RE: [CentOS] Force sendmail outbound routing for specific domain name
From: Les Mikesell Sent: April 9, 2008 21:10 > > Hugh E Cruickshank wrote: > > From: Clint Dilks Sent: April 9, 2008 20:32 > >> Hi, It has been some time since I have had to do anything with > >> Sendmail > >> like this, but I believe mailertable is what you need. See > >> http://www.sendmail.org/m4/mailertables.html > > > > Give the man a cigar! That looks like precisely what I need. > > > > Note that you don't need to do the makemap stuff - that's already > include in the Centos setup. Just put the text suggested in the > mailertable file and restart sendmail. And if you use a literal IP > address, enclose it in []'s like it says for hostnames where you > want to > avoid the MX record lookup. > All that was needed was to add the entry to /etc/mail/mailertable and run "service sendmail restart". It rebuilds the database for you. I did not worry about the IP Address or the MX but it seems to have worked anyway. Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Force sendmail outbound routing for specific domain name
Hugh E Cruickshank wrote: From: Clint Dilks Sent: April 9, 2008 20:32 Hi, It has been some time since I have had to do anything with Sendmail like this, but I believe mailertable is what you need. See http://www.sendmail.org/m4/mailertables.html Give the man a cigar! That looks like precisely what I need. Note that you don't need to do the makemap stuff - that's already include in the Centos setup. Just put the text suggested in the mailertable file and restart sendmail. And if you use a literal IP address, enclose it in []'s like it says for hostnames where you want to avoid the MX record lookup. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Force sendmail outbound routing for specific domain name
From: Hugh E Cruickshank Sent: April 9, 2008 20:43 > > From: Clint Dilks Sent: April 9, 2008 20:32 > > > > Hi, It has been some time since I have had to do anything with > > Sendmail > > like this, but I believe mailertable is what you need. See > > http://www.sendmail.org/m4/mailertables.html > > Give the man a cigar! That looks like precisely what I need. > Well that did seem to work. At least the email is being delivered to the ISP's backup mail server now. I will not know until tomorrow if the mail actually makes it through to the client but then that an issue between the client and the ISP. Thanks again. Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: ssl and NameVirtualHost
on 4-9-2008 6:14 PM Tony Schreiner spake the following: Jay Leafey wrote: Tony Schreiner wrote: Kai Schaetzl wrote: Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400: However, you didn't provide any of the information I asked for. You are not talking of www.bc.edu, do you? Kai ok, ok. https://bioinformatics.bc.edu Tony I could be full of cheese here, but did VeriSign send you an "intermediate" certificate along with your "real" certificate? If not, forget the When I went to the site and examined the cert I noticed that the cert was not signed by one of the CAs in the ca-bundle.crt provided by my copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1. You can examine the "Issuer" field of the certificate to see who signed it. I suspect that VeriSign sent you an "intermediate" certificate that was actually used to sign your cert. Apache has to present the intermediate cert at the same time it presents your "real" cert. Basically, since the intermediate cert was signed by a recognized CA cert and your cert was signed by the intermediate cert, then your cert is "trustworthy". The easiest way to fix this is to append the intermediate certificate to your "real" certificate file. I've had a few of these in the past, particularly from smaller CAs that resell other folks's service. Just a thought! I'm away from the office now, but I only got one certificate. I didn't deal directly with Verisign, but rather went through someone in my IT department. I will check on that. Thanks. Kai, in response to your last message, you say it's fine. Does that mean you don't get a dialog saying the site is not verifiable? Because I sure do, with several browsers on different platforms. Tony It went OK at work for me, but at home on my laptop it is untrusted. So maybe verisign needs to verify it for you. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Force sendmail outbound routing for specific domain name
From: Clint Dilks Sent: April 9, 2008 20:32 > > Hi, It has been some time since I have had to do anything with > Sendmail > like this, but I believe mailertable is what you need. See > http://www.sendmail.org/m4/mailertables.html Give the man a cigar! That looks like precisely what I need. > Hope this helps :) I am sure it will. Thanks muchly! Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Force sendmail outbound routing for specific domain name
From: lists-centos Sent: April 9, 2008 20:29 > > you could use the sendmail "smarthost" setting to dump all your > outbound mail on your isp's mail server. We used to do that on our old SCO OSR5 box but I stopped doing that when I switched over to the new CentOS4 system. For the life of me I can not recall why but I must have had a reason. I will check that out as an alternative. > you don't explain what the problem is, e.g., inability to connect to > their server, etc. The connection to the client's mail server times out. > of course the real solution is to resolve the underlying problem > since of course the isp's kludge will break now and then. Too true. Eventually we will be moving the whole shebang to a co-lo facility so that will probably avoid the problem as well (a little overkill but it should work). Thanks, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Force sendmail outbound routing for specific domain name
Hugh E Cruickshank wrote: From: Frank Cox Sent: April 9, 2008 20:01 On Wed, 09 Apr 2008 19:54:28 -0700 Hugh E Cruickshank <[EMAIL PROTECTED]> wrote: Is it possible to force sendmail to use a specified host name for outbound email to a selected domain name instead of the host name that can be found by looking up the DNS entry? I'm not entirely sure that I understand your problem. If you have a unique domain name, and your client also has a unique domain name, and your dns records are properly configured, then sending email from domain name A to domain name B should just work, regardless of how close your actual IP addresses are. I agree whole heartedly that it "should just work" but time and time again we have see where it does not work. Having said that, you can put a domain name and IP address in /etc/hosts on the originating computer and that computer will henceforth use the IP address specified there. That would work if I was looking to use a specific IP address but would like to use a specific host name. For example I would like all mail outbound to example.com to bypass the DNS/MX entry of mail.example.com and use instead backupmx.isp.com not just the IP Address of backupmx.isp.com. Thanks muchly for your suggestion. Regards, Hugh Hi, It has been some time since I have had to do anything with Sendmail like this, but I believe mailertable is what you need. See http://www.sendmail.org/m4/mailertables.html Hope this helps :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Force sendmail outbound routing for specific domain name
From: Frank Cox Sent: April 9, 2008 20:01 > > On Wed, 09 Apr 2008 19:54:28 -0700 > Hugh E Cruickshank <[EMAIL PROTECTED]> wrote: > > > Is it possible to force sendmail to use a specified host name for > > outbound email to a selected domain name instead of the host name > > that can be found by looking up the DNS entry? > > I'm not entirely sure that I understand your problem. If you > have a unique > domain name, and your client also has a unique domain name, and > your dns > records are properly configured, then sending email from domain > name A to domain > name B should just work, regardless of how close your actual IP > addresses are. I agree whole heartedly that it "should just work" but time and time again we have see where it does not work. > Having said that, you can put a domain name and IP address in > /etc/hosts on the > originating computer and that computer will henceforth use the IP > address > specified there. That would work if I was looking to use a specific IP address but would like to use a specific host name. For example I would like all mail outbound to example.com to bypass the DNS/MX entry of mail.example.com and use instead backupmx.isp.com not just the IP Address of backupmx.isp.com. Thanks muchly for your suggestion. Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Force sendmail outbound routing for specific domain name
On Wed, 09 Apr 2008 19:54:28 -0700 Hugh E Cruickshank <[EMAIL PROTECTED]> wrote: > Is it possible to force sendmail to use a specified host name for > outbound email to a selected domain name instead of the host name > that can be found by looking up the DNS entry? I'm not entirely sure that I understand your problem. If you have a unique domain name, and your client also has a unique domain name, and your dns records are properly configured, then sending email from domain name A to domain name B should just work, regardless of how close your actual IP addresses are. Having said that, you can put a domain name and IP address in /etc/hosts on the originating computer and that computer will henceforth use the IP address specified there. -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Force sendmail outbound routing for specific domain name
CentOS 4.6 Hi All: Is it possible to force sendmail to use a specified host name for outbound email to a selected domain name instead of the host name that can be found by looking up the DNS entry? The problem is that we have a client that uses the same ISP as we do and the IP addresses assigned to both of us are very close. This has resulted in connection problems specifically with our outbound email to the client. I believe it is an issue with TCP/IP routing. In the past the ISP has setup some sort of special routing that redirects our email to the ISP's backup mail server which then delivers the mail to the client. Every once in a while the ISP does something with their configuration and the routing override is lost for several days until we can get them to recognize the problem and then figure out what they did the last time. This happened over the weekend and we are still waiting on the ISP to fix it up. My thought was can we configure this in our mail server so that we and our client do not have to suffer with this again? TIA Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] snmpd wont start on CentOS 4.4?
Hello All, Ive searched the arqchives, but didnt find anything like this.. Maybe im missing some trick here... The problem: I've instaled snmpd and snmp-utils packages with yum. Im using and old simple .conf file, i've been using on my fedora 1 box, but when I try to start snmpd, it just says OK, (Starting snmpd..[OK]), but the service dont work at all. I dont see any process running with "ps". Ive checked the logs, and found that it could be related to SE Linux and I tryed to disable it, but it still doesnt work. Im not using iptables localy, so, its not iptables related. Already tryed uninstall <> install. Any trick here? Thanks a lot. Gustavo. BTW: Its currently working on my fedora1. This is the last thing I need to fix to upgrade. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] More info for -perm 2 ?
On Thu, 2008-04-10 at 07:49 +0700, Fajar Priyanto wrote: > Hi all, > Is there any more exhaustive explanation on this command? > find / -type f -perm -2. > Someone said that it means to find all files which have 'other' write access. > > From the man page it only says: > -perm mode > File’s permission bits are exactly mode (octal or symbolic). Symbolic modes > use mode 0 as a point of departure. > > -perm -mode > All of the permission bits mode are set for the file. > > -perm +mode > Any of the permission bits mode are set for the file. > > Is there any table that explain all that mode? > Thank you. "Man chmod". The pertinent part: A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1. Any omitted digits are assumed to be leading zeros. The first digit selects the set user ID (4) and set group ID (2) and sticky (1) attributes. The second digit selects permissions for the user who owns the file: read (4), write (2), and execute (1); the third selects permissions for other users in the file’s group, with the same values; and the fourth for other users not in the file’s group, with the same values > HTH -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Rick Barnes wrote: Tony Schreiner wrote: I recently aquired a Verisign SSL certificate for my web server on Centos 4, with apache 2.0.59 from centosplus. It however doesn't seem to be working the way I've set it up, browsers connect but are told the certiticate is not recognized. Showing more info, the information looks correct. I think it has probably to do with the fact that I'm using the certificate on a virtual named host, and I wonder If any body has experience doing this? A few places in the apache documentation suggest that SSL cannot be used with name based virtual hosting, but I don't if that means, not at all, or not with multiple named hosts. I have multiple NameVirtualHost on port 80, but will only plan to use one of the names on port 443. The start of the section in my ssl.conf goes like this: ServerName nameprotected.domain.edu:443 ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/docs/nameprotected nameprotected.domain.edu is a DNS CNAME to the actual host. How do folks do SSL and virtual hosts? multiple IP addresses is not an option for me. This is how I do it: NameVirtualHost IP.AD.DR.ESS:443 SSLEngine On SSLCertificateFile path/to/domain.crt SSLCertificateKeyFile path/to/domain.key ServerName domain.tld ServerAdmin [EMAIL PROTECTED] DocumentRoot /path/to/webroot ErrorLog /path/to/logs/errors.log CustomLog /path/to/logs/access.log combined Rick SSLCertificateChainFile /path/to/chain/chain.crt I don't know much about the ssl stuff, I just know if I'm missing the chain file I have issues with the key not being correctly recognised. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Jay Leafey wrote: Tony Schreiner wrote: Kai Schaetzl wrote: Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400: However, you didn't provide any of the information I asked for. You are not talking of www.bc.edu, do you? Kai ok, ok. https://bioinformatics.bc.edu Tony I could be full of cheese here, but did VeriSign send you an "intermediate" certificate along with your "real" certificate? If not, forget the When I went to the site and examined the cert I noticed that the cert was not signed by one of the CAs in the ca-bundle.crt provided by my copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1. You can examine the "Issuer" field of the certificate to see who signed it. I suspect that VeriSign sent you an "intermediate" certificate that was actually used to sign your cert. Apache has to present the intermediate cert at the same time it presents your "real" cert. Basically, since the intermediate cert was signed by a recognized CA cert and your cert was signed by the intermediate cert, then your cert is "trustworthy". The easiest way to fix this is to append the intermediate certificate to your "real" certificate file. I've had a few of these in the past, particularly from smaller CAs that resell other folks's service. Just a thought! I'm away from the office now, but I only got one certificate. I didn't deal directly with Verisign, but rather went through someone in my IT department. I will check on that. Thanks. Kai, in response to your last message, you say it's fine. Does that mean you don't get a dialog saying the site is not verifiable? Because I sure do, with several browsers on different platforms. Tony ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Tony Schreiner wrote: Kai Schaetzl wrote: Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400: However, you didn't provide any of the information I asked for. You are not talking of www.bc.edu, do you? Kai ok, ok. https://bioinformatics.bc.edu Tony I could be full of cheese here, but did VeriSign send you an "intermediate" certificate along with your "real" certificate? If not, forget the When I went to the site and examined the cert I noticed that the cert was not signed by one of the CAs in the ca-bundle.crt provided by my copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1. You can examine the "Issuer" field of the certificate to see who signed it. I suspect that VeriSign sent you an "intermediate" certificate that was actually used to sign your cert. Apache has to present the intermediate cert at the same time it presents your "real" cert. Basically, since the intermediate cert was signed by a recognized CA cert and your cert was signed by the intermediate cert, then your cert is "trustworthy". The easiest way to fix this is to append the intermediate certificate to your "real" certificate file. I've had a few of these in the past, particularly from smaller CAs that resell other folks's service. Just a thought! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] More info for -perm 2 ?
Hi all, Is there any more exhaustive explanation on this command? find / -type f -perm -2. Someone said that it means to find all files which have 'other' write access. From the man page it only says: -perm mode File’s permission bits are exactly mode (octal or symbolic). Symbolic modes use mode 0 as a point of departure. -perm -mode All of the permission bits mode are set for the file. -perm +mode Any of the permission bits mode are set for the file. Is there any table that explain all that mode? Thank you. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 07:49:46 up 37 min, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Interface bonding?
On Wed, 2008-04-09 at 15:47 -0700, Timothy Selivanow wrote: > I'm try to bond a few interfaces together with the hopes of getting > increased throughput, and I'm using a cisco Catalyst 2900 as the switch. > I've tried using mode 0, 5, and 6 with nothing special on the switch, > and mode 4 with some ports "trunked" together (I have a feeling that the > "trunking" that the 2900 does is not 802.3ad, as it disabled the ports > it saw as redundant), yet xfer speeds always cap out at about 10MB/s. > > Has any body accomplished bonding with increased throughput as the goal, > with or without (without might be preferable) doing something special on the > switch (preferably the > afore-mentioned Catalyst 2900, as that is what I have to work with as a > non-sactioned side-project ;)? > IEEE 802.1Q trunking Supported. Cisco IOS Release 11.2(8)SA5 (Enterprise Edition Software) Inter-Switch Link (ISL) trunking Cisco IOS Release 11.2(8)SA4 (Enterprise Edition Software) set fastether-options 802.3ad (((try that)))? I have a Cisco Cert but that does not mean anything. Have not worked on ciso equipment in over 4 years. > > --Tim > ___ > < When pleasure remains, does it remain a pleasure? > > --- > \ >\ \ > \ /\ > ( ) > .( o ). > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos -- ~/john OpenPGP Sig:BA91F079 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Tony Schreiner wrote on Wed, 09 Apr 2008 18:25:55 -0400: > https://bioinformatics.bc.edu That is just fine, as expected. If a browser doesn't like it, it's a problem in the browser. Probably it hasn't updated it's root CA list for some time and is missing the intermediary certificate (which is from 2005, so that's some time ago ...). Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Interface bonding?
>I'm try to bond a few interfaces together with the hopes of getting >increased throughput, and I'm using a cisco Catalyst 2900 as the switch. >I've tried using mode 0, 5, and 6 with nothing special on the switch, >and mode 4 with some ports "trunked" together (I have a feeling that the >"trunking" that the 2900 does is not 802.3ad, as it disabled the ports >it saw as redundant), yet xfer speeds always cap out at about 10MB/s. > >Has any body accomplished bonding with increased throughput as the goal, >with or without (without might be preferable) doing something special on the >switch (preferably the >afore-mentioned Catalyst 2900, as that is what I have to work with as a >non-sactioned side-project ;)? > > >--Tim I just did this with an HP switch, it was obviously easier:) Have a look here: http://www.mjmwired.net/kernel/Documentation/networking/bonding.txt Some good info. HTH, jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssh version 5
Alain, On 09/04/2008, at 20:51 , Alain Terriault, Mr. wrote: Bonjour, I will be very happy to give your rpm a try, I was able to compile and install the most recent version of ssh .. but, will sure like to keep my rpm database in sync. I have no rpm building experience, so you will give me a great favor by charring your package. Let me know how I can get a copy .. in rpms, if possible. No stress, I will give it a try on our test machine first. fyi- after searching on the web for an openssh.rpms, I realized I am not the only one looking for such a package .. you may consider putting it in a public area, so we can google it. they are in a public area: http://www.ivec.org/repos/ this repository holds all kinds off rpms, the one you are afer are: openssh-5.0p1-1.arcs.i386.rpm openssh-server-5.0p1-1.arcs.i386.rpm openssh-clients-5.0p1-1.arcs.i386.rpm you can either download them and install them manually or add the repository to your yum repositories and use yum. they are build for centos5 32bit i386. the disclaimer again to anyone who wants to try them: I have never used them on a system that I didn't setup and have complete control over myself. There is no guarantee that they will work and these rpms might make your system unusable! Use at your own risk. It is very kind of you, it is much appreciate. thanks, alain -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Florian Goessmann Sent: Wednesday, April 09, 2008 1:45 AM To: CentOS mailing list Subject: Re: [CentOS] openssh version 5 On 09/04/2008, at 00:09 , Johnny Hughes wrote: It is possible that other CentOS users have rolled this functionality into their own CentOS installs, and if have maybe they will tell us here. I have openssh 5 installed on my CentOS 5 systems. I did make rpm for it. You can try the rpm if you like, however I can't and won't give you any guarantees that it will work properly and not cause your computer to completely die. cheers Florian == Florian Goessmann -- iVEC, 'The hub of advanced computing in Western Australia' 26 Dick Perry Avenue, Technology Park Kensington WA 6151 Australia Phone: +61 8 6436 8835 Fax: +61 8 6436 8555 Email: [EMAIL PROTECTED] www: http://www.ivec.org -- ARCS Data Services Email: [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED] www: http://www.arcs.org.au ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos == Florian Goessmann -- iVEC, 'The hub of advanced computing in Western Australia' 26 Dick Perry Avenue, Technology Park Kensington WA 6151 Australia Phone: +61 8 6436 8835 Fax: +61 8 6436 8555 Email: [EMAIL PROTECTED] www: http://www.ivec.org -- ARCS Data Services Email: [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED] www: http://www.arcs.org.au smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Interface bonding?
I'm try to bond a few interfaces together with the hopes of getting increased throughput, and I'm using a cisco Catalyst 2900 as the switch. I've tried using mode 0, 5, and 6 with nothing special on the switch, and mode 4 with some ports "trunked" together (I have a feeling that the "trunking" that the 2900 does is not 802.3ad, as it disabled the ports it saw as redundant), yet xfer speeds always cap out at about 10MB/s. Has any body accomplished bonding with increased throughput as the goal, with or without (without might be preferable) doing something special on the switch (preferably the afore-mentioned Catalyst 2900, as that is what I have to work with as a non-sactioned side-project ;)? --Tim ___ < When pleasure remains, does it remain a pleasure? > --- \ \ \ \ /\ ( ) .( o ). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache log directives
Jason wrote on Wed, 09 Apr 2008 16:21:14 -0500: > customlog $VHOST.log not with "fixed" vhosts. There is something called mass virtual hosting or so. That uses a different way of specifying virtual hosts and might be able do something like this with the logs as well. However, I don't think it makes sense for just 10 vhosts. It's more complex to setup and less flexible. You can read up on it in the documentation on httpd.apache.org. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Kai Schaetzl wrote: Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400: I was under the (obviously mistaken) impression that one certificate per hostname was the rule. and I created the certificate with the hostname I want to use; which is resolvable; and reachable with regular http over port 80. And that is the only SSL enabled site I want to use on this server. I didn't say anything that should make you believe this would not work. Why do you think that? I just explained that if you want to have *more* SSL vhosts than you either need more IP addresses or use the same certificate (wildacrd) for all of them. If you just want to have one SSL site your are fine. However, you didn't provide any of the information I asked for. You are not talking of www.bc.edu, do you? Kai ok, ok. https://bioinformatics.bc.edu Tony ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Kai Schaetzl napsal(a): IE does and I think FF does as well. But IE doesn't support this specific extension. Kai Both support TLS. FF supports server name indication, only IE7 on Vista supports server name indication. IE7 on XP doesn't. :o( D. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Jim Perrin wrote on Wed, 9 Apr 2008 16:40:24 -0400: > Your > packages work, yes, but do they function with the verisign cert he's > already got? More important: do they work with most browsers? There is a test page for this (don't recall URL, but can be found on apache bugzilla) and last time I tried it with Internet Explorer it didn't work with it. :-( Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Les Mikesell wrote on Wed, 09 Apr 2008 16:06:59 -0500: > Do browsers do TLS these days? IE does and I think FF does as well. But IE doesn't support this specific extension. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] apache log directives
Does anyone know of a way to specify a CustomLog file name in apache based on the vhost? for example, I have 10 vhosts and instead of giving each one a CustomLog directive and specifying a different log file I'd like to do something in global that does the same thing, ala vhost elvis customlog elvis.log vhost king customlog king.log becomes customlog $VHOST.log I know that this is a bad idea, I know about the open file concerns. It's more of a "can it be done" -- Jason www.cyborgworkshop.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400: > I was under the (obviously mistaken) impression that one certificate > per hostname was the rule. and I created the certificate with the > hostname I want to use; which is resolvable; and reachable with > regular http over port 80. And that is the only SSL enabled site I > want to use on this server. I didn't say anything that should make you believe this would not work. Why do you think that? I just explained that if you want to have *more* SSL vhosts than you either need more IP addresses or use the same certificate (wildacrd) for all of them. If you just want to have one SSL site your are fine. However, you didn't provide any of the information I asked for. You are not talking of www.bc.edu, do you? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Jim Perrin wrote on Wed, 9 Apr 2008 15:24:09 -0400: > "Name-based virtual hosting cannot be used with SSL secure servers > because of the nature of the SSL protocol." that documentation (also in the 2.2 one) in the way that they have written it as an exclusive truth is simply not true. One just needs to know the caveats. It's for instance perfect for an organization to offer several SSL vhosts under one IP and with one wildcard certificate. It doesn't work for webhosting different clients, of course. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] file conflicts when updating from 5.0 to 5.1
Johnny Hughes wrote on Wed, 09 Apr 2008 13:37:12 -0500: > "yum list extras" will give you a list of everything installed that is > not in your currently defined repos. Thanks. This is helpful, although it lists CentOS 5 packages as well, so one has to be careful. For instance it lists kernel.i686 2.6.18-8.1.14.el5 which was in the 5.0 repo but isn't in the 5.1 repo anymore. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Jim Perrin wrote on Wed, 9 Apr 2008 14:37:11 -0400: > It better be, because for apache 2.0, it's the ONLY way you can do vhosts. > You have to have 1 ip per vhost for ssl. This is in the apache documentation > > For httpd 2.2, you can do name based vhosts, but not with standard ssl > certs like verisign ships. Apache 2.0 and 2.2 behave the same in this regard, you *can* have one IP for multiple SSL vhosts. And one certificate for one IP. Which means in case of multiple SSL vhosts you ened a wildcard certificate. But this doesn't seem the poster's problem. But as he doesn't allow us a view at the cert ... Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dag Repos
Ed Morrison wrote on Thu, 20 Mar 2008 08:36:31 -0700: > http://apt.sw.be/redhat/el4/en/x86_64/dag/repodata/repomd.xml: [ you should always use the mirrors. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Jim Perrin wrote:
On Wed, Apr 9, 2008 at 4:35 PM, David Hrbác( <[EMAIL PROTECTED]> wrote:
Jim, you are not right... SSL 3.0 support Server Name Indication and of
course TLS 1.0. For those who are interested there are repos for C{4,5}
located here:
Since I should have included this in my previous reply... I don't mind
being wrong, so long as it's documented.
Can you show the config for CentOS 4, (without the TLS packages you
list) to do name based vhosts with ssl? I'd be interested in this
myself. Given that the apache documentation for 2.0.x says it can't be
done, I was basing my statements off that.
Do browsers do TLS these days? I thought https had to negotiate the ssl
connection before the browser would send anything - so you don't have
the host header when you need to find the right certificate. It doesn't
matter if the ssl layer knows how to do TLS if the browser side won't
use it.
--
Les Mikesell
[EMAIL PROTECTED]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
On Wed, Apr 9, 2008 at 4:35 PM, David Hrbác( <[EMAIL PROTECTED]> wrote:
> Jim, you are not right... SSL 3.0 support Server Name Indication and of
> course TLS 1.0. For those who are interested there are repos for C{4,5}
> located here:
Since I should have included this in my previous reply... I don't mind
being wrong, so long as it's documented.
Can you show the config for CentOS 4, (without the TLS packages you
list) to do name based vhosts with ssl? I'd be interested in this
myself. Given that the apache documentation for 2.0.x says it can't be
done, I was basing my statements off that.
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
On Wed, Apr 9, 2008 at 4:35 PM, David Hrbác( <[EMAIL PROTECTED]> wrote:
> Jim, you are not right... SSL 3.0 support Server Name Indication and of
> course TLS 1.0. For those who are interested there are repos for C{4,5}
> located here:
My comments were/are based on the apache documentation (linked
previously in the thread), and the distro base as it ships. Your
packages work, yes, but do they function with the verisign cert he's
already got?
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Jim Perrin napsal(a):
"Name-based virtual hosting cannot be used with SSL secure servers
because of the nature of the SSL protocol."
See http://httpd.apache.org/docs/2.0/vhosts/name-based.html for more info
Jim, you are not right... SSL 3.0 support Server Name Indication and of
course TLS 1.0. For those who are interested there are repos for C{4,5}
located here:
http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/i386/
http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/i386/
http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/x86_64/
http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/x86_64/
Regards,
David
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] aide questions, please
Jim Perrin wrote: On Wed, Apr 9, 2008 at 3:08 PM, Marc Wiatrowski <[EMAIL PROTECTED]> wrote: I think those errors are because selinux is off. Hmm, I don't ever really turn selinux off, but I had always thought aide treated it as optional. Could test by setting it to permissive and trying again. This would be interesting to test. I'm not sure if a reboot is required or not. I set permissive in the config file and echoed 1 into /selinux/enforce and then tried firstly the --check, and then an --init. Both still show the faulty lines. I will set it up properly and do a reboot tomorrow to see if it changes things, but for now, it doesn't. steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Yum equivalent of rpm -i --test
>For CentOS5, you could use yum-downloadonly plugin : Wojtek, Will this still allow rpm to "--test" the install of a local rpm and pull in the deps and simulate the install? Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum equivalent of rpm -i --test
On Wed, Apr 09, 2008 at 11:08:15AM -0600, Joseph L. Casale wrote: > How does one do this? Reading through the man pages for yum it doesn't look > like its possible? I could use rpm, but I was hoping to pull down deps > through yum automagically. > > Thanks! > jlc For CentOS5, you could use yum-downloadonly plugin : # rpm -qi yum-downloadonly [ output shortened ] Name: yum-downloadonly Relocations: (not relocatable) Group : System Environment/Base Source RPM: yum-utils-1.0.4-3.el5.centos.2.src.rpm URL : http://linux.duke.edu/yum/download/yum-utils/ Summary : Yum plugin to add downloadonly command option Description : This plugin adds a --downloadonly flag to yum so that yum will only download the packages and not install/update them. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
On Apr 9, 2008, at 3:16 PM, Kai Schaetzl wrote: Tony Schreiner wrote on Wed, 9 Apr 2008 14:22:22 -0400: It however doesn't seem to be working the way I've set it up, browsers connect but are told the certiticate is not recognized. Unfortunately, the most important information is missing from your explanation: please give the exact URL, so one can see the *actual* message and the actual certificate. From first "sight" it looks like the site is not using the certificate you think it uses. FYI: You can have *one* certificate per IP address. It doesn't matter if name-based or not. (So, if you want to have 5 name-based SSL virtual hosts you have to use the same certificate for all of them. That's obviously not the case for you.) Kai I was under the (obviously mistaken) impression that one certificate per hostname was the rule. and I created the certificate with the hostname I want to use; which is resolvable; and reachable with regular http over port 80. And that is the only SSL enabled site I want to use on this server. Getting multiple IP addresses on my server will require a change of plan of action for me; but may be possible. Tony ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
On Wed, Apr 9, 2008 at 3:15 PM, Tony Schreiner <[EMAIL PROTECTED]> wrote: > crud... Well, as Kai brings up, you get one cert per IP. If you're using subdomains you *might* be able to get away with this. *.example.com as a cert common name will work for foo.example.com, and bar.example.com. etc. So long as you're using subdomain certs this works okay. If you're doing different names, you're pretty sunk. "Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol." See http://httpd.apache.org/docs/2.0/vhosts/name-based.html for more info -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Tony Schreiner wrote: I recently aquired a Verisign SSL certificate for my web server on Centos 4, with apache 2.0.59 from centosplus. It however doesn't seem to be working the way I've set it up, browsers connect but are told the certiticate is not recognized. Showing more info, the information looks correct. I think it has probably to do with the fact that I'm using the certificate on a virtual named host, and I wonder If any body has experience doing this? A few places in the apache documentation suggest that SSL cannot be used with name based virtual hosting, but I don't if that means, not at all, or not with multiple named hosts. I have multiple NameVirtualHost on port 80, but will only plan to use one of the names on port 443. The start of the section in my ssl.conf goes like this: ServerName nameprotected.domain.edu:443 ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/docs/nameprotected nameprotected.domain.edu is a DNS CNAME to the actual host. How do folks do SSL and virtual hosts? multiple IP addresses is not an option for me. This is how I do it: NameVirtualHost IP.AD.DR.ESS:443 SSLEngine On SSLCertificateFile path/to/domain.crt SSLCertificateKeyFile path/to/domain.key ServerName domain.tld ServerAdmin [EMAIL PROTECTED] DocumentRoot /path/to/webroot ErrorLog /path/to/logs/errors.log CustomLog /path/to/logs/access.log combined Rick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] aide questions, please
On Wed, Apr 9, 2008 at 3:08 PM, Marc Wiatrowski <[EMAIL PROTECTED]> wrote: > > I think those errors are because selinux is off. Hmm, I don't ever really turn selinux off, but I had always thought aide treated it as optional. Could test by setting it to permissive and trying again. This would be interesting to test. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Tony Schreiner wrote on Wed, 9 Apr 2008 14:22:22 -0400: > It however doesn't seem to be working the way I've set it up, > browsers connect but are told the certiticate is not recognized. Unfortunately, the most important information is missing from your explanation: please give the exact URL, so one can see the *actual* message and the actual certificate. From first "sight" it looks like the site is not using the certificate you think it uses. FYI: You can have *one* certificate per IP address. It doesn't matter if name-based or not. (So, if you want to have 5 name-based SSL virtual hosts you have to use the same certificate for all of them. That's obviously not the case for you.) Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
On Apr 9, 2008, at 2:37 PM, Jim Perrin wrote: On Wed, Apr 9, 2008 at 2:22 PM, Tony Schreiner <[EMAIL PROTECTED]> wrote: nameprotected.domain.edu is a DNS CNAME to the actual host. How do folks do SSL and virtual hosts? multiple IP addresses is not an option for me. It better be, because for apache 2.0, it's the ONLY way you can do vhosts. You have to have 1 ip per vhost for ssl. This is in the apache documentation For httpd 2.2, you can do name based vhosts, but not with standard ssl certs like verisign ships. crud... but thanks for the info ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] aide questions, please
I think those errors are because selinux is off. On Wed, 2008-04-09 at 12:12 -0400, Jim Perrin wrote: > On Wed, Apr 9, 2008 at 12:03 PM, Steve Campbell <[EMAIL PROTECTED]> wrote: > > Thanks Jim, > > > > Believe it or not, that's what I started out with. > > > > After running the entire --init/--check scenario again, I see in the log > > files and the output, that all files get this message, and a normal output > > of what should be there showing changed and unchanged files appear at the > > bottom of the log. So what is this "lgetfilecon_raw failed for" showing up > > for each file saying to me? Is it a verbosity setting, or something like > > that? > > Mostly it's telling you that it can't get all the information about > the files it's checking. Are you doing this as root? Are you certain > that selinux is off? Have you modified any of the mount parameters > with noexec or anything else? > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
Tony Schreiner wrote: I recently aquired a Verisign SSL certificate for my web server on Centos 4, with apache 2.0.59 from centosplus. It however doesn't seem to be working the way I've set it up, browsers connect but are told the certiticate is not recognized. Showing more info, the information looks correct. I think it has probably to do with the fact that I'm using the certificate on a virtual named host, and I wonder If any body has experience doing this? A few places in the apache documentation suggest that SSL cannot be used with name based virtual hosting, but I don't if that means, not at all, or not with multiple named hosts. I have multiple NameVirtualHost on port 80, but will only plan to use one of the names on port 443. The start of the section in my ssl.conf goes like this: ServerName nameprotected.domain.edu:443 ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/docs/nameprotected nameprotected.domain.edu is a DNS CNAME to the actual host. the ServerName should match the name in the certificate. How do folks do SSL and virtual hosts? multiple IP addresses is not an option for me. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] file conflicts when updating from 5.0 to 5.1
Kai Schaetzl wrote: Kai Schaetzl wrote on Wed, 09 Apr 2008 19:11:29 +0200: Maybe I should just remove both packages before update Yes, this did it. There's no easy way to find out the few packages left over from CentOS 4, isn't it? Kai "yum list extras" will give you a list of everything installed that is not in your currently defined repos. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssl and NameVirtualHost
On Wed, Apr 9, 2008 at 2:22 PM, Tony Schreiner <[EMAIL PROTECTED]> wrote: > nameprotected.domain.edu is a DNS CNAME to the actual host. > > How do folks do SSL and virtual hosts? multiple IP addresses is not an > option for me. It better be, because for apache 2.0, it's the ONLY way you can do vhosts. You have to have 1 ip per vhost for ssl. This is in the apache documentation For httpd 2.2, you can do name based vhosts, but not with standard ssl certs like verisign ships. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ssl and NameVirtualHost
I recently aquired a Verisign SSL certificate for my web server on Centos 4, with apache 2.0.59 from centosplus. It however doesn't seem to be working the way I've set it up, browsers connect but are told the certiticate is not recognized. Showing more info, the information looks correct. I think it has probably to do with the fact that I'm using the certificate on a virtual named host, and I wonder If any body has experience doing this? A few places in the apache documentation suggest that SSL cannot be used with name based virtual hosting, but I don't if that means, not at all, or not with multiple named hosts. I have multiple NameVirtualHost on port 80, but will only plan to use one of the names on port 443. The start of the section in my ssl.conf goes like this: ServerName nameprotected.domain.edu:443 ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/docs/nameprotected nameprotected.domain.edu is a DNS CNAME to the actual host. How do folks do SSL and virtual hosts? multiple IP addresses is not an option for me. TIA Tony Schreiner ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] aide questions, please
Jim Perrin wrote: On 4/9/08, Steve Campbell <[EMAIL PROTECTED]> wrote: I ran the --init/--check with the default config originally, get the same output. I then tried "-selinux" on the options that included "+selinux" just for the hell of it. I don't know if that's ok or not. --check-config doesn't burp on it though. I don't think this is selinux failing so much as a normal grabbing of file info. Does it do this for all files, or just for the samba shares? It doesn't check the samba shares at all, if I'm not mistaken. These are all normal, locally mounted drives on the normal mount points (/, /usr, home, /var and so forth) steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] file conflicts when updating from 5.0 to 5.1
Kai Schaetzl wrote on Wed, 09 Apr 2008 19:11:29 +0200: > Maybe I should just remove both packages before update Yes, this did it. There's no easy way to find out the few packages left over from CentOS 4, isn't it? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] aide questions, please
On 4/9/08, Steve Campbell <[EMAIL PROTECTED]> wrote: > I ran the --init/--check with the default config originally, get the same > output. I then tried "-selinux" on the options that included "+selinux" just > for the hell of it. I don't know if that's ok or not. --check-config doesn't > burp on it though. I don't think this is selinux failing so much as a normal grabbing of file info. Does it do this for all files, or just for the samba shares? -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] file conflicts when updating from 5.0 to 5.1
I get these two errors when I upgrade to the current 5 base. centos-release-5-0.0.el5.centos.2 CentOS release 5 (Final) file /etc/yum.repos.d/CentOS-Base.repo from install of centos-release-5 -1.0.el5.centos.1 conflicts with file from package centos-yumconf-4-4.5 file /etc/sysconfig/rhn/sources from install of centos-release-5- 1.0.el5.centos.1 conflicts with file from package up2date-4.4.67-4.centos4 I think this setup is an inplace-upgrade from 4 to 5, it's been offline for some months, now I'm resurrecting it. CentOS-Base.repo was edited by me to point to a local repo. I haven't ever seen this to be a problem. Is yumconf from CentOS4? up2date-4.4.67-4.centos4 seems to be coming from CentOS 4? Maybe I should just remove both packages before update as they don't seem to be part of centOS 5? (at least I don't have them on 5 installs) I wonder why this wasn't a problem when going from 4 to 5, though. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Yum equivalent of rpm -i --test
How does one do this? Reading through the man pages for yum it doesn't look like its possible? I could use rpm, but I was hoping to pull down deps through yum automagically. Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to get status of notebook lid?
Ralph Angenendt wrote: Hello, > Olaf Mueller wrote: >> ACPI: Interpreter disabled. >> Is this also blacklisted under CentOS 4, or better, would CentOS 4 >> be a solution for my problem? > You can try with the live CD. But I'd think that it also is disabled > there. thank you very much for your help. Now I have tried the CentOS 4.4 LiveCD with the following result. # cat /proc/acpi/button/lid/LID/state state: open I am happy, it works! But this also means that CentOS 4 must be installed on my already installed CentOS 5 notebook. I suppose to use a CentOS 4 kernel under CentOS 5 is not recommendable? regards Olaf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] rpmbuild and new specfile
>May I ask one question? If you do not edit the spec file and run the >same rpmbuild -ba command against the original spec, would it build >without errors? > >Akemi Good question :) It does need an edit though to build regardless under x64 so I would assume the build would simply error out on the hvm related issue. It worked and I have rpms now! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpmbuild and new specfile
On Wed, Apr 9, 2008 at 9:27 AM, Joseph L. Casale <[EMAIL PROTECTED]> wrote: > > >You don't. You do "rpmbuild -ba " > > > >Regards, > >Tim > > Hi, > I read that, but I assumed it required the source to be unpacked. I tried it > and I recieved the following error while trying to compile xen 3.2 srpm under > CentOS 5.1x64: > > error: Bad exit status from /var/tmp/rpm-tmp.42788 (%build) May I ask one question? If you do not edit the spec file and run the same rpmbuild -ba command against the original spec, would it build without errors? Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] aide questions, please
Jim Perrin wrote: On Wed, Apr 9, 2008 at 12:03 PM, Steve Campbell <[EMAIL PROTECTED]> wrote: Thanks Jim, Believe it or not, that's what I started out with. After running the entire --init/--check scenario again, I see in the log files and the output, that all files get this message, and a normal output of what should be there showing changed and unchanged files appear at the bottom of the log. So what is this "lgetfilecon_raw failed for" showing up for each file saying to me? Is it a verbosity setting, or something like that? Mostly it's telling you that it can't get all the information about the files it's checking. Are you doing this as root? Are you certain that selinux is off? Have you modified any of the mount parameters with noexec or anything else? Jim, Here's my mount list: /dev/sda8 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on /boot type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw) /dev/sda7 on /home type ext3 (rw) /dev/sda9 on /opt type ext3 (rw) /dev/sda5 on /tmp type ext3 (rw) /dev/sda3 on /usr type ext3 (rw) /dev/sdb1 on /usr/local type ext3 (rw) /dev/sda2 on /var type ext3 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) I have one smb mounted for full system backups. This box is pretty vanilla, as we run Thunderstone search engine on it. I believe that is the only mods to the box after install, and I don't think it changed anything else. The aide --v looks like: Aide 0.13.1 Compiled with the following options: WITH_MMAP WITH_POSIX_ACL WITH_SELINUX WITH_XATTR WITH_LSTAT64 WITH_READDIR64 WITH_GCRYPT WITH_AUDIT CONFIG_FILE = "/etc/aide.conf" I ran the --init/--check with the default config originally, get the same output. I then tried "-selinux" on the options that included "+selinux" just for the hell of it. I don't know if that's ok or not. --check-config doesn't burp on it though. My /etc/selinux/config file has SELINUX=disabled in it and always has. At a loss, but thanks loads for the help and time. steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] rpmbuild and new specfile
>You don't. You do "rpmbuild -ba " > >Regards, >Tim Hi, I read that, but I assumed it required the source to be unpacked. I tried it and I recieved the following error while trying to compile xen 3.2 srpm under CentOS 5.1x64: error: Bad exit status from /var/tmp/rpm-tmp.42788 (%build) Cleaning out the /var/tmp dir fixed it? Is that normal/fluke? Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] aide questions, please
On Wed, Apr 9, 2008 at 12:03 PM, Steve Campbell <[EMAIL PROTECTED]> wrote: > Thanks Jim, > > Believe it or not, that's what I started out with. > > After running the entire --init/--check scenario again, I see in the log > files and the output, that all files get this message, and a normal output > of what should be there showing changed and unchanged files appear at the > bottom of the log. So what is this "lgetfilecon_raw failed for" showing up > for each file saying to me? Is it a verbosity setting, or something like > that? Mostly it's telling you that it can't get all the information about the files it's checking. Are you doing this as root? Are you certain that selinux is off? Have you modified any of the mount parameters with noexec or anything else? -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] aide questions, please
Jim Perrin wrote: On Wed, Apr 9, 2008 at 11:39 AM, Steve Campbell <[EMAIL PROTECTED]> wrote: I'm trying out aide since tripwire doesn't seem to be in the 5. releases anymore. I do not have Selinux on the server (no at installation), and I just yum installed the aide rpms, so I should have the latest. When I run my aide --init, I get all of these lines for all the files: There's an aide how-to for centos5 here -> http://www.bofh-hunter.com/2007/12/04/centos-5-and-aide/ Thanks Jim, Believe it or not, that's what I started out with. After running the entire --init/--check scenario again, I see in the log files and the output, that all files get this message, and a normal output of what should be there showing changed and unchanged files appear at the bottom of the log. So what is this "lgetfilecon_raw failed for" showing up for each file saying to me? Is it a verbosity setting, or something like that? Thanks steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] aide questions, please
On Wed, Apr 9, 2008 at 11:39 AM, Steve Campbell <[EMAIL PROTECTED]> wrote: > I'm trying out aide since tripwire doesn't seem to be in the 5. releases > anymore. I do not have Selinux on the server (no at installation), and I > just yum installed the aide rpms, so I should have the latest. > > When I run my aide --init, I get all of these lines for all the files: There's an aide how-to for centos5 here -> http://www.bofh-hunter.com/2007/12/04/centos-5-and-aide/ -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] aide questions, please
I'm trying out aide since tripwire doesn't seem to be in the 5. releases anymore. I do not have Selinux on the server (no at installation), and I just yum installed the aide rpms, so I should have the latest. When I run my aide --init, I get all of these lines for all the files: lgetfilecon_raw failed for /usr/share/X11/app-defaults/XLogo:No data available I then copy the 'new' db file to the regular db file and run aide --check, and it seems I get the above lines all over again. It's as though the db files aren't being read. I noticed in the preceding release of aide that problems existed and was related to Selinux and the inability to read gz files. Am I doing something obviously wrong? Do I need to do an --update or is this just when I get reports that something has changed after the --init? Thanks for any help and replies. Steve Campbell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpmbuild and new specfile
On Wed, Apr 9, 2008 at 5:24 PM, Joseph L. Casale <[EMAIL PROTECTED]> wrote: > After extracting the spec file out an srpm and editing it, how does one > execute $rpmbuild --rebuild package.srpm and use the new spec file as a > non-root user inside a home dir build root? You don't. You do "rpmbuild -ba " Regards, Tim -- Tim Verhoeven - [EMAIL PROTECTED] - 0479 / 88 11 83 Hoping the problem magically goes away by ignoring it is the "microsoft approach to programming" and should never be allowed. (Linus Torvalds) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rpmbuild and new specfile
After extracting the spec file out an srpm and editing it, how does one execute $rpmbuild --rebuild package.srpm and use the new spec file as a non-root user inside a home dir build root? Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.1 x86 medium installation problems
On Wednesday 09 April 2008 15:53:36 Ioannis Vranos wrote: > It was a hardware problem with my DVD recorder. I got a new one and now > everything works OK. > When something that previously worked starts giving you problems it can be hard to spot. Glad you got it sorted. Anne signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.1 x86 medium installation problems
It was a hardware problem with my DVD recorder. I got a new one and now everything works OK. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Xorg crashes centos 5.1
Before you get involved into drivers have you changed or upgraded VNC? to the next level? As that when Lauched caused the crashing? On Tue, 2008-04-08 at 06:42 -0400, Jerry Geis wrote: > > > > What binary drivers do you have and where did you get them from and what > > version are they? > > Give us the output of lspci -v. as in the line containing your type of > > video card. > > > > > > > > > > > I downloaded this directly from the nvidia site. > NVIDIA-Linux-x86_64-169.09-pkg2.run > > 02:00.0 VGA compatible controller: nVidia Corporation GeForce 7100 GS > (rev a1) (prog-if 00 [VGA]) > Subsystem: XFX Pine Group Inc. Unknown device 2234 > Flags: bus master, fast devsel, latency 0, IRQ 9 > Memory at f800 (32-bit, non-prefetchable) [size=16M] > Memory at e000 (64-bit, prefetchable) [size=256M] > Memory at f900 (64-bit, non-prefetchable) [size=16M] > [virtual] Expansion ROM at fa00 [disabled] [size=128K] > Capabilities: [60] Power Management version 2 > Capabilities: [68] Message Signalled Interrupts: 64bit+ > Queue=0/0 Enable- > Capabilities: [78] Express Endpoint IRQ 0 > Capabilities: [100] Virtual Channel > Capabilities: [128] Power Budgeting > > > > Jerry > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos -- ~/john OpenPGP Sig:BA91F079 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lvm VolGroup00 problem after disk upgrade
Hi Thim, thanks a lot you are a genius! , i dont know how could i forgot about that , maybe i am little overworked. Thanks, and nice day to all! D. On Wed, Apr 9, 2008 at 2:29 PM, Tim Verhoeven <[EMAIL PROTECTED]> wrote: > On Wed, Apr 9, 2008 at 2:15 PM, David Hláčik <[EMAIL PROTECTED]> wrote: > ...snip... > > > > and now the problem > > > > after kernel load i will get info that GroupVol00 (which was lvm group > on > > old disk does not exist) > > info about boss group fonded > > and then i will get an error that /dev/root does not exist > > and then that /proc does not exist > > and then kernel panic > > > > Where is the problem? > > I did this whole process so many times without error and know i am stuck > do > > not know where. > > I checked lvm.conf double, checked if /etc/fstab /etc/grub.conf > configured > > OK > > checked using lvm syntax for lvm ... > > Hi, > > I think you probably need to rebuild the ramdisk (initrd) used for > booting your kernel. It will also contains references to the root > device. So boot back into rescue mode and do a mkinitrd. > > Regards, > Tim > > -- > Tim Verhoeven - [EMAIL PROTECTED] - 0479 / 88 11 83 > > Hoping the problem magically goes away by ignoring it is the > "microsoft approach to programming" and should never be allowed. > (Linus Torvalds) > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lvm VolGroup00 problem after disk upgrade
On Wed, Apr 9, 2008 at 2:15 PM, David Hláčik <[EMAIL PROTECTED]> wrote: ...snip... > > and now the problem > > after kernel load i will get info that GroupVol00 (which was lvm group on > old disk does not exist) > info about boss group fonded > and then i will get an error that /dev/root does not exist > and then that /proc does not exist > and then kernel panic > > Where is the problem? > I did this whole process so many times without error and know i am stuck do > not know where. > I checked lvm.conf double, checked if /etc/fstab /etc/grub.conf configured > OK > checked using lvm syntax for lvm ... Hi, I think you probably need to rebuild the ramdisk (initrd) used for booting your kernel. It will also contains references to the root device. So boot back into rescue mode and do a mkinitrd. Regards, Tim -- Tim Verhoeven - [EMAIL PROTECTED] - 0479 / 88 11 83 Hoping the problem magically goes away by ignoring it is the "microsoft approach to programming" and should never be allowed. (Linus Torvalds) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] lvm VolGroup00 problem after disk upgrade
Hi to all, i am facing a really strange problem ,and i am not able to find a solution by myself and it is really critical for me to solve it asap :( I have replaced old sata disk with new one on centos , i did a whole cp -a copy from single mode do new disk. What i have done? 1) using fdisk created sdb1 (Linux) and sdb2 (Linux LVM) 1) created volume group boss on new disk at sda2 2) created group volumes root, home, swap 3) formated /dev/mapper/boss-root with ext3 4) fromated /dev/mapper/boss-home with ext3 5) created mkswap on /dev/mapper/boss-swap 6) formated /dev/sdb1 with ext3 (will be boot) mounted all under /new and did cp -a from current disk to /new location (without /proc and /tmp) then created /new/proc and /new/tmp directory after that i turned off computer and removed old disk (sda) booted using centos cd with linux rescue everything got mounted under /mnt/sysimage chrooted to /mnt/sysimage then i edited /etc/fstab with current values : /dev/mapper/boss-root for roor /dev/mapper/boss-home for home /dev/mapper/boss-swap for swap edited /etc/grub.conf with root= /dev/mapper/boss-root did grub-install /dev/sda and now the problem after kernel load i will get info that GroupVol00 (which was lvm group on old disk does not exist) info about boss group fonded and then i will get an error that /dev/root does not exist and then that /proc does not exist and then kernel panic Where is the problem? I did this whole process so many times without error and know i am stuck do not know where. I checked lvm.conf double, checked if /etc/fstab /etc/grub.conf configured OK checked using lvm syntax for lvm ... Thanks in advance! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to get status of notebook lid?
Olaf Mueller wrote: > Ralph Angenendt wrote: >> Might be that >> the acpi bios is blacklisted. Searching for acpi in dmesg should give >> more hints. > # grep ACPI /var/log/dmesg > > ACPI: Disabling ACPI support > ACPI Exception (utmutex-0262): AE_BAD_PARAMETER, Thread C1257AA0 could > not acquire Mutex [2] [20060707] > ACPI Exception (utmutex-0262): AE_BAD_PARAMETER, Thread C1257AA0 could > not acquire Mutex [2] [20060707] > ACPI: Interpreter disabled. > Is this also blacklisted under CentOS 4, or better, would CentOS 4 be > a solution for my problem? You can try with the live CD. But I'd think that it also is disabled there. Ralph pgp1ozu9nv22F.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to get status of notebook lid?
Ralph Angenendt wrote: Hello. > Olaf Mueller wrote: >> /proc/acpi doesn't here exists, acpid is installed. Is my notebook >> too old? > That is entirely possible, yes. The 8000 is from ~1999? Yes, it is. I use it as a thin client (X -ac -port 177 -query ). > Might be that > the acpi bios is blacklisted. Searching for acpi in dmesg should give > more hints. # grep ACPI /var/log/dmesg BIOS-e820: 0fff - 1000 (ACPI data) BIOS-e820: 100b6e00 - 100b7000 (ACPI NVS) ACPI: RSDP (v000 TOSHIB) @ 0x000f0d90 ACPI: RSDT (v001 TOSHIB 750 0x00970814 TASM 0x0401) @ 0x0fff ACPI: FADT (v001 TOSHIB 750 0x00970814 TASM 0x0401) @ 0x0fff0054 ACPI: BOOT (v001 TOSHIB 750 0x00970814 TASM 0x0401) @ 0x0fff002c ACPI: DSDT (v001 TOSHIB 8000 0x19981112 MSFT 0x010a) @ 0x ACPI: Disabling ACPI support ACPI Exception (utmutex-0262): AE_BAD_PARAMETER, Thread C1257AA0 could not acquire Mutex [2] [20060707] ACPI Exception (utmutex-0262): AE_BAD_PARAMETER, Thread C1257AA0 could not acquire Mutex [2] [20060707] ACPI: Interpreter disabled. pnp: PnP ACPI: disabled PCI quirk: region fe00-fe3f claimed by PIIX4 ACPI Is this also blacklisted under CentOS 4, or better, would CentOS 4 be a solution for my problem? regards Olaf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to get status of notebook lid?
Olaf Mueller wrote: > Kanwar Ranbir Sandhu wrote: > > Hello, > > > On Tue, 2008-04-08 at 08:54 +0200, Olaf Mueller wrote: > >> Is there any way to get this status, maybe under /proc/ or by some > >> command? > > Look under /proc/acpi/button/lid/. On one of my notebooks, this > > works: > /proc/acpi doesn't here exists, acpid is installed. Is my notebook too > old? That is entirely possible, yes. The 8000 is from ~1999? Might be that the acpi bios is blacklisted. Searching for acpi in dmesg should give more hints. > Any other ideas? With apm stuff like suspend when closing the lid usually goes through the BIOS settings. The only thing you'll find in /proc is /proc/apm. And IIRC this does not give you the status of the lid button or similar. Cheers, Ralph pgp2IoM9UEDnD.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
