Re: [CentOS] openl2tp.org compared to openvpn
On 09/12/2018 11:58 AM, Gregory P. Ennis wrote: Since openl2tp is not part of the centos repositories, does anyone have good or bad experiences with this. You can probably use xl2tpd, which is in EPEL. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ca-bundle questions
You need to dig deeper - I will give you a start ... > > > Sometime in Feb, yum updated something to do with ca-bundle. The "something" is the ca-certificates.noarch rpm. It is updated every year around May. The last update was around May 16th this year. Not February. > > > I didn't > > > notice at the time, but it put these two files on my machine: > > > > > > /etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew and > > > > > > /etc/pki/tls/certs/ca-bundle.crt.rpmnew > > > > > > Both of those on the existing system are symbolic links > > > > > > ca-bundle.trust.crt -> > > > /etc/pki/ca-trust/extracted/openssl/ca-bundle-trust.crt and > > > > > > ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem That is what is defined in the ca-certificates package. See the output of rpm -qv --list ca-certificates-2018.2.22-70.0.el7_5.noarch > > > > > > I'm not sure how exactly I'm supposed to use thes files to update those > > > locations. one points to a .pem file, which the .rpmnew file is not, and > > > there is no file of the corresponding name in the direstory pointed to > > > by the link. What do the .rpmnew files contain? The repository version of those files are symlinks, so to me it looks like some other package is trying to install those files. > > > > > > Shouldn't the rpm have "done the right thing", and put them where they > > > belong? There is something that is stopping it from "doing the right thing". > > > > Except as noted above, there is no ca-bundle.crt file in the tree, only > this: > > tls-ca-bundle.pem > > > > Do I rename it, or what? > The simple answer is possibly. The sensible answer is that you need to find out if anything has tried to add different certificate files (and why) and work around that to work out what the best thing to do is. Use the 'rpm' command to find out what provides that files that have a .rpmnew suffix: rpm -q --whatprovides /etc/pki/tls/certs/ca-bundle.trust.crt It should come up with just one package - the ca-certificates-2018 package. If it returns multiple packages, then something else is causing confusion. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Panic / EL6 / KVM / kernel-2.6.32-754.2.1.el6.x86_64
Am 30.08.2018 um 20:28 schrieb Simon Matter : > Am 30.08.2018 um 12:16 schrieb Leon Fauster : >> >> BTW upstream bug report: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1623692 > > Well, I have an account and am logged in, still can not see the bug. It seems that the default bugzilla classification doesn't allow bug reports associated with the kernel to get a read status or so ... just to summarize the status briefly: They fortunately can reproduce the problem and are trying to find the cause now. So, +1! -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS-docs] Contribution Request
Hello, I want to contribute something to the wiki and would like to get permissions to edit the "Tips & Tricks" and "HowTos" section. But any other section would be also ok...everything where help is urgently needed. (-: My Username is "ChristianGebler". Thanks, - Chris ___ CentOS-docs mailing list CentOS-docs@centos.org https://lists.centos.org/mailman/listinfo/centos-docs
[CentOS] openl2tp.org compared to openvpn
Everyone, I am needing to set up a secure channel with another office in order to pass some dicom files back and forth. The remote office is microsoft shop. I have initially looked at openvpn, but the microsoft shop has requested that we use openl2tp in that they already have this running. Since openl2tp is not part of the centos repositories, does anyone have good or bad experiences with this. Thanks -- Greg Ennis ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Fwd: OpenSSL version 1.1.1 published - needed for TLS 1.3
If anyone here is thinking about supporting TLS 1.3, every indication is that you will need openSSL 1.1.1. Fedora 29 pre-beta is still one 1.1.1-pre9, I hope to see 1.1.1 release soonish. Hopefully Redhat will be backporting support in RHEL7 so we will have it in C7. Part of the challenge is that there is an API change from 1.1.0 to 1.1.1. Got to love it... Further complication is no FIPS support yet in 1.1.1. That is next on the docket for openSSL. Forwarded Message Subject:[openssl-users] OpenSSL version 1.1.1 published Date: Tue, 11 Sep 2018 13:42:31 + From: OpenSSL Reply-To: open...@openssl.org, openssl-us...@openssl.org Organisation: OpenSSL Project To: openssl-proj...@openssl.org, OpenSSL User Support ML , OpenSSL Announce ML -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 OpenSSL version 1.1.1 released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.1 of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.1.1-notes.html OpenSSL 1.1.1 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.1.1.tar.gz Size: 8337920 SHA1 checksum: e4559f31dca37ce815e0c7135488b747745a056d SHA256 checksum: 2836875a0f89c03d0fdf483941512613a50cfb421d6fd94b9f41d7279d586a3d The checksums were calculated using the following commands: openssl sha1 openssl-1.1.1.tar.gz openssl sha256 openssl-1.1.1.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAluXuZ8ACgkQ2cTSbQ5g RJFPFQf9G1LopuN1P3tIUTgps9Z1SS+TuC7OeRPu9TCEqOR0yO8WGyTCfLZnoXZ7 0BqFASYW4VbPCy8LH3glHLBe64NApdoA1HoMmHCvd+TxPQHEvhc0OejSaOGZKY/r 2LGUvEguiyYpjQS4bQmsl8wNl3CrYRGSMqBcbFj+qF/Rrlpa1hpKGnH4ooMxe7Nx /Ro4AjMe46vQL/RU980yFl+JTkhAvSOxw0cltbILPO2MP6Fo4QZqMO8mYRjEnqUZ E/Ixl/dIkSWjPC8pkkRS9FmMQHHYe66S20OK7V2Zl3Zd88FrNI+qeKgEF3ABGknR 6vR0kPkddRl43JktQ4B1QKS+GcwzHw== =fvfm -END PGP SIGNATURE- -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 rsync problem
On 09/12/2018 03:15 AM, Nikos Gatsis - Qbit wrote: On the new mail server with centos 7 (full updated) the rsync starts but stop transferring files after some minutes and disappears from Top but service is alive on ps aux. You might be able to get some information about the process by getting its PID from "ps", and running: ls -l /proc//fd There should be three rsync processes, and I don't remember off the top of my head which one you should be looking at. Check all of them. One should have files open in the source, and another should have files open in the destination. If those don't change periodically, it might indicate that the directories they have open are extremely large, so look at those. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 7 rsync problem
Hello list. I have a problem with rsync on a FUJITSU PRIMERGY TX150 S7 mailserver with Linux version 3.10.0-862.11.6.el7.x86_64. The server have a hardware raid 5 megaraid_sas and xfs partitions. I have an external network disk (mounted as cifs) where we backup emails from old centos 6 mailserver and files from also centos 6 file server. On the new mail server with centos 7 (full updated) the rsync starts but stop transferring files after some minutes and disappears from Top but service is alive on ps aux. The email files (cyrus imap files) are mostly small files. Unfortunately there is no error so I cant understand where is the problem. We try an external usb (ext3) and transfer 40Gb emails without problem. We give the command: rsync -vaR --delete --log-file=/var/log/rsync /var/lib/imap /var/spool/imap/ /mnt/backup/mailserver/ Any ideas? Thank you in advance. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ca-bundle questions
On Tue, 2018-09-11 at 19:38 -0500, Chuck Campbell wrote: > Sometime in Feb, yum updated something to do with ca-bundle. I didn't > notice at the time, but it put these two files on my machine: > > /etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew and > > /etc/pki/tls/certs/ca-bundle.crt.rpmnew > > Both of those on the existing system are symbolic links > > ca-bundle.trust.crt -> > /etc/pki/ca-trust/extracted/openssl/ca-bundle-trust.crt and > > ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem > > I'm not sure how exactly I'm supposed to use thes files to update those > locations. one points to a .pem file, which the .rpmnew file is not, and > there is no file of the corresponding name in the direstory pointed to > by the link. > > Shouldn't the rpm have "done the right thing", and put them where they > belong? > If a file has been modified since the RPM package was last installed, then it won't be over-written (it's configurable, but that is the default) - the new file is installed with the .rpmnew extension so that the admin can decide what to do with it. This is a "good thing". Most decent packages now have a mechanism for users to over-ride the default configuration without altering the installed files. But if you do decide, for some reason, that the installed config files need to be changed, the last thing you want is for those changes to be wipedout by an upgrade to the package. In this case, it is certainly within the bounds of possibility that you put in a different CA-Bundle and if you did, you wouldn't want your version to be overwritten. From what you say, you possibly didn't actually do so, but you may have updated the file in some other way (such as looked at it with an editor and saved it with trivial changes. that sort of thing, anything that makes it look like a different file). If you want to use the new files, just copy them over the top of the old files - make sure the symlinks still work as they should and everything will be OK. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
