Re: [CentOS] Antivirus for CentOS? (yuck!)
I run this on a centos-server I have. The machine comes to crawl when I open up the Symantec-GUI. I think the GUI is built on java, which might make the machine slower than necessary. Probably the CLI-interface is more responsive. -- /Sorin >-Original Message- >From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of >Morten Torstensen >Sent: Thursday, January 22, 2009 7:18 PM >To: CentOS mailing list >Subject: Re: [CentOS] Antivirus for CentOS? (yuck!) > >And just for completeness, Symantec has AV for Linux too... it is better >there than on the Windows platform, but that doesn't say much. The >advantage of Symantec is that it is a well-known brand, so in some cases >it can be a easy option to push through red-tape bureaucrats. > smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] where did all the nonfree rpms go? Nvidia? xine-lib-mp3?
I installed Centos on some machines that need long term support. I'm running up against some simple user convenience issues. How to play MP3? I've been really puzzled today that the addon rpm sites like livna, rpmforge, rpmfusion, epel, don't seem to have something like amarok-mp3 or xine-lib-mp3. What am I missing? It can be done in Ubuntu, Debian, and Fedora Linux. In the worst case scenario, what must be done? get the xine source code and build an rpm that includes the mp3 components? Do you have Nvidia cards? Then I noticed there is a new Nvidia proprietary driver on www.nvidia.org, and I can't find an rpm package for it, or for the previous 2 releases of the nvidia driver. The place to get those packages used to be rpm.livna.org, but that is now moved to rpmfusion, but on the rpmfusion site, the nonfree folders are empty. Oh, well. Just singing a complaining song. pj -- Paul E. Johnson ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
On Fri, 23 Jan 2009 00:10:19 +0100 Rainer Duffner wrote: > Sheesh! > > > > > WTF? > Do you want him to have his email-account suspended? > Please, folks, be a little more insightful and not so quick with the > email-button. As I see it, that big write-up either means what it says or it does not. If it means what it says, then it appears that the mailserver the OP is using should not be used to post messages to a public, international mailing list. If a user was misusing a mailserver that I was responsible for, I would want to know about it. Any responsible admin would want the same. If it does not mean what it says, then including that kind of a write-up in an email is merely a waste of everyone's bandwidth which, when aggregated over the number of people who subscribe to this mailing list probably adds up to several megabytes. Of unnecessary data that nobody, not even the OP's company, believes. And some people still pay by the byte for their Internet connections. Plus the additional disk space that's required for list archives here and there around the world. By my count, the OP's original message was composed of two lines of content and 27 lines of "warning". That's a signal-to-noise ratio of less than 7%. -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com DRY CLEANER BUSINESS FOR SALE ~ http://www.canadadrycleanerforsale.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Bezerk they will go!
On Thu, Jan 22, 2009 at 4:41 PM, Ralph Angenendt > wrote: > Michael St. Laurent wrote: > > > > Is there a projected release date for CentOS-5.3? > > > > > > > > > > > hedidnotask...this > > > > > > search the forums..when it's done..unless you would like to help..:) > > > > I have helped by sending money. I don't know if that counts or not > > though. > > Sure does and thank you for that. But just as you don't mention the > Reinemachefrau in front of the Nazi chief in "Dead men don't wear plaid", > you > don't ask when the next release comes out here. Someone might go berzerk. > Bezerk they will go, because for each person who doesn't ask, there will be dozens who do. Betcha one of you can make this rhyme, I can't. Note the minimalist .sig Probably should fatten it up -- Drew Einhorn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
I just verified the filesystem features with tune2fs -l and the dir_index feature is already present. So, no luck here. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question on upgrading hardware
Bob Hoffman wrote: > For centos 5.x > > Two questions regarding upgrading hardware or system. > > 1- If I were to shut off the server and add more ram, switch out ram, remove > one of the two cpus, or replace the two cpus with bigger or smaller > ones.Would I just be able to restart the server or would I have to do > something with the configuration somewhere? Shouldn't need to touch the config. > 2- If I built another system, slightly different motherboard but most of the > rest the same as far as hardware, would taking a drive from the old system > and adding it to the new system work correctly and recognize what it needs? If the disk controller is the same you should be fine. If it is not the same you may want to adjust your /etc/modprobe.conf and rebuild your initrd prior to making the change to ensure the system boots. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cpu load monitoring
Dave Stevens wrote: > Hi, > > I have a server running Centos 5.2 and am implementing a GIS mapserver app. I > have some sample logs from another implementation that give me an idea of > bandwidth requirements but I would like to check the cpu load. I can not be > at the server during the test and am interested in knowing if there is > logging of cpu load available. Anyone have experience with this? > Recommendations? If you have the sysstat package installed, sar will show samples from 10 minute intervals. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cpu load monitoring
Dave Stevens wrote: > Hi, > > I have a server running Centos 5.2 and am implementing a GIS mapserver app. > I > have some sample logs from another implementation that give me an idea of > bandwidth requirements but I would like to check the cpu load. I can not be > at the server during the test and am interested in knowing if there is > logging of cpu load available. Anyone have experience with this? > Recommendations? install sysstat and use sar, by default it logs data once every 10 minutes I believe(adjustable via configuration). nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Question on upgrading hardware
For centos 5.x Two questions regarding upgrading hardware or system. 1- If I were to shut off the server and add more ram, switch out ram, remove one of the two cpus, or replace the two cpus with bigger or smaller ones.Would I just be able to restart the server or would I have to do something with the configuration somewhere? 2- If I built another system, slightly different motherboard but most of the rest the same as far as hardware, would taking a drive from the old system and adding it to the new system work correctly and recognize what it needs? Thanks for any advice on the upgrading. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] cpu load monitoring
Hi, I have a server running Centos 5.2 and am implementing a GIS mapserver app. I have some sample logs from another implementation that give me an idea of bandwidth requirements but I would like to check the cpu load. I can not be at the server during the test and am interested in knowing if there is logging of cpu load available. Anyone have experience with this? Recommendations? Dave -- Canada must refuse to be entangled in any more wars fought to make the world safe for capitalism. -- The Regina Manifesto, 1933 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
> > I have helped by sending money. I don't know if that counts or not > > though. > > > Money is very nice and it does count and it does help. Hopefully, your > companies money and not your own... No need to lurk. Yes, it's money from the fools who insist on the stupid disclaimer. Justice of a sort? ;) -- This e-mail may contain technical information which is controlled by the United States Government, Department of State, International Traffic & Arms Regulations (ITAR) (22 CFR 120-130) which requires an export license prior to sharing with foreign persons. Lacking such license, ITAR technical data is limited to US Legal Residents only. It is the responsibility of the organization and individual in control of this data to abide by US export laws. If you are not a US Legal Resident, immediately forward this e-mail to not...@hartwellcorp.com or reply to sender without reading any further. Take no other action with this e-mail until contacted. Notice: The information in this document and document itself, in whole or in part, in any form ("Information") is proprietary and/or confidential property of Hartwell Corporation, Placentia, California. Hartwell Corporation and its successors and assignees retain and reserve all right, title and interest in this information in whole or in part and in all forms. This Information is provided to the original recipient only for confidential use, with the understanding that it will not be used in any manner detrimental to the interests of Hartwell Corporation, and subject to return on request. Reproduction, transmission, distribution or publication of this Information in any form, in whole or in part, for any purpose without prior written permission of Hartwell Corporation is strictly prohibited. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
On Thu, Jan 22, 2009 at 6:20 PM, Michael St. Laurent wrote: >> > Is there a projected release date for CentOS-5.3? >> > >> hedidnotask...this >> >> search the forums..when it's done..unless you would like to help..:) > > I have helped by sending money. I don't know if that counts or not > though. > Money is very nice and it does count and it does help. Hopefully, your companies money and not your own... No need to lurk. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ext4 in 5.3
Stephen John Smoogen wrote: > >>> Hi guys - I'm really looking forward to 5.3 for the potential of ext4. >>> I am moving/copying image files lately 8G file and it is slow. I am >>> hoping that ext4 really speeds that up. >> I don't think it will speed things up much. 8GB files are mostly >> hardware throughput and ext3/4 will actually be slower because the >> journalling etc are to make it more robust but at a speed cost. You >> would probably see better speed by going to ext2. > > I make it a habit of eating my own words if I screw up. If the results > seen on Ubuntu by one test hold up, it might have a large increase in > large writes (but nothing in large reads). > > http://www.phoronix.com/scan.php?page=article&item=ubuntu_ext4&num=1 Has anything fixed fsync so it works as intended on a single file without waiting for the whole filesystem metatdata to be written? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
Akemi Yagi wrote: > On Thu, Jan 22, 2009 at 3:20 PM, Les Mikesell wrote: > >> The quick/dirty fix might be to cifs-mount a windows directory where the >> linux side wants to see it and let the windows side work natively if >> that gives the behavior you want. Using the automounter might help if >> the windows side is not always available. > > If you go that route, this wiki has useful tips: > > http://wiki.centos.org/TipsAndTricks/WindowsShares > > See section "3. Even-better method" Or if you want to really go crazy, you might look at Alfresco (http://www.alfresco.com), which among other things implements a cifs server in java so you can apply an assortment of business rules to what the clients see as you might over http - although I don't really know if those rules include control over sort order. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ext4 in 5.3
"Real World Benchmarks Of The EXT4 File-System" http://www.phoronix.com/scan.php?page=article&item=ext4_benchmarks&num=1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
Miguel Medalha wrote: > Well, you must concede that it is *somewhat* ridiculous to read a > one-line innocent email containing a twelve-line dense disclaimer... Yes, but it is not his fault. Now let us all laugh at his employer and be finished with it. Other people in here cannot trim their replies or open a new thread for every mail they send. Ralph pgpdy8aTe9Nle.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
Michael St. Laurent wrote: > > > Is there a projected release date for CentOS-5.3? > > > > > > > > hedidnotask...this > > > > search the forums..when it's done..unless you would like to help..:) > > I have helped by sending money. I don't know if that counts or not > though. Sure does and thank you for that. But just as you don't mention the Reinemachefrau in front of the Nazi chief in "Dead men don't wear plaid", you don't ask when the next release comes out here. Someone might go berzerk. Cheers, Ralph pgpMLp3xCEazN.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
Well, you must concede that it is *somewhat* ridiculous to read a one-line innocent email containing a twelve-line dense disclaimer... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ext4 in 5.3
On Tue, Jan 20, 2009 at 9:11 PM, Stephen John Smoogen wrote: > On Tue, Jan 20, 2009 at 6:33 PM, Jerry Geis wrote: >> Hi guys - I'm really looking forward to 5.3 for the potential of ext4. >> I am moving/copying image files lately 8G file and it is slow. I am >> hoping that ext4 really speeds that up. > > I don't think it will speed things up much. 8GB files are mostly > hardware throughput and ext3/4 will actually be slower because the > journalling etc are to make it more robust but at a speed cost. You > would probably see better speed by going to ext2. I make it a habit of eating my own words if I screw up. If the results seen on Ubuntu by one test hold up, it might have a large increase in large writes (but nothing in large reads). http://www.phoronix.com/scan.php?page=article&item=ubuntu_ext4&num=1 -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
On Thu, Jan 22, 2009 at 3:20 PM, Les Mikesell wrote: > The quick/dirty fix might be to cifs-mount a windows directory where the > linux side wants to see it and let the windows side work natively if > that gives the behavior you want. Using the automounter might help if > the windows side is not always available. If you go that route, this wiki has useful tips: http://wiki.centos.org/TipsAndTricks/WindowsShares See section "3. Even-better method" Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
> > Is there a projected release date for CentOS-5.3? > > > > > hedidnotask...this > > search the forums..when it's done..unless you would like to help..:) I have helped by sending money. I don't know if that counts or not though. -- This e-mail may contain technical information which is controlled by the United States Government, Department of State, International Traffic & Arms Regulations (ITAR) (22 CFR 120-130) which requires an export license prior to sharing with foreign persons. Lacking such license, ITAR technical data is limited to US Legal Residents only. It is the responsibility of the organization and individual in control of this data to abide by US export laws. If you are not a US Legal Resident, immediately forward this e-mail to not...@hartwellcorp.com or reply to sender without reading any further. Take no other action with this e-mail until contacted. Notice: The information in this document and document itself, in whole or in part, in any form ("Information") is proprietary and/or confidential property of Hartwell Corporation, Placentia, California. Hartwell Corporation and its successors and assignees retain and reserve all right, title and interest in this information in whole or in part and in all forms. This Information is provided to the original recipient only for confidential use, with the understanding that it will not be used in any manner detrimental to the interests of Hartwell Corporation, and subject to return on request. Reproduction, transmission, distribution or publication of this Information in any form, in whole or in part, for any purpose without prior written permission of Hartwell Corporation is strictly prohibited. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
Miguel Medalha wrote: >> If you are processing on the linux side and not via samba, and >> your program will take a list of files on the command line instead of >> groveling through the directory itself, you might simply start it with a >> wild-card filename on the command line. The shell will sort the list as >> it expands it so programs see the sorted list. >> >> > The processing is done via Samba. Acrobat Distiller is not simply > processing a list of files, it is consolidating a group of files onto a > single file, discarding repeated graphic objects and creating a single > subset of fonts from the various font subsets present on the original pages. The quick/dirty fix might be to cifs-mount a windows directory where the linux side wants to see it and let the windows side work natively if that gives the behavior you want. Using the automounter might help if the windows side is not always available. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
Am 22.01.2009 um 23:59 schrieb Frank Cox: > On Thu, 22 Jan 2009 14:46:00 -0800 > Michael St. Laurent wrote: > >> It's not a Sig file unfortunately. The Exchange mail server used >> here >> stamps it on every outgoing email. I've asked the Exchange admin >> about >> putting in an exception for my mail account. > > I forwarded your first email to not...@hartwellcorp.com, just like the > instructions said. > > Perhaps if everyone else on this mailing list did the same thing > with every one > of your emails, your Exchange admin would become "incentivized". > Sheesh! WTF? Do you want him to have his email-account suspended? Please, folks, be a little more insightful and not so quick with the email-button. This is not kindergarden, where the only punishment is standing in the corner for two minutes Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
> You might want to look closely at the file names in Linux. > > Windows is not case sensitive but Linux is. > > In Windows, you cannot create the 2 files, TEST.DOC and test.doc in the > same directory but in Linux you can. It may be that some of these files > are stored differently as in file1.ps and FILE2.PS etc. > > Also, you might want to check out some alternate settings... > > > dos filemode = yes (Share setting only) > case sensitive = no (share setting only) > default case = lower (share setting only) > > I am aware of the differences in case treatment between Linux and Windows. This is not related to case. The filenames in question are automated and ALWAYS take the following form: M09010901A001C.ps M09010901A002C.ps M09010901A003C.ps etc, etc. (By the way, the Samba share settings are not "share only". According to the man pages, share settings can be used globally. The inverse is not true: global settings can only be used globally.) Thank you for your answer, though. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
On Thu, 2009-01-22 at 20:28 +, Miguel Medalha wrote: > I hope someone familiar with the way Linux processes files can enlighten > me on the following: > > I recently replaced an old Windows 2000 server with a new machine > running CentOS 5.2. It uses Samba 3.2.7 to serve a network of Windows XP > clients. > > We are a newspaper. We use Acrobat Distiller to batch-convert a folder > of single-page PostScript files (for print) to a multipage PDF file (for > electronic distribution). > Running on a workstation, Distiller watches the folder on a Samba share > and does the conversion, automatically creating bookmarks, indexes and > other information. > > On the Windows server, Distiller processes the files by filename order: > > M09010901A001C.ps > M09010901A002C.ps > M09010901A003C.ps > > ... and so on. > > On the Linux server, Distiller processes the files in an order that > seems arbitrary, for example: > > M09010901A021C.ps > M09010901A005C.ps > M09010901A015C.ps > > ... and so on. > > The order Distiller uses is NOT related to the time stamp of the files. > I tried to copy the files to the watched folder one by one in the > correct order; the result is the same. > > This creates the need to open the final PDF and reshuffle the pages by > hand, which is very time consuming and prone to error. > > There is a workaround to this: use the runfilex script that comes with > Acrobat: it can contain a list of files to convert, in the order you > want. Unfortunately, this is not acceptable for us since the process > then takes about 40 minutes (irrespective of platform or filesystem), > instead of 3 or 4 minutes. > > My question is: how is the order of files determined by Linux when a > particular order is not explicitly required by a program? > > I noted the following: > > I have 4 files in a folder: file1.ps, file2.ps, file3.ps, file4.ps. When > I order them by date, they appear in Windows Explorer in, say, the > following order: 3, 4, 1, 2 > If I copy them to a new folder one by one in the order 1, 2, 3, 4, they > will still appear in the order 3, 4, 1, 2 when ordered by date. So, what > information is transported with the files that makes the Linux server > present them to the world in this order? > > Does someone know a workaround to this situation or can someone point me > to information about file ordering with Linux? By the way, I am using > the EXT3 file system. I tried the same on a VFAT file system and the > result is the same. It seems to be a Linux thing, not a file system thing. You might want to look closely at the file names in Linux. Windows is not case sensitive but Linux is. In Windows, you cannot create the 2 files, TEST.DOC and test.doc in the same directory but in Linux you can. It may be that some of these files are stored differently as in file1.ps and FILE2.PS etc. Also, you might want to check out some alternate settings... dos filemode = yes (Share setting only) case sensitive = no (share setting only) default case = lower (share setting only) Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
> If the linux FS is efs2, maybe the "dir_index" option of mke2fs will doo > what you want? See "man mke2fs". It says it uses hashed b-trees, but for > speed. > That is the kind of information I am looking for. Thank you! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
> If you are processing on the linux side and not via samba, and > your program will take a list of files on the command line instead of > groveling through the directory itself, you might simply start it with a > wild-card filename on the command line. The shell will sort the list as > it expands it so programs see the sorted list. > > The processing is done via Samba. Acrobat Distiller is not simply processing a list of files, it is consolidating a group of files onto a single file, discarding repeated graphic objects and creating a single subset of fonts from the various font subsets present on the original pages. >> There is a workaround to this: use the runfilex script that comes with >> Acrobat: it can contain a list of files to convert, in the order you >> want. Unfortunately, this is not acceptable for us since the process >> then takes about 40 minutes (irrespective of platform or filesystem), >> instead of 3 or 4 minutes. >> > > That's very strange. Maybe you should look for a different tool. Won't > ghostscript/psutils or OOo do this? > The tools you quote do not apply in this case. I am not talking about office style PDFs, I am talking about full professional PDFs for printing presses, with embedded color profiles such as ISO Newspaper, JPEG2000 compression, bicubic resampling, etc. Not even Ghostscript does that kind of thing. I wish it did, but it doesn't. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
Am 22.01.2009 um 23:52 schrieb Lanny Marcus: > On Thu, Jan 22, 2009 at 5:46 PM, Michael St. Laurent > wrote: >>> Mike: As Tru pointed out, you should trim your Sig file >>> considerably, >>> or eliminate it. I really doubt that DoD cares if you get help or >>> information from this mailing list. We have people with .gov email >>> addresses participating (NASA, etc.) and none of them have Sig files >>> like that. Welcome to the list! Lanny >> >> It's not a Sig file unfortunately. The Exchange mail server used >> here >> stamps it on every outgoing email. I've asked the Exchange admin >> about >> putting in an exception for my mail account. > > Possibly he or she could give you another email account, only to be > used for Mailing Lists, without that huge stamp on your emails to the > list(s)? Can't you use some webmail? I never use my company email for anything else but company- communications. All mailing-lists and private stuff is done under my own name and domain. Thus, nobody can claim "ownership" or other stupid stuff. I liked to use my university email address - but back then, I didn't have my own domain-name anyway. Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
On Thu, 22 Jan 2009 14:46:00 -0800 Michael St. Laurent wrote: > It's not a Sig file unfortunately. The Exchange mail server used here > stamps it on every outgoing email. I've asked the Exchange admin about > putting in an exception for my mail account. I forwarded your first email to not...@hartwellcorp.com, just like the instructions said. Perhaps if everyone else on this mailing list did the same thing with every one of your emails, your Exchange admin would become "incentivized". -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com DRY CLEANER BUSINESS FOR SALE ~ http://www.canadadrycleanerforsale.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
> > Is there a projected release date for CentOS-5.3? > > > > > hedidnotask...this > > search the forums..when it's done..unless you would like to help..:) Sorry folks. I'll go back to lurking now. -- This e-mail may contain technical information which is controlled by the United States Government, Department of State, International Traffic & Arms Regulations (ITAR) (22 CFR 120-130) which requires an export license prior to sharing with foreign persons. Lacking such license, ITAR technical data is limited to US Legal Residents only. It is the responsibility of the organization and individual in control of this data to abide by US export laws. If you are not a US Legal Resident, immediately forward this e-mail to not...@hartwellcorp.com or reply to sender without reading any further. Take no other action with this e-mail until contacted. Notice: The information in this document and document itself, in whole or in part, in any form ("Information") is proprietary and/or confidential property of Hartwell Corporation, Placentia, California. Hartwell Corporation and its successors and assignees retain and reserve all right, title and interest in this information in whole or in part and in all forms. This Information is provided to the original recipient only for confidential use, with the understanding that it will not be used in any manner detrimental to the interests of Hartwell Corporation, and subject to return on request. Reproduction, transmission, distribution or publication of this Information in any form, in whole or in part, for any purpose without prior written permission of Hartwell Corporation is strictly prohibited. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Old Small Box
Ross Walker wrote: > Why is that? Old school habit or is there a real benefit? > > Swap performance should be equally good whether it be raw disk, raw > partition, LVM logical volume or even a flat file on today's kernels, > but maybe there is something I am unaware of The downside of file system swap is when you reboot a machine with a large amount of swap on the file system it can take forever to get past the swap checking. -- Article. VI. Clause 3 of the constitution of the United States states: "The Senators and Representatives before mentioned, and the Members of the several State Legislatures, and all executive and judicial Officers, both of the United States and of the several States, shall be bound by Oath or Affirmation, to support this Constitution; but no religious Test shall ever be required as a Qualification to any Office or public Trust under the United States." ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
Adam Tauno Williams wrote: > >> Yes, but the scan has to be specific for the kind of problem you want to >> detect. > > The presence of a malware pattern - it is pretty straight forward. Only for known instances of malware. > > This doesn't make sense. No amount of updating will protect you from a > flaw in the application code / method. Of course it will. > One can't presume that the > hosted application / service is perfect. Which is why things are fixed and updated. > Applications are compromised > much more frequently than Operating Systems which is why the fact that > it is a LINUX server doesn't matter. A scanner will potentially tell > you when an application has been compromised. No, a scanner will only tell you when known patterns are present. >> Before a scan can help you, the scanner has to know >> about the problem. After someone knows about the problem there will >> likely be an update to fix it at least as soon as a scanner that will >> detect it after the fact. Which makes more sense to install? > > Someone is going to release an update for your local application and > configuration? Yes, you can create your own problems that no one else can fix, but you are also probably running php, ssh, bind and an assortment of standard services that have known vulnerabilities if not updated. > Emphasis on the "likely" in "likely be an update to fix > it". And a scanner doesn't detect the security flaw, it detects that > the server has been breached enough to contain malicious patterns. "known" patterns. > It > has nothing to do with updates; relying on being up-to-date to prove > your system is secure is akin to covering it with stickers of unicorns > to protect it. That's not quite the way it works. When anyone else has noticed an exploit and figures out how it happened, or examines some code and finds how one could happen, it is reported and fixed. And the next update will prevent it. Not quite the same as stickers - but similar to the way the known patterns for scanners become known. >>> Assuming none of the services on you server can be >>> exploited is just wrong headed; >> But expecting a scanner to know about the exploit long before the >> exploit is known and fixed seems misguided as well. > > This has nothing to do with knowing about exploits in the way you are > using the term "exploit" (as a method of exploiting a service). It is a > way to know about exploits OF a server's service. The scanner doesn't > need to know anything at all about how the malicious content got there - > it alerts you of it's presence. But it does have to know the content itself, and there's not much reason to think you will know this content without knowing how to stop the related exploit. > > We are talking about completely different things. I'm talking about > using a scanner to indicate that a server does not contain malware > patterns indicating it has been [potentially] exploited - which is an > *UNEXPECTED* event. No, scanners only scan for known and sort-of expected things. > You can't perform highly specific tests for > unexpected events. The entire principle of auditing is looking for the > unexpected. But scanning doesn't do that. There is some value in knowing that you do have those known patterns present, but you can't deduce that you don't have any unexpected problems if you don't find them. >> Doing frequent updates is what keeps you safe - and maybe turning off >> ssh password access. > > It isn't about "being safe". It is about having configuration and > policies that ***tests*** the integrity of your systems; detecting > malware patterns is a critical component of that. As long as you realize that it is only a test for certain known patterns that don't have much to do with linux problems, fine. Just don't assume that it proves anything about integrity when you don't find them. Your real problem may be that someone has guessed your ssh password and installed a rootkit that hides itself from all normal scans (remember, running programs continue to run even if the filename is erased so scans don't find it). -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
On Thu, Jan 22, 2009 at 5:46 PM, Michael St. Laurent wrote: >> Mike: As Tru pointed out, you should trim your Sig file considerably, >> or eliminate it. I really doubt that DoD cares if you get help or >> information from this mailing list. We have people with .gov email >> addresses participating (NASA, etc.) and none of them have Sig files >> like that. Welcome to the list! Lanny > > It's not a Sig file unfortunately. The Exchange mail server used here > stamps it on every outgoing email. I've asked the Exchange admin about > putting in an exception for my mail account. Possibly he or she could give you another email account, only to be used for Mailing Lists, without that huge stamp on your emails to the list(s)? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
On Thu, Jan 22, 2009 at 5:43 PM, Michael St. Laurent wrote: >> > What is the status of i7 architecture support for CentOS-5? Do the >> > latest updates support it? > >> according to the upstream notes wait for 5.3 > > Is there a projected release date for CentOS-5.3? This will probably take the CentOS developers several weeks. They are going to post something on the CentOS web site soon, which will be updated with progress reports. It will be done ASAP. I read your reply about the Suits and if you are a Jeans Engineer, I understand your frustration with that Sig file and the Suits... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
> > > Is there a projected release date for CentOS-5.3? > > hedidnotask...this search the forums..when it's done..unless you would like to help..:) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
> The Windows users wouldn't have to know that they are "touching" anything on > the server. If that script will in fact work and getting it to run at the > appropriate time is the only problem, then set up something from the Windows > box > to trigger it on your server. "Click the pretty icon right here". The pretty > icon can set a flag or something on the server that your cron job can check > for > and run if present. > > Ok, that's a good tip. I can investigate that. Thank you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
> Mike: As Tru pointed out, you should trim your Sig file considerably, > or eliminate it. I really doubt that DoD cares if you get help or > information from this mailing list. We have people with .gov email > addresses participating (NASA, etc.) and none of them have Sig files > like that. Welcome to the list! Lanny It's not a Sig file unfortunately. The Exchange mail server used here stamps it on every outgoing email. I've asked the Exchange admin about putting in an exception for my mail account. -- This e-mail may contain technical information which is controlled by the United States Government, Department of State, International Traffic & Arms Regulations (ITAR) (22 CFR 120-130) which requires an export license prior to sharing with foreign persons. Lacking such license, ITAR technical data is limited to US Legal Residents only. It is the responsibility of the organization and individual in control of this data to abide by US export laws. If you are not a US Legal Resident, immediately forward this e-mail to not...@hartwellcorp.com or reply to sender without reading any further. Take no other action with this e-mail until contacted. Notice: The information in this document and document itself, in whole or in part, in any form ("Information") is proprietary and/or confidential property of Hartwell Corporation, Placentia, California. Hartwell Corporation and its successors and assignees retain and reserve all right, title and interest in this information in whole or in part and in all forms. This Information is provided to the original recipient only for confidential use, with the understanding that it will not be used in any manner detrimental to the interests of Hartwell Corporation, and subject to return on request. Reproduction, transmission, distribution or publication of this Information in any form, in whole or in part, for any purpose without prior written permission of Hartwell Corporation is strictly prohibited. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
> > What is the status of i7 architecture support for CentOS-5? Do the > > latest updates support it? > according to the upstream notes wait for 5.3 Is there a projected release date for CentOS-5.3? -- This e-mail may contain technical information which is controlled by the United States Government, Department of State, International Traffic & Arms Regulations (ITAR) (22 CFR 120-130) which requires an export license prior to sharing with foreign persons. Lacking such license, ITAR technical data is limited to US Legal Residents only. It is the responsibility of the organization and individual in control of this data to abide by US export laws. If you are not a US Legal Resident, immediately forward this e-mail to not...@hartwellcorp.com or reply to sender without reading any further. Take no other action with this e-mail until contacted. Notice: The information in this document and document itself, in whole or in part, in any form ("Information") is proprietary and/or confidential property of Hartwell Corporation, Placentia, California. Hartwell Corporation and its successors and assignees retain and reserve all right, title and interest in this information in whole or in part and in all forms. This Information is provided to the original recipient only for confidential use, with the understanding that it will not be used in any manner detrimental to the interests of Hartwell Corporation, and subject to return on request. Reproduction, transmission, distribution or publication of this Information in any form, in whole or in part, for any purpose without prior written permission of Hartwell Corporation is strictly prohibited. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
"Michael St. Laurent" wrote: >> I hate that stupid thing but the suits have insisted on it. My apologies for any implied insult. << Just so you know, such disclaimers are *all* bluster and have no legal force whatsoever (with one exception: privileged attorney-client communications). If someone is silly enough to mis-route an email to me, it's their problem and they cannot enforce any contractual obligations on me whatsoever, since no contract exists (I didn't invite the email and there is no exchange of considerations). Even the ITAR stuff is BS - it;s *your* company's responsibility to control such information and it means nothing to anyone else - especially us "foreign persons". ;) All these disclaimers do is further reduce the signal/noise ratio of the SMTP protocol. . . Best, --- Les Bell, RHCE, CISSP, M.Info.Tech. (System Security) [http://www.lesbell.com.au] Tel: +61 2 9451 1144 FreeWorldDialup: 800909 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
On Thu, Jan 22, 2009 at 5:18 PM, Michael St. Laurent wrote: > What is the status of i7 architecture support for CentOS-5? Do the > latest updates support it? Mike: As Tru pointed out, you should trim your Sig file considerably, or eliminate it. I really doubt that DoD cares if you get help or information from this mailing list. We have people with .gov email addresses participating (NASA, etc.) and none of them have Sig files like that. Welcome to the list! Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
Adam Tauno Williams wrote: >> CLAMAV, or any package, isn't THE answer, it is part of an answer. And PCI/DSS requires a server be scanned on a regular basis. Fighting against that directive just makes no sense. You should scan an entire system on some interval regardless of OS. << It's worth noting that the type of scan required by PCI DSS is not a filesystem scan by an antivirus product. It is a vulnerability scan performed by an Approved Scanning Vendor. Some other miscellanous points triggered by posts in this thread that I've read this morning: According to the Verizon 2008 Data Breaches Report, in over 90% of cases where a successful attack exploited a vulnerability, there was a patch available for at least six months prior to the breach. So the first thing we can say is that there is good reason to patch your system - it's definitely an effective activity. While the most popular attack methods of cybercriminals are hacking and malcode (again, the Verizon report confirms this), malcode is much more popular in the Windows world and hacking is the method of choice against Linux boxes, imho (SSH brute-forcing worms notwithstanding). This means that anti-virus products will be less effective in safeguarding the data on a Linux box, and host intrustion detection systems are correspondingly more effective. Most attacks against servers are conducted against the application layer code (PHP vulnerabilities, especially, but also SQL injection, etc.) Again, anti-virus products are not effective here, particularly since the original poster seems to be running custom code (internally-developed or outsourced). The best controls here will be HIDS like AIDE and Tripwire, as well as network IDS. An attacker who exploits a server might upload some recognisable malware, and an anti-virus scanner might pick it up, but I'm not sure whether (e.g.) ClamAV has signatures for stuff like eggdrop IRC servers, phishing sites and other stuff sometimes turns up on compromised hosts. The bulk of the signature database is undoubtedly Windows malware. However, a determined attacker, who knows what the server hosts, is much more likely to either use SQL injection or command injection techniques to extract credit card info (use NIDS to detect this) or to install a rootkit to allow him to come and go more easily (and HIDS will detect this). Remember, there are two problems to be solved here: a) Get the systems past the PCI-DSS Assessor b) Do something useful to actually protect the systems It would be great if both problems had the same solution, but that depends on how clueful the Assessor is (and how artfully the original poster can "manage" him). Right now, the original poster's employer is paying him to solve a), and will probably only worry about b) much later, should the excrement actually hit the fan. If installing ClamAV is what it takes to solve a), just do it and then get to work on b). Best, --- Les Bell, RHCE, CISSP, M.Info.Tech (Systems Security) [http://www.lesbell.com.au] Tel: +61 2 9451 1144 FreeWorldDialup: 800909 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
> On Thu, Jan 22, 2009 at 02:18:05PM -0800, Michael St. Laurent wrote: > > What is the status of i7 architecture support for CentOS-5? Do the > > latest updates support it? > according to the upstream notes wait for 5.3 > > oh, I should not reply, nor read your mail according to your footer ;) > (not a US Legal Resident nor do I have export license of whatever it is) I hate that stupid thing but the suits have insisted on it. My apologies for any implied insult. -- This e-mail may contain technical information which is controlled by the United States Government, Department of State, International Traffic & Arms Regulations (ITAR) (22 CFR 120-130) which requires an export license prior to sharing with foreign persons. Lacking such license, ITAR technical data is limited to US Legal Residents only. It is the responsibility of the organization and individual in control of this data to abide by US export laws. If you are not a US Legal Resident, immediately forward this e-mail to not...@hartwellcorp.com or reply to sender without reading any further. Take no other action with this e-mail until contacted. Notice: The information in this document and document itself, in whole or in part, in any form ("Information") is proprietary and/or confidential property of Hartwell Corporation, Placentia, California. Hartwell Corporation and its successors and assignees retain and reserve all right, title and interest in this information in whole or in part and in all forms. This Information is provided to the original recipient only for confidential use, with the understanding that it will not be used in any manner detrimental to the interests of Hartwell Corporation, and subject to return on request. Reproduction, transmission, distribution or publication of this Information in any form, in whole or in part, for any purpose without prior written permission of Hartwell Corporation is strictly prohibited. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ftp and iptables
Hi - I have a ftp server running version 2.0.7 of vsftpd on a CentSO 5.2 server using iptables behind a Linksys router. The setup works for UNIX machines on either side of the Linksys router. For the Windows machines it only works if they're behind the Linksys router - ftp does NOT work if they're outside the Linksys router. I'd like to solve two problems: (1) make ftp work for Windows clients outside the Linksys router and then ideally, if possible, (2) have ftp work for both active and passive connections and restrict those connections to use ports between 4 to 6 The ports 20,21 and 4 to 6 on the Linksys router are open, and vsftp is configured with the following options pasv_min_port=4 pasv_max_port=6 pasv_address=xxx.xxx.xxx.xxx connect_from_port_20=NO The ftp entry automatically generated the system in /etc/sysconfig/iptables is -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT and to IPTABLES_MODULES entry in /etc/sysconfig/iptabes-config I've added ip_conntrack_ftp Enclosed are my iptables and vsftp.conf files (which might not make it to the list.) Regarding item (2), I would guess I would have to add the following entries: Active: - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20 --sport 4:6 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 20 --dport 4:6 -j ACCEPT Passive: -- -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4:6 --sport 4:6 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 4:6 --dport 4:6 -j ACCEPT Adding these entries doesn't noticeably impact the vsftpd, i.e., the connections from the UNIX or Windows behaves identically - I just doubt if they're correct. Any help would be greatly appreciated! --- Article. VI. Clause 3 of the constitution of the United States states: "The Senators and Representatives before mentioned, and the Members of the several State Legislatures, and all executive and judicial Officers, both of the United States and of the several States, shall be bound by Oath or Affirmation, to support this Constitution; but no religious Test shall ever be required as a Qualification to any Office or public Trust under the United States." ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
On Thu, 2009-01-22 at 14:06 -0800, John R Pierce wrote: > Miguel Medalha wrote: > > I hope someone familiar with the way Linux processes files can enlighten > > me on the following: > > ... > > On the Windows server, Distiller processes the files by filename order: > > > > M09010901A001C.ps > > M09010901A002C.ps > > M09010901A003C.ps > > > > Windows NTFS uses B-Tree for its directories so they are inherently > alphabetically sorted. If the linux FS is efs2, maybe the "dir_index" option of mke2fs will doo what you want? See "man mke2fs". It says it uses hashed b-trees, but for speed. > HTH -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for i7 architecture?
On Thu, Jan 22, 2009 at 02:18:05PM -0800, Michael St. Laurent wrote: > What is the status of i7 architecture support for CentOS-5? Do the > latest updates support it? according to the upstream notes wait for 5.3 oh, I should not reply, nor read your mail according to your footer ;) (not a US Legal Resident nor do I have export license of whatever it is) Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B pgpESWjbxFzOW.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Old Small Box
On Thu, Jan 22, 2009 at 2:58 PM, Robert Moskowitz wrote: > Ross Walker wrote: >> On Jan 22, 2009, at 11:39 AM, Robert Moskowitz >> wrote: >> >> >>> Kai Schaetzl wrote: >>> Ralph Angenendt wrote on Thu, 22 Jan 2009 10:31:20 +0100: > You need a combined(!) 768MB of RAM and Swap to successfully install > CentOS 5.2 (see the release notes). > > in graphics mode. >>> And really it is a performance question as long as you have 256M of >>> real >>> memory, the rest swap. Since I always make my swap > 2xRAM, I am >>> always >>> installing on a system with at least 768Mb combined. >>> >>> I do not like the DIsk Druid default of putting the swap drive into >>> the >>> LVM partition. I always redo the partitions so that swap is its own >>> partition. >>> >> >> Why is that? Old school habit or is there a real benefit? >> > > It just feels wrong in so many ways. > > Why is /boot its own partition and not swap? I suspend to swap, so swap > has to be as accessible as /boot? Well the only reason /boot isn't possible in LVM is because grub can't of yet handle reading LVM volumes. As soon as it can though, there will be no need for a separate /boot. > Am I going to enlarge swap at some point using LVM tools? Or shrink it? > Can you even do that with a swap partition in LVM? So what ARE the > values of swap in LVM? One less partition, I would think if you are > going duo boot. But if not, again, where is the beef? You can enlarge or shrink it if you want, remove it from swap first, but many people just create another LV and add it to the mix. I think the biggest benefit to swap on LVM is when working with software RAID1 on the main disks, where you don't need to worry about creating a special MD just for swap, md0 for /boot, md1 for LVM. Not really a beef, in my books though it's added partitioning and potentially wasted space, but disks are big these days, so what. >> Swap performance should be equally good whether it be raw disk, raw >> partition, LVM logical volume or even a flat file on today's kernels, >> but maybe there is something I am unaware of. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Support for i7 architecture?
What is the status of i7 architecture support for CentOS-5? Do the latest updates support it? -- This e-mail may contain technical information which is controlled by the United States Government, Department of State, International Traffic & Arms Regulations (ITAR) (22 CFR 120-130) which requires an export license prior to sharing with foreign persons. Lacking such license, ITAR technical data is limited to US Legal Residents only. It is the responsibility of the organization and individual in control of this data to abide by US export laws. If you are not a US Legal Resident, immediately forward this e-mail to not...@hartwellcorp.com or reply to sender without reading any further. Take no other action with this e-mail until contacted. Notice: The information in this document and document itself, in whole or in part, in any form ("Information") is proprietary and/or confidential property of Hartwell Corporation, Placentia, California. Hartwell Corporation and its successors and assignees retain and reserve all right, title and interest in this information in whole or in part and in all forms. This Information is provided to the original recipient only for confidential use, with the understanding that it will not be used in any manner detrimental to the interests of Hartwell Corporation, and subject to return on request. Reproduction, transmission, distribution or publication of this Information in any form, in whole or in part, for any purpose without prior written permission of Hartwell Corporation is strictly prohibited. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2 on Centos4
On Thu, Jan 22, 2009 at 12:14 PM, John Clement wrote: > Bit of an emergency as I'm told this laptop has to leave here in 15 minutes, > I've gone ahead and configured, made, installed PHP 5.2 but an httpd restart > still only sees the old PHP 5.0.4, I think there's a fairly simple way to > get it to find the 5.2 version I've just installed but can't think what. php 5.0.4 has been outdated in the centos repos for AGES. I'm actually rather shocked you were still running it at all. As Ralph has already stated, you need to say how you installed 5.2, since it's not available via any centos repo. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2 on Centos4
On Thu, Jan 22, 2009 at 2:27 PM, Ralph Angenendt wrote: > > Why do you compile software on your own > when you don't know how to do it correctly? > Is PHP 5.2 available through yum for CentOS 4? If so, I'm interested, because mine's only at 5.1. Thanks, Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
Miguel Medalha wrote: > I hope someone familiar with the way Linux processes files can enlighten > me on the following: > ... > On the Windows server, Distiller processes the files by filename order: > > M09010901A001C.ps > M09010901A002C.ps > M09010901A003C.ps > Windows NTFS uses B-Tree for its directories so they are inherently alphabetically sorted. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
> > There is nothing special about LINUX here. The whole "don't run > > services as root" business is just so much noise. It isn't about > > protecting the *server* it is about protecting the *data* which is > > accesses [hopefully] by services which are *not* root. It is about the > > data and the clients that connect to the server. > Yes, but the scan has to be specific for the kind of problem you want to > detect. The presence of a malware pattern - it is pretty straight forward. > > I've seen CLAMAV find malware on web servers (maybe it isn't common... > > because no one is checking). Someone's crappy PHP code [is there any > > other kind?] allows malware to get injected into, and served, from the > > server. > That tends to be more because someone isn't doing updates than that they > aren't checking. This doesn't make sense. No amount of updating will protect you from a flaw in the application code / method. One can't presume that the hosted application / service is perfect. Applications are compromised much more frequently than Operating Systems which is why the fact that it is a LINUX server doesn't matter. A scanner will potentially tell you when an application has been compromised. > Before a scan can help you, the scanner has to know > about the problem. After someone knows about the problem there will > likely be an update to fix it at least as soon as a scanner that will > detect it after the fact. Which makes more sense to install? Someone is going to release an update for your local application and configuration? Emphasis on the "likely" in "likely be an update to fix it". And a scanner doesn't detect the security flaw, it detects that the server has been breached enough to contain malicious patterns. It has nothing to do with updates; relying on being up-to-date to prove your system is secure is akin to covering it with stickers of unicorns to protect it. > > No root access anywhere, or required. It isn't about > > protecting the OS or the system, it is about protecting the data, the > > applications [from exploit], and the end-users [so the server isn't an > > attack vector]. Assuming none of the services on you server can be > > exploited is just wrong headed; > But expecting a scanner to know about the exploit long before the > exploit is known and fixed seems misguided as well. This has nothing to do with knowing about exploits in the way you are using the term "exploit" (as a method of exploiting a service). It is a way to know about exploits OF a server's service. The scanner doesn't need to know anything at all about how the malicious content got there - it alerts you of it's presence. > > and the exploiter does not need to > > "own" the server (aka have root) in order to do mischief. Access to > > your data is probably more valuable than whacking your server. > > The mantra "LINUX doesn't suffer from malware" is just bollocks. Lots > > of malware is served from LINUX servers. > That may be true, but the exploit that allowed it to be put there may be > unrelated. So? > For example, you may have virus-laden email being > transported through a Linux server that doesn't have anything else to do > with it. Or you may have a samba share where windows clients can infect > it. Or, someone might get access through brute-force ssh password guessing. We are talking about completely different things. I'm talking about using a scanner to indicate that a server does not contain malware patterns indicating it has been [potentially] exploited - which is an *UNEXPECTED* event. You can't perform highly specific tests for unexpected events. The entire principle of auditing is looking for the unexpected. > > Scanning a server for > > signatures is just another way to proof (not prove) that a server has > > not been compromised and that data accessed by the server is secure. > > Which is what things like PCI/DSS is about - protecting the *data*. > An occasional clamav scan can't hurt. > >> What do you think it protects you against on a linux server? > "against a linux server?" ? > Doing frequent updates is what keeps you safe - and maybe turning off > ssh password access. It isn't about "being safe". It is about having configuration and policies that ***tests*** the integrity of your systems; detecting malware patterns is a critical component of that. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
Miguel Medalha wrote: > I hope someone familiar with the way Linux processes files can enlighten > me on the following: > > I recently replaced an old Windows 2000 server with a new machine > running CentOS 5.2. It uses Samba 3.2.7 to serve a network of Windows XP > clients. > > We are a newspaper. We use Acrobat Distiller to batch-convert a folder > of single-page PostScript files (for print) to a multipage PDF file (for > electronic distribution). > Running on a workstation, Distiller watches the folder on a Samba share > and does the conversion, automatically creating bookmarks, indexes and > other information. > > On the Windows server, Distiller processes the files by filename order: > > M09010901A001C.ps > M09010901A002C.ps > M09010901A003C.ps > > ... and so on. > > On the Linux server, Distiller processes the files in an order that > seems arbitrary, for example: > > M09010901A021C.ps > M09010901A005C.ps > M09010901A015C.ps > > ... and so on. > > The order Distiller uses is NOT related to the time stamp of the files. > I tried to copy the files to the watched folder one by one in the > correct order; the result is the same. Programs that read directories on their own normally find files in the order that they happen to appear in the directory. In a newly created directory, that would likely be in the order that the files were added, but in existing directories, slots previously used and now free may be reused in any order and this may not be consistent across filesystem types. If you are processing on the linux side and not via samba, and your program will take a list of files on the command line instead of groveling through the directory itself, you might simply start it with a wild-card filename on the command line. The shell will sort the list as it expands it so programs see the sorted list. > There is a workaround to this: use the runfilex script that comes with > Acrobat: it can contain a list of files to convert, in the order you > want. Unfortunately, this is not acceptable for us since the process > then takes about 40 minutes (irrespective of platform or filesystem), > instead of 3 or 4 minutes. That's very strange. Maybe you should look for a different tool. Won't ghostscript/psutils or OOo do this? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
Adam Tauno Williams wrote: > >> What do you do with clamav on a linux server? > > You scan the server for malware. > > There is nothing special about LINUX here. The whole "don't run > services as root" business is just so much noise. It isn't about > protecting the *server* it is about protecting the *data* which is > accesses [hopefully] by services which are *not* root. It is about the > data and the clients that connect to the server. Yes, but the scan has to be specific for the kind of problem you want to detect. > I've seen CLAMAV find malware on web servers (maybe it isn't common... > because no one is checking). Someone's crappy PHP code [is there any > other kind?] allows malware to get injected into, and served, from the > server. That tends to be more because someone isn't doing updates than that they aren't checking. Before a scan can help you, the scanner has to know about the problem. After someone knows about the problem there will likely be an update to fix it at least as soon as a scanner that will detect it after the fact. Which makes more sense to install? > No root access anywhere, or required. It isn't about > protecting the OS or the system, it is about protecting the data, the > applications [from exploit], and the end-users [so the server isn't an > attack vector]. Assuming none of the services on you server can be > exploited is just wrong headed; But expecting a scanner to know about the exploit long before the exploit is known and fixed seems misguided as well. > and the exploiter does not need to > "own" the server (aka have root) in order to do mischief. Access to > your data is probably more valuable than whacking your server. > > The mantra "LINUX doesn't suffer from malware" is just bollocks. Lots > of malware is served from LINUX servers. That may be true, but the exploit that allowed it to be put there may be unrelated. For example, you may have virus-laden email being transported through a Linux server that doesn't have anything else to do with it. Or you may have a samba share where windows clients can infect it. Or, someone might get access through brute-force ssh password guessing. > Scanning a server for > signatures is just another way to proof (not prove) that a server has > not been compromised and that data accessed by the server is secure. > Which is what things like PCI/DSS is about - protecting the *data*. An occasional clamav scan can't hurt. >> What do you think it protects you against on a linux server? > > "against a linux server?" ? Doing frequent updates is what keeps you safe - and maybe turning off ssh password access. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2 on Centos4
2009/1/22 Ralph Angenendt : > John Clement wrote: >> Bit of an emergency as I'm told this laptop has to leave here in 15 minutes, >> I've gone ahead and configured, made, installed PHP 5.2 but an httpd restart >> still only sees the old PHP 5.0.4, I think there's a fairly simple way to >> get it to find the 5.2 version I've just installed but can't think what. > > That's an easy one: Install it correctly. > >> Any help gratefully received! > > Did you remove the old one? Is the new one in the right place? Does httpd > know about it? Why do you compile software on your own when you don't know > how to do it correctly? Questions, questions, questions ... > > Ralph > > PS: This mail wouldn't have been that harsh had you given *any* information >on what you did. But you didn't. And above is what my crystal ball > told me >to write. Sorry if I riled you with the lack of information, I was under pressure to get it done quickly and only asked incase someone knew the answer off the top of their head based on it being a 'normal' install just enabling a few options. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
On Thu, 2009-01-22 at 21:24 +0100, Ralph Angenendt wrote: > Adam Tauno Williams wrote: > > > What do you do with clamav on a linux server? > > You scan the server for malware. > When? Every day via crontab? That can be much too late. Every hour? That can > be much too late. Every 10 minutes? That can be much too late - and your > server is busy scanning the file system. Verses never??? That's just silly; your making perfect an obstacle of the good. If it finds something then you KNOW you have a problem and the time frame in which it occurred: you can then access and respond and [potentially] notify. Verses what? No knowledge? The alternative is to host the malware indefinitely in blissful ignorance - or until someone else detects and reports your server. CLAMAV, or any package, isn't THE answer, it is part of an answer. And PCI/DSS requires a server be scanned on a regular basis. Fighting against that directive just makes no sense. You should scan an entire system on some interval regardless of OS. > > The mantra "LINUX doesn't suffer from malware" is just bollocks. Lots > > of malware is served from LINUX servers. Scanning a server for > > signatures is just another way to proof (not prove) that a server has > > not been compromised and that data accessed by the server is secure. > > Which is what things like PCI/DSS is about - protecting the *data*. > I never said "LINUX doesn't suffer from malware". But clamav itself is not > able to scan in real time. Looks like dazuko has gotten a bit better, I don't > know about clamuko. But by "just installing clamav, you gain nothing > protection wise. Yes, you gain the ability to detect a compromised server. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
On Thu, 22 Jan 2009 20:46:29 + Miguel Medalha wrote: > I searched Google too, and I read that page. That doesn't work for us: > the Windows users won't touch anything on the server (or Linux, for that > matter) and I am not there every day. The Windows users wouldn't have to know that they are "touching" anything on the server. If that script will in fact work and getting it to run at the appropriate time is the only problem, then set up something from the Windows box to trigger it on your server. "Click the pretty icon right here". The pretty icon can set a flag or something on the server that your cron job can check for and run if present. -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com DRY CLEANER BUSINESS FOR SALE ~ http://www.canadadrycleanerforsale.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
> http://www.linuxforums.org/forum/linux-newbie/111044-change-order-files-directory.htm I searched Google too, and I read that page. That doesn't work for us: the Windows users won't touch anything on the server (or Linux, for that matter) and I am not there every day. The file names change constantly. I cannot use a cron job because the time at wich the original files are ready is not always the same. This is a newspaper and closure time is very, very busy. When the issue is ready, they proceed to the process I described. Thank you for answering. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT? File order on CentOS/Samba server
On Thu, 22 Jan 2009 20:28:41 + Miguel Medalha wrote: > My question is: how is the order of files determined by Linux when a > particular order is not explicitly required by a program? http://www.linuxforums.org/forum/linux-newbie/111044-change-order-files-directory.html I have no idea if the script posted there works or not but I found that with a quick google search. -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com DRY CLEANER BUSINESS FOR SALE ~ http://www.canadadrycleanerforsale.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] lvm metadata recovery
Hi all, I am looking for a way to recover my primary VolGroup00 that has my root partition. Here is my scenario; 1 - I add an external drive to my VolGroup00 which is sdc1. 2 - I make that external drive a snapshot of my / 3 - After I remove that new volume of sdc1 using lvremove, all os fine. 4 - When I turn off the sdc1 drive, I loose my VolGroup00. If by chance, the sdc1 breaks in such a way that the system doesn't se it any more and the system happens to reboot, it will longer recognize a VolGroup00 and therefore not boot. I backed up my original /etc/lvm to /etc/lvm.backup and would like to know how I can restore it from booting to a LiveCD and simply restoring the files located in /etc/lvm.back/backup/VolGroup00 which is my original metadata config. - Brian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT? File order on CentOS/Samba server
I hope someone familiar with the way Linux processes files can enlighten me on the following: I recently replaced an old Windows 2000 server with a new machine running CentOS 5.2. It uses Samba 3.2.7 to serve a network of Windows XP clients. We are a newspaper. We use Acrobat Distiller to batch-convert a folder of single-page PostScript files (for print) to a multipage PDF file (for electronic distribution). Running on a workstation, Distiller watches the folder on a Samba share and does the conversion, automatically creating bookmarks, indexes and other information. On the Windows server, Distiller processes the files by filename order: M09010901A001C.ps M09010901A002C.ps M09010901A003C.ps ... and so on. On the Linux server, Distiller processes the files in an order that seems arbitrary, for example: M09010901A021C.ps M09010901A005C.ps M09010901A015C.ps ... and so on. The order Distiller uses is NOT related to the time stamp of the files. I tried to copy the files to the watched folder one by one in the correct order; the result is the same. This creates the need to open the final PDF and reshuffle the pages by hand, which is very time consuming and prone to error. There is a workaround to this: use the runfilex script that comes with Acrobat: it can contain a list of files to convert, in the order you want. Unfortunately, this is not acceptable for us since the process then takes about 40 minutes (irrespective of platform or filesystem), instead of 3 or 4 minutes. My question is: how is the order of files determined by Linux when a particular order is not explicitly required by a program? I noted the following: I have 4 files in a folder: file1.ps, file2.ps, file3.ps, file4.ps. When I order them by date, they appear in Windows Explorer in, say, the following order: 3, 4, 1, 2 If I copy them to a new folder one by one in the order 1, 2, 3, 4, they will still appear in the order 3, 4, 1, 2 when ordered by date. So, what information is transported with the files that makes the Linux server present them to the world in this order? Does someone know a workaround to this situation or can someone point me to information about file ordering with Linux? By the way, I am using the EXT3 file system. I tried the same on a VFAT file system and the result is the same. It seems to be a Linux thing, not a file system thing. Thank you for your patience. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2 on Centos4
John Clement wrote: > Bit of an emergency as I'm told this laptop has to leave here in 15 minutes, > I've gone ahead and configured, made, installed PHP 5.2 but an httpd restart > still only sees the old PHP 5.0.4, I think there's a fairly simple way to > get it to find the 5.2 version I've just installed but can't think what. That's an easy one: Install it correctly. > Any help gratefully received! Did you remove the old one? Is the new one in the right place? Does httpd know about it? Why do you compile software on your own when you don't know how to do it correctly? Questions, questions, questions ... Ralph PS: This mail wouldn't have been that harsh had you given *any* information on what you did. But you didn't. And above is what my crystal ball told me to write. pgpmi9Ot1aoWc.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
Adam Tauno Williams wrote: > > What do you do with clamav on a linux server? > > You scan the server for malware. When? Every day via crontab? That can be much too late. Every hour? That can be much too late. Every 10 minutes? That can be much too late - and your server is busy scanning the file system. > The mantra "LINUX doesn't suffer from malware" is just bollocks. Lots > of malware is served from LINUX servers. Scanning a server for > signatures is just another way to proof (not prove) that a server has > not been compromised and that data accessed by the server is secure. > Which is what things like PCI/DSS is about - protecting the *data*. I never said "LINUX doesn't suffer from malware". But clamav itself is not able to scan in real time. Looks like dazuko has gotten a bit better, I don't know about clamuko. But by "just installing clamav, you gain nothing protection wise. >> What do you think it protects you against on a linux server? > > "against a linux server?" ? When? Ralph pgpMvZ2ycn0Oi.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 5.3 released
Ned Slider wrote: > Ralph Angenendt wrote: > > Remove the "Stay in touch at planet centos" link and put a prominent > > link like "Stay in touch with 5.3 development" on there? > > Can we get a page created - say something like, CentOS-5.3 Release > Status, and then worry about where to link it from, or just add a link > on the front page. Once a page is created we can start adding info, and > we can link to it from IRC/MLs/Forums etc. Sure - if everybody is fine with that ... Cheers, Ralph pgpZ6Lm26OULO.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Infrastructure Documenting
In a wiki, you are typically shooting for a flat structure, and the links in the pages organically make a structure. As already said, searching is the key. In the past, with Word docs or even text files, you needed to impose a hierarchy because it made things easier to find. Now you just need to search. You might want to take a look at wikipatterns.com for some useful ideas on how to run a wiki. On Thu, Jan 22, 2009 at 9:48 AM, Joseph L. Casale wrote: > We are moving all our (limited and badly organized) documentation to a wiki. > Anyone got any examples/pointers to a hierarchy that made logical sense? We > are hoping to move everything from topology to application specific notes in > to the wiki. Given the size of this task, I only want to do this once:) > > Thanks for any reco's! > jlc > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
On Thu, Jan 22, 2009 at 12:42 PM, David G. Miller wrote: > Amos Shapira wrote: > >> Hi All, >> >> Yes, I know, it's really really embarrassing to have to ask but I'm >> being pushed to the wall with PCI DSS Compliance procedure >> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why >> we don't need to install an anti-virus or find an anti-virus to run on >> our CentOS 5 servers. >> >> Whatever I do - it needs to be convincing enough to make the PCI >> compliance guy tick the box. >> >> So: >> >> 1. Has anyone here gone though such a procedure and got good arguments >> against the need for anti-virus? >> 2. Alternatively - what linux anti-virus (oh, the shame of typing this >> word combination :() do you use which doesn't affect our systems >> performance too much. >> >> The reviewed servers run both Internet-facing web applications and >> internal systems, mostly using proprietary protocol for internal >> communications. They are being administrated remotely via IPSec VPN >> (and possibly in the future also OpenVPN). >> >> Thanks, >> >> --Amos > After reading all of the other replies (including the ones that pointed > out that the PCI DSS requirement had changed the terminology from > "virus" to "malware"), why not claim you are meeting the requirement by > doing something useful like running chkrootkit or rkhunter on a regular > basis? That way you would be scanning the systems for the only malware > known to actually pose a threat to a Linux box. It may be a low > probability of infection (as others have pointed out) but should satisfy > the auditor and hopefully will just be a low cost exercise in futility > as long as reasonable security policies are followed. Any tool will require the need to have a risk assessment against it. What is the liklihood of it finding malware? How much is updated and how does it compare to other tools. These will be questions that will need to be available for auditors to know you did your due-diligence on selecting a tool. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Old Small Box
Ross Walker wrote: > On Jan 22, 2009, at 11:39 AM, Robert Moskowitz > wrote: > > >> Kai Schaetzl wrote: >> >>> Ralph Angenendt wrote on Thu, 22 Jan 2009 10:31:20 +0100: >>> >>> >>> You need a combined(!) 768MB of RAM and Swap to successfully install CentOS 5.2 (see the release notes). >>> in graphics mode. >>> >> And really it is a performance question as long as you have 256M of >> real >> memory, the rest swap. Since I always make my swap > 2xRAM, I am >> always >> installing on a system with at least 768Mb combined. >> >> I do not like the DIsk Druid default of putting the swap drive into >> the >> LVM partition. I always redo the partitions so that swap is its own >> partition. >> > > Why is that? Old school habit or is there a real benefit? > It just feels wrong in so many ways. Why is /boot its own partition and not swap? I suspend to swap, so swap has to be as accessible as /boot? Am I going to enlarge swap at some point using LVM tools? Or shrink it? Can you even do that with a swap partition in LVM? So what ARE the values of swap in LVM? One less partition, I would think if you are going duo boot. But if not, again, where is the beef? > Swap performance should be equally good whether it be raw disk, raw > partition, LVM logical volume or even a flat file on today's kernels, > but maybe there is something I am unaware of. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
Amos Shapira wrote: > Hi All, > > Yes, I know, it's really really embarrassing to have to ask but I'm > being pushed to the wall with PCI DSS Compliance procedure > (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why > we don't need to install an anti-virus or find an anti-virus to run on > our CentOS 5 servers. > > Whatever I do - it needs to be convincing enough to make the PCI > compliance guy tick the box. > > So: > > 1. Has anyone here gone though such a procedure and got good arguments > against the need for anti-virus? > 2. Alternatively - what linux anti-virus (oh, the shame of typing this > word combination :() do you use which doesn't affect our systems > performance too much. > > The reviewed servers run both Internet-facing web applications and > internal systems, mostly using proprietary protocol for internal > communications. They are being administrated remotely via IPSec VPN > (and possibly in the future also OpenVPN). > > Thanks, > > --Amos After reading all of the other replies (including the ones that pointed out that the PCI DSS requirement had changed the terminology from "virus" to "malware"), why not claim you are meeting the requirement by doing something useful like running chkrootkit or rkhunter on a regular basis? That way you would be scanning the systems for the only malware known to actually pose a threat to a Linux box. It may be a low probability of infection (as others have pointed out) but should satisfy the auditor and hopefully will just be a low cost exercise in futility as long as reasonable security policies are followed. Cheers, Dave -- Politics, n. Strife of interests masquerading as a contest of principles. -- Ambrose Bierce ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Infrastructure Documenting
Hierarchies are as diverse and personal as they come. What is more important is to have your site be searchable. To that end you might invest in adding search tags to each document. So that you have access to them all in a flat way as well as the hierarchy. --Glenn 2009/1/23 Joseph L. Casale : > We are moving all our (limited and badly organized) documentation to a wiki. > Anyone got any examples/pointers to a hierarchy that made logical sense? We > are hoping to move everything from topology to application specific notes in > to the wiki. Given the size of this task, I only want to do this once:) > > Thanks for any reco's! > jlc > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- See my blog at http://snap-happy3216.blogspot.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 5.3 released
Ralph Angenendt wrote: > Tim Verhoeven wrote: >> But I'm wondering where we need to put it ? I was thinking in either >> the general CentOS FAQ or in the CentOS 5 FAQ ? Anyone can think of a >> better place ? > > I don't think people will find that when it's put in the FAQ, especially > if work is being done on that page (like adding to it when the first > build is through, adding to it when QA found out that another complete > build has to be done, add to it when translators are done). > > But I'm not too sure on where to prominently put it either. > > Remove the "Stay in touch at planet centos" link and put a prominent > link like "Stay in touch with 5.3 development" on there? > > Cheers, > > Ralph > Can we get a page created - say something like, CentOS-5.3 Release Status, and then worry about where to link it from, or just add a link on the front page. Once a page is created we can start adding info, and we can link to it from IRC/MLs/Forums etc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
On Thu, Jan 22, 2009 at 12:01 PM, Adam Tauno Williams wrote: >> Adam Tauno Williams wrote: >> > > 1. Has anyone here gone though such a procedure and got good arguments >> > > against the need for anti-virus? >> > There is no good argument against running malware detection on any >> > sever. >> > > 2. Alternatively - what linux anti-virus (oh, the shame of typing this >> > > word combination :() do you use which doesn't affect our systems >> > > performance too much. >> > CLAMAV works well. >> What do you do with clamav on a linux server? > > You scan the server for malware. > > There is nothing special about LINUX here. The whole "don't run > services as root" business is just so much noise. It isn't about > protecting the *server* it is about protecting the *data* which is > accesses [hopefully] by services which are *not* root. It is about the > data and the clients that connect to the server. > > I've seen CLAMAV find malware on web servers (maybe it isn't common... > because no one is checking). Someone's crappy PHP code [is there any > other kind?] allows malware to get injected into, and served, from the > server. No root access anywhere, or required. It isn't about > protecting the OS or the system, it is about protecting the data, the > applications [from exploit], and the end-users [so the server isn't an > attack vector]. Assuming none of the services on you server can be > exploited is just wrong headed; and the exploiter does not need to > "own" the server (aka have root) in order to do mischief. Access to > your data is probably more valuable than whacking your server. > > The mantra "LINUX doesn't suffer from malware" is just bollocks. Lots > of malware is served from LINUX servers. Scanning a server for > signatures is just another way to proof (not prove) that a server has > not been compromised and that data accessed by the server is secure. > Which is what things like PCI/DSS is about - protecting the *data*. I don't know about that last sentence.. I am not familiar enough with PCI/DSS to say it protects data or protects from lawsuits. Everything else I can agree with 100%. Linux/Mac/Solaris etc are all good vectors for serving malware because they are not routinely looked at for malware (because most Unix admins think it is something that affects them.) Most malware authors learned that while they may not be able to get 'root' all they really need is normal permissions for most things because they can still open up high ports to send/recieve spam or that most systems have data at o+rw for ease of use. Does this mean that every Linux machine should have a malware detector on it that runs and scans every file? No its a matter of risk management. If you are in a high risk environment, you should know why or why not it is not in place (having other strong security measures in place with constant vigilance can be good enough or for something else it might not be.). >> What do you think it protects you against on a linux server? > > "against a linux server?" ? > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 5.3 released
Craig White wrote: > > seriously though, found this little tidbit which seems important to note > (under known issues)... > > http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Release_Notes/sect-Release_Notes-Known_Issues.html > > When upgrading from an earlier version of Red Hat Enterprise Linux to > 5.3, you may encounter the following error: > Updating : mypackage ### [ 472/1655] > rpmdb: unable to lock mutex: Invalid argument Wow, that's seriously messed up. I hate it when the software is setting up traps like that. Thanks for the notice. -- Florin Andrei http://florin.myip.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Old Small Box
On Jan 22, 2009, at 11:39 AM, Robert Moskowitz wrote: > Kai Schaetzl wrote: >> Ralph Angenendt wrote on Thu, 22 Jan 2009 10:31:20 +0100: >> >> >>> You need a combined(!) 768MB of RAM and Swap to successfully install >>> CentOS 5.2 (see the release notes). >>> >> >> in graphics mode. > > And really it is a performance question as long as you have 256M of > real > memory, the rest swap. Since I always make my swap > 2xRAM, I am > always > installing on a system with at least 768Mb combined. > > I do not like the DIsk Druid default of putting the swap drive into > the > LVM partition. I always redo the partitions so that swap is its own > partition. Why is that? Old school habit or is there a real benefit? Swap performance should be equally good whether it be raw disk, raw partition, LVM logical volume or even a flat file on today's kernels, but maybe there is something I am unaware of. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ext4 in 5.3
Peter Kjellstrom wrote: > > I disagree. On most raid-controllers we use XFS has a significant advantage > over Ext3 when it comes to large sequential writes. Ext3 gets nowhere near > the bare metal performance. > > So, in short, I think it will be interesting to see how Ext4 performs for > this. Exactly. There are differences between file systems even when using very large files sequentially. I did benchmarks on various controllers and my experience was the same: the file system does matter. -- Florin Andrei http://florin.myip.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
> Adam Tauno Williams wrote: > > > 1. Has anyone here gone though such a procedure and got good arguments > > > against the need for anti-virus? > > There is no good argument against running malware detection on any > > sever. > > > 2. Alternatively - what linux anti-virus (oh, the shame of typing this > > > word combination :() do you use which doesn't affect our systems > > > performance too much. > > CLAMAV works well. > What do you do with clamav on a linux server? You scan the server for malware. There is nothing special about LINUX here. The whole "don't run services as root" business is just so much noise. It isn't about protecting the *server* it is about protecting the *data* which is accesses [hopefully] by services which are *not* root. It is about the data and the clients that connect to the server. I've seen CLAMAV find malware on web servers (maybe it isn't common... because no one is checking). Someone's crappy PHP code [is there any other kind?] allows malware to get injected into, and served, from the server. No root access anywhere, or required. It isn't about protecting the OS or the system, it is about protecting the data, the applications [from exploit], and the end-users [so the server isn't an attack vector]. Assuming none of the services on you server can be exploited is just wrong headed; and the exploiter does not need to "own" the server (aka have root) in order to do mischief. Access to your data is probably more valuable than whacking your server. The mantra "LINUX doesn't suffer from malware" is just bollocks. Lots of malware is served from LINUX servers. Scanning a server for signatures is just another way to proof (not prove) that a server has not been compromised and that data accessed by the server is secure. Which is what things like PCI/DSS is about - protecting the *data*. > What do you think it protects you against on a linux server? "against a linux server?" ? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Old Small Box
Kai Schaetzl wrote: > Ralph Angenendt wrote on Thu, 22 Jan 2009 10:31:20 +0100: > > >> You need a combined(!) 768MB of RAM and Swap to successfully install >> CentOS 5.2 (see the release notes). >> > > in graphics mode. And really it is a performance question as long as you have 256M of real memory, the rest swap. Since I always make my swap > 2xRAM, I am always installing on a system with at least 768Mb combined. I do not like the DIsk Druid default of putting the swap drive into the LVM partition. I always redo the partitions so that swap is its own partition. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
But again you said it, Symantic is trash With my history of machine crashes caused by their I can do it better altitude, Run don't walk from Symantic John Plemons ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
Rainer Traut wrote: > Am 22.01.2009 02:19, schrieb Amos Shapira: > >> 2. Alternatively - what linux anti-virus (oh, the shame of typing this >> word combination :() do you use which doesn't affect our systems >> performance too much. > > http://www.f-prot.com/products/corporate_users/unix/ > has some Linux AV products. And just for completeness, Symantec has AV for Linux too... it is better there than on the Windows platform, but that doesn't say much. The advantage of Symantec is that it is a well-known brand, so in some cases it can be a easy option to push through red-tape bureaucrats. -- //Morten Torstensen //Email: mor...@mortent.org //IM: morten.torsten...@gmail.com I can't listen to that much Wagner. I start getting the urge to conquer Poland. -- Woody Allen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
Amos Shapira wrote: > 2. Alternatively - what linux anti-virus (oh, the shame of typing this > word combination :() do you use which doesn't affect our systems > performance too much. I highly recommend Sophos antivirus: http://www.sophos.com/products/enterprise/endpoint/security-and-control/8.0/linux/ They seem to cost more than the competition but it's because they have a better product. Glad I don't have to deal with credit card numbers anymore the security around that stuff was a pain. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] PHP 5.2 on Centos4
Bit of an emergency as I'm told this laptop has to leave here in 15 minutes, I've gone ahead and configured, made, installed PHP 5.2 but an httpd restart still only sees the old PHP 5.0.4, I think there's a fairly simple way to get it to find the 5.2 version I've just installed but can't think what. Any help gratefully received! thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disable rquotad and pop
Jerry Geis wrote on Thu, 22 Jan 2009 10:45:21 -0500: first, could you please *reply* and keep in the thread and not send new messages when you reply? > Sure I familiar with those commands, problem is there is not rquota > service... SO these dont help. Fine. Why didn't you say so in your original request? > > I did do service nfs stop Do a "ps ax|grep rpc" then ;-) The two rpc daemons don't get killed by a stop. You have to kill it manually. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Old Small Box
Ralph Angenendt wrote: > Warren Young wrote: >> James A. Peltier wrote: >>> CentOS 5 requires 512MB for installation >> I had an EL5 install attempt fail on a VM with 512 MB of RAM. Big ugly >> anaconda Python stack dump type error. Upped the RAM for the VM, and it >> installed. > > You need a combined(!) 768MB of RAM and Swap to successfully install That's certainly the problem, thanks. I don't use swap on VMs, for fairly obvious reasons. I guess I could use file-based swap, so it's easy to turn off and recover the space after the install finishes. My VMs really don't need more than 512 MB of RAM when running. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] disable rquotad and pop
> > Jerry Geis wrote on Thu, 22 Jan 2009 09:22:16 -0500: > > >/ for rquotad /etc/sysconfig/nfs has it quoted out but yet it is running? > />/ How do I disable it? > />/ > />/ also what about pop? > / > service name start/stop > > chkconfig name off to disable starting > Sure I familiar with those commands, problem is there is not rquota service... SO these dont help. I did do service nfs stop I changed /etc/sysconfig/nfs removed all RQUOTAD lines and added RQUOTAD="no" service nfs start however I still have an rpc.rquotad running. AHHH... What am I missing? Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disable rquotad and pop
Jerry Geis wrote on Thu, 22 Jan 2009 09:22:16 -0500: > for rquotad /etc/sysconfig/nfs has it quoted out but yet it is running? > How do I disable it? > > also what about pop? service name start/stop chkconfig name off to disable starting Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
> None... clamav, amavis, etc... are used for protecting Windows boxes > behind the Linux boxes. If you aren't running any Windows hosts on the FYI, clamav also detects linux based viruses. There are linux based viruses. Rkhunter is also good to run on a linux server as well. http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses Of course if you keep your passwords secure and up to date on patches you 'should' not get any viruses on a linux box. Nothing is certain though. Its very little effort to install clamav and rkhunter. Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SquirrelMail Sending Under Wrong Username
CentOS team... as is already bug reported and marked solved... as we await the upstream repair for this. It was reported that this was happening on CentOS 5. You likely already know, but it also happens on CentOS 4. For those unaware. It seems that SquirrelMail has an issue which allows mail to be sent out from one user on the system and it uses the from address of another user on the system. Apparently, both users need to be logged into SM at the same time. My client reported that when he sent the affected message, he received a connection lost notice. He logged in again, stated that the email was in fact sent. The recipient of that email asked what was up with the odd from address. Looking at the headers from that message, they do in fact show adifferentusern...@thisparticularservername.com. This is about the most embarrassing thing that's ever happened with my servers. Obviously the affected user is not feeling very secure. It does invite the recipient to reply to the wrong address which could be bad on so many levels (imagine having a few local law firms hosted on the same server?). I view this as a horrid security issue. If maybe the CentOS team might be so kind as to push the SquirrelMail update to the front when it's ready, that would be greatly appreciated. John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disable rquotad and pop
Rick, For rquota this shows: ps ax | grep rquota 3140 ?Ss 0:00 rpc.rquotad 15025 ?Ss 0:00 rpc.rquotad 21509 ?Ss 0:00 rpc.rquotad 21590 pts/2S+ 0:00 grep rquota grep RQUOTA /etc/sysconfig/nfs #RQUOTAD="/usr/sbin/rpc.rquotad" #RQUOTAD_PORT=875 #RPCRQUOTADOPTS="" so how do I stop this service? Then for port 443, netstat -ap | grep 443 gave nothing, however netstat -ap | grep https tcp0 0 localhost:58597 localhost:https TIME_WAIT - tcp 0 0 *:https The port scan I was reading led me to believe it was pop... In actuality it was https. its reporting 5 security vulnerabilites for https? I'm not sure that those are? jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
> Yes, I know, it's really really embarrassing to have to ask but I'm > being pushed to the wall with PCI DSS Compliance procedure > (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why > we don't need to install an anti-virus or find an anti-virus to run on > our CentOS 5 servers. > > Whatever I do - it needs to be convincing enough to make the PCI > compliance guy tick the box. > > So: > > 1. Has anyone here gone though such a procedure and got good arguments > against the need for anti-virus? We are going through the same thing. The initial rollout was planned for only PCI critical systems, but has been expanded to SOX and business-critical servers. Given the extreme rarity of Unix/Linux related viruses, we did question why we needed to run an AV solution at all. However, we do have shares that are accessible via Windows and Mac users, so these were targeted. Per our compliance officer, though a rigid interpretation of the PCI documentation might not require full scans of every server, or even scanning every server, we would go beyond the spec. Thus, at some point we're expecting that all servers will require some sort of AV product. > 2. Alternatively - what linux anti-virus (oh, the shame of typing this > word combination :() do you use which doesn't affect our systems > performance too much. The AV solution we were told to use was Sophos AV. Our environment is primarily AIX with a few Linux systems. Though the Linux systems had (mostly) equivalent features to the Windows product, the AIX solution was essentially a command line driven scan similar to ClamAV. Now, SophosAV on Linux requires some kernel hooks for the on-access scan. If Sophos-compiled binaries are not available for your kernel then you'd need to build them on the machine. I.e., you'd require GCC and the kernel-dev packages. Per our security requirements (not PCI specific), we do not have compilers and dev libraries on anything but development servers. Sophos also did not have an SLA as to when new binaries would be released after a new kernel. Which leads to an interesting conundrum. The Sophos product cannot do on-demand scanning without a dev environment (and compiling elsewhere was not a documented process from Sophos). So we were left with the command line, cron driven scanner. Given that the files we would target were often temporary (e.g., uploaded documents, files to be pushed into a doc manager), it made little sense to scan daily. Instead, you'd need to script processes to watch directories and holding areas. The rest of the problems were primarily with the AIX client. Anyhoo, the AV products don't put too much load on the system, depending on your scan requirements. They can do so though. E.g., if you scan compressed files, do on demand, scan across shares, etc.. > > The reviewed servers run both Internet-facing web applications and > internal systems, mostly using proprietary protocol for internal > communications. They are being administrated remotely via IPSec VPN > (and possibly in the future also OpenVPN). > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: Infrastructure Documenting
We are moving all our (limited and badly organized) documentation to a wiki. Anyone got any examples/pointers to a hierarchy that made logical sense? We are hoping to move everything from topology to application specific notes in to the wiki. Given the size of this task, I only want to do this once:) Thanks for any reco's! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] disable rquotad and pop
Hi all, I am trying to find out how to disable rquotad and pop (port 443) for rquotad /etc/sysconfig/nfs has it quoted out but yet it is running? How do I disable it? also what about pop? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
John Plemons wrote: > I use AVG, they have a nice and clean Real Time Scanning piece of > software for Linux Oh. So maybe dazuko now isn't a resource hog anymore? Thanks, that is the first time I've heard about a component like that. Cheers, Ralph pgpZ9MNNThjn6.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
Matt Shields wrote: > On Thu, Jan 22, 2009 at 8:15 AM, Ralph Angenendt > > > As far as I know there is no AntiVirus solution for Linux which works > > the same as all the solutions under Windows do. And if you do not have > > real time scanning on a server/workstation, an anti virus scanner > > doesn't do you any good, as the time frame for attacks is just too > > large. Either you get it on the first shot or you can just forget about > > it. > > > Check out BitDefender http://www.bitdefender.com Bitdefender for Samba which only scans stuff on network shares and Bitdefender for Mail Servers which does the same clamav and amavisd/exiscan/whatever can do. No security products which "protect" servers itself, just hooks into the windows world. Supports the point I tried to make :) Ralph pgpcr4xvOZOfz.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
I use AVG, they have a nice and clean Real Time Scanning piece of software for Linux see http://www.grisoft.com for general info http://www.avg.com/download-7?prd=avl to download for the different flavors of Linux I use it on my Linux boxes as well as all of my Windows Clients and Servers as well, bang for buck its one of the best out and much better than that crappy Symantic brand AV john plemons ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
On Thu, 2009-01-22 at 14:15 +0100, Ralph Angenendt wrote: > Anne Wilson wrote: > > I'm sure there are plenty of people that can give Ralph detailed > > information > > about using it efficiently. > > Sorry, I do not want to know how to "use clamav efficiently", I am just > wondering what good clamav will do on a server, as there aren't really > any hooks into file writing or reading. Sure, I can hook up clamav into > my email stream or into my proxy on that machine for filtering out > requests to people who use windows boxes behind those. > > But I do not understand which sense clamav makes on a linux server, if > there are no hooks into the kernel (I know about dazuko, but a) we don't > ship it and b) last time I looked at it I couldn't get it to run > properly without a *huge* speed penalty). > > As far as I know there is no AntiVirus solution for Linux which works > the same as all the solutions under Windows do. And if you do not have > real time scanning on a server/workstation, an anti virus scanner > doesn't do you any good, as the time frame for attacks is just too > large. Either you get it on the first shot or you can just forget about > it. > > So again: If you want to be PCI-DSS compliant - what's the use of > clamav? re: the last question, I simply don't know. I do know that I have an 'unsupported' version of Symantec Anti-Virus for Linux which came with their 'End Point Protection' package which I gather is a 'real-time' package but I am not interested in finding out what that would do to performance of the system. I also know that samba has a 'vfs' option for using clamd on your samba/Windows file server. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
On Thu, Jan 22, 2009 at 8:15 AM, Ralph Angenendt > wrote: > Anne Wilson wrote: > > I'm sure there are plenty of people that can give Ralph detailed > information > > about using it efficiently. > > Sorry, I do not want to know how to "use clamav efficiently", I am just > wondering what good clamav will do on a server, as there aren't really > any hooks into file writing or reading. Sure, I can hook up clamav into > my email stream or into my proxy on that machine for filtering out > requests to people who use windows boxes behind those. > > But I do not understand which sense clamav makes on a linux server, if > there are no hooks into the kernel (I know about dazuko, but a) we don't > ship it and b) last time I looked at it I couldn't get it to run > properly without a *huge* speed penalty). > > As far as I know there is no AntiVirus solution for Linux which works > the same as all the solutions under Windows do. And if you do not have > real time scanning on a server/workstation, an anti virus scanner > doesn't do you any good, as the time frame for attacks is just too > large. Either you get it on the first shot or you can just forget about > it. > > So again: If you want to be PCI-DSS compliant - what's the use of > clamav? > > Ralph > > Check out BitDefender http://www.bitdefender.com -matt http://www.sysadminvalley.com http://www.beantownhost.com http://www.linkedin.com/in/mattboston ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
Anne Wilson wrote: > I'm sure there are plenty of people that can give Ralph detailed information > about using it efficiently. Sorry, I do not want to know how to "use clamav efficiently", I am just wondering what good clamav will do on a server, as there aren't really any hooks into file writing or reading. Sure, I can hook up clamav into my email stream or into my proxy on that machine for filtering out requests to people who use windows boxes behind those. But I do not understand which sense clamav makes on a linux server, if there are no hooks into the kernel (I know about dazuko, but a) we don't ship it and b) last time I looked at it I couldn't get it to run properly without a *huge* speed penalty). As far as I know there is no AntiVirus solution for Linux which works the same as all the solutions under Windows do. And if you do not have real time scanning on a server/workstation, an anti virus scanner doesn't do you any good, as the time frame for attacks is just too large. Either you get it on the first shot or you can just forget about it. So again: If you want to be PCI-DSS compliant - what's the use of clamav? Ralph pgpVhme9RlXAD.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
On Thursday 22 January 2009 12:46:46 Craig White wrote: > On Thu, 2009-01-22 at 12:16 +, Anne Wilson wrote: > > On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote: > > > What do you do with clamav on a linux server? Especially: How is it run > > > by you? What do you think it protects you against on a linux server? > > > > 1 - it protects you against passing on any windows viruses to windows > > users 2 - it satisfied those auditors who can't think beyond what they > > have been told, especially if you have log proof. Logwatch's daily > > report: > > > > - clam-update Begin > > > > Last ClamAV update process started at Wed Jan 21 04:02:23 2009 > > > > Last Status: > > main.cvd is up to date (version: 49, sigs: 437972, f-level: 35, > > builder: sven) > > daily.cld is up to date (version: 8881, sigs: 56877, f-level: 38, > > builder: ccordes) > > > > -- clam-update End - > > > > > > - Clamav Begin > > > > > > **Unmatched Entries** > > Database correctly reloaded (936952 signatures) > > > > -- Clamav End - > > > > That should satisfy and auditor. > > > the above suggests that clamav signature files were updated and the > database reloaded but nowhere does it suggest that any scanning of the > file system occurred nor the output of such scanning which probably > never occurred. What you have demonstrated is a gymnastic exercise which > accomplishes little. clamd might be able to do something useful but it > is not indicated above. > True. As I have no windows boxes on the LAN I only run it manually, and it wasn't done on the day that that reported. The one area that I am vulnerable to is email-borne viruses, and since I am not serving those to windows boxes it is only out of curiosity that I need clamav. I'm sure there are plenty of people that can give Ralph detailed information about using it efficiently. I was merely demonstrating how easy it is to show that you keep the database up to date. You are quite right,of course, they will want to see evidence that it is scanning as well. Anne signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
On Thu, 2009-01-22 at 12:16 +, Anne Wilson wrote: > On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote: > > What do you do with clamav on a linux server? Especially: How is it run > > by you? What do you think it protects you against on a linux server? > > 1 - it protects you against passing on any windows viruses to windows users > 2 - it satisfied those auditors who can't think beyond what they have been > told, especially if you have log proof. Logwatch's daily report: > > - clam-update Begin > > Last ClamAV update process started at Wed Jan 21 04:02:23 2009 > > Last Status: > main.cvd is up to date (version: 49, sigs: 437972, f-level: 35, builder: > sven) > daily.cld is up to date (version: 8881, sigs: 56877, f-level: 38, > builder: > ccordes) > > -- clam-update End - > > > - Clamav Begin > > > **Unmatched Entries** > Database correctly reloaded (936952 signatures) > > -- Clamav End - > > That should satisfy and auditor. the above suggests that clamav signature files were updated and the database reloaded but nowhere does it suggest that any scanning of the file system occurred nor the output of such scanning which probably never occurred. What you have demonstrated is a gymnastic exercise which accomplishes little. clamd might be able to do something useful but it is not indicated above. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] help with udev rules needed
rra...@comcast.net wrote: > On Wed, 21 Jan 2009, Farkas Levente wrote: > >> rra...@comcast.net wrote: >>> On Wed, 21 Jan 2009, Farkas Levente wrote: >>> rra...@comcast.net wrote: > I am migrating from Fedora 8 to CentOS 5.2 > I have usb dvd > > On F8 I have /etc/udev/rules/00-my-custom.rules > BUS=="scsi", SYSFS{vendor}=="TSSTcorp", SYSFS{model}=="CDDVDW SH-S203N > ",SYMLINK="dvd",OWNER="rray" > When I plug in dvd I get > $ ll /dev/scd1 > lrwxrwxrwx 1 root root 3 Aug 25 08:17 /dev/scd1 -> sr1 > ll /dev/sr1 > brw-r- 1 rray disk 11, 1 2009-01-21 12:29 /dev/sr1 > Everything is ok > > On C5.2 I have /etc/udev/rules/00-my-custom.rules > BUS=="scsi", SYSFS{vendor}=="TSSTcorp", SYSFS{model}=="CDDVDW SH-S203N > ",SYMLINK="dvd",OWNER="rray" > When I plug in dvd I get > # ll /dev/scd0 > brw-rw 1 root disk 11, 0 Jan 21 12:30 /dev/scd0 > I have also tried MODE="0666" and it also has no affect > > I have checked "udevinfo -a -p $(udevinfo -q path -n /dev/scd0/1)" on both > machines and they are the same what's the problem? the above rule has nothing to do with sdcX it's just create dvd symlink, the device itself created by system udev rules. >>> On C5.2 the device has root:disk ownership and 660 perms >>> The OWNER="rray" part of the udev rule appears to be ignored >>> How can I change the owner to "rray" or perms to "0666" >> _which_ device? scd1 or dvd!!!? >> your rule is about dvd it has nothing to with scd1! >> >> > > I believe I am very confused > Please ignore everything above > If I wanted to write a udev rules such that when I plugged in my usb dvd > drive, the owner of the device file is "rray" what might that rule look > like given udevinfo tells me these characteristics describe my dvd drive > BUS=="scsi", SYSFS{vendor}=="TSSTcorp", SYSFS{model}=="CDDVDW SH-S203N" ACTION="add, NAME="dvd", OPTION="last_rule" or something like that -- Levente "Si vis pacem para bellum!" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
Anne Wilson wrote: > On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote: > > What do you do with clamav on a linux server? Especially: How is it run > > by you? What do you think it protects you against on a linux server? > > 1 - it protects you against passing on any windows viruses to windows users Yes, but how is it run? Hourly via cron? On which files? What does it protect against? Mind you, I'm not talking about workstations, but about servers. Ralph pgpotwFz9gh2d.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Old Small Box
On Wed, Jan 21, 2009 at 6:06 PM, Mike -- EMAIL IGNORED wrote: > I have an old 400mHz Dell with a 20G hard drive > and 125M ram. Can I install and run CentOS on it? Depends on what you want to use it for. I have successfully run CentOS on PIIIs with as little as 256MB of memory, but with limited functionality enabled, usually as a firewall, SAMBA server and/or web server. In all cases I took care during installation to install as little software as possible, disable all unnecessary daemons and use only the command line. Brett ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos