Re: [CentOS] resetting a serial port

[Jon LaBadie]

On Wed, Dec 13, 2023 at 08:45:31PM -0500, Robert Moskowitz wrote:

I have Centos 7 arm32 running on a Cubieboard and I am logged in as root
on its serial uart from another system.

On that system I use

screen /dev/ttyUSB0 115200

Well it was working well for a couple days, but now only garbage comes
across.  Something messed up the serial link.

pulling the usb cable to the usb/serial adapter does not reset things.

I can ssh into the server and see root logged into ttyS0

How do I reset that serial port so that I can work on the system?

thanks



Channeling old memories of serial communications :((

Sounds like you are still connected.  One way to tell is
to pretend things are working even if you only see garbage.

For example, if you press  several times, do you
get the same garbage each time (likely the shell prompt
coming back to you).

If after an Enter and return garbage you type ls
is the garbage different, probably larger, and likely
ending with the same garbage as a solo  (the prompt)

Then try to reset your stty communication settings by
carefully typing

  stty sane

Don't try to correct typo's, just hit enter and start again.

Should that not work, ssh back in and kill the shell session
on ttyS0.  Typically the communication settings are returned
to a default set by a program called getty which then exec's
into the login program.

Good luck.

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bash test ?

[Jon LaBadie]

On Wed, Apr 19, 2023 at 09:16:26PM +0200, lejeczek via CentOS wrote:

On 19/04/2023 08:46, wwp wrote:

Hello lejeczek,

...

Surround ${_Val} with double quotes (as you should) and things will be 
different:

$ unset _Val; test -n "${_Val}"; echo $?
1

Now you get it? :-)


I don't know, am not sure, I remembered it differently, did not think enclosing 
quotes were necessary(always?) for that were {}

{} does not prevent this (at least not in bash):

$ FOO="a b"

$ test -z $FOO
bash: test: a: binary operator expected

$ test -z ${FOO}
bash: test: a: binary operator expected

Because after $FOO or ${FOO} variable expansion, bash parsed:
test -z a b
'b' is unexpected, from a grammar point of view.

Quoting is expected, here:
$ test -z "$FOO"


When FOO is unset, apparently it's a different matter, where you end up
with $?=0 in all unquoted -n/-z cases, interestingly. I could not find
this specific case in the bash documentation. That may not be portable
to other shells, BTW. I only use {} when necessary (because of what
bash allows to do between {}, plenty!, or when inserting $FOO into a
literal string that may lead the parser to take the whole string for a
variable name: echo $FOObar != echo ${FOO}bar).


Regards,

There is a several ways to run tests in shell, but 'test'
which is own binary as I understand, defeats me..


Yes, there is a binary for test (and its alternate '[').

But most shells, including bash have incorporated code for test
(and other commands) into the shell code itself for efficiency.

$ type test
test is a shell builtin



I'd expect a consistency, like with what I usually do to
test for empty var:
-> $ export _Val=some; [[ -v _Val ]]; echo $?
0
-> $ unset _Val; [[ -v _Val ]]; echo $?
1



I do hope you don't use -v to test for empty variables as
it tests for "set" variables and valid name syntax.

Set variables can be "empty"  ( name= ).

But in your last example _Val is "un"set, it does not
exist.  Thus it can neither be empty nor occupied.

--
 Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bash test ?

[Jon LaBadie]

On Wed, Apr 19, 2023 at 07:50:29AM +0200, lejeczek via CentOS wrote:

Hi guys.

I cannot wrap my hear around this:

-> $ unset _Val; test -z ${_Val}; echo $?
0
-> $ unset _Val; test -n ${_Val}; echo $?
0
-> $ _Val=some; test -n ${_Val}; echo $?
0

What is this!?
How should two different, opposite tests give the same result
Is there some bash option which affects that and if so, then
what would be the purpose of such nonsense?

many thanks, L.


Quoted $_Val expands to a null, zero length string.
Unquoted $_Val expands to nothing which is different.

An alternative test with double square brackets would
give you your expected results as it automatically
quotes unquoted variables.

$ unset _Val ; [[ -n $_Val ]] ; echo $?


jl

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RAID1 setup

[Jon LaBadie]

On Mon, Jan 09, 2023 at 07:32:02AM +0100, Simon Matter wrote:

Hi


Continuing this thread, and focusing on RAID1.

I got an HPE Proliant gen10+ that has hardware RAID support.  (can turn
it off if I want).


What exact model of RAID controller is this? If it's a S100i SR Gen10 then
it's not hardware RAID at all.


Yes it is the S100i SR.  For HW RAID there is a e208i-p card available
that can use the single PCI slot.

jl
--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Special characters in bash strings

[Jon LaBadie]

On Wed, Jul 06, 2022 at 09:41:14PM -0400, H wrote:

I have run into a bash variable string problem that I think I have nailed down 
to the variable string containing a tilde (~). Not sure if my conclusion is 
correct and could use some help.

To make a long(er) story short, an associative array variable was created:

p[work_path]="~/projects/test/"

and referenced in the following format in the shell script:

"${p[work_path]}"


Is there a reason you desire "delayed" evaluation of the tilde?

If no, then evaluate the tilde in the above assignment by not
quoting it.

If yes, then where tilde evaluation IS wanted, you will likely
need to do a second round of shell evaluation of the command
line by using the keyword "eval".

$ x="~/foo"
$ y=~"/foo" # y contains the tilde evaluated version

$ echo "$x $y"
~/foo /home/jon/foo

$ echo $x $y# quotes don't matter here
~/foo /home/jon/foo

$ eval echo "$x $y"
/home/jon/foo /home/jon/foo


Use of eval could introduce other unexpected/unwanted
evaluations and is discouraged unless required.

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] stream 8 or stream 9 for new server

[Jon LaBadie]

I'm replacing my ancient desktop home server
(CentOS 7, email, dns, backup) with a new mini-server.

I've been running stream 9 on the new toy for a couple
of weeks and I find there are still a lot of incomplete
or missing things.  Enough to delay full implementation.
Unless I do some workarounds or compile from source.

On the other hand I've read there will be no migration
path from stream 8 to stream 9.  It will require a
complete reinstall.

Any guesses as to when the stream 9 repos (including
epel) will be fairly complete?  Just trying to decide
whether to wait a bit or go with stream 8.

Jon

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Any downside to mount -o noatime?

[Jon LaBadie]

On Thu, Feb 10, 2022 at 09:49:14PM -0800, Kenneth Porter wrote:

--On Thursday, February 10, 2022 11:08 PM -0500 Jon LaBadie
 wrote:


Are you reading that as "atime gets updated every 24 hrs"?  If so you
are missing "if needed".  I.e. if the file's data blocks have been read.

Checking time-stamps and sizes are not operations that cause atime
updates.  Those are inode operations, not data reads.


That I got. I was concerned with the case where rsync does a checksum to
verify that the file's contents didn't change without changing the
timestamp.


Which you indicated are "less frequent" for full backups.
How often are full backups done?

And no, it would not be a write for each file.  It would
be an update to the in memory version of the inode.  At
some point it will be written back to "disk".  But only
as a block of many inodes for many files.  Some of those
files may not even have had any timestamp changes.  Others
might require that the block of inodes be written because
there was an mtime, ctime, size, permission change in any
one of the inodes in the block.  But it would be one write
for all the inodes in that block.

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Any downside to mount -o noatime?

[Jon LaBadie]

On Thu, Feb 10, 2022 at 06:22:55PM -0800, Kenneth Porter wrote:

--On Thursday, February 10, 2022 8:49 PM -0500 Jon LaBadie 
wrote:


atime updates that occur when {m,c}time are updated add
no additional burden.


Understood. If that's the only time it happened, I would be happy with that.


So you are concerned about a single "possible" inode update
once a day?


I'm using BackupPC to do rsync-based backups of all my systems. The
"incremental" backups look only at size and timestamp changes. The
less-frequent "full" backups checksum all my files. That means an extra
write for every file that gets checked.

I'd love to have a version of relatime that only did the first kind of
update, when ctime or mtime changed but not when 24 hours had passed.


From an earlier post:

  "According to the man page for mount, relatime updates atime
   whenever mtime or ctime are updated, or if neither has been
   updated in the last 24 hours."

Are you reading that as "atime gets updated every 24 hrs"?  If so you
are missing "if needed".  I.e. if the file's data blocks have been read.

Checking time-stamps and sizes are not operations that cause atime
updates.  Those are inode operations, not data reads.

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Any downside to mount -o noatime?

[Jon LaBadie]

On Thu, Feb 10, 2022 at 05:32:05PM -0800, Kenneth Porter wrote:

--On Thursday, February 10, 2022 8:03 PM -0500 Matthew Miller
 wrote:


relatime has been the default for a long time -- that only updates atime
once per some reasonable timeperiod. The wear and tear from that is
negligible and you can still get a basic idea of when files where
accessed.


According to the man page for mount, relatime updates atime whenever mtime
or ctime are updated, or if neither has been updated in the last 24 hours.
Which is still prohibitive if you're doing an incremental (rsync) backup
and checking file contents on the "full" backup weekly or monthly.

The only apps I've found that need atime are tmpwatch and biff, neither of
which I use.


atime updates that occur when {m,c}time are updated add
no additional burden.

So you are concerned about a single "possible" inode update
once a day?

jl

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Assitance with perl

[Jon LaBadie]

On Wed, Feb 02, 2022 at 08:54:38PM -0500, H wrote:

I am writing a long bash script under CentOS 7 where perl is used for 
manipulating some external files. So far I am using perl one-liners to do so 
but ran into a problem when I need to append text to an external file.

Here is a simplified example in the bash script where txt is a bash variable 
which I built containing a longish text with multiple newlines:

txt="a b$'\n'cd ef$'\n'g h$'\n'ij kl"

A simplified perl one-liner to append the text in the variable above to some 
file in the bash script would be:

perl -pe 'eof && do{print $_'"${txt}"'; exit}' someexternalfile.txt

This works when fine when $txt does /not/ contain any spaces but falls apart 
when it does.


In a shell script why not stick to shell tools?

  printf "%s" "${txt}" >> someexternalfile.txt

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] HP Microserver Gen 10+ video RHEL8

[Jon LaBadie]

I'm considering using an HP Proliant Microserver
Gen 10+ with a Xeon processor.

With the lower level Pentium processor, the CPU and
chipset include Intel 610 graphics.

But I can not find any info on any builtin video
capability of the Xeon provisioned models.

Has anyone used these models with Stream (8 or 9)
and can describe the video capability?

I'd like to do basic X-windows for the occasional
GUI admin tool.

Thanks,
Jon
--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] something is hammering non-existant floppy

[Jon LaBadie]

On Mon, Dec 13, 2021 at 09:32:58AM -0600, Jon Pruente wrote:

On Mon, Dec 13, 2021 at 12:05 AM Jon LaBadie  wrote:


On my two Fedora systems I get "autofs.service not found".
Perhaps it is masked there.



Are they the same hardware or vms running on the same hypervisor? Where/how
is the trouble system running? I've seen odd floppy access errors pop up on
VMs running on old ESXi systems, and also on systems with
BMC/IPMI/ILO/iDRAC remote consoles that provide means to have remote
drives.


Each is separate hardware, 2 desktop towers and a laptop.
No "server" hardware, just a desktop providing some server features
eg. email, dns, backup.

Jon
--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] something is hammering non-existant floppy

[Jon LaBadie]

On Sun, Dec 12, 2021 at 07:45:03AM -0500, Jonathan Billings wrote:

On Dec 11, 2021, at 23:19, Jon LaBadie  wrote:


On my CentOS7 system, I'm getting message sequences in
/var/log/message and in the journal that are nearly identical
to the sequence below.  They come in multiple times per second.

I've deleted the timestamps and system name from the messages.

kernel: floppy0: Getstatus times out (0) on fdc 0
kernel: kernel: floppy driver state
kernel: ---
kernel: now=4476158515 last interrupt=4476158452 diff=63 last called 
handler=reset_interrupt [floppy]
kernel: timeout_message=floppy start
kernel: last output bytes:
kernel: 8 81 4388061306
kernel: 3 80 4388061326

...

kernel: 8 80 4476158452
kernel: 12 80 4476158471
kernel: last result at 4476158452
kernel: last redo_fd_request at 4476158471
kernel: status=0
kernel: fdc_busy=1
kernel: timer_function=c01daf70 expires=2957
kernel: cont=c01dc400
kernel: current_req=9b0e72239c80
kernel: command_status=-1
kernel:
I persume something is trying to access the system's
floppy disk drive that does not exist.  But I have
been unable to identify what's triggering all this
activity.

Any suggestions?


Any chance you have something like automount/autofs set up with
a mountpoint for the floppy device?

—
Jonathan Billings


Certainly not intentionally.  And nothing in /etc/auto.* to
suggest so.  Also:

$ systemctl status autofs.service
● autofs.service - Automounts filesystems on demand
   Loaded: loaded (/usr/lib/systemd/system/autofs.service; disabled; vendor 
preset: disabled)
   Active: inactive (dead)

On my two Fedora systems I get "autofs.service not found".
Perhaps it is masked there.

Jon

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] something is hammering non-existant floppy

[Jon LaBadie]

On my CentOS7 system, I'm getting message sequences in
/var/log/message and in the journal that are nearly identical
to the sequence below.  They come in multiple times per second.

I've deleted the timestamps and system name from the messages.

kernel: floppy0: Getstatus times out (0) on fdc 0
kernel: 
kernel: floppy driver state

kernel: ---
kernel: now=4476158515 last interrupt=4476158452 diff=63 last called 
handler=reset_interrupt [floppy]
kernel: timeout_message=floppy start
kernel: last output bytes:
kernel: 8 81 4388061306
kernel: 3 80 4388061326
kernel: d1 90 4388061326
kernel: a 90 4388061326
kernel: 7 90 4388061326
kernel: 0 90 4388061326
kernel: 8 81 4388061730
kernel: 3 80 4388061751
kernel: c1 90 4388061751
kernel: 10 90 4388061751
kernel: 7 80 4388061751
kernel: 0 90 4388061751
kernel: 8 81 4388062074
kernel: 7 80 4388062075
kernel: 0 90 4388062075
kernel: 8 81 4388062399
kernel: 8 80 4402157917
kernel: 8 80 4402213377
kernel: 8 80 4476158452
kernel: 12 80 4476158471
kernel: last result at 4476158452
kernel: last redo_fd_request at 4476158471
kernel: status=0
kernel: fdc_busy=1
kernel: timer_function=c01daf70 expires=2957
kernel: cont=c01dc400
kernel: current_req=9b0e72239c80
kernel: command_status=-1
kernel: 


I persume something is trying to access the system's
floppy disk drive that does not exist.  But I have
been unable to identify what's triggering all this
activity.

Any suggestions?

Jon

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] grepmail

[Jon LaBadie]

On my Fedora box I occasionally use grepmail.
Recently I went to use it on my CentOS 7 mail server
and found I had not installed it.  Surprisingly
(to me) I did not find it in the repositories.

Grepmail is a perl script and uses several perl modules.
I copied the executable from the Fedora box and installed
a missing module from the CentOS 7 repos.  Seems to work.

However the CentOS perl modules are older versions than
the executable uses on Fedora.  I'd prefer the executable
and modules were tested together.  Have I missed grepmail
in any CentOS 7 repos?

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] external USB drives, strange result on reawaking

[Jon LaBadie]

My backup system (using amanda) stores its data on external
drives in a single 4 bay USB enclosure.  As these drives
are only needed during backup or recovery operations I have
used hdparm to enable them go to an idle state after a period
of inactivity.

If I attempt to access any of the data when the drives are
sleeping I get a strange result.  Suppose I try to list
one of the mountpoints, "ls .../D2", there is the expected
delay while the 4 drives spin up and then ls completes with
no output.

I know each of the 4 drives has 40 subdirectories under the
mount point.  And each of the 3 other reawakened drive lists
properly.  But the directory I used to awaken the drives
lists as empty.

This effect is not limited to inititally listing a mount point.
Had my command been "ls .../D2/DS1-044", DS1-044 would appear
empty, but DS1-043 and all other similar directories list
properly.

Further, if I attempt to access a file I know exists in DS1-044
by its explicit name, that succeeds.  It is like having execute
permission, but not read permission on the directory.

If I unmount and re-mount the filesystem, all is normal.

Any clues as to why this happens, or ways to make the invisible
visable again without the unmount/mount sequence?

Jon

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrade to 8.4 .2105 Problems

[Jon LaBadie]

On Sat, Jun 05, 2021 at 04:32:30PM +1200, Alan McRae via CentOS wrote:

I noticed in journalctl that gnome-shell was core dumping.

yum reinstall gnome-shell fixed my displays problem.

So I am back to my first premise that the 'yum update' did not 
complete properly for some reason.


Is there any way I can check the integrity of the packages installed?


rpm, but not to my knowledge, has a "verify" command.

It checks all files from the specified package are present
and compares 9 properties with the original specs.


--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Missing /etc/ld.so.conf.d/kernel-3.10.0-1127.19.1.el7.x86_64.conf

[Jon LaBadie]

On Sun, Apr 11, 2021 at 09:32:35AM -0700, Kenneth Porter wrote:
I'm yum updating some CentOS 7 systems today and got this error. Two 
systems (so far) seem to have rebooted fine. Should I worry?


error: file /etc/ld.so.conf.d/kernel-3.10.0-1127.19.1.el7.x86_64.conf: 
No such file or directory


Seeing this message during package updates with removal of
the old package has led me to interpret it as:

  "I'm supposed to remove this file but I can't find it.
   If you see it lurking around remove it yourself."

Jon
--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Automatic clean /tmp folder

[Jon LaBadie]

On Thu, Apr 08, 2021 at 01:09:57PM +, Gestió Servidors wrote:

With these files I supposed that a file with more than 10 days in /tmp
would be automatically deleted, but today I have found some files/folders
with more than 10 days.

What I have done wrong?


The test is on access time, not modification. Have they been read in the last 
10 days?


And note that a GUI file manager might attempt to read every file in a
directory in order to determine its type and display the correct icon.


I have check my /tmp folder with "find ./ -atime +10d" and there are
some folders that appears as "accessed" more than 10 days ago... so I
don't understand why automatic deletion system has not deleted them.

Thanks.


Typically directories are not deleted if not empty.
Do those folders contain items that were accessed more recently?


--
Jon H. LaBadie  j...@labadie.us

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] qemu-kvm images of old Windows XP SP3

[Jon LaBadie]

On Sat, Mar 13, 2021 at 10:03:54AM -0500, David McGuffey wrote:

I have a Nikon slide scanner (very high quality) for which the software
has not been updated. It last ran on WinXP SP3 and I was not able to
get it to run under Win 7 and certainly not Win 10.

Anyone know where I can obtain images of this old OS to run in CentOS 7
under kvm?


A search on DuckDuckGo (but not Google) led me to this .iso:

https://archive.org/details/WinXPProSP3x86

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] e2fsck but says mounted and cannot

[Jon LaBadie]

On Wed, Feb 24, 2021 at 02:02:38PM -0500, Jerry Geis wrote:

I have a system that needs to run e2fsck (C7). I boot into rescue mode,
skip to shell (option 3).
enter they PW and I type:

e2fsck -y /dev/sda1
and it says is mounted. This is "/"

What do I do so I can run e2fsck ?



A good first step is to enter "run fsck on root filesystem",
or some such, into your favorite search engine.

Possibilities:

1. # touch /forcefsck
   # reboot

2. # reboot
   select rescue mode from grub menu which likely has an fsck option

3. boot into live media rather than your hard disk
   now your root partition is just any old partition to fsck

--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to reset the USB subsystem?

[Jon LaBadie]

On Thu, Jan 14, 2021 at 12:18:10PM -0500, Fred wrote:

from a non-expert (me):

possibly figure out what happens when the device is plugged/unplugged and
doing that by hand. if you can find the udev file(s) that manage the
port(s) that get hung you may be able to figure out what those steps would
be.

or you could try, when hung, plugging it into a different USB port... some
motherboards have multiple USB controllers, so even if one gets wedged
tight, the other one(s) shouldn't be.

Good Luck!

Fred

On Thu, Jan 14, 2021 at 11:22 AM Frank Bures  wrote:


Hi,

my USB connected printer goes into deep space from time to time probably
due to a HW problem on the MoBo.

Is there a way how to reset the USB subsystem the same way one can restart
networking or X without the necessity to reboot?



Couple of cable ideas that may be of interest.  I got all of these
from Amazon.

In my new car there is only one usb port to connect data deviced to.

When I used my micro thumb drive to play music the car often "lost"
the drive and it had to be pulled and reinserted.  Not easy with the
micro drives.

A second problem was using the one port for music source or plugging
in my phone for Android Auto.  The cars usb system would not deal with
a hub of any sort.  Thus the nice credit card sized 4 port hub with
individual on/off buttons for each port did not work.

The lost thumb drive was solved with a cable having an on/off switch.
Think of it as a 15 inch usb extension cable (M -> F) with a switch
in the middle.

Both problems were solved with a USB printer A/B switch.  This is not
a hub, but a switch intended to let you print to either of 2 different
printers from a computer having a single USB port.  In my case the
music thumb drive and the phone are the "printers".

Jon
--
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] units command, crazy output

[Jon LaBadie]

On Wed, Dec 30, 2020 at 06:20:28PM -0500, Fred wrote:
> whenever I use the units command from a script, e.g.:
> 
> elapsed=86500
> echo elapsed time: `units "$elapsed sec" hms`
> elapsed time: *Currency exchange rates from 2012-10-24* 24 hr + 1 min + 40
> sec
> 
> the man page even says it outputs that when run without arguments.
> 
> My question is why in the world does it? certainly when run from within a
> script doing conversions of time using the "hms" option, I don't want that
> to be stuck in the middle of my output.
> 
> Anybody know why it does that, or how to make it quit? (I know, I use sed
> to filter it out, but can't understand why I should have to.
> 
> Thanks in advance!
> 
You might consider terse output:

$ units -t '86500 sec' hms
24;1;40

jl
-- 
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] firewall-cmd - bug or bad design

[Jon LaBadie]

In my firewall I use an ipset as a geographical blacklist.

A single addresses can be entered into the blacklist using
CIDR notation or not, i.e.

111.222.111.222/32  OR  111.222.111.222

while a block of IP addresses can be entered using CIDR notation:

111.222.111.0/24

Both the ipset and firewall-cmd commands have ways to ask if an address
has already been entered into the blacklist.  The basic syntax is

  ipset test  

  firewall-cmd --ipset= --query-entry=

With ipset I can test a single address using CIDR or not regardless
of how it was entered.  If the entry was a block of addresses, any
address within the block is reported as "in the ipset".

firewall-cmd responds differently.  If I entered "111.222.111.222/32"
(i.e. using CIDR) into the list, firewall-cmd reports the address as
"NOT entered" if I query the simple form "111.222.111.222" even though
they are the same single address.  Conversely, if the original entry
was simple, the CIDR form is reported as "NOT entered".

With block entries like 111.222.111.0/24, any address within the block
is reported as "NOT entered"!  Only the actual string entered,
111.222.111.0/24, is considered "entered".

I use these types of queries to decided whether an ip address is already
being blocked.  Clearly relying  the firewall-cmd query would lead to
unnecessary entries.

What do you think, Should I consider this simply a poor design decision
or a reportable "bug"?

-- 
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] crontab query

[Jon LaBadie]

On Thu, Nov 12, 2020 at 03:59:09PM +0100, Ralf Prengel wrote:
> Hallo,
> doesn t it make more sense to start the script every hour and check all 
> conditions in the script?
> Ralf
> 
> Von meinem iPad gesendet

I prefer to develop the script standalone.  The date/time restriction can be 
added
in crontab or a separate script that does the date/time validation and calls the
standalone script.

If the date/time checks are added to the script, I recommend adding an option
to override the checks and forces execution of the script when needed.

Jon
> 
> > Am 12.11.2020 um 15:42 schrieb Frank M. Ramaekers Jr. :
> > 
> > I need to schedule a process/program every hour on the hour between 9am 
> > and 4pm on the 2nd through the 9th of each month except on Saturday and 
> > Sunday.  So, I tried this entry:
> > 
> > 0 9-16 2-9 * 1-5 ./myprog.sh
> > 
> > Unfortunately it runs outside of the 2nd through the 9th and still runs on 
> > Sat. through Sun.
> > 
> > Is there a way to do this (outside the program itself)?
> > 
> > -Frank
> > 
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>>> End of included message <<<

-- 
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] crontab query

[Jon LaBadie]

On Wed, Nov 11, 2020 at 10:35:48AM -0600, Frank M. Ramaekers Jr. wrote:
> I need to schedule a process/program every hour on the hour between 9am and
> 4pm on the 2nd through the 9th of each month except on Saturday and Sunday. 
> So, I tried this entry:
> 
> 0 9-16 2-9 * 1-5 ./myprog.sh
> 
> Unfortunately it runs outside of the 2nd through the 9th and still runs on
> Sat. through Sun.
> 
> Is there a way to do this (outside the program itself)?
> 

Perhaps

0 9-16 * * 1-5  [[ $(date +%d) == 0[2-9] ]] && ./myprog.sh

Please replace ./ with full path to myprog.sh

jl
-- 
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 8.2.2004 Latest yum update renders machine unbootable

[Jon LaBadie]

On Sun, Aug 02, 2020 at 07:16:25AM -0700, david wrote:
> 
> > 
> 
...
> 
> > 
> > You just need to reinstall the kernel and it should work.
> > 
> 
> Sorry for being so ignorant, but I don't understand "just reinstall the
> kernel".  I don't know how to translate that into a specific yum or rpm
> command.
> 
> However, since this is a crash-and-burn system, I'm going back to a virgin
> install with netinstall of 7 2003.  I'll let you know what the results are.

Using dnf instead I would get my latest installed kernel version number:

  $ dnf list installed kernel
  Installed Packages
  kernel.x86_64 3.10.0-1127.el7   @base   
  kernel.x86_64 3.10.0-1127.8.2.el7   @updates
  kernel.x86_64 3.10.0-1127.10.1.el7  @updates
  kernel.x86_64 3.10.0-1127.13.1.el7  @updates
  kernel.x86_64 3.10.0-1127.18.2.el7  @updates

Then do:

  $ sudo dnf reinstall kernel*3.10.0-1127.18.2*

HTH
jon
-- 
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 8.2.2004 Latest yum update renders machine unbootable

[Jon LaBadie]

On Fri, Jul 31, 2020 at 10:20:28PM -0500, Johnny Hughes wrote:
...
> 
> The issue seems to be with the shim package (not the grub or kernel
> packages) and we are currently working with Red Hat on a fix.  This
> issue happened in many Linux OSes and even Windows, not just RHEL and
> CentOS.
> 
> We will push a fix as soon as one is available.
> 
> I would hold off on installing this until we release the new fixes.
> 

On a system that does not use any of the shim packages, would you
recommend updating the grub2 and mokutil packages or holding off?

Jon
-- 
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall questions

[Jon LaBadie]

On Sun, Jun 21, 2020 at 02:33:18PM -0500, Chuck Campbell wrote:
> I'm running Centos 7.8.2003, with firewalld.
> 
> I was getting huge numbers of ssh attempts per day from a few specific ip
> blocks.
> 
> The offenders are 45.0.0.0/24, 49.0.0.0/24, 51.0.0.0/24, 111.0.0.0/24 and
> 118.0.0.0/24, and they amounted to a multiple thousands of attempts per day.
> I installed and configured fail2ban, but still saw a lot of attempts in the
> logs, and the ipset created was filling up.
> 
What type of ipset did you create, perhaps hash:ip where individual
addresses are listed?  If so, consider switching to hash:net which
uses CIDR style entries.  Individual addresses become 1.2.3.4/32
but blocks can be included with a single entry.  My ipset has about
40,000 entries, but covers millions of IP addresses.

If you do switch look on the net for a program called "cidrmerge".
It takes a list of IP addresses and CIDR networks, sorts them
and merges multiple entries into a single network where possible.

Jon
-- 
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix restrictions

[Jon LaBadie]

On Sun, Jun 07, 2020 at 05:53:28AM -0700, John Pierce wrote:
> On Sun, Jun 7, 2020, 2:47 AM Nicolas Kovacs  wrote:
> 
> > 
> > My aim is simply to eliminate as much spam as possible (that is, before
> > adding
> > SpamAssassin) while keeping false positives to a minimum.
> >
> 
> The one thing that stopped the most spam on my last mailserver was
> greylisting.   Any mta that connects to you to send you mail, you check
> against a white list, and if they are not on it, you reject the connection
> with a 'try again later' code and add them to a grey list that will let
> them in after 10 minutes or so.   The vast majority of spambots don't queue
> up retries, they just move on to the next target.
> 
> The downside of greylisting is delayed delivery of mail from non white
> listed servers, dependent on their retry cycle.

I hit another limitation.  My backup MX handler is a 3rd party who
will not use greylisting.  Thus all the 1st timers I rejected just
delivered to my alternate MX address and were not blocked at all.

Jon
-- 
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ailing MATE desktop [SOLVED]

[Jon LaBadie]

On Fri, May 15, 2020 at 10:08:54PM -0500, Robert G (Doc) Savage via CentOS 
wrote:
> On Thu, 2020-05-14 at 16:12 -0400, Jon LaBadie wrote:
> > On Thu, May 14, 2020 at 05:24:13AM -0500, Robert G (Doc) Savage via
> > CentOS wrote:
> > > > > If you look at the listing attached to my last message, you'll
> > > > > see
> > > > > three different groups of packages:
> > > > > 
> > > > > Removing:
> > > > >   xxx
> > > > > Removing dependent packages:
> > > > >   xxx
> > > > > Removing unused dependencies:
> > > > >   xxx
> > > > > 
> > > > > I don't understand the meaning of the last group of "unused
> > > > > dependencies".
> > > > > 
> > As I understand them, dependent packages are dependent on MATE.
> > If MATE goes away they are useless.
> > 
> > Dependencies are packages MATE is dependent upon.  Other things
> > may also be dependent on those packages.
> > 
> > Unused dependencies are things that if MATE were removed have
> > no other packages dependent on them.  So MAYBE they are no longer
> > needed and can be removed.
> > 
> > But be careful with these.  Nothing may depend upon them, but you
> > may use them.  First in your list is ImageMagick.  You may use this
> > whether MATE is there or not.
> > 
> > The "--noautoremove option prevents removal of "unused dependencies".
> > You can then take your list and see which you really don't need and
> > remove them separately.
> > 
> > Jon
> 
> Jon,
> 
> You have nailed the obscure but critical element for removing a damaged
> MATE installation. The --noautoremove option made everything else
> possible:
> 
> # dnf erase *mate* --noautoremove --skip-broken
> 
> This removes all of the front line MATE packages and their direct
> dependencies. All are in the COPR repository.
> 
> I just ran that command followed by a fresh re-install of MATE 1.22
> using the instructions at 
> https://copr.fedorainfracloud.org/coprs/stenstorp/MATE/.
> 
> When I logged out of GNOME3 and logged back in using the re-installed
> MATE, all is well again.
> 
> I think I owe you a beer or two Jon. Thanks very much.
> 
Great.  But hold the beers.  I had enough for life 22 yrs ago :)

jl
-- 
Jon H. LaBadie  j...@labadie.us
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ailing MATE desktop

[Jon LaBadie]

On Thu, May 14, 2020 at 05:24:13AM -0500, Robert G (Doc) Savage via CentOS 
wrote:
> On Thu, 2020-05-14 at 08:18 +0200, Simon Matter wrote:
> > > On Wed, 2020-05-06 at 10:26 -0500, Robert G (Doc) Savage via CentOS
> > > wrote:
> > > > On Tue, 2020-05-05 at 19:25 -0500, Robert G (Doc) Savage via
> > > > CentOS
> > > > wrote:
> > > > > I'm about ready to run "dnf erase *mate*" and try re-installing
> > > > > MATE
> > > > > from scratch from the GNOME3 desktop. Is that possible without
> > > > > ripping
> > > > > the heart out of C8 by deleting other critical packages?
> > > > 
> > > > I've attached a capture of "dnf erase *mate*" that shows the 104
> > > > packages that would be removed. It looks safe enough, but if
> > > > there's
> > > > a
> > > > a better way to fix the problem I'd rather try that.
> > > 
> > > Having gotten no responses, I'm about ready to plunge ahead and try
> > > removing MATE v1.22 with dnf, then do a fresh reinstall of all
> > > packages. However, I'm unsure about the safest way to proceed.
> > > 
> > > If you look at the listing attached to my last message, you'll see
> > > three different groups of packages:
> > > 
> > > Removing:
> > >   xxx
> > > Removing dependent packages:
> > >   xxx
> > > Removing unused dependencies:
> > >   xxx
> > > 
> > > I don't understand the meaning of the last group of "unused
> > > dependencies".
> > > 
As I understand them, dependent packages are dependent on MATE.
If MATE goes away they are useless.

Dependencies are packages MATE is dependent upon.  Other things
may also be dependent on those packages.

Unused dependencies are things that if MATE were removed have
no other packages dependent on them.  So MAYBE they are no longer
needed and can be removed.

But be careful with these.  Nothing may depend upon them, but you
may use them.  First in your list is ImageMagick.  You may use this
whether MATE is there or not.

The "--noautoremove option prevents removal of "unused dependencies".
You can then take your list and see which you really don't need and
remove them separately.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mostly better: new C7

[Jon LaBadie]

On Fri, Apr 03, 2020 at 03:47:13PM -0400, mark wrote:
...
> 
> Having installed a KDE desktop, much is better... with one exception: I
> can't seem to find any games. I tried yum groupinstall "Games and
> Entertainment", which showed when I did group list... and was told it was
> empty.
> 
> Now what am I missing? I do have epel and rpmfusion, both free and non-free.
> 
>   mark

The more business oriented nature of CentOS/RHEL
compared to Fedora etc.

  $ dnf search game

gives 65 lines of output on C7 (incld epel & rpmfusion)
but 630+ lines on Fedora.

jl
-- 
Jon H. LaBadie j...@labadie.us
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need help to fix bug in rsync

[Jon LaBadie]

On Wed, Mar 25, 2020 at 02:49:24PM +0100, Simon Matter via CentOS wrote:
> Hi,
> 
> I've discovered a bug in rsync which leads to increased CPU usage and
> slower transfers in many situations.
> 
> When syncing with compression (-z), certain file types should not be
> compressed during the transfer because they are already compressed. The
> file types which are not to be compressed can be seen in the man page
> section --skip-compress.
> 
> Unfortunately skipping the default file types doesn't work and all
> transferred data is being compressed during the transfer. This is true for
> all versions since 3.1.0.
> 
> Steps to Reproduce:
> 1. run 'rm -f Z ; rsync -azv alpha:z.gz Z'
> 
> Actual results, transferred data was compressed during the transfer:
> sent 43 bytes  received 63,873 bytes  25,566.40 bytes/sec
> total size is 628,952  speedup is 9.84
> 
> Expected results:
> No compression should happen for .gz file.
> 
> Additional info:
> Note that the source file 'z.gz' was an ascii text file to show clearly
> that compression took place.

That may invalidate your testing.

rsync may not depend upon the filename extension
but instead check the magic numbers within the file
to determine whether to compress or not.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fetchmail

[Jon LaBadie]

On Wed, Jan 22, 2020 at 02:10:08PM -0500, Jerry Geis wrote:
> it also says unknown token for "timeout"
> version is 6.3.24 and man page says timeout is valid as a token.
> 
> Jerry
> 
> On Wed, Jan 22, 2020 at 2:04 PM Jerry Geis  wrote:
> 
> > Hi all,
> >
> > Anyone know how to specify for fetchmail in .netrc the "folder" to read  ?
> >
> > If tried folder XYZ
> > and it says unknown token folder.
> > Man page says that should work.
> >
> > Jerry
> >

I assume the manpage you reference is fetchmail's.

If my reading is correct, the only thing(s) that fetchmail
will get from .netrc is the user & password for a host
it will access.  The rest of the stuff should got into
~/.fetchmailrc.

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Blocking attacks from a range of IP addresses

[Jon LaBadie]

On Thu, Jan 09, 2020 at 11:49:59AM +0530, Thomas Stephen Lee wrote:
> On Thu, Jan 9, 2020 at 6:07 AM H  wrote:
> 
> > I am being attacked by an entire subnet where the first two parts of the
> > IP address remain identical but the last two parts vary sufficiently that
> > it is not caught by fail2ban since the attempts do not meet the cut-off of
> > a certain number of attempts within the given time.
> >
> > Has anyone created a fail2ban filter for this type of attack? As of right
> > now, I have manually banned a range of IP addresses but would like to
> > automate it for the future.
> >
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> 
> 
> Hi,
> 
> I am not an expert but,
> you can try creating an ipset with the the range you need and do a drop in
> iptables or firewalld.
> We have used ipsets with bare iptables in CentOS 6, and firewalld in CentOS
> 7.
> fail2ban also uses ipsets in CentOS 7.
> 
Ditto, both in C6 and C7.

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] printer only prints one page, if anything

[Jon LaBadie]

On Sun, Nov 03, 2019 at 02:55:32PM -0600, Michael Hennebry wrote:
> 
> I've got a Brother HL-L2360D series printer connected to Centos 7.
> CUPS lists it as Generic PCL6/PCL Printer - CUPS+Gutenprint v5.2.9 .
> When I tell it to print a pdf file, it prints at most the first page.
> 

Have you tried adding the Brother CUPS and/or generic LPR software?

  
https://support.brother.com/g/b/downloadtop.aspx?c=us=en=hll2360dw_us

-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C8 install libreoffice

[Jon LaBadie]

On Mon, Sep 30, 2019 at 12:02:18AM +0200, Ulf Volmer wrote:
> On 29.09.19 23:05, J Martin Rushton via CentOS wrote:
> 
> > Can't see qny sort of office there, however when I do
> >  # yum group info "office*"
> > all the expected LibreOffice stuff is there.
> 
> yum group list --hidden
> 
At least on CentOS 7, hidden is not an option but a keyword:

  yum group list hidden

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C8 install libreoffice

[Jon LaBadie]

On Sat, Sep 28, 2019 at 02:46:18PM +0200, Markus Falb wrote:
> 
> Alternatively you may like to learn how to use your package manager to
> get answers to your questions.
> 
> ...snip
> # yum search libreoffice
> ...

The RHEL 8 Release Notes mention several package managers.
Yum3, the older python-based version we have known,
yum4, also python but based on the dnf backend,
and dnf.

I assume there is a /usr/bin/yum.  Is it yum3 or yum4?

Is yum4 really dnf in disguise?
Or is it something intermediate between yum3 and dnf?

Jon
-- 
Jon H. LaBadie j...@labadie.us
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ***UNCHECKED*** clamd / amavisd missing socket

[Jon LaBadie]

On Mon, Sep 09, 2019 at 10:22:21AM +0200, Laurent Wandrebeck wrote:
> Le vendredi 30 août 2019 à 13:57 -0400, Jon LaBadie a écrit :
> > I think something along these lines appeared before
> > but I was unable to find them.
> > 
> > I'm on a 7.6 system, been running clamav and amavisd-new
> > since 6 days with little problem.  On a recent reboot,
> > clamd@amavisd does not start up and fails manual start.
> > 
> > The problem seems to be the missing socket that connects
> > the pair, "/var/run/clamd.amavisd/clamd.socket".
> > 
> > I believe this should be created by systemd files but I
> > see no indication of them on my system.
> > 
> > Anyone know which files might be missing and where to
> > get copies?  Or a work around to run clamd@amavisd
> > and get rid of the "*** UNCHECKED ***' additions to my
> > my Subject lines?
> > 
> > BTW manual creation of the socket with netcat had no effect
> > on the startup.
> > 
> > Jon
> 
> Hi John,
> 
> I have the same problem, though /var/run/clamd.amavisd/clamd.sock do
> exists (please note .sock and not .socket).
> 
> Sep 09 08:19:37 minicloud2 amavis[9597]: (09597-02) (!)connect to 
> /var/run/clamd.amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX 
> socket /var/run/clamd.amavisd/clamd.sock: Connection refused
> 
> ll /var/run/clamd.amavisd/clamd.sock
> srw-rw-rw-. 1 amavis amavis 0 Jun 22 06:05 /var/run/clamd.amavisd/clamd.sock
> 
> Nothing denied in SELinux logs.
> 
> Don’t really know what the problem is for now, and have not yet found a
> way to fix it, sorry.
> -- 

Good to know I'm not alone with this problem.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CUPS job handling

[Jon LaBadie]

On Sun, Sep 01, 2019 at 02:19:58PM +0200, hw wrote:
> On Thu, 22 Aug 2019 11:48:37 -0500 (CDT)
> Michael Hennebry  wrote:
> 
> > On Tue, 20 Aug 2019, hw wrote:
> > 
> > > is it somehow possible to make CUPS automatically redirect jobs, and
> > > following jobs, away from printers which can not print them to other
> > > printers that can print them until the printers that couldn't print
> > > them are again able to print them?
> > 
> > IIRC CUPS has printer classes or some such thing.
> > A user can send a job to a class and CUPS will
> > direct it within that class as it sees fit.
> > Presumaly if one printer is stil chewing on last week's job,
> > CUPS will see fit to direct subsequent jobs elsewhere.
> 
> Well, yes, and I am not sure (at least not yet) if print jobs for a
> class are diverted to other members of the class or not.  It seems
> that data kept in the printer buffer and in the print-server the
> printers are connected to can make it difficult to figure what is
> actually going on.
> 
With the widespread use of deskside printers today, the use-case for
printer classes is moot.  Back when laser printers were expensive,
a department might purchase several of the same printer and put
them into a "printer room" along with "cubby holes" for each
department member.  So you might have printers enumerated hplj-1
to hplj-n and a printer class just hplj.  If you printed to hplj,
the first unused member of the class got your job.  But you could
still send to a specific printer by enumerated name.

Another seldom used feature is cover sheets (and end sheets).  They
separated users jobs so when you picked up your job directly from the
printer, you could file other completed jobs in their respective cubbies.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] clamd / amavisd missing socket

[Jon LaBadie]

I think something along these lines appeared before
but I was unable to find them.

I'm on a 7.6 system, been running clamav and amavisd-new
since 6 days with little problem.  On a recent reboot,
clamd@amavisd does not start up and fails manual start.

The problem seems to be the missing socket that connects
the pair, "/var/run/clamd.amavisd/clamd.socket".

I believe this should be created by systemd files but I
see no indication of them on my system.

Anyone know which files might be missing and where to
get copies?  Or a work around to run clamd@amavisd
and get rid of the "*** UNCHECKED ***' additions to my
my Subject lines?

BTW manual creation of the socket with netcat had no effect
on the startup.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Giving full administrator privileges through sudo on production systems

[Jon LaBadie]

On Fri, Aug 16, 2019 at 08:01:56AM -0500, Valeri Galtsev wrote:
> 
> 
> > On Aug 16, 2019, at 6:21 AM, Warren Young  wrote:
> > 
> > On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya  wrote:
> >> 
> >> Based on above cases, is it OK to give group of random users full 
> >> administrator privileges using sudo, by adding them to sudoers with ALL 
> >> privileges? Should sudoers call customer service number instead of 
> >> sysadmin when something breaks?
> > 
> > sudo is a tool for expressing and enforcing a site’s policies regarding 
> > superuser privilege.
> > 
> > If your sudo configuration expresses and enforces those policies the way 
> > you want it to, then the configuration is correct.  If it does not, then 
> > fix it.
> 
> Incidentally, sudo stands for substitute user do. Meaning: executing 
> something as a different user. I keep repeading it to proficient Linux users 
> who sometimes need my help too, amazingly they all percieve it as a super 
> user do, not as a substitute user do. Even though “man sudo” says in the 
> first line: - execute a command as another user…
> 
> Just mentioning.
> 
> Valeri
> 
Hear, hear,  +1.

And if I may add, a similar comment may be applied to "su".

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

[Jon LaBadie]

On Mon, Aug 05, 2019 at 09:31:56AM +0100, Giles Coochey wrote:
> 
> On 05/08/2019 09:18, Pete Biggs wrote:
> > > I've found the default 10min bans hardly bother some attackers.
> > > So I've added the "recidive" feature of fail2ban.  After the
> > > second 10min ban, the attacker is blocked for 1 week.
> > > 
> > Oh definitely. My systems are set to "3 bans and you're out" - a
> > recidive ban is permanent after three other bans.  I have large parts
> > of some subnets in my ban list as attackers just move from one host to
> > another as they get banned.
> > 
> > P.
> > 
> I worked for a company some time back that had an association with a South
> African company who wanted to host some infrastructure in our data centre,
> the network admin there wanted a specific configuration for outbound source
> NAT from a certain host that would scroll through a list of source NAT IP
> addresses (think a whole /24) for every connection attempt, pretty sure it
> was for sending unsolicited emails, in any case the association with that
> company didn't last and I took redundancy after less than a year there.

Now that would be a single firewall rule and a kernel ipset.

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

[Jon LaBadie]

On Mon, Aug 05, 2019 at 09:00:23AM +0100, Giles Coochey wrote:
> 
> On 05/08/2019 08:50, Jon LaBadie wrote:
> > 
> > I've found the default 10min bans hardly bother some attackers.
> > So I've added the "recidive" feature of fail2ban.  After the
> > second 10min ban, the attacker is blocked for 1 week.
> > 
> Interesting, didn't know about that feature, but, oh, I just generally ban
> for a whole week regardless, 

Ahh, but with recidive, the ban and unban are automatic.

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

[Jon LaBadie]

On Sat, Aug 03, 2019 at 04:50:05PM +0100, Giles Coochey wrote:
> 
> On 02/08/2019 19:38, Jon LaBadie wrote:
> > On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
> > > Fred Smith wrote:
> > > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
> > > 
> 
> I've been using fail2ban for some time, I have a number of ports open to the
> Internet - SSH, SMTP, IMAPS, HTTP and HTTPS on my external subnet.
> 
> This thread made me look at how fail2ban was doing, and I noticed that it
> wasn't particularly working too well for SSH, as I have turned off password
> authentication, so I edited the filters a little, and found it started
> filtering some more IPs. I found on my firewall that there were something
> like 500 active connection states to SSH - it looked like a scanning tool
> was just hanging and sending many connections, the same thing for about
> three remote IPs - I put a manual block on these at the firewall.
> 
> The firewall has a block feature, which allows me to enter URLs which point
> to lists of IPs (Blocklists) and block traffic from those IPs at the
> firewall.
> 
> It's designed to use these types of IP feeds: http://iplists.firehol.org/
> 
> Well, there's nothing stopping me running a cron-job on my Centos boxes to
> do the following:
> 
> iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0" {print $4}' >
> /tmp/banned
> 
> I can then transfer the banned file to a web-server and block the bad IP
> addresses completely from my network. I like this as if a system is
> brute-forcing my SSH server, I can now block it from all resources on the
> network, and stop the attempts even reaching the internal hosts.

I've found the default 10min bans hardly bother some attackers.
So I've added the "recidive" feature of fail2ban.  After the
second 10min ban, the attacker is blocked for 1 week.

jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

[Jon LaBadie]

On Fri, Aug 02, 2019 at 02:43:30PM -0400, Fred Smith wrote:
> On Fri, Aug 02, 2019 at 02:38:05PM -0400, Jon LaBadie wrote:
> > On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
> > > Fred Smith wrote:
> > > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
> > > 
> > > > One thing I don't understand is how/why the firewall is DROPping so
> > > > many attempts on port 25 when it in fact has a port forward rule sending
> > > > port 25 on to my mailserver. How does it know, or why does it think that
> > > > some of them can be dropped at the outer barrier?
> > > >
> > > >> you, but thank you for taking a hundred thousand or so for all of us.
> > > >
> > > > Hey, its the least I can do for all the good guys out there! :)
> > > > But that doesn't mean the same dratsabs aren't hitting all the rest
> > > > of you too.
> > > >
> > > I'm sure they are. Are you running fail2ban?
> > > 
> > Several years back I switched from sendmail to postfix.
> > Not knowing what I was doing, I think I have it set to
> > say it will forward email following SASL authentication.
> > But as I had no intention of forwarding anything, I did
> > not set up any authentication methods.  So anyone who
> > tries fails to authenticate.
> > 
> > With fail2ban in place I get 200-500 daily SASL "fail to
> > authenticate" instances.  In contrast, several months ago
> > fail2ban either died or did not restart correctly.  This
> > went unnoticed for about a week.  During that time I got
> > 1-32000 daily "failed to authenticate".
> 
> I'm not using fail2ban, and am using sendmail (why? because
> I've spent years slowly accumulating options in my .mc file that
> kill off unwanted connections and other hate-the-spammer options.).
> I'm not getting such emails but most of the entries in /var/log/mail
> are due to such events. every now and then a legitimate email can
> be seen passing through.
> 
> Oh, I also am now using (as of 2-3 years ago) milter-greylist, which
> made an enormous contribution to preventing spam emails.
> 
> Fred

I tried greylisting a while back and was surprised how many were
being rejected.  But they were also getting through despite the
rejection at my end.

I use a 3rd party as my backup MX email address.  If I'm down,
they save up the email and forward it to me when I'm back up.
But the greylist rejected emails just tried the backup MX
address and got through that way.

Should I ever have a backup MX that I administer, I will
definitely reinstate greylisting.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] odd network question

[Jon LaBadie]

On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
> Fred Smith wrote:
> > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
> 
> > One thing I don't understand is how/why the firewall is DROPping so
> > many attempts on port 25 when it in fact has a port forward rule sending
> > port 25 on to my mailserver. How does it know, or why does it think that
> > some of them can be dropped at the outer barrier?
> >
> >> you, but thank you for taking a hundred thousand or so for all of us.
> >
> > Hey, its the least I can do for all the good guys out there! :)
> > But that doesn't mean the same dratsabs aren't hitting all the rest
> > of you too.
> >
> I'm sure they are. Are you running fail2ban?
> 
Several years back I switched from sendmail to postfix.
Not knowing what I was doing, I think I have it set to
say it will forward email following SASL authentication.
But as I had no intention of forwarding anything, I did
not set up any authentication methods.  So anyone who
tries fails to authenticate.

With fail2ban in place I get 200-500 daily SASL "fail to
authenticate" instances.  In contrast, several months ago
fail2ban either died or did not restart correctly.  This
went unnoticed for about a week.  During that time I got
1-32000 daily "failed to authenticate".

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mate on Centos 7

[Jon LaBadie]

On Mon, Jul 15, 2019 at 12:37:56PM +, James Pearson wrote:
...
> 
> As said elsewhere in this thread, there isn't currently an EPEL 
> maintainer for Mate, so you will have to look elsewhere
> 
...
> 
> I guess that if unless 'someone' takes on the maintainer role for 
>Mate at EPEL, then there will be no upgrade path
> 
> James Pearson

Might the Fedora/Mate maintainer be approached for a
recommendation of a CentOS/Mate maintainer?

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Roughly how many more months before CentOS 8.0 release?

[Jon LaBadie]

On Fri, Jul 12, 2019 at 09:43:58AM -0500, Johnny Hughes wrote:
> On 7/10/19 1:18 AM, Turritopsis Dohrnii Teo En Ming wrote:
> > Good afternoon from Singapore,
> > 
> > May I know roughly how many more months before CentOS 8.0 will be released?
> > 
> > https://wiki.centos.org/About/Building_8
> 
> Well .. as explained before, it is a very irritative process .. (ie ..
> do this, test, do that, test .. rinse, repeat).
> 
> But with where we are right now .. I don't think it will take more than
> one more month to finish and test.
...

I wonder if the use of "irritative" instead of "iterative"
was intentional, subconsciously or not.  :))

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disk Performance Issue

[Jon LaBadie]

On Mon, Jun 24, 2019 at 03:42:24PM +, Chris Olson via CentOS wrote:
> We have a very old Dell desk top machine that has been running
> CentOS 6 for the past five years.  It received a new, 1 TB disk
> and additional memory before the OS installation.  It has been
> the primary Linux machine in our smallest and most remote field
> office.  It has been updated at least once a week and has all
> current dates installed.
> 
> Boot-up this morning lasted about six times as long as usual.
> Disk access, as indicated by the disk activity light, is almost
> continuous and for extended periods of time when ever something
> is done that requires the disk.  Everything observed happens
> whether or not the machine is connected to our network. All of
> our files appear to be accessible if one is patient.
> 
> One theory put forward is that some application is running that
> uses up CPU and disk bandwidth.  Another theory is that thereare disk errors, 
> mostly corrected by EDCS features. We do not
> see any rogue applications and error logs show no disk issues.
> 
> This is a mysterious issue that we hope to circumvent by putting
> a new disk and installing CentOS 7 from DVD.  Our hope is that
> the current disk can be mounted externally on the new CentOS
> system using a USB to SATA adapter and that data can be moved
> off of the old disk. 
> 
> Advice regarding this issue and any possible diagnostic methods
> will be greatly appreciated.
> 
> df -k output:
> +++
> Filesystem    1K-blocks  Used Available Use% Mounted on
> /dev/mapper/vg_delle520-lv_root
>    51475068  12110896  36742732  25% /
> tmpfs   1928152   176   1927976   1% /dev/shm
> /dev/sda1    487652    211073    250979  46% /boot
> /dev/mapper/vg_delle520-lv_home
>   905124888 246856176 612284356  29% /home
> +++
> 

If it had not been booted in a while, it may have been running
the file system check (fsck) program.  I think if fsck has not
been run in 6 months, it automatically happens at boot.

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Delta RPMs (drpms) for CentOS-6 and CentOS-7

[Jon LaBadie]

On Thu, Jun 06, 2019 at 09:06:42AM +0100, Pete Biggs wrote:
> 
> > We would like to remove delta rpms (drpms) from our CentOS-6 and
> > CentOS-7 repositories.
> > 
> 
> I live on fast connections both at home and work and for me I see no
> real advantage to delta RPMs - I've not really measured it, but it
> seems like my systems spend more time reconstructing the RPMs than they
> ever did downloading things. So it is of no consequence to *me* if they
> are done away with.
> 
That is also my situation, DRPMs take more time than downloading.

jl
-- 
Jon H. LaBadie j...@labadie.us
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bypassing 'A stop job is running' when rebooting CentOS 7

[Jon LaBadie]

On Wed, May 22, 2019 at 09:07:32AM -0600, James Szinger wrote:
> On Wed, May 22, 2019 at 7:44 AM mark  wrote:
> >
> > The joys of systemd
> 
> I'm not sure it's right to blame systemd.  Systemd asked nicely for
> the service to shutdown.  

But we can blame systemd for the cryptic message

  A stop job is running

Surely systemd knows what service it is waiting for,
why doesn't it tell us?

  The stop job XYZ is running

jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to combine two static libs into one lib via libtool

[Jon LaBadie]

On Mon, May 20, 2019 at 11:37:39AM +0800, qw wrote:
> Hi,
> 
> 
> I can use ar combine two static libs into one lib via libtool. How to do it 
> via libtool?
> 
> 
Never used libtool, but "info libtool" has a section titled "linking libraries".

jl
-- 
Jon H. LaBadie j...@labadie.us
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HPlip Mark Roth/Jon LaBadie .

[Jon LaBadie]

On Wed, Feb 27, 2019 at 02:35:30PM +0100, Ger van Dijck wrote:
> 
> The problems with HPlip goes on and on : I can not manage to establish a
> connection on WiFi with the HP4620 : I can print to the printer but not scan
> . Running hp-check results in cups is not running, hplip is not properly
> (HP) installed , xsane is not installed etc.. But I can assure you all this
> software is properly installed : Hp-check cannot detect the scanfunction on
> the HP4620. When running on USB cable all runs fine !

Ger,

I'm confused.  You say

> ... When running on USB cable all runs fine !

Suggesting the cups/hplip software is ok.

> ... I can not manage to establish a
> connection on WiFi with the HP4620

Suggesting you have a communication problem, not
a scanning/printing software problem.

But immediately after that you continue with

>  : I can print to the printer but not scan

If you can print without the USB cable, you must
be making a WiFi connection.

What am I missing?

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hplips

[Jon LaBadie]

On Tue, Feb 26, 2019 at 01:48:19PM -0500, mark wrote:
> Yeah, about that... Back in '12, we got a nice HP poster printer. They
> don't support Linux, but a co-worker got the .ppd out of the Mac support
> file.
> 
> I tried it, then I looked at the file in vi... and found it *only*
> supported the 24" printer, *not* the 44" printer that we had.
> 
> Well, we just bought a replacement, since the old printer was EOL'd. This
> time, I went to hplips, d/l and built the current one, and sure enough,
> there's a .ppd for the DesignJet Z9.
> 
> Any bets on what I found? No? There was *NO* support for the 44" printer.
> I saw *one* setting for something 30x42 (the 100' roll of paper is 42"
> wide).

Might 30" be the maximum "height" (or length of paper for one print job).
If yes, the maximum "width" might be the 42 of 30x42.

Is 42" supported under windows?  If yes, the ppd file is likely compatible.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] determining what depends on a rpm

[Jon LaBadie]

On Sat, Dec 15, 2018 at 03:05:45PM -0600, Frank Cox wrote:
> yum remove lightdm
> 
> That command tells me that it's also going to remove lightdm-gobject and 
> lightdm-gtk.
> 
> rpm -q --whatrequires lightdm
> no package requires lightdm
> 
Perhaps you want the "--requires" instead of "--whatrequires" option.
"rpm -q --requires lightdm" gives me 41 lines of output.

You might also try "yum deplist lightdm".

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firewalld and iptables

[Jon LaBadie]

On Fri, Dec 14, 2018 at 04:55:33PM -0800, Kenneth Porter wrote:
> --On Friday, December 14, 2018 5:57 PM -0500 Jon LaBadie 
> wrote:
> 
> > Well, there are about 20 of them and several screen widths
> > long.  However they all end with one of two reasons:
> > 
> >   : No chain/target/match by that name.
> >   : Bad rule (does a matching rule exist in that chain?).
> 
> Put them on a pastebin so we can see them at full width. The chain names
> should tell us what's responsible for them.
> 
   https://pastebin.com/njaqR87f
> 
> Note that the iptables utilities and the iptables service are distinct. I
> install the utilities so that I can inspect the kernel chains that filterd
> creates. But I don't install the iptables service.

I don't play with iptables, so I assume it is a legacy
continued from CentOS 6.x.  I'll gladly remove the
iptables service package.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firewalld and iptables

[Jon LaBadie]

On Fri, Dec 14, 2018 at 03:14:12PM -0700, Warren Young wrote:
> On Dec 14, 2018, at 2:30 PM, Jon LaBadie  wrote:
> > 
> > After a recent large update, firewalld's status contains
> > many lines of the form:
> > 
> >  WARNING: COMMAND_FAILED: '/usr/sbin/iptables…
> 
> What’s the rest of the command?

Well, there are about 20 of them and several screen widths
long.  However they all end with one of two reasons:

  : No chain/target/match by that name.
  : Bad rule (does a matching rule exist in that chain?).

> 
> > Checking iptables.service status shows it to be masked.
> 
> That’s probably from package iptables-services, which isn’t installed by 
> default on purpose. It’s the legacy service from before firewalld was made 
> the default.  Use one or the other, not both.
> 

After the update I got email from "ckservices" that firewalld was down.
I saw the above mentioned iptable errors and checked the iptables.service
to find it masked.  I shutdown firewalld, unmasked, enabled, and started
iptables.service and then firewalld.  Same errors.  So I shutdown iptables
service, masked it, and restarted firewalld.

> I strongly recommend that you use firewalld ...
> 
Never planned to do otherwise.  Just was uncertain if iptables.service
had to run also.

Thanks,
Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Firewalld and iptables

[Jon LaBadie]

After a recent large update, firewalld's status contains
many lines of the form:

  WARNING: COMMAND_FAILED: '/usr/sbin/iptables...

Checking iptables.service status shows it to be masked.

I realize that firewalld uses iptables, but should it
be enabled and started as a service?

Jon
-- 
Jon H. LaBadie j...@labadie.us
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos7- WiFi not recognized - HWaddress - Or Any Idea

[Jon LaBadie]

On Mon, Dec 03, 2018 at 06:22:33AM +, Cristian Danciu via CentOS wrote:
> Hello,
> I recently installed centos7+Gnome on my macbook air , at first start the 
> wireless adaptor , which is the (infamous?) BCMA4360 , seemed to work because 
> I was asked to choose the network and provided password, but thereafter wifi 
> did not appear, so I can connect to the Internet only by cable. Googling a 
> few days and checking on my computer I found the following:- the infamous 
> wifi adapter BCM4360 appears on lshw list- the driver for wifi adapter 
> appears on lsmod list as BCMA, and I also find the driver, bcm-pci-bridge in 
> sys/bus/drivers- i didn't find any file in /etc/sysconfig/network_scripts 
> where the device is bcma wifi adapter, or any wifi.
> My idea to workaround this is: to create a file in 
> /etc/sysconfig/network_scripts/, in wich i inteded to pass the HWadress of 
> the device(BCMA4360), but I wasn't able to find a way to get this address.If 
> somebody can help me to find a way to get this HWaddr would be very 
> appreciated.Or any ideas to get wifi on my fancy macbook air with centos and 
> no macos at all, because at installation somehow i accomplished the 
> performance to format the entire disk.I also mention that I am not an IT guy, 
> but I want to learn a lot about the linux centos, but first things first : I 
> need wifi.
> Regards,
> Cristian

On my system "lshw -C network" reports my unconfigured
wifi interface.  The mac address is reported as a
"serial number".

-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Bash help

[Jon LaBadie]

On Wed, Oct 25, 2017 at 10:47:12AM -0600, Warren Young wrote:
> On Oct 25, 2017, at 10:02 AM, Mark Haney  wrote:
> > 
> > I have a file with two columns 'email' and 'total' like this:
> > 
> > m...@example.com 20
> > m...@example.com 40
> > y...@domain.com 100
> > y...@domain.com 30
> > 
> > I need to get the total number of messages for each email address.
> 
> This screams out for associative arrays.  (Also called hashes, dictionaries, 
> maps, etc.)
> 
> That does limit you to CentOS 7+, or maybe 6+, as I recall.  CentOS 5 is 
> definitely out, as that ships Bash 3, which lacks this feature.
> 
> 
> #!/bin/bash
> declare -A totals
> 
> while read line
> do
> IFS="\t " read -r -a elems <<< "$line"
> email=${elems[0]}
> subtotal=${elems[1]}
> 
> declare -i n=${totals[$email]}
> n=n+$subtotal
> totals[$email]=$n
> done < stats
> 
> for k in "${!totals[@]}"
> do
> printf "%6d  %s\n" ${totals[$k]} $k
> done

A slightly different approach written for ksh
but seems to also work with bash 4.

typeset -A arr

while read addr cnt
do
arr[$addr]=$(( ${arr[$addr]:-0}  + cnt))
done < ${1}

for a in ${!arr[*]}
do
printf "%6d   %s\n" ${arr[$a]} $a
done

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to prevent files and directories from being deleted?

[Jon LaBadie]

On Mon, Oct 09, 2017 at 08:32:32PM +0200, Alexander Dalloz wrote:
> Am 09.10.2017 um 17:54 schrieb Jonathan Billings:
> > I think that the important learning points today are:
> > 
> > 1.) CentOS7 (and any other distro that uses systemd) will have /run as
> > a tmpfs filesystem, and /var/run points to /run on CentOS7, so even if
> > you think this disagrees with the FHS, that's the way it is for
> > CentOS.
> 
> And fun fact: not only RHEL 7 and thus CentOS 7 does so, but too Debian 9
> and Ubuntu 16.04 LTS (I have no newer test install of that distro).
> 
> And frankly speaking, I don't see any indication that this violates with the
> FHS and that /var/run must persist reboots.
> 
Just the opposite, the FHS condones the CentOS arrangement.

Under /var/run it says:

  "In general, the requirements for /run shall also apply to /var/run.
   It is valid to implement /var/run as a symlink to /run."

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to prevent files and directories from being deleted?

[Jon LaBadie]

> 
> Best practises also involve to generally not delete files unless you can
> be sure that they can be deleted.  That is probably what the FHS
> intended by specifying that files in /var/run must be deleted/truncated
> at boot time, assuming that the programs that created them would do this
> (and then create them anew if needed), which can be assumed to be
> reasonably safe since it implies that unknown files remain.
> 
> For all I know, someones life could depend on a file that was placed
> somewhere mistakenly.
> 
What a strawman.  You mean that person would still be alive
if the file disappeared during boot rather than shutdown?

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] lightdm dependency

[Jon LaBadie]

On Tue, Sep 05, 2017 at 10:56:42AM +0200, Philippe BOURDEU d'AGUERRE wrote:
> Le 05/09/2017 à 07:01, Jon LaBadie a écrit :
> > On a CentOS 7 system I'm trying to install lightdm.
> > Yum says it requires "glib2(x86-64) >= 2.50.3".
> > glib2 2.46 is installed but I have not found a
> > 2.50 version.  Have I overlooked it in some repo?
> > 
> Same problem here. You can find glib2 2.50.3 in cr repository.

Is it reasonable to install a single "cr" package
or would I need to update lots of things to their
cr versions?

jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] lightdm dependency

[Jon LaBadie]

On a CentOS 7 system I'm trying to install lightdm.
Yum says it requires "glib2(x86-64) >= 2.50.3".
glib2 2.46 is installed but I have not found a
2.50 version.  Have I overlooked it in some repo?

-- 
Jon H. LaBadie j...@labadie.us
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] getting rid of hp c3180

[Jon LaBadie]

On Tue, Jul 11, 2017 at 02:47:47PM -0500, Valeri Galtsev wrote:
> 
> On Tue, July 11, 2017 2:20 pm, Michael Hennebry wrote:
> > I have a hp photosmart C3180 all-in-one and am well and truly sick of it.
> > It seems like every time I go on another printing binge,
> > I need yet another print cartridge.
> > hp-clean doesn't help.
> > IIRC this use it or lose it "feature" is common to inkjets.
> >
> > What should I replace it with?
> > If I want a non-cloggging printer,
> > is laser jet the way I need to go?
> > I'd like to do color occasionally,
> > but might not want to pay the price for a color laser.
> 
> I would go with inexpensive HP color laser printer. Laser printers can sit
> for long time without use, without degrading, once you need it, it will
> work.

Another +1 for laser.  My wife does editing and had a need for
fast printing of large documents including color for comments etc.
We went with a large Ricoh printer about 10 years ago.  Still
in use after about 300,000 pages.

At the time we had a PhotoJet for printing pictures.  The
quality of the laser prints was sufficient for our needs
so the PJ sits in a closet.

One thing that helps the appearance of laser printed
photos is to use a heavy, high gloss paper.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RDP for Centos 7

[Jon LaBadie]

On Thu, Jun 22, 2017 at 01:13:54PM -0400, Scott Robbins wrote:
> On Thu, Jun 22, 2017 at 05:48:57PM +0100, Rehabilitation Village Farms Coop 
> wrote:
> > Pls can someone tell me how to setup rdp and how it is used. Is there any
> > step by step guide. Thank you
> 

IIRC, there could be a "Windows Version Catch".  I think RDP requires the
"terminal services" feature of Windows that is not available in the commonly
installed "Home" version.  Long ago I began to routinely upgrade to the
"Pro" version just for this feature but have not checked recently.

Jon


> There's not much to it. It's the remote desktop protocol that you use to
> access Windows servers.  On Windows you open port 3387 or allow RDP in some
> other way. (I do almost no Windows, so I don't remember exactly, but I
> think on servers, there's something in the Windows firewall that you can
> allow.)
> 
> You then install freerdp. There are other things that will work, but this
> is keeping it simple.
> 
> This site gives a brief explanation.
> 
> https://www.server-world.info/en/note?os=CentOS_7=x=5
> 
> 
> You should be able to google for something like use CentOS-6 (or 7) connect
> to Windows RDP and find various tutorials.
> 
> 
> -- 
> Scott Robbins
> PGP keyID EB3467D6
> ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
> gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>>> End of included message <<<

-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problem after last Update

[Jon LaBadie]

On Fri, May 26, 2017 at 04:54:03PM +0200, Günther J. Niederwimmer wrote:
> Hello,
> 
> why it is always a Problem when a kernel, firewall or KVM update is installed 
> ?
> 
> I have a system with a server CentOS 7 (last)  and 6 KVM Clients after the 
> Update Installation and reboot the most in Network is not functional ?
> 
> I lost NIC's and the firewalld change the zone ..
> 
> I have always to control is the KVM Clients working ?
> 
> Have any a idea what is wrong on my system ?
> 
> Thanks for a answer, 

No solid answer, I seldom see such an effect.

One possibility, many services have a default config file
installed with the service.  They also may have a "local"
config file that takes precedence if present.  "local"
may be done by location or by a specifice name variation.

If you are configuring your services by modifying the default
config file, it may be overwritten by an update.

jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] more recent perl version?

[Jon LaBadie]

On Wed, May 24, 2017 at 10:16:15PM +0200, hw wrote:
> Johnny Hughes schrieb:
> > On 05/23/2017 11:44 AM, hw wrote:
> > > 
> > > Hi,
> > > 
> > > are there packages replacing the ancient perl version in
> > > Centos 7 with a more recent one, like 5.24?  At least the
> > > state feature is required.
> > 
  [snip]
> 
> The problem is that the expensive POS software doesn´t run on Centos
> because the perl version Centos uses is too old.  It is so old that you
> don´t need to look for the greatest or latest software to run into
> problems; it suffices when you look for something that works.
> 
> Since there is a recent perl version available, there has to be some way
> to use it.

Another path to explore is to ask the expensive software
producer, as they make a Linux version, why they do not
offer a version certified for RHEL?

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OT apology

[Jon LaBadie]

Sorry for those two Unix reminisces that made it
to the list.  I meant to send them to the poster.

jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] humor (was Re: OT: systemd Poll)

[Jon LaBadie]

On Wed, Apr 12, 2017 at 08:31:29PM +0200, Nicolas Kovacs wrote:
> Le 12/04/2017 à 19:41, Andrew Holway a écrit :
> > Between the early 1990's and early 2000's the price of a GB of memory went
> > from ~$100,000 to ~$1000*. I guess a lot of the design decisions made for
> > things like init were focussed on this. In 1995 is was common for server
> > platforms to have 32Mb ram whereas the kernel alone in my PC here at home
> > is consuming just over 500MB. It seems reasonable that software components
> > built in 1997 will not be fit for purpose in 2017.
> 
> Back in 2013 I did some Linux training for a company in Montpellier. The
> first week the server racks hadn't been delivered yet, so we were stuck.
> In a cupboard, I found an antique Dell Poweredge 1300 server that was
> out of service, made around 1997 or so. I dusted it off, found a power
> cable, a monitor, a network cable and a keyboard and connected the
> thing. It had a P-III 500 MHz processor, 3 x 9 GB SCSI disks and a
> whooping 128 MB of RAM, and not a single USB port (only parallel).
> 

Similar, much earlier tale of my own.  Doing Intro Unix training
at a client site.  The classroom had PCs with Hummingbird's XDMCP
software to remotely connect to a monster HP unix system.  On
Monday arrival I learned their HP license expired over the weekend
and remote access was not possible.

I had my laptop, either a Pentium or P II, running Solaris x86.
I put it on the network and had the students point their XDMCP
to it.  Ran the first two days of class with 12 students plux
the console all running X graphical logins.  On Wednesday they
had us switch to the HP.  Some students asked if they could
switch back because the laptop seemed more responsive.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] humor (was Re: OT: systemd Poll)

[Jon LaBadie]

On Wed, Apr 12, 2017 at 07:41:33PM +0200, Andrew Holway wrote:
> >
> > Of course, to be fair, there may have been a *reason* for not doing it
> > that way before
> >
> 
> Between the early 1990's and early 2000's the price of a GB of memory went
> from ~$100,000 to ~$1000*. I guess a lot of the design decisions made for
> things like init were focussed on this. In 1995 is was common for server
> platforms to have 32Mb ram whereas the kernel alone in my PC here at home
> is consuming just over 500MB. It seems reasonable that software components
> built in 1997 will not be fit for purpose in 2017.

Just another historic note.  Until System V, Release 4,
circa 1989 or 90, AT's Unix ran on computers with a
64KB memory space.  That was just the code though,
the data, static, dynamic, and stack were in a second
64KB space.  That was all the pdp-11 allowed.

The merger of BSD code with AT code in SVR4 pushed
it off of the pdp-11s.  But it still ran on things
like the AT 3B-20 which had a 1MB virtual memory
addressing scheme.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Manager / CentOS 7 / local unbound

[Jon LaBadie]

On Tue, Apr 11, 2017 at 01:40:21AM -0700, Alice Wonder wrote:
> Hello list -
> 
> http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager
> 
> That says it works for CentOS 5 and I *suspect* the methods there (3 listed)
> would work, but what is the best way with NetworkManager to set it up to use
> the localhost for DNS ?
> 
> I'm paranoid about DNS spoofing and really prefer to have a local instance
> of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g.
> linode)
> 
> Currently I just use a cron job that runs once a minute to over-write was it
> is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but
> that does leave a short window every time the network is restarted.

Besides the suggested configs, if still worried you could set up
an inotify watch on /etc/resolv.conf to let you know, or take
action, whenever it changes.

jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Does fail2ban protect anything other than SSH logins?

[Jon LaBadie]

On Mon, Mar 27, 2017 at 02:44:16PM -0500, Robert Moskowitz wrote:
> I am looking at fail2ban, and all I see is it protecting remote logins to
> SSH.
> 
> Does it protect any other access to systems?  Well perhaps other than VNC
> perhaps?
> 
> thank you
> 

Look at /etc/fail2ban/jail.conf.  Mine lists 73 things.

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to resize a partition of a disk define as a physical volume

[Jon LaBadie]

On Wed, Feb 22, 2017 at 07:44:33AM -0500, Bernard Fay wrote:
> Hello,
> 
> I have a CentOS VM with only one disk on a Xenserver.
> 
> The disk has 2 partitions:
> 
> /dev/xvda1 -> /boot
> /dev/xvda2 -> a physical volume for LVM
> 
> 
> I added 5GB to this disk via Xencenter to extend /dev/xvda2.  Usually I
> just have to do "pvresize /dev/xvda" to have the additional space added to
> the disk. But for some reason it does not work for this disk.
> 
> [root ~]# pvresize /dev/xvda
>   Failed to find physical volume "/dev/xvda".
>   0 physical volume(s) resized / 0 physical volume(s) not resized
> 
> [root ~]# pvresize /dev/xvda2
>   Physical volume "/dev/xvda2" changed
>   1 physical volume(s) resized / 0 physical volume(s) not resized
> 
> 
> Does someone have seen this problem before or could have an idea of the
> problem?

Looks like xvda2 was resized.  You should now have an added
5GB worth of unallocated extents in the vg

-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpm conflict on new install

[Jon LaBadie]

On Fri, Feb 03, 2017 at 03:01:52PM +, Gary Stainburn wrote:
> Yesterday I did a clean install of Centos 6 -> Workstation -> Plasma.
> 
> I then added some recommended repo's and did a yum update.
> 
> I'm now getting the following:
> 
> [root@lcomp5 ~]# yum check
> Loaded plugins: fastestmirror, langpacks
> ipa-client-4.4.0-14.el7.centos.4.x86_64 has installed conflicts 
> freeipa-client: ipa-client-4.4.0-14.el7.centos.4.x86_64
> ipa-client-common-4.4.0-14.el7.centos.4.noarch has installed conflicts 
> freeipa-client-common: ipa-client-common-4.4.0-14.el7.centos.4.noarch
> ipa-common-4.4.0-14.el7.centos.4.noarch has installed conflicts 
> freeipa-common: ipa-common-4.4.0-14.el7.centos.4.noarch
> ipa-python-compat-4.4.0-14.el7.centos.4.noarch has installed conflicts 
> freeipa-python-compat: ipa-python-compat-4.4.0-14.el7.centos.4.noarch
> Error: check all
> [root@lcomp5 ~]# 
> 
> (The yum check takes a good 5 minutes to run)
> 
> Googling shows that a number of people seem to be suffering from this but 
> doesn't seem to give a solution.  Does anyone have any suggestion?

I was getting similr messages.  To my knowledge I'm not
using ipa, free or otherwise.  They were conflicting, so I
removed one.  No more conflicts

-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] downgrading packages

[Jon LaBadie]

On Thu, Feb 02, 2017 at 08:52:27AM +, Ned Slider wrote:
> On 02/02/17 06:32, Jon LaBadie wrote:
> > After the large update from 7.2 -> 7.3 there is
> > one major problem, the amanda backup packages.
> > 
> > Strange situation, the host is the amanda server
> > is working fine at backing up all my remote clients.
> > But it has an error backing up itself.
> > 
> > The amanda packages did not change version (3.3.3)
> > and I've done no configuration change.
> > 
> 
> Looking back at the released versions, amanada was updated from 3.3.3-13 to
> 3.3.3-17 in the 7.3 release.
> 
> You can grab the old version here:
> 
> http://vault.centos.org/7.2.1511/os/x86_64/Packages/
> 
> > I'm not looking for help debugging this at the moment.
> > Instead I'd like to downgrade the amanda packages
> > to see if the original function can be restored.  But
> > when I ask yum to downgrade, there are no packages
> > available.  Is it still possible to downgrade just
> > these 4 packages?  How?  What potential problems?
> > 
> > Jon
> > 
> 
> In this instance yum can not downgrade the package for you as CentOS (unlike
> Red Hat) don't keep all previously released versions available in the
> current repo so in this instance yum can't find any previous versions as it
> was from the 7.2 snapshot in time whereas the current CentOS repo only
> contains packages from the 7.3 snapshot in time forwards.
> 
> So you would need to grab the package from the vault (about) and manually
> downgrade.

I recalled there was some site that retained the older packages.
Thanks for the pointer.

I downgraded and confirmed the problem now exists with the older
package as well.  So I conclude the problem is not with the
amanda packages per se, but with something else.


What might be affecting "bsdtcp authentication" of the
current host (using FQDN, not localhost) but not remote hosts?


It is not a firewalld nor selinux blockage, the problem persists
if both are turned off.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] downgrading packages

[Jon LaBadie]

After the large update from 7.2 -> 7.3 there is
one major problem, the amanda backup packages.

Strange situation, the host is the amanda server
is working fine at backing up all my remote clients.
But it has an error backing up itself.

The amanda packages did not change version (3.3.3)
and I've done no configuration change.

I'm not looking for help debugging this at the moment.
Instead I'd like to downgrade the amanda packages
to see if the original function can be restored.  But
when I ask yum to downgrade, there are no packages
available.  Is it still possible to downgrade just
these 4 packages?  How?  What potential problems?

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] large update - best practice

[Jon LaBadie]

On Fri, Jan 27, 2017 at 06:05:54PM +0100, Leon Fauster wrote:
> > Am 27.01.2017 um 17:27 schrieb m.r...@5-cent.us:
> > 
> > Johnny Hughes wrote:
> >> On 01/27/2017 09:19 AM, Jon LaBadie wrote:
> >>> With a large update to be made, eg. the 900 package
> >>> one I questioned yesterday, are there any suggestions
> >>> to avoid possible complications?
> >>> 
> >>> Two examples, I'd like to know of others too:
> >>> 
> >>> I'm not running the most recently installed kernel,
> >>> I assume I should reboot to that.
> >>> 
> >>> I normally have a graphical environment running.
> >>> Would it be better to: a) shutdown X and update
> >>> from a straight CLI environment b) logout from
> >>> the GUI and update from a vt CLI c) update from
> >>> a GUI login as root or d) doesn't matter, do as
> >>> normal -- from an ssh login, "sudo yum update"?
> >> 
...
> 
> In such scenario (xxx packages to update) I normally split the update command 
> into
> 
> # yum clean all
> # yum update glibc* rpm* yum* 
> # yum update
> # reboot

The update to glibc*, wouldn't that replace the current
versions on disk?  If so, wouldn't there be a problem
if one had to reboot before the yum update could run
or complete.  Or do applications not need specific
glibc versions but only version X or newer.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] large update - best practice

[Jon LaBadie]

With a large update to be made, eg. the 900 package
one I questioned yesterday, are there any suggestions
to avoid possible complications?

Two examples, I'd like to know of others too:

I'm not running the most recently installed kernel,
I assume I should reboot to that.

I normally have a graphical environment running.
Would it be better to: a) shutdown X and update
from a straight CLI environment b) logout from
the GUI and update from a vt CLI c) update from
a GUI login as root or d) doesn't matter, do as
normal -- from an ssh login, "sudo yum update"?

Thanks, Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum adding 7.3 packages to 7.2 system

[Jon LaBadie]

On Thu, Jan 26, 2017 at 06:08:45PM -0600, Johnny Hughes wrote:
> On 01/26/2017 06:00 PM, Jon LaBadie wrote:
> > My system is 7.2.1511.
> > 
> > When I run "yum update", it wants to install about
> > 900 packages total.  Most are labeled just "el7".
> > A few "el7_1" and a lot are "el7_3" or 7.3.
> > None are 7.2.
> > 
> > I'm not surprised when I see 50-100 packages needing
> > an update.  But 900?  And none specific to the
> > installed system?
> > 
> > My last update, of 4 packages, was Dec 31, 2016.
> > I first noted the current behavior about 10 days later
> > and have been trying to figure out why such an unusual
> > report.
> > 
> 
> CentOS 7 is the release .. point releases (7.0.1406, 7.1.1503, 7.2.1511,
> 7.3.1611), are 'point in time' snapshots of the CentOS 7 tree.
> 
> CentOS has no mechanism to stay on 7.2.1511 when 7.3.1611 has been
> released.  7.3 and 7.2 are really just CentOS-7 with updates.
> 
> The update you are seeing is the CentOS-7 tree after we finished
> releasing all the 7.3.1611 packages (and updates to 7.3.1611)
> 

On Thu, Jan 26, 2017 at 04:11:16PM -0800, John R Pierce wrote:
> 
> yum update of any centos 7 system updates it to the latest centos 7, whihc
> is currently 7.3.there's no such thing as 7.2 updates once 7.3 has come
> out.   the files that say 7.1 haven't been updated since 7.1, but are still
> applicable to the latest.

Thanks Johnny and John.

And here I thought I had asked to upgrade to 7.2 a year ago.

A 900 package update is a concern for a computer our home relies
upon to be there daily.  Thus my caution.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] yum adding 7.3 packages to 7.2 system

[Jon LaBadie]

My system is 7.2.1511.

When I run "yum update", it wants to install about
900 packages total.  Most are labeled just "el7".
A few "el7_1" and a lot are "el7_3" or 7.3.
None are 7.2.

I'm not surprised when I see 50-100 packages needing
an update.  But 900?  And none specific to the
installed system?

My last update, of 4 packages, was Dec 31, 2016.
I first noted the current behavior about 10 days later
and have been trying to figure out why such an unusual
report.

Any suggestions?

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] amanda and selinux

[Jon LaBadie]

On Fri, Jan 20, 2017 at 08:29:29PM -0500, John Jasen wrote:
> There's an option to get selinux to report on all the 'don't audit'
> bits, which can be toggled on and off as needed. This may help in debugging.

Yes, "sesearch -D".  And there are several dealing with amanda,
mostly about recovery from backup.  I don't see any that appear
to deal with file reads.

This may be moot though, auditd is not running on my system.
I'm not sure why the change, but the audit logs stop last
October.  When I try to start auditd, it exits with the error
"audit support not enabled in kernel".

Jon
> 
> On 01/19/2017 06:25 PM, Jon LaBadie wrote:
> > Anyone familiar with the selinux policy for the
> > amanda backup software package?  I'm getting lots
> > of data not being backed up.  For example, under
> > /home there are 2 directory trees owned by root.
> > Those get backed up, user home dirs do not.
> >
> > No AVC denials nor messages in /var/log/messages
> > or journalctl log.  But if I turn off selinux
> > enforcing, or set amanda_t type to permissive,
> > complete backups are made.
> >
> > I expected the selinux policy would have allowed
> > amanda to be able to read all files.  Else, how
> > does one make backups?
> >
> > I'm seeing this on CentOS 7.2, Fedora 24 & 25.
> > Amanda packages from the respective distro repos.
> > As far as I can tell, the selinux policies are
> > the same in all three.  But then, I know little
> > selinux speak.
> >
> > Jon
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>>> End of included message <<<

-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] amanda and selinux

[Jon LaBadie]

Anyone familiar with the selinux policy for the
amanda backup software package?  I'm getting lots
of data not being backed up.  For example, under
/home there are 2 directory trees owned by root.
Those get backed up, user home dirs do not.

No AVC denials nor messages in /var/log/messages
or journalctl log.  But if I turn off selinux
enforcing, or set amanda_t type to permissive,
complete backups are made.

I expected the selinux policy would have allowed
amanda to be able to read all files.  Else, how
does one make backups?

I'm seeing this on CentOS 7.2, Fedora 24 & 25.
Amanda packages from the respective distro repos.
As far as I can tell, the selinux policies are
the same in all three.  But then, I know little
selinux speak.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to downgrade gtk2 libs in CentOS 6.8?

[Jon LaBadie]

On Mon, Jan 09, 2017 at 09:39:08AM -0600, Johnny Hughes wrote:
> On 01/09/2017 07:54 AM, Jonathan Billings wrote:
> > On Jan 9, 2017, at 4:08 AM, Walter Dnes  wrote:
> >>  Hi all.  I'm using a CentOS 6.8 VM to do volunteer builds for an open
> >> source project.  I want to build Pale Moon with a gtk2 library older
> >> than 2.24, to allow people with older linuxes to run it.  Short summary,
> >> if built against version gtk2-2.24 and/or higher, the binary will use a
> >> function that does not exist in gtk2-2.23 and lower.  Net result is that
> >> the program dies with an "undefined symbol:" error for people with
> >> machines lower than gtk2-2.24.  Yes, before you ask, they do get
> >> security fixes backported.
> >>
> > 
[snip]
> 
> This ^^ (use mock).
> 
> You can use mock chroots in sandbox mode to manually get whatever
> install you want, or if all the things you want are in (for example)
> CentOS 6.5, you can point your config files for mock to use 6.5 repo
> from http://vault.centos.org/ and build against that.
> 
The OP noted the target environment has security fixes backported.
Is the same true of a mock environment built from vault.centos.org?
If not, could a binary built under mock introduce old flaws?

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can't delete or move /home on 7.3 install

[Jon LaBadie]

On Thu, Dec 15, 2016 at 04:10:07AM -0600, geo.inbox.ignored wrote:
> 
> 
> On 12/15/2016 01:47 AM, Gianluca Cecchi wrote:
> > On Thu, Dec 15, 2016 at 2:49 AM, Glenn E. Bailey III <
> > replic...@dallaslamers.org> wrote:
> > 
> >> Tried this in both AWS and GCE as I though it may be a specific cloud
> >> vendor issue. SELinux is disabled, lsof | grep home shows nothing,
> >> lsattr /home shows nothing. Simply get "Device or resource busy."
> >>
> >> Works just find on 7.2 so I'm kinda at a loss. Scanned over the RHEL
> >> release notes and didn't see anything. Anyone else have this issue? We
> >> move our /home to another mount point and symlink /home to it ..
> >>
> >>
> > Do you have access to the console, so that you can try to do the move while
> > in single user mode?
> >
> }}
> 
> that is one possibility.
> 
> even greater is op is a 'user', not 'root'.
> 

Another possibility is /home is a separate file system.  In that
case the OP does not want to "move it" but unmount it, change
the mount point in /etc/fstab, rmdir /home, and ln -s
new_mntpoint to /home.  Then mount it again.  Probably best
done is single user mode.

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] fprintd needed?

[Jon LaBadie]

On Thu, Nov 03, 2016 at 01:58:39PM -0600, Frank Cox wrote:
> On Thu, 03 Nov 2016 15:36:00 -0400
> Jon LaBadie wrote:
> 
> > Without a fingerprint device, is this software needed.
> 
> I have removed it on all of my systems and never noticed any issues.
> 
Thank you, that is what I suspected.

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] fprintd needed?

[Jon LaBadie]

On a 7.2 desktop system I see irregular attempts to start
the fingerprint authentication daemon "fprintd".

One of the messages is
"D-Bus service launched with name: net.reactivated.Fprint"

This fails as there is no fingerprint device.
fprintd.service is disabled.

Without a fingerprint device, is this software needed.
Yum removal (aborted) shows no packages dependent on fprintd.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bacula Restore

[Jon LaBadie]

On Wed, Oct 19, 2016 at 01:20:49PM +0200, Alessandro Baggi wrote:
> Hi list,
> another question about bacula, but this time about restoring backups.
> 
> I've a server that I must backup every day. My plan is:
> 
> from mon to sat incrimental backup
> and on sunday full backup.
> 
> When I will perform a restore I  must restore from last valid full backup
> and then all valid incremental backup from last backup to specific date.
> 
> This server has aweb managed application where user can update data or
> delete data.
> 
> Suppose that after a full backup, on monday the user upload a file and
> incrimental backup is performed. On tuesday the user remove the uploaded
> file and backup is performed.
> 
> Suppose that I want perform a restore of these jobs. I restore full,
> mon-incr and I found on restore path file uploaded on monday. When restoring
> tuesday incr (where the uploaded file was not present), on restore path I
> will found the uploaded file or bacula remove it with tuesday incremental
> backup restore?
> 
Don't know about bacula, but with amanda you restore to the
state that existed as of a particlar date.  Restore as of Sunday
or Tuesday the file is not in the restore.

jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mount.nfs: an incorrect mount option was specified

[Jon LaBadie]

On Mon, Oct 03, 2016 at 12:27:10PM -0700, Keith Keller wrote:
> On 2016-10-03, Jon LaBadie <j...@labadie.us> wrote:
> > IIRC, for mount.nfs, the "r" option is read only while the "w"
> > option is read+write.  They may be mutually exclusive.
> 
> I don't believe this is accurate.  ro and rw are mutually exclusive, but
> there is no "w" option.  (Which doesn't help the OP, unfortunately, but
> at least he knows.)

Ahh, just checked.  I was remembering the mount.nfs options, not fstab.
Thanks for the correction.

-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Virtualization Networking

[Jon LaBadie]

On Mon, Oct 03, 2016 at 07:54:36AM -0400, TE Dukes wrote:
> 
> OK, I'm about done trying to get this to work. I have spent HOURS reading,
> installing, re-installing, etc.
> 
> I can get the guest to access the internet but have tried every was possible
> to be able to access the guest from the LAN or even the host. Nothing I have
> tried works.
> 
> The only thing all documentation leaves out is how to set up the guest
> networking during the install. Seems if I don't set anything up or just set
> it to DHCP it has internet connectivity, but that is all.
> 
> I have gone back in after the guest has been installed and changed the
> networking configuration to match my LAN, that doesn't work either. I lose
> internet accessibility when I do that.
> 
> I have tried to install CentOS 7 and Debian 8, the same problems with each.
> I have tried CentOS the built in Virt-Manager and VirtualBox. with same
> results.  Can't seem to find the free version of VMware but I suspect I
> would have the same results as well.
> 
> Again, any help would be greatly appreciated.

Don't know about the other VM software, but I have several VM guests
under VirtualBox.  Each of them has their networking set up as "bridged
adapter".  Although they could use DHCP then, I've used each virtual
guest's network software to set them up with static address configs.

No problems reaching other lan hosts in either direction nor in
reaching the internet.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mount.nfs: an incorrect mount option was specified

[Jon LaBadie]

On Sun, Oct 02, 2016 at 11:42:41PM -0400, Tim Dunphy wrote:
> Hey guys,
> 
>  My NFS server has been working really well for a long time now. Both
> client and server run CentOS 7.2.
> 
>  However when I just had to remount one of my home directories on an NFS
> client, I'm now getting the error when I run mount -a
> 
> mount.nfs: an incorrect mount option was specified
> 
> 
> This is the corresponding line I have in my fstab file on the client:
> 
> nfs1.example.com:/var/nfs/home/home  nfs
>  rw   0 0
> 
> 
> I get the same error if I try to run the mount command explicitly:

IIRC, for mount.nfs, the "r" option is read only while the "w"
option is read+write.  They may be mutually exclusive.

jl
> 
> mount -t nfs nfs1.example.com:/var/nfs/home /home
> mount.nfs: an incorrect mount option was specified
> 
> This is the verbose output of that same command:
> 
> mount -vvv -t nfs nfs1.example.com:/var/nfs/home /home
> mount.nfs: timeout set for Sun Oct  2 23:17:03 2016
> mount.nfs: trying text-based options
> 'vers=4,addr=162.xx.xx.xx.xx,clientaddr=107.xxx.xx.xx'
> mount.nfs: mount(2): Invalid argument
> mount.nfs: an incorrect mount option was specified
> 
> This is the entry I have in my /etc/exports file on the nfs server
> 
> /var/nfs/home web2.jokefire.com(rw,sync,no_root_squash,no_all_squash)
> 
> I get this same result if the firewall is up or down (for very microscopic
> slivers of time for testing purposes).
> 
> With the firewall down (for testing again very quickly) I get this result
> from the showmount -e command:
> 
> [root@web2:~] #showmount -e nfs1.example.com
> 
> Export list for nfs1.example.com:
> 
> /var/nfs/varnish varnish1.example.com
> 
> /var/nfs/es  es3.example.com,es2.example.com,logs.example.com
> 
> /var/nfs/www web2.example.com,puppet.example.com,ops3.example.com,
> ops2.example.com,web1.example.com
> 
> /var/nfs/homeansible.example.com,chef.example.com,logs3.example.com,
> logs2.example.com,logs1.example.com,ops.example.com,lb1.example.com,
> ldap1.example.com,web2.example.com,web1.lyricgem.com,nginx1.example.com,
> salt.example.com,puppet.example.com,nfs1.example.com,db4.example.com,
> db3.example.com,db2.example.com,db1.example.com,varnish2.example.com,
> varnish1.example.com,es3.example.com,es2.example.com,es1.example.com,
> repo.example.com,ops3.example.com,ops2.example.com,solr1.example.com,
> time1.example.com,mcollective.example.com,logs.example.com,
> hadoop04.example.com,hadoop03.example.com,hadoop02.example.com,
> hadoop01.example.com,monitor3.example.com,monitor2.example.com,
> monitor1.example.com,web1.example.com,activemq1.example.com
> 
> With the firewall on the nfs server up (as it is all the time other than
> this short test), I get back this result:
> 
> showmount -e nfs1.example.com
> 
> clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No
> route to host)
> 
> This is a list of ports I have open on the NFS server:
> 
> [root@nfs1:~] #firewall-cmd --list-all
> 
> public (default, active)
> 
>   interfaces: eth0
> 
>   sources:
> 
>   services: dhcpv6-client ssh
> 
>   ports: 2719/tcp 9102/tcp 52926/tcp 111/tcp 25/tcp 875/tcp 54302/tcp
> 4/tcp 20048/tcp 2692/tcp 55982/tcp 2049/tcp 17123/tcp 42955/tcp
> 
>   masquerade: no
> 
>   forward-ports:
> 
>   icmp-blocks:
> 
>   rich rules:
> 
> rule family="ipv4" source address="xx.xx.xx.x/32" port port="5666"
> protocol="tcp" accept
> 
> So I have two problems I need to solve. 1) How do I open the firewall ports
> on the nfs server so that clients can contact it? I'm using firewalld on
> the nfs server. And 2) why am I getting an error saying that "an incorrect
> mount option was specified"?
> 
> Thanks,
> 
> Tim
> 
> 
> 
> 
> 
> -- 
> GPG me!!
> 
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>>> End of included message <<<

-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to move /var to another partition

[Jon LaBadie]

On Sun, Sep 25, 2016 at 03:34:29PM -0400, TE Dukes wrote:
> 
> Thought I'd give 7.0 a try before I upgrade from 6.8.
> 
> I know you can use yum to install groups but I don't know what the groups
> are.
> 
$ yum grouplist

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Iptables not save rules

[Jon LaBadie]

On Tue, Sep 13, 2016 at 08:16:28AM -0400, TE Dukes wrote:
> 
> 
> > -Original Message-
> > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> > Behalf Of John R Pierce
> > Sent: Sunday, September 11, 2016 10:44 PM
> > To: centos@centos.org
> > Subject: Re: [CentOS] Iptables not save rules
> > 
> > On 9/11/2016 8:55 AM, TE Dukes wrote:
> > > I have been using ipset to blacklist badbots. Works like a champ!
> > >
> > > The only problem is if I do a  system reboot, I lose the ipset and the
> rule.
> > >
> > > I changed /etc/sysconfig/iptables.conf to:
> > >
> > > IPTABLES_SAVE_ON_RESTART="yes"
> > > IPTABLES_SAVE_ON_STOP="yes"
> > >
> > > And followed the instructions in:
> > >
> > > https://www.centos.org/forums/viewtopic.php?t=3853
> > >
> > > The changes are still not saved.
> > 
> > wild guess says, you need to ...
> > 
> >  chkconfig on ipset
> >  service ipset start
> > 
> > and when you change ipset stuff,
> > 
> >  service ipset save
> > 
> > 
> > but I'm just guessing, I've never used ipsets.
> > 
> > 
> > --
> > john r pierce, recycling bits in santa cruz
> [Thomas E Dukes] 
> THANKS!!
> 
> I did not realize ipset was running as a service.
> 
> Been trying figure out what was wrong for a couple weeks.
> 
> Only way to know is to do a reboot and see what happens. Ipset save xx
> apparently doesn't really do anything.

No, but

  ipset save blacklist > blacklist.save

might.

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DNF update

[Jon LaBadie]

On Fri, Sep 09, 2016 at 09:28:09AM +0100, John Hodrien wrote:
> On Fri, 9 Sep 2016, Always Learning wrote:
> 
> > 
> > On Thu, 2016-09-08 at 23:22 +0100, J Martin Rushton wrote:
> > 
> > > Under Fedora23 issuing a yum command gets you a warning, then it
> > > automatically runs the appropriate dnf command.
> > 
> > Can you tell us the DNF for:-
> > 
> > yum update
> > yum groupinstall
> > yum reinstall
> > yum erase
> 
> DNF isn't used on CentOS.  Stop.
> 
On Fedora 24
$ dnf list dnf*
dnf.noarch1.1.10-1.fc24@@commandline
dnf-conf.noarch   1.1.10-1.fc24@@commandline
dnf-langpacks.noarch  0.15.1-4.fc24@@commandline
dnf-langpacks-conf.noarch 0.15.1-4.fc24@@commandline
dnf-plugins-core.noarch   0.1.21-3.fc24@@commandline
dnf-automatic.noarch  1.1.10-1.fc24updates  
dnf-yum.noarch1.1.10-1.fc24@@commandline
dnfdaemon.noarch  0.3.16-1.fc24@@commandline
dnf-plugin-system-upgrade.noarch  0.7.1-2.fc24 @@commandline
dnf-plugin-spacewalk.noarch   2.4.15-3.fc24fedora   
dnf-plugin-subscription-manager.x86_641.18.1-1.fc24updates  
dnf-plugins-extras.noarch 0.0.12-3.fc24updates  

On CentOS 7.2
$ yum list dnf*
dnf.noarch0.6.4-2.el7   epel
dnf-conf.noarch   0.6.4-2.el7   epel
dnf-langpacks.noarch  0.15.1-1.el7  epel
dnf-langpacks-conf.noarch 0.15.1-1.el7  epel
dnf-plugins-core.noarch   0.1.5-3.el7   epel
dnf-automatic.noarch  0.6.4-2.el7   epel
dnf-yum.noarch0.6.4-2.el7   epel

Maybe not used much, but its available.

jl
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] more than one IP address on network device?

[Jon LaBadie]

Valeri,

not on list as it does not pertain to Linux.


On Sun, Sep 04, 2016 at 10:25:23AM -0500, Valeri Galtsev wrote:
> 
...
> > IPADDR2=192.168.1.10
> > BROADCAST2=192.168.1.255 <--
> > NETMASK2=255.255.255.0
> > NETWORK2=192.168.1.0 <--
> > GATEWAY2=192.168.1.1 <--
> 
> Interesting... With these settings, namely GATEWAY2=..., how the
> arbitration is done (in networks stack) which of gateways is used for
> packets to be sent outside of networks the machine is on?
> 
> As far as I know FreeBSD, there can be only one gateway (BTW, synonym:
> default gateway). Theoretically, the machine can have more than one
> gateway, but for that you need to have specially configured firewall/nat.
> Is this somehow different in Linux, and Linux does that auto-magically?
> 

Decades ago, I was running Solaris x86 at home.  My internet connection
was a 24/7 14.4KBaud phone connection to my ISP.  I then added my first
broadband cable connection.  During the transition I investigated dual
gateways.  At that time, Solaris just alternated between the two.  It
wasn't load balancing, and once a connection was made it stayed with
that interface if it was up.  Just new connections alternately were
sent via one or the other gateway interfaces.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hacking grub to control number of retained kernels.

[Jon LaBadie]

On Fri, Sep 02, 2016 at 10:52:05PM -0400, Fred Smith wrote:
> I've recently had this problem on two C7 systems, wherein when doing "yum
> update", I get a warning about /boot being low on space.
> 
> both systems were installed using the partition size recommended by
> Anaconda, right now "df -h" shows /boot as 494M, with 79M free.
> 
> I don't store unrelated crap on /boot, I assume that yum and/or grub
> will manage it for me. So, why, after over a year, is it running low
> on space on two different systems?
> 
> Is there some location in /boot where junk piles up, but shouldn't,
> that I have to know about so I can clean it out?
> 
> I see EIGHT initramfs files in /boot, two per kernel, same name but
> one has a kdump just before the .img suffix. do I need those for old
> kernels that I may or may not ever boot? (they're 30 to 50 MB each).
> 
> For the moment I've edited /etc/grub.conf and changed installonly_limit
> from 4 to 3. (related question: do I need to manually remove the
> oldest kernel, having done this, or will yum/grub clean it up the
> next time there's a kernel to install?)
> 

I may be off-base here, but isn't that more a yum configuation issue?
What is the installonly_limit in /etc/yum.conf?

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to find recently installed font packages

[Jon LaBadie]

On Tue, Aug 23, 2016 at 08:28:35AM -0500, geo.inbox.ignored wrote:
> 
> 
> besides versatility of yum, vastness of arguments is, for me, an
> enjoyable learning process.
> 
> when i found yumex wanting to also remove libreoffice files, i
> dropped back to yum. when yum also wanted to remove libreoffice,
> it was back to 'man yum'. i saw history, but only read what it
> would do.
> 
> failing to find anything to remove _only_ what i wrongly installed,
> it was back to basics and rpm.
> 
> after reading your reply, i ran 'man yum' again to reread 'history'.
> 
> having done so, i am at wonder just how 'history' and its arguments
> would handle remove wrong fonts and not include libreoffice.
> 
> at this time, i am considering installing bad fonts again just to see
> what will happen.
> 
> at this time, i have more pressing duties, but will give 'yum history'
> a run later and post back with results.
> 
> thank you for reply and piquing my brain for further knowledge.
> 

Back when you asked your original question I was certain someone would
mention yum history.  So I tried it out myself.  What I came up with
was essentially "what actions involved packages with "font" in their names.
I'll just show a bit of the output.  ID is a sequential yum session #.
My highest is about 120.  "yum history" will show them including dates.

  $ sudo yum history packages '*font*'

  ID | Action(s)  | Package 
 
  -
  84 | Dep-Install| mathjax-ams-fonts-2.4.0-1.el7.noarch
 
  84 | Dep-Install| mathjax-caligraphic-fonts-2.4.0-1.el7.noarch
 
  84 | Dep-Install| mathjax-fraktur-fonts-2.4.0-1.el7.noarch
 
  78 | Updated| libXfont-1.4.7-3.el7_1.x86_64  
  78 | Update |  1.5.1-2.el7.x86_64
  78 | Updated| liberation-fonts-common-1:1.07.2-14.el7.noarch
  78 | Update | 1:1.07.2-15.el7.noarch
   1 | Dep-Install| abattis-cantarell-fonts-0.0.12-3.el7.noarch 
 
   1 | Install| cjkuni-uming-fonts-0.2.20080216.1-53.el7.noarch 
 
   1 | Dep-Install| dejavu-fonts-common-2.33-6.el7.noarch   
 
   1 | Install| dejavu-sans-fonts-2.33-6.el7.noarch 
 

So you can pick out which were just installed vs which were installed
as dependencies of some other package.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] explain strange behavior

[Jon LaBadie]

On Fri, Aug 19, 2016 at 01:12:57PM -0500, Dan Hyatt wrote:
> In my bin directory, most of the binaries are linked to it. It is in my
> path. I have googled this and cannot find anything close.
> 
> I am running bash on centos6.8
> 
> When I run   "which command" most of the files in this custom bin directory
> show up.
> 
> When I run "which file.jar" it cannot see it, but I can *ls* the file  (soft
> link)
> 
> as which only works on executables (according to man page), I created a
> dan.jar empty file and did a which on dan.tar and found it.
> 
> 
> can anyone explain what is happening and how I can soft link the jar files
> to my bin directory so which can see them?
> 
I don't use java, so this may be way off base.

I'm assuming you have several *.jar files, but will work with two,
foo.jar and bar.jar.

Place all your jar files in a single directory, not bin. Under lib
is the common place.  I'll use /home/dan/lib/jarfiles.

In your bin directory place a shell script named "foo" containing
something like this:

  #!/usr/bin/bash

  ProgName=${0##*/} # (basename) strips dirs from path
  JarDir=/home/dan/lib/jarfiles
  JarFile=${JarDir}/${ProgName}.jar

  ## possibly test for existance of jar file

  java -jar ${JarFile} "${@}"# I assume there may be args to pass.

That would let you run foo.jar as "foo" and do a "which foo" as it is
an executable shell script.

For bar.jar you merely need to put it in the JarDir and make a link
in the bin directory:

  ln /home/dan/bin/foo /home/dan/bin/bar

Do the same for each *.jar, move to JarDir, make a link.

If particular jar files need special treatment you can put a switch
statement in the script based on $ProgName.

Jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos