Re: [CentOS] almalinux?

> Looking. Rocky was supposed to release something at the beginning of the > month, but I haven't seen anything. The release was postponed by one month. "Unfortunately we’ve had to revise our previous update for a release candidate from March 31 to April 30, due to complications in the build

Re: [CentOS] almalinux?

Hi Simon, +1 I expect that to happen sooner or later. Currently Alma has a head start with Rocky postponed until the end of April, but to me the race is still open. As is the case with many other colleagues, I'm currently stuck with RHEL clones because RHEL/CentOS is what my customers are

Re: [CentOS] almalinux?

Hi Mark, > Anyone looked into almalinux? I was sort of waiting for rocky, but I see from > over the weekend on slashdot that almalinux stable is released. yup. So far I upgraded a couple of test machines using the conversion tool they provided on GitHub (works fine, although it seems each

Re: [CentOS] KVM vs. incremental remote backups

> All relevant logging is centralised to a server cluster running Graylog. ... and, because I forgot to mention it: Yes, that server cluster has a "persistent data" device. Regards, Peter. ___ CentOS mailing list CentOS@centos.org

Re: [CentOS] KVM vs. incremental remote backups

Hi Simon, > Whenever I read such things I'm wondering, what about things like log > files? Do you call them OS files or persistent data? How do you back'em up > then? I don't. All relevant logging is centralised to a server cluster running Graylog. Regards, Peter.

Re: [CentOS] KVM vs. incremental remote backups

Hi Niki, I'm using a similar approach like Stephen's, but with a kink. * Kickstart all machines from a couple of ISOs, depending on the requirements (the Kickstart process is controlled by Ansible) * Machines that have persistent data (which make up about 50% in average) have at least two

Re: [CentOS] CentOS 8 future

Hi Johnny, > $250K is not even close. That is one employee, when you also take into > account unemployment insurance, HR, medical insurance etc. now multiply > that by 8. Now, outfit those 8 employees to work from home .. all over > the world, different countries, different laws. > > .. THEN

Re: [CentOS] Postfix vs. Thunderbird on Mac OS

Hi, the main problem is that the MacBook obviously presents an illegal host name to the mail server, which in turn rejects accepting mail to be submitted from it because of 'reject_unknown_helo_hostname'. With your 'smtpd_helo_restrictions', Postfix handles submissions from clients as it

Re: [CentOS] Centos 7 and backup solution

Hi Gordon, > There's probably going to be a lot of misinformation where bareos is > concerned. The developers forked that product claiming that when they signed > license assignments they didn't know that this could or would allow Bacula to > begin a dual-license release in which some

Re: [CentOS] Centos 7 and backup solution

Hi Leon, > IMHO - as Kern (Bacula lead developer) is pushing Bacula forward I dont > understand this too. It must be > a misinformation about the current status of the project itself and > competitors interests (Bareos). the fork of Bacula happened in 2013, IIRC. Things may have changed since

Re: [CentOS] Centos 7 and backup solution

Hi Alessandro, > Why many users skip bacula? It is powerfull and very stable. It is very > difficult to setup but if you know how it works it is simple. I used Bacula before I switched to Bareos. There was a point, however, when the open source release of Bacula became, to put it mildly, a

Re: [CentOS] Centos 7 and backup solution

Hi Valeri, > you mean, director and STORAGE daemon, right? File daemon _IS_ a client... yep. I noticed when klicking on 'send', as usual :-) Cheers, Peter. signature.asc Description: Message signed with OpenPGP ___ CentOS mailing list

Re: [CentOS] Centos 7 and backup solution

I must correct myself: > I always do it the other way around, i.e. upgrade the director/file daemon > and then the clients as time suits. No problems with that so far. I meant storage daemon, not file daemon! Cheers, Peter. signature.asc Description: Message signed with OpenPGP

Re: [CentOS] Centos 7 and backup solution

Hi Alessandro, > What if I will use bareos I will never get problem between version like > happening today with bacula? difficult to say - I never ran into any upgrade issues with Bareos, but neither with Bacula while I was still using it. > I could use newer bareos client on older bareos

Re: [CentOS] Centos 7 and backup solution

> Amanda (from base CentOS) -> USB removable disk -> firesafe. > > Backups on or by the computer might protect you from disk failures, but > are useless in case of fire or theft. Good point. The backup strategy is at least as important as the tool used. Using Bacula, I'm doing daily backups of

Re: [CentOS] Centos 7 and backup solution

Hi Alessandro, > what type of backup solution do you use on C7? the same as on most other operating systems: Bareos. Bareos has some learning curve, but it's free, it's extremely reliable and flexible. I've been using it for years, after switching from its parent

Re: [CentOS] email Server for CentOS 7

> On 29. Sep 2018, at 23:58, John R. Dennison wrote: > > Save yourself the effort, time, headaches and eventual bloody tears of > impotent > rage and just go with Google or some other provider. Running a mail > server properly is one of the more difficult tasks and quite often not > worth the

Re: [CentOS] Admins supporting both RHEL and CentOS

Hi Joseph, > On 28. Nov 2017, at 14:06, Joseph L. Casale wrote: > > With a few exceptions, I see most admins treat CentOS as a single rolling > release and rely on the ABI commitment assuming things just work between > point releases. On the other hand I see the

Re: [CentOS] Failed attempts

Hi Valeri, > Good luck! Use strong passwords (passphrase I call it when I talk to my > users), especially for root account. if possible: Do not use passwords at all. Disable password login, and replace by SSH private/public key authentication, and, again if possible, with OTP (two factor

Re: [CentOS] File access in Apache 2.4

Hi Gordon, > Or you could just run "systemctl edit httpd.service" like I suggested two > days ago. :) ... which is a nice way of doing it quickly, indeed. Thanks for the hint, I didn't know that command. However there is one disadvantage: All changes go into a file named 'override.conf',

Re: [CentOS] File access in Apache 2.4

> official way is to copy the unit file to /etc/systemd/system and edit > this copy. that's one way to do it. It has the disadvantage of overriding *all* settings in the vendor-supplied unit files, which may be changed or extended in later releases. I prefer the other supported way (see

Re: [CentOS] CentOS 7 selinux

Hi Larry, > If I make a change to /etc/sysconfig/selinux do I have to restart anything > for the change to take effect? It depends. If you are changing the SELinux mode from 'enforcing' to 'permissive' and vice versa, you can make that change active in the running system by issuing the

Re: [CentOS] Google Ads in rsyslog documentation files

Hi Mark, >> CASE 01544649 opened upstream. > > Thanks, Pete. I was just discussing it with my manager if he agreed to you opening (or backing) the case that would be great. I just became aware that my developer account is not entitled to raising issues :-( I can send you the reply of RH

Re: [CentOS] Google Ads in rsyslog documentation files

Hi Mark, I'm not sure whether upstream is the right place to address this, but I'll try. I just downloaded all versions of the rsyslog sources from rsyslog.com, and found 'googlesyndication' links in the following versions: rsyslog-4.8.0 rsyslog-5.10.0 rsyslog-5.10.1 rsyslog-5.8.13

[CentOS] Google Ads in rsyslog documentation files

Hi all, I know this comes from upstream (and most likely from the rsyslog project itself), but what's your opinion about Google Ads in system documentation files? > [peckel@mucnvjmppmtr01 ~]$ cat /etc/redhat-release > Red Hat Enterprise Linux Server release 6.7 (Santiago) >

Re: [CentOS] Another Fedora decision

Hi Johan, His point in short: passwords are not all that important any more. All virus spreading and hacking these days is done by sending malicous mails and by visiting malicious sites. polemical-modeIf your brother in law doesn't see that the virus argument doesn't apply to the question

Re: [CentOS] Text file encoding

Hi Patrick, iconv -f MACINTOSH -t ISO8859-15 file.bib.mac file.bib iconv -f ISO8859-15 -t MACINTOSH file.bib file.bib.mac But it is a little tedious to work like this... Runing pdflatex (in CentOS) on these files written on apple laptops works fine with

Re: [CentOS] ssh-askpass in bash script

Hi Joseph, Why not just use authorized_keys with an empty pass phrase? because every responsible system admin will immediately kill you when you do that? :-) Except in very specific situations, e.g. unattended jobs that copy data or execute commands over ssh connections, it is very unwise

Re: [CentOS] ssh-askpass in bash script

Hi Les, Errr, 'unattended jobs' are the main reason for having computers. I differentiate here between desktop machines and servers ... regarding servers you're definitely right, but though I don't have reliable data I'd say from experience that the vast majority of ssh keys are stored on

Re: [CentOS] bind (named) compromised?

Hi James, you seem to be running an open DNS resolver, is that correct? And if so, do you do it intentionally? I just received an US-CERT alert today that warns about ongoing amplification attacks, among others against DNS, but also against some other UDP based services.

Re: [CentOS] How can I disable PostFix maillog ( /var/log/maillog )

But, When my server handle a big file .. Maybe, It's use more Ram memory. No. Don't worry. signature.asc Description: Message signed with OpenPGP using GPGMail ___ CentOS mailing list CentOS@centos.org

Re: [CentOS] What is eating up Swap

Hi Götz, On Dec 10, 2013, at 15:01 , Götz Reinicke - IT Koordinator goetz.reini...@filmakademie.de wrote: Hi, recently I noticed, that one of our webservers is using swap space, while there is plenty of physical ram available. free -m total used free shared

Re: [CentOS] OT: Script Help

Hi James, perl -pne 's/^(CN=)(DATA\.OU=)((.*?)\.O=CO)$/$1$4_$2$3/' /file/name or, if you prefer in-place editing, perl -i.bak -pne 's/(CN=)(DATA\.OU=)((.*?)\.O=CO)/$1$4_$2$3/' /file/name which replaces the file with the modified version and keeps a .bak file around for security.

Re: [CentOS] OT: Script Help

Oops, I read that too late ... Let's say my original lines are: CN=DATA.OU=XYZ.O=CO CN=DATA.OU=XYY.OU=MEM.O=CO CN=DATA.OU=XZZ.OU=OOP.O=CO I want them to look like: CN=XYZ_DATA.OU=XYZ.O=CO CN=XYY_DATA.OU=XYY.OU=MEM.O=CO CN=XZZ_DATA.OU=XZZ.OU=OOP.O=CO then the perl script would be

Re: [CentOS] exim localhost vs 127.0.0.1

Hi Mihamina, [mihamina@recette53 ~]$ rpm -aq | grep exim exim-4.72-4.el6.x86_64 [mihamina@recette53 ~]$ telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 recette53.ideoneov.com ESMTP Exim 4.72 Mon, 11 Mar 2013 10:09:27 +0100 HELO mihamina 250

Re: [CentOS] Centos 6.4 - yum update gives: Error: kernel conflicts with bfa-firmware

Hi Johnny, Can you post the kernel versions and bfa-firmware versions that are trying to up upgraded ... and whether you have the i386 or x86_64 version installed? I'm getting exactly the same error when I try to update using the 'updates' repo only: [root@orcus7 ~]# yum update

Re: [CentOS] BIND Setup Issue

Hi Austin, since your A record is fine and can be resolved, the issue is obviously not BIND related but lies somewhere in your network/firewall configuration. The last address that is visible in the tracereoute output from here is 15 ip-208-109-113-174.ip.secureserver.net (208.109.113.174)

Re: [CentOS] BIND Setup Issue

On 10.03.2013, at 16:14, Arek Czereszewski arekc...@gmail.com wrote: Put this in a zone file: netcloudjob.com. IN A 173.201.189.43 Just after a MX line Austin already did that, and it doesn't help. The name can already be resolved, and the address cannot be pinged either. I checked

Re: [CentOS] /tmp directory

On 10.12.2012, at 18:01, Rudi Ahlers r...@softdux.com wrote: On Mon, Dec 10, 2012 at 6:58 PM, m.r...@5-cent.us wrote: Rudi Ahlers wrote: Am 10.12.2012 um 11:22 schrieb John Doe: From: Jerry Geis ge...@pagestation.com You also have '/var/tmp' that is expected to survive reboots and should

Re: [CentOS] /tmp directory

Hi Mogens, What is important? valid question. I would define 'important' or rather 'valuable' (in a material or non-material sense) in terms of reproducability. If it costs you (personal) time, effort or money to reproduce them, or if the data are irreprocible to reproduce and might be

Re: [CentOS] Slow login to system without internet connection

Hi Hakan, UseDns no doesn't solve the problem because GSS Api needs reverse lookup. good point. I disable the GSS API along with some other things in routine initial server hardening anyway so this did not occur to me. If (do not need GSS Authentication) then put

Re: [CentOS] Slow login to system without internet connection

Hi Ljubomir, But when I tried to login to my server, it was not instantenous, and I think it was 15+, maybe even 30+ seconds (I forgot to time it) from start of ssh command to password prompt. It is in-house connection, so there is nothing to traceroute. are you using an external DNS

Re: [CentOS] CentOS 6 docs?

Hi Mark, probably you know it, but maybe someone else finds this useful: On 07.11.2012, at 19:56, m.r...@5-cent.us wrote: Is there somewhere else than http://www.centos.org/docs/ for documentation for CentOS 6? https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_Linux/ Since the

Re: [CentOS] OT: Tool for monitoring traffic IP reception

On 30.08.2012, at 11:52, C. L. Martinez wrote: I am searching some lightweight tool to control when rsyslog didn't receive events from a specific host or group of hosts for x minutes/seconds. Only a simple tool to send an email when an alert is triggered, I don't need flat tools like

Re: [CentOS] OT: Tool for monitoring traffic IP reception

Hi, Uhmm .. I am reading the docs about SEC, but it only speaks about event correlation ... How do you do to check if syslog is receiving data?? essentially you set up SEC to watch for the syslog log file where the data are supposed to go, set up a 'Single' rule that creates a context with

Re: [CentOS] default gateway outside of the LAN

Hi Boris, We have a somewhat unique setup whereby our default router is outside of the local network. 'unique' is a very mild expression. The word you're actually looking for was probably 'wrong'. Your gateway *must* be in the network your interfaces are in. You also would not want your

Re: [CentOS] leap second

Hi Morgens, Some java processes were 100% CPU after the leap second was added. same problem here ... OpenNMS hat 100% CPU and didn't do anything anymore. Rebooting is not necessary, though. For me it worked to just set the time manually once, and everything was back to normal. It doesn't

Re: [CentOS] leap second

Hi Keith, My Centos 5.8 box is running ntpd, and I did not notice any problems with it. I did not have any problems on CentOS 5.8, but on one CentOS 6.2 box running a Java application. Kind Regards, Peter. ___ CentOS mailing list

Re: [CentOS] leap second

Hi Les, Interesting, but I thought that ntp clients always advanced the clock by small fractions of a second anyway even when the master source differs by more. they do. But the leap second is quite a different thing: Actually the time doesn't really diverge from the server's, but the

Re: [CentOS] Resizing est4 filesystem while mounted

Hi Dennis, The partitioning of the new disk in the guest is important because if you use the disk directly as a PV then this PV will also be shown on the host. An alternative is to modify the LVM filters in /etc/lvm/lvm.conf on the host to specifically not scan the LV for the new disk. I

Re: [CentOS] Reject Action For SPF

Hi Prabh, i have setup SPF alright, postfix is performing check as well (results below), but even if there is no SPF record exist for a domain, message is still accepted. how can i set the reject action, if no SPF available. are you sure you want to do this? It will definitely result in

Re: [CentOS] Reject Action For SPF

Hi Prabh, Thanks for your advice, i actually know this. what would you say about those who put there efforts to implement SPF. why they do it? *if* someone sets up SPF for their domain, SPF works. Among other things, it can greatly reduce the amount of backscatter you receive due to spammers

Re: [CentOS] transition to ip6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Adam, Or you assign the rule to the interface, rather than the address. Nothing new, that is how firewalls work on DHCP clients today. that will be pretty difficult on the perimeter router ... Best regards, Peter. -BEGIN PGP

Re: [CentOS] transition to ip6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Adam, You can explicitly turn in off on every type of client. Then wait till you want to do it. agreed. The problem is that you can, and you actually *must* do it. Doing nothing leaves v6 on by default on most modern operating systems.

Re: [CentOS] transition to ip6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Adam, Typically the routing table does a lot of work. Much like 127.0.0.0/8 the mask of a link-local will make it unprefered by 'public' traffic. There is also a syntax for specifying the outbound interface for traffic. Routing tables

Re: [CentOS] transition to ip6

Hi Lee, So what does that mean for a client application (http/ftp,etc.) where you might have local firewalls permitting things for internal-subnet source ranges but you also have external targets that only accept pre-configured static sources? Are you referring to the situation where you

Re: [CentOS] transition to ip6

Hi Stephen, *gigglefit* One of my providers gave me a single(!) IPv6 address. Actually that's at least something the IETF has thought of ... if it is certain that one and only one device will be connected. I'm not actually sure what use case there is for such a connection, but at least it

Re: [CentOS] transition to ip6

Hi Les (sorry for calling you 'Lee' before), What is typical or reasonable for source address restrictions? That is, if there are 2 global organizations, and one wants to increase the security on access to a service by limiting to the source addresses that might come from the other, is there

Re: [CentOS] transition to ip6

Hi Lee, How do applications choose the correct outbound address in that scenario? That has always been a problem when using multiple ipv4 addresses on the same interface in combination with firewalling, etc. where the source address matters. that problem hasn't changed too much from IPv4

Re: [CentOS] transition to ip6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Adam, And recent computer or distributions is sitting their quietly waiting for it's IPv6 address to arrive - probably automatically, via auto discovery. Clients are trivial. ... and that is EXACTLY the biggest problem with IPv6.

Re: [CentOS] transition to ip6

Hi Lee, If the addresses are auto-discovered, how are you supposed to be able to configure filtering rules for what you want to let through? very simply. 1. Each interface on an IPv6 enabled machine has several addresses. One of them is the autoconfigured address, one is the (a) Privacy

Re: [CentOS] your advice on backup procedure

Hi Bob, I just want to to throw in another alternative to make choice harder ... :-) The scenario... centos server acting as a virtual host. Virtual machines are webservers and dns servers. All on one machine, all running centos 6. Virtual machines are kvm, sitting in lvm storage. My

Re: [CentOS] Local privilege escalation bug in kernel

Hi Frank, Do we know if this bug affects Centos? http://www.techworld.com.au/article/413300/linux_vendors_rush_patch_privilege_escalation_flaw_after_root_exploits_emerge The article states that it affects kernel 2.6.39 and above, but since RH backports so much stuff I'm not sure if this

Re: [CentOS] sshd: listen on ip1:port1 and ip2:port2

On 24.01.2012, at 13:23, Alexander Farber wrote: I'd like SSHd to keep listening at the_old_ip:22 but also at the_new_ip:443. # man sshd_config: ListenAddress Specifies the local addresses sshd should listen on. The following forms may be used:

Re: [CentOS] sshd: listen on ip1:port1 and ip2:port2

Hi Fabien, In order to do so, you just need to add in /etc/ssh/sshd_config: Port 22 Port 443 Then reload the ssh service. that will lead to sshd listening on both ports for both interfaces, so it's not what Alex needs. Best regards, Peter.

Re: [CentOS] sshd: listen on ip1:port1 and ip2:port2

Hi Eero, How about using iptables to forward 443 to 22? I think it is the simplest way to do this hack. no, the simplest way is to tell sshd on which port to listen on each interface. Which is extremely straightforward. Redirecting ports to other ports IMHO is neither particularly simple

Re: [CentOS] DNS and Reverse Adresses

Hi Götz, My question: dose maybe someone forgot the 192.168.200.x reverse zone files and config probably. and can I just create a file like that for the 172.17 hosts and adding the config for the reverse zone to my named.conf? Yes, *if* you either have the only DNS in your network (not a

Re: [CentOS] vmware fusion display auto-size problem

Hi Monty, I am running vmware fusion 4.1.1 on a OSX host. Same here. Centos6.2 is a guest. Same here. The box is a macbook laptop running leopard. OK, there's a difference - I have a Mac Pro running Snow Leopard. But that shouldn't make a difference. Before upgrading to 6.2, the

Re: [CentOS] vmware fusion display auto-size problem

Hi Monty, Which repository did you get the above drivers from? I have base and cr enabled on my box. they are from @base. I doubt that the VMware Tools installer installs them at all. Possibly without a current version of the VMware tools the CentOS installation process doesn't

Re: [CentOS] what percent of time are there unpatched exploits against default config?

Hi Marko, Using the ssh key can be problematic because it is too long and too random to be memorized --- you have to carry it on a usb stick (or whereever). This provides an additional point of failure should your stick get lost or stolen. this is only correct when you use SSH keys without

Re: [CentOS] Latest yum update cr (6.1?)

Hi, Is anyone else seeing this ? [...] -- Running transaction check --- Package perl-CGI.x86_64 0:3.51-119.el6_1.1 will be installed http://mirror.centos.org/centos/6/cr/x86_64/repodata/21176588c0c317c0b6933f0c0d113263fbb2ff3f6f7bff60cbdff730a38c1db4-filelists.sqlite.bz2: [Errno 14]

Re: [CentOS] When will 6.2 be released.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Johnny, Let's go ahead and get this flame thread started now to save time. The CentOS team sucks ... it took days to do 6.1 ... it is going to take twice as long to get 6.2 My mom said CentOS blows. kbsingh is ugly. hughesjr is

Re: [CentOS] When will 6.2 be released.

Hi Louis, come on Johnny, there are still plenty of people that appreciate the work you guys do and are happy to see 6.1 released. Please give us first a chance to say thank you so much! Indeed, and since I omitted that in my last post (I probably was too busy chuckling), I'd like to chime

Re: [CentOS] 6.1 .iso size?

Hi John, On 03.12.2011, at 23:25, John R Pierce wrote: On 12/03/11 2:11 PM, Beartooth wrote: I don't have that kind of access to any http server. in a pinch, enable IIS on a windows system. its a bit funky, but it works just fine for this sort of thing. or any linux box, you could

Re: [CentOS] Centos v3.3 CD 2

Hi Jonathan, wouldst thou be willing to divulge thy mail client and/or plugin which spake in such a manner? thou shalt read the headers: Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/2005 Thunderbird/8.0 Peter. ___ CentOS mailing list

Re: [CentOS] Centos 6 - named with internal zone file and forwarding

Hi Giles, Am 23.10.2011 um 13:18 schrieb Giles Coochey gi...@coochey.net: ugg ... turns out I had a rather embarassing typo in named.conf... it all works now. that tends to happen pretty easily, I know. When I do changes to the BIND configs, I made a habit of using