> . . .
>
> As you can see, the ports are not those associated with the service
> requested.  SSHD is configured to listen on the standard port (22)
> and only on a single IP address that is supposed to be reachable
> only from the internal network (this is a multi-homed system
> configured as a gateway).
>

Those are the *source ports* from the attacking host, not the 
destination port on which you are running SSH. I /assume/ the number 
enclosed in '[]' to be the pid of the sshd instance associated with the 
connection attempt.

Hope that helps.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 5.4 :: linux-2.6.32.2 compile error (via nano l2...@1600)

[Ned Slider]

On 01/07/2010 10:12 AM, Adrian Sevcenco wrote:
> Jim Perrin wrote:
>> On Wed, Jan 6, 2010 at 5:15 PM, Adrian Sevcenco  
>> wrote:
>>> Hi! I try to compile an vanilla kernel 2.6.32.2 on centos 5.4 and i have
>>> this error :
>>
>> Out of curiosity, why are you rebuilding the kernel? Is there a driver
>> you need which isn't supplied by the elrepo repository folks?
> Well, the thing is that i lack power scaling (i understood that the
> module should have name something like overhaul .. or something)
> Given that this is an samba home server with very little load is a pity
> that it stays all the time at maximum freq.. elrepo guys are fantastic
> and from them i have the vt1211 driver for the sensors .. but i dint see
> that they would have also scaling drivers in their repo.
> Thanks,
> Adrian
>

Depends what hardware you have. ELRepo has a fixed powernow-k8 driver 
for AMD processors that allows correct scaling on multicore processors. 
See here:

http://blog.toracat.org/2009/08/go-green-with-newer-amd-processors/
http://elrepo.org/tiki/kmod-powernow-k8

Other than that, generally I've found most scaling issues to be 
hardware/bios related, rather than an issue within CentOS itself so I'd 
suggest checking you have the latest bios for your motherboard and that 
all power saving options within the bios are correctly set.

Hope that helps.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Laptop for CentOS-5

[Ned Slider]

On 01/09/2010 06:31 PM, Les Mikesell wrote:
> Christoph Maser wrote:
>> Sure, your opinion. But to me the question was "a suitable laptop for
>> running CentOS" not "what is the best OS to run on a laptop"
>
> And as you might have noticed, there weren't an overwhelming number of replies
> from people happy with their experience with CentOS on laptops.  It's not
> unreasonable to use/recommend the best thing for the intended purpose and 
> CentOS
> isn't a particularly good fit on a laptop.
>

That's your opinion. I'm perfectly happy running CentOS on my Dell XPS 
M1330, and furthermore pretty much everything works fine straight out of 
the box:

http://wiki.centos.org/HowTos/Laptops/Dell/XPS_M1330

Those that are happy don't always speak up. Mostly it's those who are 
unhappy or have things not working that you hear from.

JMHO.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] digikam and mp3 sound on RHEL

[Ned Slider]

On 01/12/2010 07:28 AM, Kevin Kempter wrote:
> Hi All;
>
> after years of running free Linux distros I've finally come to a place where I
> must have solid stability for my work laptop so I've purchased RHEL
> Workstation.
>
> I like it well enough - however I'd like to install digikam and get my system
> to play mp3's.  I'm thinking I could get both of these from a centos
> repository. What do you'all think?
>
> If so, could someone point me to the correct repo(s) and the packages I'd need
> for playing mp3's?
>

Start here:

http://wiki.centos.org/TipsAndTricks/MultimediaOnCentOS
http://wiki.centos.org/AdditionalResources/Repositories
http://wiki.centos.org/AdditionalResources/Repositories/RPMForge

and please make sure you read up on using 'priorities' before enabling 
3rd party repos:

http://wiki.centos.org/PackageManagement/Yum/Priorities

That should hopefully get you going :)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NetworkManager won't save wireless keys

[Ned Slider]

On 01/14/2010 05:42 PM, Kevin Kempter wrote:
> On Thursday 14 January 2010 10:28, Frank Cox wrote:
>> On Thu, 2010-01-14 at 10:07 -0700, Kevin Kempter wrote:
>>> Hi all;
>>>
>>> I'm running KDE 3.5 on CentOS 5.4
>>>
>>> I have wireless working however every time I boot I have to enter the
>>> wireless key. Anyone know how to get NetworkManager to save the keys?
>>>
>>> I've tried going to the 'edit connections' and adding the key there as
>>> well with no luck.
>>
>> gnome-keyring stores the keys on (of course) gnome.  Do you have
>> something similar on kde that is, perhaps, either not installed or
>> disabled?
>
>
> I have kwallet installed but the KDE NetworkManager seems to not be using it

I think this is because NetworkManager is really a gnome application. 
Here's how I have my laptop set up to automatically authenticate using 
KDE...

If you have gnome installed, log into gnome, set up gnome-keyring and 
store the key there and make sure it's working.

Then, log into KDE and use nm-applet. If you use the same password for 
your keyring as you do to log in (not always the best idea security 
wise), you can then configure pam_keyring to use your login password to 
automatically authenticate you on the wireless network using your stored 
keys.

Details for configuring pam_keyring can be found here:

https://www.centos.org/modules/newbb/viewtopic.php?topic_id=19782&forum=40&post_id=74422#forumpost74422

Hope that helps.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos security sshv1

[Ned Slider]

On 01/22/2010 06:37 PM, m.r...@5-cent.us wrote:
>> Hi all!
>>
>> I was scanning my servers with nmap, ( i have installed ssh), and the
>> result gave me this:
>>
>> 22/tcp open ssh
>> sshv1: Server Supports SSHv1
>
> Yes. Turn off sshv1 in the configuration file.
>
>  mark
>


http://wiki.centos.org/HowTos/Network/SecuringSSH

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 5.2 to 5.4

[Ned Slider]

Jerry Geis wrote:
> I am trying to update x86_64 from 5.2 to 5.4
> 
> I am trying to update glibc first (before yum -y upgrade) with the command
> yum update glibc glib-devel glibc-headers
> gives me the following:
> 
> 
> package glibc-devel needs glibc-headers = 2.5-24.el5._2.2 this, is not 
> available
> package glibc-devel needs glibc = 2.5-24.el5._2.2, this is not available.
> 
> am I missing something? usually this works fine.
> 
> Jerry

Looks like a typo to me, "glib-devel" should presumably be glibc-devel.

Probably easier to just do:

yum update glibc\*

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.4 64-bit: Java web browser plugin for 64-bit FireFox?

[Ned Slider]

This is all documented on the Wiki for anyone who cares to search:

http://wiki.centos.org/TipsAndTricks/PluginsFor64BitFirefox

[rhetorical] Why does this mailing list insist on reinventing the wheel 
rather than perform a simple search of existing documentation first?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Skype and problem with ALSA mixer driver?

[Ned Slider]

Andrew wrote:
> Having used skype successfully in the past with previous CentOS
> versions, I haven't yet been able to get it working fully with CentOS
> 5.3 - the playback sound works OK but I can't get the mic working. I
> previously used the skype version installed with yum from the skype repo
> but thought maybe this was faulty, so have just installed the static
> version (cd skype_static-2.1.0.81). However, the mic still doesn't work
> and I've notice the following (repeated) error messages on the command
> line (currently this version has to be executed from the command line):
> 
> snd_pcm_avail_update() returned a value that is exceptionally large:
> 203032 bytes (1057 ms).
> Most likely this is a bug in the ALSA driver. Please report this issue
> to the ALSA developers.
> snd_pcm_avail_update() returned a value that is exceptionally large:
> 201176 bytes (1047 ms).
> Most likely this is a bug in the ALSA driver. Please report this issue
> to the ALSA developers.
> snd_pcm_avail_update() returned a value that is exceptionally large:
> 199280 bytes (1037 ms).
> Most likely this is a bug in the ALSA driver. Please report this issue
> to the ALSA developers.
> 
> ..etc
> 
> Does anybody have any information about this issue/bug and any idea how
> to solve the problem?
> Thanks,
> Andy
> 

What version of ALSA driver are you using? Have you tried updating ALSA 
as the version within CentOS is quite old now (1.0.14rc3).

Elrepo has an updated ALSA driver package here:

http://elrepo.org/tiki/kmod-alsa

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Skype and problem with ALSA mixer driver?

[Ned Slider]

Andrew wrote:
> On Fri, 2010-01-29 at 11:03 -0800, Akemi Yagi wrote:
>> On Fri, Jan 29, 2010 at 10:44 AM, Andrew  wrote:
 What version of ALSA driver are you using? Have you tried updating ALSA
 as the version within CentOS is quite old now (1.0.14rc3).

 Elrepo has an updated ALSA driver package here:

 http://elrepo.org/tiki/kmod-alsa

>>> Thanks for that useful information, but can you tell me exactly how to
>>> perform the update? I tried 'yum update *alsa*' as I have the Elrepo
>>> repository installed, but it came up with 'No Packages marked for
>>> Update'. Do I need to completely remove all the currently installed ALSA
>>> packages and then do 'yum install kmod-alsa? Any advice gratefully
>>> received, thanks.
>> Perhaps, you do not have elrepo enabled (default behavior) ?  In that case, 
>> try:
>>
>> yum --enablerepo=elrepo install kmod-alsa
>>
>> Akemi
> 
> Many thanks,
> I've installed kmod-alsa OK but the mic is still not working (with
> skype). Do I need to remove the old ALSA packages alsa-lib and
> alsa-utils? - because when I type 'yum erase alsa-lib alsa-utils' it
> wants to remove 123 packages!
> 
> Andy
> 

No, do *not* remove alsa-lib or alsa-utils (they are core CentOS packages).

Have you rebooted since installing kmod-alsa as the kernel will need to 
load the new drivers? If not, please reboot and retest.

If it's still not working after updating ALSA using kmod-alsa from 
elrepo (after a reboot), then you might want to consider removing that 
package as it hasn't fixed the problem in your case:

yum erase kmod-alsa

Hope that helps.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OpenSSH-5.3p1 selinux problem on CentOS-5.4.

[Ned Slider]

James B. Byrne wrote:
> Note: I am digest subscriber so if you could copy me directly on any
> reply to the list I would appreciate it very much.
> 



>  After a modest amount of research we decided that the
> best answer was to use a more recent version of OpenSSH (5.3p1)that
> supports chroot as a configurable option.
> 

I've not tested it, but I believe the chroot stuff was backported some 
while ago:

# rpm -q --changelog openssh | more
* Tue Dec 01 2009 Jan F. Chadima  - 4.3p2-40
- close error file descriptor before running external subsystem (#537348)

* Tue Sep 15 2009 Jan F. Chadima  - 4.3p2-36.2
- minimize chroot patch to be compatible with upstream (#522141)

* Tue Jun 23 2009 Jan F. Chadima  - 4.3p2-36
- tiny change in chroot sftp capability into openssh-server solve ls 
speed problem (#440240)

* Tue May 26 2009 Jan F. Chadima  - 4.3p2-35
- workaround to plaintext recovery attack against CBC ciphers 
CVE-2008-5161 (#502230)

* Fri May 15 2009 Tomas Mraz  - 4.3p2-34
- disable protocol 1 in the FIPS mode

* Thu Apr 30 2009 Jan F. Chadima  - 4.3p2-33
- fix scp hangup on exit (#454812)
- call integrity checks only on binaries which are part of the OpenSSH FIPS
   modules

* Mon Apr 20 2009 Tomas Mraz  - 4.3p2-32
- log if FIPS mode is initialized (#492363)
- check the integrity of the binaries in the FIPS mode (#467268)

* Wed Apr 08 2009 Jan F. Chadima  - 4.3p2-31
- fix ssh hangup on exit (#454812)

* Fri Mar 27 2009 Jan F. Chadima  - 4.3p2-30
- add chroot sftp capability into openssh-server (#440240)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OpenSSH-5.3p1 selinux problem on CentOS-5.4.

[Ned Slider]

James B. Byrne wrote:



> 
> The new server software works fine for regular ssh/sftp users.
> However, when logging on as a member of the chroot group we obtain
> this error:
> 
> ssh_selinux_getctxbyname: ssh_selinux_getctxbyname:
> security_getenforce() failed
> 



> 
> # sestatus
> SELinux status: enabled
> SELinuxfs mount:/selinux
> Current mode:   permissive
> Mode from config file:  permissive
> Policy version: 21
> Policy from config file:targeted
> 

What happens if you enable SELinux, i.e, set it to enforcing? Do you 
still see the same error message above?



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Virtualization software to install Windows as guest on CentOS 5 as host ?

[Ned Slider]

John R Pierce wrote:
 I may be mistaken, but I thought those were only available to RHN
 subscribers, and are not open source or free to redistribute.

   
>>> The virtio block drivers? Really? I think I remember something about it
>>> being leaked...need to check
>>> 
>> Nope
>>
>> http://www.linux-kvm.org/page/WindowsGuestDrivers/Download_Drivers
>>   
> 
> ah, good.  that was a big gap a year or so ago when I was investigating 
> free virtualization for Windows
> 

I might be wrong, but I don't think the freely available drivers are 
signed, unlike the virtio drivers supplied by Red Hat through the 
Supplementary channel which are signed.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OpenSSH-5.3p1 selinux problem on CentOS-5.4.

[Ned Slider]

James B. Byrne wrote:



> 
> I am not sure what effect disabling SELinux support in SSH actually
> has from a security standpoint.  So, if anyone cares to enlighten me
> on the the consequences I would like to know.
> 


I was under the impression that sshd runs unconfined in the current CentOS?

$ ps axZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2766 ? Ss   0:00 
/usr/sbin/sshd

For example, you don't need to change the ssh_port in SELinux when 
running the sshd on an alternative port, I assume because sshd is 
running unconfined.

Also, it makes little sense to me to run sshd in a confined domain as an 
ssh login will give the user a login (bash) shell, which also runs 
unconfined:

$ ps axZ | grep bash
user_u:system_r:unconfined_t 8504 pts/3Ss 0:00 /bin/bash
user_u:system_r:unconfined_t16789 pts/4Ss 0:00 /bin/bash

Or maybe I totally misunderstand?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Virtualization software to install Windows as guest on CentOS 5 as host ?

[Ned Slider]

Frank Cox wrote:
> On Thu, 2010-02-04 at 12:36 +0000, Ned Slider wrote:
>> I might be wrong, but I don't think the freely available drivers are 
>> signed, unlike the virtio drivers supplied by Red Hat through the 
>> Supplementary channel which are signed.
> 
> The download page that was just posted here says:
> 
> QUOTE:
> Code signing drivers for the Windows 64bit platforms 
> Drivers should be signed for Windows 64bit platforms. 
> Here are some links how to self sign and install self signed drivers:
> END OF QUOTE
> 
> so I guess you can do that part yourself.

Yes, you can sign the drivers yourself, but the issue as I understand it 
is that for the drivers to work with Windows (Vista, Server 2008, Win7 
??), they need to be signed by a cert that has a chain of trust to 
Microsoft's root cert. Red Hat (and others) have such a cert and have 
appropriately signed drivers for their customers. I /believe/ the 
drivers are redistributable, but they are not signed.

Disclosure: I am not a Windows expert!


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Securing SSH

[Ned Slider]

Tim Alberts wrote:

Ned Slider wrote:



Tim Alberts wrote:
So I setup ssh on a server so I could do some work from home and I 
think the second I opened it every sorry monkey from around the 
world has been trying every account name imaginable to get into the 
system.


What's a good way to deal with this?



The Wiki has an article here on just this:

http://wiki.centos.org/HowTos/Network/SecuringSSH

I've been experimenting with the iptables filtering with the recent 
module, but I have not yet had success.  I do have my default policy to 
reject with icmp and I've read the note that the default should be 
DROP.  Is this the problem?




If you just need access from home, I would just open the ssh port to 
your home IP address. If this isn't possible because you don't have a 
static IP at home, maybe moving to a non-standard port and/or 
configuring public/private keys (and disabling password authentication) 
would be sufficient. IPTables isn't the only way to crack this 
particular nut.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CONNECTING VIA SSH BETWEEN CENTOS 4 AND 5

[Ned Slider]

Chris Geldenhuis wrote:

Stephen John Smoogen wrote:

On Wed, Apr 16, 2008 at 1:32 PM, Chris Geldenhuis
<[EMAIL PROTECTED]> wrote:
 

Hi,

 I am trying to set up an automatic connection between CentOS 4 system
(server) and a CentOS 5 DomU VM (client) via ssh to enable my to back up
development files on the server to the client with a cron process.

 I generate they key pair without a pass phrase on the client and 
copy the

public key to the same user's .ssh directory on the server as
authorized_keys2.

 When I try to ssh to the Server from the Client, I am still asked 
for the

user's password on the client.

 If I do the same with CentOS 5 for both Client and Server, I can login
without providing a password.

 The versions of ssh on the two systems are:

 Client (CentOS 5):   OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006

 Server (CentOS 4):   OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

 Does anyone on the list know whether these versions are compatible 
or how

to get them to work together without requiring a password.

 It is not an option to change to CentOS5 on the server side as that 
system
is serving as a development system for a client running RedHat ES 4 
and has

to have the identical configuration and be binary compatible.



I know this works between the entire CentOS family. The main problems
I have seen are that the users home directory or .ssh permissions are
not secure enough for ssh to do its thing.

ssh -v -v -v will tell you more than you want on where it is having
problems.. but the quick fix I use are the following:

su - root
chown $user $user_homedir # fill in $user and $user_home correctly as
in dude and /nfs/home/d/dude
chmod 0750 $user_homedir
chown $user $user_homedir/.ssh
chmod 0700 $user_homedir/.ssh
chmod 0600 $user_homedir/.ssh/authorized_keys

If that doesn't fix the problem the -v -v -v will tel what else might
be the cause.



  
Thanks - changing the permissions fixed the problem . Thanks also to 
Daniel for his suggestions.




Yes, if StrictModes is set to yes in /etc/ssh/sshd_config (which is the 
default), then the correct permissions *must* be set on ~/.ssh and 
~/.ssh/authorized_keys.


It is also documented in the Wiki article here:

http://wiki.centos.org/HowTos/Network/SecuringSSH#head-9c5717fe7f9bb26332c9d67571200f8c1e4324bc

Regards,

Ned

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Missing update / update announcement

[Ned Slider]

Bernd Bartmann wrote:

Hi,

the C5 updates to openoffice.org-2.0.4-5.4.26 are available on the
mirrors, but no announcement has come through the centos-announce
mailing list yet.


I'm sure they will


Also, upstream has released gnome-screensaver-2.16.1-5.el5_1.1 and
gnome-screensaver-2.16.1-8.el5 (FasTrack channel) beginning of April.
Neither is available yet for C5.



CentOS doesn't currently build fastrack packages from upstream for 
CentOS 5. I believe there are plans to do so at some point, but it 
hasn't happened yet. This has been discussed recently on the mailing lists.


Regards,

Ned


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DKMS

[Ned Slider]

Robert Becker Cope wrote:

Kai Schaetzl <[EMAIL PROTECTED]> wrote:


CentOS is *not* for users new to Linux or Unix-like operatings
systems. It isn't. Full stop.


Hopefully what you mean is that it isn't designed specifically for users that
are new to Linux. It is a perfectly fine distribution for those wanting to
learn Linux, though the learning curve may be a bit steep.

Is there any distro designed to train new Linux users?

robert



I think that depends on what the new user wants or expects from Linux. 
Sure there are distro's that attempt to hide or eliminate the exposure 
of new users to the command line, or choose to install 3rd party (non 
GPL/OS) stuff by default, or at least make it easy to do so from 
preconfigured repos.


Many (desktop) users converting from that other popular OS seem to 
expect things like multimedia support, 3rd party drivers, wireless etc 
to work out of the box by default, or at least be easy to install 
without having to resort to foreign commands on the command line (they 
easily forget none of these things worked on their previous OS out of 
the box!). Those users don't see the power of the command line and see 
it as a backwards step. It's easy to forget there is now a whole 
generation of computer users who have known nothing but the GUI and 
completely missed out on DOS or CP/M, and never owned a 
Spectrum/Commodore/BBC Micro etc.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DKMS

[Ned Slider]

Akemi Yagi wrote:

On Sun, Apr 27, 2008 at 7:24 AM, Ned Slider <[EMAIL PROTECTED]> wrote:


It's easy
to forget there is now a whole generation of computer users who have known
nothing but the GUI and completely missed out on DOS or CP/M, and never
owned a Spectrum/Commodore/BBC Micro etc.


Wow, Ned, I never thought you were old enough to remember any of
those.  And this kind of statement usually triggers a long thread
because of the people who want to prove they are the oldest and the
wisest.   However, no such competition works out in the CentOS
community -- because no one can beat orc_orc (Russ Herrold).

Famous quote: "He is older than all of us combined" (by z00dax)

Akemi


/OT

LOL @ the quote!

I particularly liked the way you used "Ned" and "wisest" in the same 
paragraph, but you may need to work on the context :D


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] problem installation of mplayer

[Ned Slider]

MHR wrote:

On Wed, Apr 30, 2008 at 5:02 AM, Ralph Angenendt <[EMAIL PROTECTED]> wrote:

Mamun wrote:

Guys,
I already installed CentOs,but can anyone give a sample of repo files and 
priorities.conf file.

As for this 2 files i am unable to install mplayer.

See 

mplayer is in rpmforge and atrpms (watch out when mixing those,
use priorities).



I've had excellent results on CentOS with rpmforge, and highly
recommend it.  (I haven't tried atrpms.)



Same here - mplayer from RPMForge works great for me.

Regards,

Ned
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Today's log - yum entries

[Ned Slider]

Hi list,

I have the following entries, below, in today's log file (for yesterday, 
10th May).


I don't run the automated yum-updated and didn't run a yum update 
yesterday, and no packages were installed. Obviously the entries are old.


I was wondering if anyone could offer an explanation?

Thanks,

Ned


 - yum Begin 


 Packages Installed:
lzo.i386 1.08-4.2.el5.rf
libmad.i386 0.15.1b-4.el5.rf
lame.i386 3.97-1.el5.rf
faac.i386 1.25-2.el5.rf
mplayer.i386 1.0-0.34.rc1try2.el5.rf
giflib.i386 4.1.3-7.1.el5.1
xvidcore.i386 1.1.2-1.el5.rf
mplayerplug-in.i386 3.40-1.el5.rf
openal.i386 0.0.8-2.el5.rf
kernel-devel.i686 2.6.18-8.1.3.el5
xorg-x11-server-sdk.i386 1.1.1-48.13.0.1.el5
dkms.noarch 2.0.13-1.el5.rf
lirc.i386 0.6.6-4.el5.rf
libdvdnav.i386 0.1.10-3.el5.rf
aalib.i386 1.4.0-5.el5.rf
perl-libwww-perl.noarch 5.805-1.1.1
libmpcdec.i386 1.2.2-2.el5.rf
x264.i386 0.0.0-0.3.20061214.el5.rf
mplayer-fonts.noarch 1.1-3.0.rf
libmp4v2.i386 1.5.0.1-3.el5.rf

 Packages Updated:
libX11-devel.i386 1.0.3-8.0.1.el5
xorg-x11-apps.i386 7.1-4.0.1.el5
kernel-headers.i386 2.6.18-8.1.3.el5
vim-enhanced.i386 2:7.0.109-3.el5.3
cups.i386 1:1.2.4-11.5.1.el5
firefox.i386 1.5.0.10-2.el5.centos
freetype-devel.i386 2.2.1-17.el5
evolution.i386 2.8.0-33.0.1.el5
libX11.i386 1.0.3-8.0.1.el5
yelp.i386 2.16.0-14.0.1.el5
spamassassin.i386 3.1.8-2.el5
postgresql-libs.i386 8.1.9-1.el5
vim-minimal.i386 2:7.0.109-3.el5.3
vim-common.i386 2:7.0.109-3.el5.3
devhelp.i386 0.12-10.0.1.el5
cups-libs.i386 1:1.2.4-11.5.1.el5
freetype.i386 2.2.1-17.el5

 -- yum End -


Last 25 packages installed/updated as reported by RPM:

$ rpm -qa --last | head -n 25
kernel-headers-2.6.18-53.1.19.el5 Fri 09 May 2008 06:45:18 
PM BST
kernel-2.6.18-53.1.19.el5 Fri 09 May 2008 06:41:23 
PM BST
kernel-devel-2.6.18-53.1.19.el5   Fri 09 May 2008 06:40:49 
PM BST
flash-plugin-9.0.124.0-1.el5.rf   Wed 07 May 2008 01:18:16 
AM BST
xine-lib-1.1.12-1.el5.rf  Wed 07 May 2008 01:17:56 
AM BST
perl-BerkeleyDB-0.34-1.el5.rf Wed 07 May 2008 01:17:53 
AM BST
p7zip-plugins-4.57-1.el5.rf   Fri 25 Apr 2008 12:57:38 
AM BST
p7zip-4.57-1.el5.rf   Fri 25 Apr 2008 12:57:35 
AM BST
gnome-screensaver-2.16.1-5.el5_1.1Thu 24 Apr 2008 05:03:23 
AM BST
amavisd-new-2.5.4-1.el5.rfWed 23 Apr 2008 07:14:03 
PM BST
clamd-0.93-2.el5.rf   Wed 23 Apr 2008 07:14:01 
PM BST
clamav-0.93-2.el5.rf  Wed 23 Apr 2008 07:13:59 
PM BST
clamav-db-0.93-2.el5.rf   Wed 23 Apr 2008 07:13:58 
PM BST
ncompress-4.2.4-47Wed 23 Apr 2008 07:13:57 
PM BST
perl-Archive-Zip-1.16-1.2.1   Wed 23 Apr 2008 07:13:56 
PM BST
nomarch-1.4-1.el5.rf  Wed 23 Apr 2008 07:13:55 
PM BST
freeze-2.5.0-1.2.el5.rf   Wed 23 Apr 2008 07:13:55 
PM BST
lha-1.14i-19.2.2.el5.rf   Wed 23 Apr 2008 07:13:54 
PM BST
perl-Convert-TNEF-0.17-3.2.el5.rf Wed 23 Apr 2008 07:13:53 
PM BST
perl-MIME-tools-5.420-2.el5.rfWed 23 Apr 2008 07:13:52 
PM BST
perl-Convert-UUlib-1.051-1.2.el5.rf   Wed 23 Apr 2008 07:13:51 
PM BST
perl-Convert-BinHex-1.119-2.2.el5.rf  Wed 23 Apr 2008 07:13:51 
PM BST
arc-5.21o-1.el5.rfWed 23 Apr 2008 07:13:50 
PM BST
perl-MailTools-2.02-1.el5.rf  Wed 23 Apr 2008 07:13:49 
PM BST
zoo-2.10-2.2.el5.rf   Wed 23 Apr 2008 07:13:47 
PM BST


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Today's log - yum entries

[Ned Slider]

Akemi Yagi wrote:

On Sun, May 11, 2008 at 2:26 AM, Ned Slider <[EMAIL PROTECTED]> wrote:

Hi list,

I have the following entries, below, in today's log file (for yesterday,
10th May).

 - yum Begin 


 Packages Installed:
   lzo.i386 1.08-4.2.el5.rf
   libmad.i386 0.15.1b-4.el5.rf
   lame.i386 3.97-1.el5.rf
   faac.i386 1.25-2.el5.rf


How odd.  Do you see them in /var/log/yum.log as well?

Akemi


No, /var/log/yum.log matches the output from rpm --last as expected, 
apart from the recent kernel update which I always install manually with 
rpm.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Today's log - yum entries

[Ned Slider]

John wrote:
 
-Original Message-

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Ned Slider
Sent: Sunday, May 11, 2008 5:27 AM
To: CentOS mailing list
Subject: [CentOS] Today's log - yum entries

Hi list,

I have the following entries, below, in today's log file (for yesterday,
10th May).

I don't run the automated yum-updated and didn't run a yum update yesterday,
and no packages were installed. Obviously the entries are old.

I was wondering if anyone could offer an explanation?


Ned, a good place to start is the SELinux Logs and users on the machine and
blank logfiles with nothing in them.

John


Hi John,

SELinux is not running here, and I'm the only real user.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Today's log - yum entries

[Ned Slider]

Akemi Yagi wrote:

On Sun, May 11, 2008 at 2:26 AM, Ned Slider <[EMAIL PROTECTED]> wrote:

Hi list,

I have the following entries, below, in today's log file (for yesterday,
10th May).

 - yum Begin 


 Packages Installed:
   lzo.i386 1.08-4.2.el5.rf
   libmad.i386 0.15.1b-4.el5.rf
   lame.i386 3.97-1.el5.rf
   faac.i386 1.25-2.el5.rf


How odd.  Do you see them in /var/log/yum.log as well?

Akemi


Ah, I lied!

I think I see the problem. These are entries from /var/log/yum.log for 
10th May 2007, exactly 1 year ago:



May 10 14:59:36 Updated: libX11.i386 1.0.3-8.0.1.el5
May 10 14:59:37 Updated: freetype.i386 2.2.1-17.el5
May 10 14:59:44 Updated: firefox.i386 1.5.0.10-2.el5.centos
May 10 14:59:44 Updated: cups-libs.i386 1:1.2.4-11.5.1.el5
May 10 14:59:57 Updated: devhelp.i386 0.12-10.0.1.el5
May 10 14:59:59 Installed: perl-libwww-perl.noarch 5.805-1.1.1
May 10 15:00:02 Updated: spamassassin.i386 3.1.8-2.el5
May 10 15:00:34 Updated: evolution.i386 2.8.0-33.0.1.el5
May 10 15:00:35 Updated: freetype-devel.i386 2.2.1-17.el5
May 10 15:00:37 Updated: libX11-devel.i386 1.0.3-8.0.1.el5
May 10 15:00:38 Updated: xorg-x11-apps.i386 7.1-4.0.1.el5
May 10 15:00:42 Updated: cups.i386 1:1.2.4-11.5.1.el5
May 10 15:00:44 Updated: kernel-headers.i386 2.6.18-8.1.3.el5
May 10 15:01:08 Updated: yelp.i386 2.16.0-14.0.1.el5
May 10 15:01:16 Installed: kernel-devel.i686 2.6.18-8.1.3.el5
May 10 16:40:06 Installed: giflib.i386 4.1.3-7.1.el5.1
May 10 16:40:07 Installed: x264.i386 0.0.0-0.3.20061214.el5.rf
May 10 16:40:09 Installed: libmp4v2.i386 1.5.0.1-3.el5.rf
May 10 16:40:10 Installed: faac.i386 1.25-2.el5.rf
May 10 16:40:11 Installed: libmad.i386 0.15.1b-4.el5.rf
May 10 16:40:12 Installed: mplayer-fonts.noarch 1.1-3.0.rf
May 10 16:40:13 Installed: openal.i386 0.0.8-2.el5.rf
May 10 16:40:14 Installed: lame.i386 3.97-1.el5.rf
May 10 16:40:15 Installed: libdvdnav.i386 0.1.10-3.el5.rf
May 10 16:40:17 Installed: aalib.i386 1.4.0-5.el5.rf
May 10 16:40:17 Installed: libmpcdec.i386 1.2.2-2.el5.rf
May 10 16:40:19 Installed: xvidcore.i386 1.1.2-1.el5.rf
May 10 16:40:22 Installed: lirc.i386 0.6.6-4.el5.rf
May 10 16:40:23 Installed: lzo.i386 1.08-4.2.el5.rf
May 10 16:40:30 Installed: mplayer.i386 1.0-0.34.rc1try2.el5.rf
May 10 16:40:31 Installed: mplayerplug-in.i386 3.40-1.el5.rf
May 10 19:44:52 Installed: xorg-x11-server-sdk.i386 1.1.1-48.13.0.1.el5
May 10 20:04:13 Installed: dkms.noarch 2.0.13-1.el5.rf
May 10 23:02:10 Updated: vim-common.i386 2:7.0.109-3.el5.3
May 10 23:02:21 Updated: postgresql-libs.i386 8.1.9-1.el5
May 10 23:02:22 Updated: vim-minimal.i386 2:7.0.109-3.el5.3
May 10 23:02:22 Updated: vim-enhanced.i386 2:7.0.109-3.el5.3


So it looks like the log just pulled entries matching 10th May but the 
year is missing/wrong.


Is this a bug maybe?

Ned
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Today's log - yum entries

[Ned Slider]

Filipe Brandenburger wrote:

Hi,

On Sun, May 11, 2008 at 5:26 AM, Ned Slider <[EMAIL PROTECTED]> wrote:

 I have the following entries, below, in today's log file (for yesterday,
10th May).

 I don't run the automated yum-updated and didn't run a yum update
yesterday, and no packages were installed. Obviously the entries are old.

 I was wondering if anyone could offer an explanation?


Syslog does not print the year on log lines. Once I saw some strange
behaviour similar to yours. I had a script that grep'd the logs for
yesterday's date and sent it to me by e-mail. One day, I saw several
SSH attempts from IPs that were empty, and IPs being resolved to names
that were not the right ones. Then I logged in to the machine, looked
at /var/log/secure and realized what happened. The logs were over one
year old now. Maybe check /var/log/yum.log to see if that is what
happened.

By the way, you say "today's log file", but to what log file are you
referring? The output you show is not from /var/log/yum.log, is it
some post processing?

HTH,
Filipe


Yes, you're absolutely right Filipe, I just noticed it myself.

The logs are from syslog?? emailed to root each day. When I checked 
/var/log/yum.log as Akemi suggested, indeed there were matching entries 
for 10 May, but from 2007 without the year present, so it looks like 
syslog parsed /var/log/yum.log and returned anything matching '10 may'.


Thanks for your help!

Ned
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Today's log - yum entries

[Ned Slider]

Robert Nichols wrote:

Filipe Brandenburger wrote:

Hi,

On Sun, May 11, 2008 at 5:26 AM, Ned Slider <[EMAIL PROTECTED]> wrote:
 I have the following entries, below, in today's log file (for 
yesterday,

10th May).

 I don't run the automated yum-updated and didn't run a yum update
yesterday, and no packages were installed. Obviously the entries are 
old.


 I was wondering if anyone could offer an explanation?


Syslog does not print the year on log lines. Once I saw some strange
behaviour similar to yours. I had a script that grep'd the logs for
yesterday's date and sent it to me by e-mail. One day, I saw several
SSH attempts from IPs that were empty, and IPs being resolved to names
that were not the right ones. Then I logged in to the machine, looked
at /var/log/secure and realized what happened. The logs were over one
year old now. Maybe check /var/log/yum.log to see if that is what
happened.


I fixed that problem for yum by editing /etc/logrotate.d/yum and changing
"size 30k" to "size 10k".  For CentOS, a 10 kilobyte log file is enough
to hold several months of yum activity, but small enough that the file
will be rotated before a year passes.  You might also explore the
"monthly" or "yearly" options in logrotate.  Right now I don't recall
what I didn't like about using those with the yum logs.



Thanks for that Bob. My yum.log was 28K so I've knocked the size setting 
down to 20K and will see how that goes.


Thanks again,

Ned

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] where is centos live cd?

[Ned Slider]

Karanbir Singh wrote:

David Hláčik wrote:
Thanks i firured it out , sorry for stupid silly question, but why 
project pages are not working?


D.


David, the machines that host projects.centos.org were moved a few days 
back, and were not totally back into production as yet.


It should all be sorted now ( https://projects.centos.org/ ) . So if you 
still have issues with the projects.centos.org site, please let me know.


- KB



Karanbir,

I'm sure you're aware, but the certs don't match for 
https://projects.centos.org/ giving a warning. The cert is for 
w2.centos.org.





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OpenSSL/SSH Bug on Debian - Compromised key pairs

[Ned Slider]

Clint Dilks wrote:

Hi People,

I know this may seem off topic, but I thought for those of us who might 
have Debian users generating key pairs that they put on CentOS systems 
people should be aware that


everybody who generated a public/private keypair or an SSL
cert request on Debian or Ubuntu from 2006 on is vulnerable

http://it.slashdot.org/it/08/05/13/1533212.shtml



I've been following this story too after reading about it on SANS 
Internet Storm Center:


http://isc.sans.org/diary.html?storyid=4414

I wonder how far reaching this is. One wonders if any of the trusted 
root CAs have issued vulnerable certs as a result.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OpenSSL/SSH Bug on Debian - Compromised key pairs

[Ned Slider]

Daniel de Kok wrote:


"Furthermore, all DSA keys ever used on affected Debian systems for
signing or authentication purposes should be considered compromised;
the Digital Signature Algorithm relies on a secret random value used
during signature generation."

Take care,
Daniel


SANS have more on this today and will likely continue to update the 
story as new developments emerge:


http://isc.sans.org/

To summarise, scripts that allow brute-forcing of keys are already in 
the wild - expect to see an upturn in activity on port 22 as a result. 
Further, for SSL secured websites, if the public key is known, no 
brute-forcing is even necessary.


Ned
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Best Motherboard

[Ned Slider]

Juan C. Valido wrote:

Well, I guess everyone's experience is different, I've got 2 GA-P35-DS3
with Core 2 duos and a GA-MA770-GS3 with a Phenom 9600 and I love them.
I've never had a problem with a Gigabyte Motherboard. Some people love
Asus and I've had several go bad on me, you figure.

On Thu, 2008-05-15 at 07:35 -0500, Ryan Nichols wrote:

Really? We bought that EXACT motherboard.. 10 to be exact and we've
had 9 fail and the 10th is on its way to major failure.. the odd thing
is that 10th one was the first one purchased and that was 6 months
ago.

On Thu, May 15, 2008 at 7:24 AM, Juan C. Valido
<[EMAIL PROTECTED]> wrote:
Personally, I like Gigabyte motherboards a lot, the
GA-P35-DS3L I use
with Core 2 Duo (Quad) and DDR2. I though I was going to do
better with
the Intel DP35DP and guess what, I like the the Gigabyte
Better
(personally).


On Thu, 2008-05-15 at 06:43 -0500, Ryan Nichols wrote:

> To all..
>
> I was using a Gigabyte motherboard, and the board seems like
a bad
> choice.  What do you guys recommend for a decent server
board that
> would use a Dual Core processor and DDR2 ram.  I dont want
to replace
> the CPU and Mem i already have, just find a decent board
that
> supportsthe existing..
>
> Thanks,
> Ryan Nichols
>


I've been running a Gigabyte P35-DS4 with Intel Quad Core and 4GB ram 
for nearly a year and it's been solid as a rock with CentOS. The disk 
subsystem is well supported in AHCI mode, and decent drivers are now 
available for the onboard nic (there's a dkms-enabled driver in 
RPMForge). Being a server, I've not tested other onboard features such 
as sound etc. I wouldn't hesitate to buy another.


Ned
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] samba & samba-common installed then erased, but by whom?

[Ned Slider]

Johnny Tan wrote:

I saw this in Logwatch today for one of my servers:

 - yum Begin 


 Packages Installed:
samba-common.i386 3.0.23c-2.el5.2.0.2
samba.i386 3.0.23c-2.el5.2.0.2

 Packages Erased:
samba-common
samba

 -- yum End -

No one, including myself, has even logged into this box in the past few 
days (verified by asking the only other two people who have access and 
also looking at the last & secure logs).


And neither /var/log/yum.log or /var/log/rpmpkgs shows samba at all 
being installed/erased/present.


I ran both chkrootkit and rkhunter, and both turned up clean.

Since this box is behind a firewall with only a few IPs given access to 
it, I'm thinking that it's not been rooted, but I can't seem to find any 
other explanation for this.


The only thing that runs on this server is httpd and jetty. Everything 
else is done manually including yum updates. And nothing that runs on 
this machine would ever need samba.


Has anyone ever encountered something like this?

johnn
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



If I may refer you to this thread, I believe your observations are 
similar to mine earlier this month:


http://lists.centos.org/pipermail/centos/2008-May/098839.html

and the cause is likely similar. Checking /var/log/yum.log for entries 1 
year ago should confirm this.


Regards,

Ned
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] samba & samba-common installed then erased, but by whom?

[Ned Slider]

Johnny Tan wrote:

Ned Slider wrote:
and the cause is likely similar. Checking /var/log/yum.log for entries 
1 year ago should confirm this.


Ned/Alan:

You guys hit it on the head. Thanks. I wasn't aware of this little oddity.

Thanks,
johnn


You're welcome :)


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] samba & samba-common installed then erased, but by whom?

[Ned Slider]

Filipe Brandenburger wrote:

On Fri, May 16, 2008 at 11:59 AM, Ned Slider <[EMAIL PROTECTED]> wrote:

Johnny Tan wrote:

I saw this in Logwatch today for one of my servers:

Checking /var/log/yum.log for entries 1
year ago should confirm this.


As this bit me once and I've just seen two people bitten by it again,
I've taken the matter upstream:
https://bugzilla.redhat.com/show_bug.cgi?id=447021

I hope they'll accept the suggestion.

Thanks,
Filipe


Thanks Filipe, as one of those bitten I've subscribed to the bug.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: OT: Top Posting

[Ned Slider]

William L. Maltby wrote:


But keep in mind you were only a "virtual ass". Not really one. And the
person who labeled you as an ass may have been, in fact, the ass.
Regardless, his was only a "virtual opinion". And unless you have a
personal relationship and really care what he felt...



So that would have been the Virtual Johnny Hughes then, not the real one ;)

http://lists.centos.org/pipermail/centos/2008-May/098996.html



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Current Chipset Compatibility

[Ned Slider]

John Paulson wrote:
Can someone make a recommedation as far as best chipset for Centos 5.0 or 5..1 using a Q6600 series CPU with chipsets that have onboard VGA?  
From poking around it looks like the G33 and P35 are not supported or have problems until the newer 2.6.22 kernel (the iso's appear to be earlier than that, think it was .18)?  So I am considering boards with the Intel G965 chipset but not sure if is supported yet?

Can someone make a recommedation as far as best chipset for this scenario? thx
-- John


P35 with ICH9R works OK (the R in ICH9R is the important bit). The RAID 
capable chipsets also support AHCI mode and the native CentOS kernel 
driver for AHCI works very well. *Some* non-R ICH9 based boards also 
have the AHCI mode present in the BIOS but many don't - the chipset does 
support it but many vendors choose not to implement it in their BIOS so 
it's a bit of a lottery. Entry level boards with integrated graphics 
tend to be ICH9, not ICH9R.


I don't have any direct experience with other chipsets so am unable to 
comment on those.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPTables help

[Ned Slider]

Joseph L. Casale wrote:

This CentOS wiki may help:

http://wiki.centos.org/HowTos/Network/IPTables

Akemi



Akemi,
That was helpful (I should have checked the wiki:>).

After reading that and the RH related links, I think I have what I need
but I am unclear about one aspect. What is the correlation between filtering
LAN based connections destined to be masqueraded out and what can even get to
the internal NIC? I see the chains are obviously distinct from each other, and
I assume the tables are as well. So to control what may ingress an interface 
destined
for the server itself, you write a rule for the default table's INPUT chain, to 
control
what may be masqueraded/DNAT'ed, you write a rule for the either the NAT tables
PREROUTING chain or the default table's FORWARD chain, or both?



The norm is to add rules to the FORWARD chain of the default filter table.


In looking at examples for setting up NAT, I don't see people typically 
lockdown what
may masqueraded, so I am not seeing how to do this. Buy my inclusion of at 
least one
rule, am I properly prohibiting anything else? Is there any significance to the 
order
in which I setup masquerading and then lockdown what hits the FORWARD chain?

Do you not need to setup default policies for the chains on the nat table?



By default (once forwarding is enabled), masquerading will allow all 
outgoing connections and block all new incoming connections. Finer 
control is applied via the FORWARD chain. You can see the default policy 
of the FORWARD chain with the command 'iptables -L' and you can set the 
policy of the FORWARD chain in exactly the same manner as you would for 
the INPUT and OUTPUT chains.


The Linux documentation project has a HOWTO on masquerading here which 
is probably the definitive documentation on the subject:


http://tldp.org/HOWTO/IP-Masquerade-HOWTO/

Ned


Thanks!
jlc


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPTables help

[Ned Slider]

Fajar Priyanto wrote:

On Saturday 24 May 2008 10:25:41 Robert Spangler wrote:

On Friday 23 May 2008 21:31, Fajar Priyanto wrote:

 Actually I have written a small tutorial on iptables, but I haven't
translated it into english. I'll let you know when it's done. Hopefully
it will be useful for others.

Please have someone, or for that matter a few people, who have a good
understanding of firewalls look over your tutorial before it is published.
While you show a basic understanding of how firewalls work you lack the
knowledge of true security.  Just my observation.


You observation is most welcome, Robert. By all mean, I'm surely not an 
expert. Just someone who wants to help other by guiding a little 1 or 2 tiny 
steps along the great jungle of Linux knowledge. Everyday is a lesson for me. 
So, if you please, I really want to know what true security is.

Thank you.



Fajar,

There is already an iptables tutorial on the Wiki:

http://wiki.centos.org/HowTos/Network/IPTables

Rather than reinventing the wheel, perhaps you would like to take a look 
at that and consider contributing and/or helping to improve it if you 
see areas that you consider are weak.


Regards,

Ned
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 5.1 i386 on a 1GIG flash

[Ned Slider]

Jerry Geis wrote:

I have found this link http://owlriver.com/tips/tiny-centos
for installing centos on a minimal system. I am looking at putting
centos on a 1 GIG flash drive. The above page talks about removing packages
after install to attain the small size.

however, I am getting blocked at the install page about not enough room 
to install.

All I have selected is the base package. nothing else.



You can actually deselect "base" too although I don't know if will make 
it small enough to install.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 5 2.6.18-53.1.21.el5 kernel and ipsec

[Ned Slider]

Joe Pruett wrote:
i had previously been having issues with automount being slow with this 
new kernel and i tracked it down to dns delays which were being caused 
by ipsec not working.  i have spent a few hours poking around and ipsec 
seems quite broken with this new kernel.  esp packets go in and out just 
fine, but when i look at ip xfrm stats on the machine with the new 
kernel, i see that for input packets, the ah layer is being processed 
just fine, but the esp layer is showing 0 bytes/packets and no errors.  
i can't find any errors or other indications of what is going on.


is anyone else running a standard ipsec tunnel (using the standard ifcfg 
method for creating the tunnel) under this new kernel?  i know that a 
new 5.2 kernel should be coming soon, but i worry that whatever broke 
this version may happen there as well.


See here:

http://bugs.centos.org/view.php?id=2853

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Low-memory Centos5?

[Ned Slider]

Jeffrey B. Layton wrote:

Good morning,

I've inherited an old laptop from my wife that I'd like to
use when I travel (it's fairly small with a 12" screen). The
bad part is that it is maxed out on memory with 384MB.
Has anyone played with using Centos5 on systems with
little memory? Ideally, I don't need too much - Firefox,
Openoffice, a little Perl/Python/C here and there. I was
thinking about using either XFCE or Icewm as the window
manager. I'd also like it to work with the existing wireless
card (Dlink DWL-G650). Any thoughts or recommendations?

TIA!

Jeff



As others have said, you should be fine with 384MB RAM. One thing to 
note - I think the graphical installer requires 512MB to run (check the 
release notes) so you would need to perform a text mode install. Do a 
fairly minimal install and add whatever you want afterwards with YUM.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos