Re: [CentOS] Networking just stopped working
And now the thing is working again... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Smallest install?
On 07/05/2010 03:06 PM, Stephen Harris wrote: I have a 500Mb ATA Flash drive in my machine. If I deselect everything at install time (CentOS 5.0 - just for testing) it still requires 524Mb. Is there any way of doing an even smaller install? Prepare a kickstart file using system-config-kickstart. In the %packages section, list only @core. See how that fits your needs. You'll probably end up adding additional packages, like yum to the %packages section. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Smallest install?
Stephen Harris a écrit : I have a 500Mb ATA Flash drive in my machine. If I deselect everything at install time (CentOS 5.0 - just for testing) it still requires 524Mb. Is there any way of doing an even smaller install? You might consider one of those fine super-lightweight distributions like Slitaz or Tiny Core, both excellent. Cheers, Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Smallest install?
Stephen Harris a écrit : I have a 500Mb ATA Flash drive in my machine. If I deselect everything at install time (CentOS 5.0 - just for testing) With CentOS 5.5, select [*] Customize Package Selection, and then in the following screen, deselect everything, even [*] Base. You still get a coherent system. Cheers, Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Smallest install?
On 07/06/2010 09:16 AM, Niki Kovacs wrote: Stephen Harris a écrit : I have a 500Mb ATA Flash drive in my machine. If I deselect everything at install time (CentOS 5.0 - just for testing) With CentOS 5.5, select [*] Customize Package Selection, and then in the following screen, deselect everything, even [*] Base. You still get a coherent system. This actually what i do to install a minimal CentOS on VM using only the first CD iso there's also Orange JeOS [1] [1] http://orangejeos.sourceforge.net/ HTH -- Athmane Madjoudj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Smallest install?
On Tue, 6 Jul 2010, Niki Kovacs wrote: To: CentOS mailing list centos@centos.org From: Niki Kovacs cont...@kikinovak.net Subject: Re: [CentOS] Smallest install? Stephen Harris a écrit : I have a 500Mb ATA Flash drive in my machine. If I deselect everything at install time (CentOS 5.0 - just for testing) it still requires 524Mb. Is there any way of doing an even smaller install? You might consider one of those fine super-lightweight distributions like Slitaz or Tiny Core, both excellent. OR there's DSL: http://www.damnsmalllinux.org/ What is DSL? Damn Small Linux is a very versatile 50MB mini desktop oriented Linux distribution. Damn Small is small enough and smart enough to do the following things: * Boot from a business card CD as a live linux distribution (LiveCD) * Boot from a USB pen drive * Boot from within a host operating system (that's right, it can run *inside* Windows) * Run very nicely from an IDE Compact Flash drive via a method we call frugal install * Transform into a Debian OS with a traditional hard drive install * Run light enough to power a 486DX with 16MB of Ram * Run fully in RAM with as little as 128MB (you will be amazed at how fast your computer can be!) * Modularly grow -- DSL is highly extendable without the need to customize It runs from a Live CD nicely. Kind Regards, Keith Roberts___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Networking just stopped working
Christopher Chan wrote: And now the thing is working again... It's not working again. Running tcpdump -i vlan seems to trigger something to get the network working again but as soon as I stop tcpdump...nada, zip, zilch. Any ideas? I see no errors in the logs whether of the switch or the box, just about everything reports fine. Would the loading of the kernel bridge module cause this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] why i can not put my swap files in /dev?
I tried to create some swap files in /dev directory for my desktop. the dd and mkswap were ok. but when I try to swapon it, i get this: # swapon /dev/myswap swapon: /dev/myswap: Invalid argument but when I mv the file to some other directory like /mnt or /, the swapon works. could sb. tell me why? -- Tang Jianwei ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why i can not put my swap files in /dev?
2010/7/6 Tang Jianwei myh...@gmail.com: I tried to create some swap files in /dev directory for my desktop. the dd and mkswap were ok. but when I try to swapon it, i get this: # swapon /dev/myswap swapon: /dev/myswap: Invalid argument but when I mv the file to some other directory like /mnt or /, the swapon works. /dev/* is virtual directory containing all devices, not files. create your swap on disk devices (/dev/sdXX, not in empty space) -- Eero, RHCE ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why i can not put my swap files in /dev?
On 07/06/2010 12:41 PM, Tang Jianwei wrote: I tried to create some swap files in /dev directory for my desktop. the dd and mkswap were ok. Does the file exist after reboot? I think the /dev directory is made in a RAM disk (tmpfs), not a useful place to put a swapfile. Mogens -- Mogens Kjaer, m...@lemo.dk http://www.lemo.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
_ From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of cliff here Sent: Monday, July 05, 2010 10:56 PM To: CentOS mailing list Subject: Re: [CentOS] DNS or firewall problem yea that needs to be a 1 Thanks, I'll give that a try. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
cliff here wrote: net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? yea that needs to be a 1 That cannot be mandatory, as I have a 0 there and do not have the OP's problem. As I mentioned, the default in shorewall is that loc to $FW, ie connection from machines on the local LAN to server, is set to REJECT. Maybe that is the default in the iptables setting too? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] setuproot: moving /dev/failed:No such file or directory
Since my upgrade of the CentOS 5.4 to 5.5, it is impossible to boot from kernel 2.6.18-194.xx but older kernel (2.6.18-164-xx) boots perfectly The message I get is: setuproot: moving /dev/failed:No such file or directory* *And I get a Kernel Panic... It seems like the system was unable to mount /dev in ram, then it cannot find it... How is it possible and how to solve this ?* *-- (°- Bernard Lheureux Gestionnaire des MailingLists ML, TechML, LinuxML //\ http://www.bbsoft4.org/Mailinglists.htm ** MailTo:r...@bbsoft4.org v_/_ http://www.bbsoft4.org/ * http://www.portalinux.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why i can not put my swap files in /dev?
Thank you and Mogens. and I also think this is the cause. Tang Jianwei On 07/06/2010 06:50 PM, Eero Volotinen wrote: /dev/* is virtual directory containing all devices, not files. create your swap on disk devices (/dev/sdXX, not in empty space) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why i can not put my swap files in /dev?
At Tue, 06 Jul 2010 18:41:06 +0800 CentOS mailing list centos@centos.org wrote: I tried to create some swap files in /dev directory for my desktop. the dd and mkswap were ok. but when I try to swapon it, i get this: # swapon /dev/myswap swapon: /dev/myswap: Invalid argument but when I mv the file to some other directory like /mnt or /, the swapon works. could sb. tell me why? /dev is mounted from a *ramdisk* -- swapping to a RAM disk makes really no sense. With a modern (eg 2.6 kernel w/udev), /dev is created fresh at boot time and only contains device node files, generally created on-the-fly by udevd. -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software-- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database hel...@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Networking just stopped working
Chan Chung Hang Christopher wrote: Christopher Chan wrote: And now the thing is working again... It's not working again. Running tcpdump -i vlan seems to trigger something to get the network working again but as soon as I stop tcpdump...nada, zip, zilch. Any ideas? I see no errors in the logs whether of the switch or the box, just about everything reports fine. Would the loading of the kernel bridge module cause this? Running tcpdump would put the interface in promiscuous mode. Does your setup need this to work? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why i can not put my swap files in /dev?
On Tue, Jul 06, 2010 at 06:41:06PM +0800, Tang Jianwei wrote: I tried to create some swap files in /dev directory for my desktop. the dd and mkswap were ok. but when I try to swapon it, i get this: # swapon /dev/myswap swapon: /dev/myswap: Invalid argument but when I mv the file to some other directory like /mnt or /, the swapon works. could sb. tell me why? /dev is not a real directory for data files. You should actually make a separate partition for swap Otherwise, you can put it in some real file spaca such as in /usr or where you left a lot of space.That is often done to increase available swap space when the originally created swap partition is not large enough - add some from file space. jerry -- Tang Jianwei ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Networking just stopped working
Les Mikesell wrote: Chan Chung Hang Christopher wrote: Christopher Chan wrote: And now the thing is working again... It's not working again. Running tcpdump -i vlan seems to trigger something to get the network working again but as soon as I stop tcpdump...nada, zip, zilch. Any ideas? I see no errors in the logs whether of the switch or the box, just about everything reports fine. Would the loading of the kernel bridge module cause this? Running tcpdump would put the interface in promiscuous mode. Does your setup need this to work? I don't think so. The thing was working fine since December last year until this morning. Then poof! I just realized I forgot to boot older kernels to check for the same problem... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
Are you running a proxy for http? It would be rather surprising that internal machines can access the Internet without forwarding turned on otherwise. When you say internal machines cannot access your server, are they connecting to it via the local interface's ip or the Internet ip? Are the services bound to the local interface? I did notice today there is a squid.conf file in my /etc/httpd/conf.d directory. It appears it is configure for the local domain only. I renamed it and restarted apache but that didn't work. The server has two nics, one for internet and one for the local network, connected to a switch. eth0 is connected to the uplink port. Please pastebin the output of the following: Run as root: 'cat /etc/sysconfig/iptables' 'netstat -ntlp' ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
Well if you want the kernel to route IPV4 traffic, then yes it has to be 1 On 7/6/10, Timothy Murphy gayle...@eircom.net wrote: cliff here wrote: net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? yea that needs to be a 1 That cannot be mandatory, as I have a 0 there and do not have the OP's problem. As I mentioned, the default in shorewall is that loc to $FW, ie connection from machines on the local LAN to server, is set to REJECT. Maybe that is the default in the iptables setting too? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- - NOTICE: This message, including all attachments, is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering this message to its intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying Received in error and immediately delete this message and all its attachments. - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why i can not put my swap files in /dev?
Jerry McAllister wrote: On Tue, Jul 06, 2010 at 06:41:06PM +0800, Tang Jianwei wrote: I tried to create some swap files in /dev directory for my desktop. the dd and mkswap were ok. but when I try to swapon it, i get this: # swapon /dev/myswap swapon: /dev/myswap: Invalid argument but when I mv the file to some other directory like /mnt or /, the swapon works. could sb. tell me why? Well, /dev is *not* a good place for anything but device files. /dev is not a real directory for data files. snip Um, er, what do you mean about it not being a real directory? mark -- When I hear about object oriented systems, I think of one that's been around for about 40 years: *Nix. Everything's a file, er, object, and you pipe, er, message from one object to another ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setuproot: moving /dev/failed:No such file or directory
Bernard Lheureux wrote: Since my upgrade of the CentOS 5.4 to 5.5, it is impossible to boot from kernel 2.6.18-194.xx but older kernel (2.6.18-164-xx) boots perfectly The message I get is: setuproot: moving /dev/failed:No such file or directory* *And I get a Kernel Panic... It seems like the system was unable to mount /dev in ram, then it cannot find it... How is it possible and how to solve this ?* Look at /boot/grub/device.map, and make sure it's correct. Also your /boot/grub/grub.conf mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why i can not put my swap files in /dev?
In the past I only heard that /proc and /sys are RAM directories, now I get /dev as well. thank you. Tang Jianwei On 07/06/2010 10:14 PM, John Kennedy wrote: On Tue, Jul 6, 2010 at 10:01 AM, m.r...@5-cent.us mailto:m.r...@5-cent.us wrote: Jerry McAllister wrote: On Tue, Jul 06, 2010 at 06:41:06PM +0800, Tang Jianwei wrote: I tried to create some swap files in /dev directory for my desktop. the dd and mkswap were ok. but when I try to swapon it, i get this: # swapon /dev/myswap swapon: /dev/myswap: Invalid argument but when I mv the file to some other directory like /mnt or /, the swapon works. could sb. tell me why? Well, /dev is *not* a good place for anything but device files. /dev is not a real directory for data files. snip Um, er, what do you mean about it not being a real directory? mark I would say he means real as exists on a hard drive like /home of /var as opposed to virtual as exists in RAM like /proc. John -- John Kennedy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why i can not put my swap files in /dev?
At Tue, 6 Jul 2010 10:01:10 -0400 CentOS mailing list centos@centos.org wrote: Jerry McAllister wrote: On Tue, Jul 06, 2010 at 06:41:06PM +0800, Tang Jianwei wrote: I tried to create some swap files in /dev directory for my desktop. the dd and mkswap were ok. but when I try to swapon it, i get this: # swapon /dev/myswap swapon: /dev/myswap: Invalid argument but when I mv the file to some other directory like /mnt or /, the swapon works. could sb. tell me why? Well, /dev is *not* a good place for anything but device files. /dev is not a real directory for data files. snip Um, er, what do you mean about it not being a real directory? It is not 'persistent' across boots. It is not backed by actual hard disk space. Any *data* files (including swap files) will be gone at the next reboot. The *device* files are re-created by udevd during the boot process (and later on by the hotplug / HAL subsystem). mark -- When I hear about object oriented systems, I think of one that's been around for about 40 years: *Nix. Everything's a file, er, object, and you pipe, er, message from one object to another ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why i can not put my swap files in /dev?
On Tue, Jul 06, 2010 at 10:14:19AM -0400, John Kennedy wrote: On Tue, Jul 6, 2010 at 10:01 AM, m.r...@5-cent.us wrote: Jerry McAllister wrote: On Tue, Jul 06, 2010 at 06:41:06PM +0800, Tang Jianwei wrote: I tried to create some swap files in /dev directory for my desktop. the dd and mkswap were ok. but when I try to swapon it, i get this: # swapon /dev/myswap swapon: /dev/myswap: Invalid argument but when I mv the file to some other directory like /mnt or /, the swapon works. could sb. tell me why? Well, /dev is *not* a good place for anything but device files. /dev is not a real directory for data files. snip Um, er, what do you mean about it not being a real directory? mark I would say he means real as exists on a hard drive like /home of /var as opposed to virtual as exists in RAM like /proc. John Yup. jerry -- John Kennedy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Cluster
2010/7/5 Torintino T torinti...@live.com: Dear All, I am newbie to Linux Clustering, i have 2 standalone CentOS servers, i want to setup a cluster on those servers, to synchronize between each other, and to make a one as standby to the other, if a one fails the other will switchover. I will mostly use Apache, Mysql, and PHP. I have read the Cluster Administration document, i found that there are multiple methods to setup the cluster, actually i want to ask expert people in the clustering, which method is the most proper one, and should i have use a fence device, which one i will preferably use. There are several options depending on your requirements and your resources. For synchronizing the web root, you can opt for something as simple as rsync or checkout from a central repository. For mysql, there are some creative methods including fully clustered mysql servers ($$), dump/restore from primary to secondary. If you opt for shared storage there are a few other options but it requires a little more complex setup. Easiest situation is a SAN volume that you can swing from node1 to node2. This can be backed by an actual SAN, by a Linux host running iSCSI services, DRBD, GNBD, etc.. Shared storage requires fencing, either through the standard mechanisms or via logic on the application side. If you just have two nodes and no central storage, IMHO the easiest setup would be a DRBD volume. Use luci to build the cluster with a virtual IP that swings between the two nodes. This is rather simple: Install drbd, luci, ricci. Configure the drbd volumes between the two nodes. Ample documentation is available and the process is fairly trivial. If at all possible, build a second network for this traffic. Configure clustering, using luci, on the first node. At minimum you'd setup a parent service with some child services of the web root and mysql database mount, virtual IP, and the actual httpd/mysql services. For people new to CentOS clustering, this can be a little confusing as the cluster service you setup initially is not just a network service such as apache, dns, etc., but an application. The application then has dependent services which can include a filesystem, ip address, daemons, etc.. Note that exclusive doesn't mean a service runs on just one node, but that *only* that service runs on a node. If you set a service as exclusive, unless you have a separate node for each exclusive service, you may run intro frustration when you try to failover nodes. Configure your fencing. At simplest case you can configure a policy that will, in essence say Die! to the other node. If the other node doesn't die, the active node can kill the other node in various and sundry ways including pulling the power, shutting down the node via the virtual machine host, etc.. You can also be a bit more polite and install GFS and let the GFS service handle who gets the resources. The tradeoff is in complexity. Once it's configured on the first node, import the luci configuration onto the second node. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
echo 1 /proc/sys/net/ipv4/ip_forward On 6 July 2010 21:17, Basil Kurian basilkur...@gmail.com wrote: enable ipv4_forwarding in /etc/sysctl.conf # service iptables start # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE eth0 is the interface connected to modem. On 6 July 2010 04:30, Thomas Dukes tdu...@sc.rr.com wrote: Been working this for over a month now and I'm stumped. Everything was working until the 'crash'. Backup was no good so I did a fresh install of centos 5.5. Trying to get things back like they were but its been a really long time since I had to set things up from scratch, Redhat 2.0. My centos server acts as a gateway/firewall/router for my home network. Internal machines can access the internet. The server can access the internet. I can access my server/services from outside the local network but internal machines cannot. Any ideas/suggestions? Thanks, --Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
enable ipv4_forwarding in /etc/sysctl.conf # service iptables start # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE eth0 is the interface connected to modem. On 6 July 2010 04:30, Thomas Dukes tdu...@sc.rr.com wrote: Been working this for over a month now and I'm stumped. Everything was working until the 'crash'. Backup was no good so I did a fresh install of centos 5.5. Trying to get things back like they were but its been a really long time since I had to set things up from scratch, Redhat 2.0. My centos server acts as a gateway/firewall/router for my home network. Internal machines can access the internet. The server can access the internet. I can access my server/services from outside the local network but internal machines cannot. Any ideas/suggestions? Thanks, --Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why i can not put my swap files in /dev?
At Tue, 06 Jul 2010 22:30:10 +0800 CentOS mailing list centos@centos.org wrote: In the past I only heard that /proc and /sys are RAM directories, now /proc and /sys are psuedo directories -- they hook into kernel data structures. I get /dev as well. thank you. With 2.6 kernels and udev, /dev has become a RAMDISK that is freshly populated at boot time by udevd and related code (HAL and the hotplug system). Tang Jianwei On 07/06/2010 10:14 PM, John Kennedy wrote: On Tue, Jul 6, 2010 at 10:01 AM, m.r...@5-cent.us mailto:m.r...@5-cent.us wrote: Jerry McAllister wrote: On Tue, Jul 06, 2010 at 06:41:06PM +0800, Tang Jianwei wrote: I tried to create some swap files in /dev directory for my desktop. the dd and mkswap were ok. but when I try to swapon it, i get this: # swapon /dev/myswap swapon: /dev/myswap: Invalid argument but when I mv the file to some other directory like /mnt or /, the swapon works. could sb. tell me why? Well, /dev is *not* a good place for anything but device files. /dev is not a real directory for data files. snip Um, er, what do you mean about it not being a real directory? mark I would say he means real as exists on a hard drive like /home of /var as opposed to virtual as exists in RAM like /proc. John -- John Kennedy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos MIME-Version: 1.0 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Problem with Gnome (or nautilus)
I have upgraded form 5.4 to 5.5 . after that i 'm having problem with nautilus some strange errors like not on the same file system occurs during file operation like moving deleting etc. after that i did a fresh installation of 5.5 . then aslo same problem .. does anyone experienced such a problem ?? Now i'm using 5.3 . Also the Bind DNS server in 5.4 and 5.5 seems to be buggy . I don't have any problem with BIND on 5.3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with Gnome (or nautilus)
On Tue, 2010-07-06 at 21:28 +0530, Basil Kurian wrote: I have upgraded form 5.4 to 5.5 . after that i 'm having problem with nautilus some strange errors like not on the same file system occurs during file operation like moving deleting etc. after that i did a fresh installation of 5.5 . then aslo same problem .. does anyone experienced such a problem ?? --- That's a Bug for 5.5 Upstream Confirms it. John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with Gnome (or nautilus)
which one ?? problem with Gnome or BIND ?? i tried RHEL 5.5 anr 5.4 . the two doesn't have any problem with gnome or BIND any patch released ?? On 6 July 2010 22:01, JohnS jse...@gmail.com wrote: On Tue, 2010-07-06 at 21:28 +0530, Basil Kurian wrote: I have upgraded form 5.4 to 5.5 . after that i 'm having problem with nautilus some strange errors like not on the same file system occurs during file operation like moving deleting etc. after that i did a fresh installation of 5.5 . then aslo same problem .. does anyone experienced such a problem ?? --- That's a Bug for 5.5 Upstream Confirms it. John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with Gnome (or nautilus)
On Tue, 2010-07-06 at 22:17 +0530, Basil Kurian wrote: which one ?? problem with Gnome or BIND ?? Nautilus is the Problem at hand.. The question I had answered. i tried RHEL 5.5 anr 5.4 . the two doesn't have any problem with gnome or BIND Maybe your not a heavy user to see it. You will hit when you start transferring huge files in the GUI any patch released ?? --- How about next time BOTTOM POST ! https://bugzilla.redhat.com/buglist.cgi?quicksearch=nautilus There are several of the entries there. John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] question on modprobe.conf
I download the RHEL 6b2 and noticed the modprobe.conf was no longer present. I used modprobe.conf to place options for ethernet drivers like which order to install the drivers. e1000e before forcedeth - things like that. Anyway - seems like that file is no longer present. what is the future way to handle driver options? Thanks Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with Gnome (or nautilus)
actually i tried downgrading nautilus by using packges from centos 5.3 dvd .. it again shows problem , then tried to downgrade gnome as such from 5.3 DVD , then some dependency problem arises finally i installed PcmanFM .. and used it for a while . what about BIND DNS server in 5.4 and 5.5 ?? in 5.3 it is working perfectly. On 6 July 2010 23:56, JohnS jse...@gmail.com wrote: On Tue, 2010-07-06 at 22:17 +0530, Basil Kurian wrote: which one ?? problem with Gnome or BIND ?? Nautilus is the Problem at hand.. The question I had answered. i tried RHEL 5.5 anr 5.4 . the two doesn't have any problem with gnome or BIND Maybe your not a heavy user to see it. You will hit when you start transferring huge files in the GUI any patch released ?? --- How about next time BOTTOM POST ! https://bugzilla.redhat.com/buglist.cgi?quicksearch=nautilus There are several of the entries there. John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question on modprobe.conf
On 07/06/2010 11:54 AM, Jerry Geis wrote: I download the RHEL 6b2 and noticed the modprobe.conf was no longer present. I used modprobe.conf to place options for ethernet drivers like which order to install the drivers. e1000e before forcedeth - things like that. Anyway - seems like that file is no longer present. what is the future way to handle driver options? Thanks Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Create a new file in /etc/modprobe.d, with the options you normally put in /etc/modprobe.conf. Any file in that directory is loaded just as /etc/modprobe.conf was. Emmett ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question on modprobe.conf
On 07/06/2010 01:54 PM, Jerry Geis wrote: I download the RHEL 6b2 and noticed the modprobe.conf was no longer present. I used modprobe.conf to place options for ethernet drivers like which order to install the drivers. e1000e before forcedeth - things like that. Anyway - seems like that file is no longer present. what is the future way to handle driver options? Similar content is now broken up into separate .conf files in directory /etc/modprobe.d so that individual packages can now have sole ownership of a file rather than trying to pack all their parameters into a single, hard to maintain file. -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question on modprobe.conf
Similar content is now broken up into separate .conf files in directory /etc/modprobe.d so that individual packages can now have sole ownership of a file rather than trying to pack all their parameters into a single, hard to maintain file. in what order are the files processed? -- Among the maxims on Lord Naoshige's wall, there was this one: Matters of great concern should be treated lightly. Master Ittei commented, Matters of small concern should be treated seriously. (Ghost Dog : The Way of The Samurai) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question on modprobe.conf
I'm guessing alphabetically? From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of cornel panceac Sent: Tuesday, July 06, 2010 2:26 PM To: CentOS mailing list Subject: Re: [CentOS] question on modprobe.conf Similar content is now broken up into separate .conf files in directory /etc/modprobe.d so that individual packages can now have sole ownership of a file rather than trying to pack all their parameters into a single, hard to maintain file. in what order are the files processed? -- Among the maxims on Lord Naoshige's wall, there was this one: Matters of great concern should be treated lightly. Master Ittei commented, Matters of small concern should be treated seriously. (Ghost Dog : The Way of The Samurai) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question on modprobe.conf
On Tue, Jul 06, 2010 at 10:25:36PM +0300, cornel panceac wrote: Similar content is now broken up into separate .conf files in directory /etc/modprobe.d so that individual packages can now have sole ownership of a file rather than trying to pack all their parameters into a single, hard to maintain file. in what order are the files processed? -- Among the maxims on Lord Naoshige's wall, there was this one: Matters of great concern should be treated lightly. Master Ittei commented, Matters of small concern should be treated seriously. (Ghost Dog : The Way of The Samurai) In alphabetical order. -- Dominik Zyla pgplYrqtsgDlr.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question on modprobe.conf
In alphabetical order. -- Dominik Zyla thank you ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security compliance vs. old software versions
On 6/30/2010 8:54 PM, John Jasen wrote: m.r...@5-cent.us wrote: John Jasen wrote: m.r...@5-cent.us wrote: Frank Cox wrote: On Wed, 2010-06-30 at 15:14 -0400, m.r...@5-cent.us wrote: Sorry, you lost me here. I turned off all access to the h/d/ramdisk on the printers, and left it off. This, of course, slows things down a lot, but it's Secure. snip Forgive the minor nit, and hopefully not continuing the talking past each other, but modern printers have more computer resources than a smart phone, and the embedded OS is either equally as complex or an embedded braindead version of Windows. In other words, they are assets worth protecting. So, you're saying protection is more important than having them usable for the folks whose use they were bought for? You're saying that we should just get rid of them, and buy less capable printers that can't do as much? Even when the only way to get to the existing printers is from a system that's *inside* the firewall, and on our network? Hey, how 'bout I just unplug them from the network altogether? They'll be doorstops, but they'll be secure. Well, I'm a security admin, so of course protection is more important than utility! :) But seriously, the assessment tools provide information on your environment, based on certain standard metrics. Its (HOPEFULLY! PCI compliance notwithstanding ) up to the people who end up reading them to fix the environment, determine that its not a problem, or accept the risk that was discovered. Sorry to drag this back out to the front... I've been beyond busy and just now catching up. One of the things that is blaring to me in these 'security' scans is that there is no check of passwords. We can jump through every hoop in the world to provide a 'secure' environment, yet without 'verifying' with the client a quality password and password policy, this is simply a moot point. Yes, one would hope... but if they don't check this how do they know? I have had requests for password changes to the most ignorant and guessable things. We don't allow any of our users to set their passwords, but I do wonder about these supposedly 'secure' sites. There are also no checks on the security of the server location. Who has access to the console? I think this whole business is simply another ploy to cost everyone a lot of money... but the 'form' gets filled out. It is absurdity at its finest! On the most secure systems, they couldn't even run their reports. The companies doing these checks are simply lining their pockets with green. John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] KVM virtual guest can not use serial port
I hope this is not to far off topic. I have a Windows 2003 guest on a CentOS 5.5 KVM host. I need to use the serial port on the win2003 guest for the application it is serving. I have no idea what needs to be done but it looks like the linux host is trying to use the serial port as the priamary console but I don't really understand what that is or where it is configured. What I need is for the host to ignore any traffice over the serial port and to pass it to the guest. On the host, ls -l /dev | grep ttyS, returns: crw-rw 1 root uucp 4,64 Jul 6 10:17 ttyS0 crw-rw 1 root uucp 4,65 Jul 6 10:17 ttyS1 crw-rw 1 root uucp 4,66 Jul 6 10:17 ttyS2 crw-rw 1 root uucp 4,67 Jul 6 10:17 ttyS3 It only has 1 serial port so I don't know why ttyS1-S3 are listed. On the guest it says that Com1 is configured and working properly. On the Virtual Machine Hardware tab of the guest it lists a Serial 0. Details: Serial Device (Priamary Console) Device Type: pty Target Port: 0 Source Path: /dev/pts/2 Any help would be greatly appreaciated. Thanks!!! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
cliff here wrote: Well if you want the kernel to route IPV4 traffic, then yes it has to be 1 net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? yea that needs to be a 1 That cannot be mandatory, as I have a 0 there and do not have the OP's problem. You've changed the question. The OP did not say he wanted to route IPV4 traffic. He said he could not access his server from local machines. Are you saying you must have the setting you mention in /etc/sysctl.conf ? That cannot be true, as I can access my server and I don't have your entry. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Logwatch with Postfix and Amavisd-new
I'm trying to get usable reports out of logwatch on this new system. Looks like the reports are running in an 'unformatted' mode under Postfix/Amavisd. I found a couple of programs, postfix-logwatch and amavisd-logwatch. These sound promising. I am running Amavisd as the frontend to Postfix. Is anybody running either of these as a logwatch filter? If so, is it repetitive to run both, or should I consider only one of above and which would provide the best results? And, are these in any of the CentOS repositories? Couldn't find them in Dag's. Thanks! John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
On Tue, Jul 06, 2010 at 09:19:41PM +0100, Timothy Murphy wrote: cliff here wrote: Well if you want the kernel to route IPV4 traffic, then yes it has to be 1 net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? yea that needs to be a 1 That cannot be mandatory, as I have a 0 there and do not have the OP's problem. You've changed the question. The OP did not say he wanted to route IPV4 traffic. He said he could not access his server from local machines. Are you saying you must have the setting you mention in /etc/sysctl.conf ? That cannot be true, as I can access my server and I don't have your entry. Check your iptables rules. Maybe there are no INPUT rules to access your gateway via internal nic. -- Dominik Zyla pgp6TVMSDzTp4.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM virtual guest can not use serial port
Greetings, On 7/7/10, Doug Coats dcoats...@gmail.com wrote: I have a Windows 2003 guest on a CentOS 5.5 KVM host. I need to use the serial port on the win2003 guest for the application it is serving. you are on your own as fas as non-centos guests are concerned. Have you enabled some vitualisation option in the BIOS at all? Regards, Rajagopal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security compliance vs. old software versions
John Hinton wrote: On 6/30/2010 8:54 PM, John Jasen wrote: Well, I'm a security admin, so of course protection is more important than utility! :) But seriously, the assessment tools provide information on your environment, based on certain standard metrics. Its (HOPEFULLY! PCI compliance notwithstanding ) up to the people who end up reading them to fix the environment, determine that its not a problem, or accept the risk that was discovered. Sorry to drag this back out to the front... I've been beyond busy and just now catching up. One of the things that is blaring to me in these 'security' scans is that there is no check of passwords. We can jump through every hoop in the world to provide a 'secure' environment, yet without 'verifying' with the client a quality password and password policy, this is simply a moot point. Yes, one would hope... but if they don't check this how do they know? I have had requests for password changes to the most ignorant and guessable things. We don't allow any of our users to set their passwords, but I do wonder about these supposedly 'secure' sites. Well, security assessment tools should just be a part of your holistic security posture. Hopefully, if passwords are a concern, you've set requirements for complex password in your authentication system, and are routinely running password scans against them. FWIW, nessus does have a check for stupid default passwords for default accounts. -- -- John E. Jasen (jja...@realityfailure.org) -- Deserve Victory. -- Terry Goodkind, Naked Empire ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logwatch with Postfix and Amavisd-new
On Jul 6, 2010, at 4:31 PM, John Hinton webmas...@ew3d.com wrote: I'm trying to get usable reports out of logwatch on this new system. Looks like the reports are running in an 'unformatted' mode under Postfix/Amavisd. I found a couple of programs, postfix-logwatch and amavisd-logwatch. These sound promising. I am running Amavisd as the frontend to Postfix. I use both. They format nicely and give different stats. Is anybody running either of these as a logwatch filter? If so, is it repetitive to run both, or should I consider only one of above and which would provide the best results? And, are these in any of the CentOS repositories? Couldn't find them in Dag's. I just downloaded and ran the make install as per instructions. It only installs a script for logwatch to run and puts it in a sensible place with postfix and amavis names Thanks! John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM virtual guest can not use serial port
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/07/2010 22:43, Rajagopal Swaminathan wrote: Greetings, On 7/7/10, Doug Coats dcoats...@gmail.com wrote: I have a Windows 2003 guest on a CentOS 5.5 KVM host. I need to use the serial port on the win2003 guest for the application it is serving. you are on your own as fas as non-centos guests are concerned. If it is possible to pass through a physical serial port to a virtual machine ( and I do not know if it is, sorry, just bla bla ;-), then i would expect it to be guest os independent, that means it has to be configured in the host ? Regards, Markus -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwzncgACgkQYoWFBIJE9eXZkQCbBOy6pwTbG3BUPNkoWeobopEe QT0AnjqRBSSb1lLf2xYAf4UCniZZB1Vh =g0CK -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security compliance vs. old software versions
On 7/6/2010 4:49 PM, John Jasen wrote: John Hinton wrote: On 6/30/2010 8:54 PM, John Jasen wrote: Well, I'm a security admin, so of course protection is more important than utility! :) But seriously, the assessment tools provide information on your environment, based on certain standard metrics. Its (HOPEFULLY! PCI compliance notwithstanding ) up to the people who end up reading them to fix the environment, determine that its not a problem, or accept the risk that was discovered. Sorry to drag this back out to the front... I've been beyond busy and just now catching up. One of the things that is blaring to me in these 'security' scans is that there is no check of passwords. We can jump through every hoop in the world to provide a 'secure' environment, yet without 'verifying' with the client a quality password and password policy, this is simply a moot point. Yes, one would hope... but if they don't check this how do they know? I have had requests for password changes to the most ignorant and guessable things. We don't allow any of our users to set their passwords, but I do wonder about these supposedly 'secure' sites. Well, security assessment tools should just be a part of your holistic security posture. Hopefully, if passwords are a concern, you've set requirements for complex password in your authentication system, and are routinely running password scans against them. FWIW, nessus does have a check for stupid default passwords for default accounts. My point is these 'secuity metrics' businesses that are paid, generally by credit card companies, to do these software scans and don't ever do these most basic checks. Not that my quoted text is the name of one of these companies or anything. ;) I really feel the scans are just scams. Pun intended. John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security compliance vs. old software versions
On Tue, Jul 06, 2010 at 05:21:36PM -0400, John Hinton wrote: My point is these 'security metrics' businesses that are paid, generally by credit card companies, to do these software scans and don't ever do these most basic checks. Not that my quoted text is the name of one of these companies or anything. ;) I really feel the scans are just scams. Pun intended. As devils' advocate here, yes the scans are far from thorough or complete. But there is a significant number of really insecure sites where they do flag some of that. The credit card companies aren't going for 100% perfection, any more than merchants go for 100% safety from shrinkage. They aren't trying to eliminate sites where credit card data is insecure (or stores that can be shoplifted from), just keep the incidence down to levels where they can afford to write off the losses. Between finding real security problems sometimes, and scaring sysadmins into at least thinking about it other times, they accomplish that. Meanwhile it's a PITA for competent sysadmins, for all the reasons discussed here, because the scans are worthless against a system with a good security design, giving false positives and not probing deeply enough to improve our occasionally half-assed practices. But we're just collateral damage to them. The main aim is to knock down some portion of the really bad apples, and keep their insurers and the government happy. Whit ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security compliance vs. old software versions
On 7/6/2010 5:34 PM, Whit Blauvelt wrote: On Tue, Jul 06, 2010 at 05:21:36PM -0400, John Hinton wrote: My point is these 'security metrics' businesses that are paid, generally by credit card companies, to do these software scans and don't ever do these most basic checks. Not that my quoted text is the name of one of these companies or anything. ;) I really feel the scans are just scams. Pun intended. As devils' advocate here, yes the scans are far from thorough or complete. But there is a significant number of really insecure sites where they do flag some of that. The credit card companies aren't going for 100% perfection, any more than merchants go for 100% safety from shrinkage. They aren't trying to eliminate sites where credit card data is insecure (or stores that can be shoplifted from), just keep the incidence down to levels where they can afford to write off the losses. Between finding real security problems sometimes, and scaring sysadmins into at least thinking about it other times, they accomplish that. Meanwhile it's a PITA for competent sysadmins, for all the reasons discussed here, because the scans are worthless against a system with a good security design, giving false positives and not probing deeply enough to improve our occasionally half-assed practices. But we're just collateral damage to them. The main aim is to knock down some portion of the really bad apples, and keep their insurers and the government happy. Whit You are right Whit. It makes us think and that is positive. The only other good thing I can think of in all of this, is apparently someone has figured out a way to get money out of a credit card company and that is a huge feat in itself! :) Unfortunately, we the consumers pay for that, too. :( OK... I guess my old frustration with this is now vented. John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] WAS//security compliance vs. old software versions
On Tue, 2010-07-06 at 17:44 -0400, John Hinton wrote: On 7/6/2010 5:34 PM, Whit Blauvelt wrote: On Tue, Jul 06, 2010 at 05:21:36PM -0400, John Hinton wrote: OK... I guess my old frustration with this is now vented. John --- Wow! Look at all the Johns on the list... John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logwatch with Postfix and Amavisd-new
On 06/07/10 21:31, John Hinton wrote: I'm trying to get usable reports out of logwatch on this new system. Looks like the reports are running in an 'unformatted' mode under Postfix/Amavisd. I found a couple of programs, postfix-logwatch and amavisd-logwatch. These sound promising. I am running Amavisd as the frontend to Postfix. Also take a look at pflogsumm which is provided by the postfix-pflogsumm package. Example usage: pflogsumm -d today /var/log/maillog ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Chan Chung Hang Christopher Sent: Tuesday, July 06, 2010 9:28 AM To: centos@centos.org Subject: Re: [CentOS] DNS or firewall problem Are you running a proxy for http? It would be rather surprising that internal machines can access the Internet without forwarding turned on otherwise. When you say internal machines cannot access your server, are they connecting to it via the local interface's ip or the Internet ip? Are the services bound to the local interface? I did notice today there is a squid.conf file in my /etc/httpd/conf.d directory. It appears it is configure for the local domain only. I renamed it and restarted apache but that didn't work. The server has two nics, one for internet and one for the local network, connected to a switch. eth0 is connected to the uplink port. Please pastebin the output of the following: Run as root: 'cat /etc/sysconfig/iptables' # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT 'netstat -ntlp' Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:2 0.0.0.0:* LISTEN 3580/perl tcp0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2960/hpiod tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN 3138/mysqld tcp0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 3049/clamd tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2667/portmap tcp0 0 0.0.0.0:60000.0.0.0:* LISTEN 3958/X tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN 3588/perl tcp0 0 192.168.1.101:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2980/cupsd tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3218/sendmail: acce tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2639/named tcp0 0 0.0.0.0:766 0.0.0.0:* LISTEN 2704/rpc.statd tcp0 0 0.0.0.0:35510.0.0.0:* LISTEN 3032/apcupsd tcp0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 2965/python tcp0 0 :::80 :::* LISTEN 5464/httpd tcp0 0 :::6000 :::* LISTEN 3958/X tcp0 0 ::1:953 :::* LISTEN 2639/named tcp0 0 :::443 :::* LISTEN 5464/httpd Not sure what all this means. Hope someone can. Thanks!! Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] disable dvd write
hi, does anybody know how to disable dvd/cd write access in centos 5.3? thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disable dvd write
make the /dev device re-only (chmod 444)? On 2010-07-06, at 3:57 PM, grace rante wrote: hi, does anybody know how to disable dvd/cd write access in centos 5.3? thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] test
___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] test
mattias jonsson wrote: Failed, please study harder. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] test
I'm sorry for the test should not be repeted -Ursprungligt meddelande- Från: centos-boun...@centos.org [mailto:centos-boun...@centos.org] För Larry Brower Skickat: den 7 juli 2010 02:22 Till: CentOS mailing list Ämne: Re: [CentOS] test mattias jonsson wrote: Failed, please study harder. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
Dominik Zyla wrote: Are you saying you must have the setting you mention in /etc/sysctl.conf ? That cannot be true, as I can access my server and I don't have your entry. Check your iptables rules. Maybe there are no INPUT rules to access your gateway via internal nic. I don't see the relevance of that. I never said I had or didn't have any iptables rules. I'm simply observing that I do not have the specified setting and I can access my server from my LAN, therefore the setting cannot be essential for this purpose. I can access the server because I have loc $FW ACCEPT in /etc/shorewall/policy; but that is not really relevant to the point at issue. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM virtual guest can not use serial port
I would expect it to be guest os independent, that means it has to be configured in the host ? Regards, Markus So does anyone know how to configure a serial port properly in CentOS 5.5? Thanks again ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. ugh...fwbuilder crap...oh well. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT Seriously? Them two are redundant since you already accept everything on lo. -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT Hmm...you do not appear to have a blanket accept for your internal interface. What services are supposed to be open to the internal lan? 'netstat -ntlp' Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:2 0.0.0.0:* LISTEN 3580/perl tcp0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2960/hpiod tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN 3138/mysqld tcp0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 3049/clamd tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2667/portmap tcp0 0 0.0.0.0:60000.0.0.0:* LISTEN 3958/X tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN 3588/perl tcp0 0 192.168.1.101:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2980/cupsd tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3218/sendmail: acce tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2639/named tcp0 0 0.0.0.0:766 0.0.0.0:* LISTEN 2704/rpc.statd tcp0 0 0.0.0.0:35510.0.0.0:* LISTEN 3032/apcupsd tcp0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 2965/python tcp0 0 :::80 :::* LISTEN 5464/httpd tcp0 0 :::6000 :::* LISTEN 3958/X tcp0 0 ::1:953 :::* LISTEN 2639/named tcp0 0 :::443 :::* LISTEN 5464/httpd Not sure what all this means. Hope someone can. You should be able to connect to the web service from the internal lan using the internal ip and also to the smtp service. But I guess your web service is probably apache doing proxy work unless you have a different meaning to 'internal boxes can access the internet'... What services were internal boxes supposed to be able to access again? webmin? mysql? dns? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM virtual guest can not use serial port
On 07/06/10 6:02 PM, Doug Coats wrote: I would expect it to be guest os independent, that means it has to be configured in the host ? Regards, Markus So does anyone know how to configure a serial port properly in CentOS 5.5? if its not plug and play, setserial(8), then use whatever /dev/ttyS# its configured as. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Networking just stopped working
On Tuesday, July 06, 2010 09:21 PM, Chan Chung Hang Christopher wrote: Les Mikesell wrote: Chan Chung Hang Christopher wrote: Christopher Chan wrote: And now the thing is working again... It's not working again. Running tcpdump -i vlan seems to trigger something to get the network working again but as soon as I stop tcpdump...nada, zip, zilch. Any ideas? I see no errors in the logs whether of the switch or the box, just about everything reports fine. Would the loading of the kernel bridge module cause this? Running tcpdump would put the interface in promiscuous mode. Does your setup need this to work? I don't think so. The thing was working fine since December last year until this morning. Then poof! I just realized I forgot to boot older kernels to check for the same problem... Box behaving for the moment after tcpdump was run on one of the interfaces and then stopped. I'll just wait for the next weirdo event. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Christopher Chan Sent: Tuesday, July 06, 2010 9:13 PM To: centos@centos.org Subject: Re: [CentOS] DNS or firewall problem # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. ugh...fwbuilder crap...oh well. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT Seriously? Them two are redundant since you already accept everything on lo. I didn't do that. :-) -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT Hmm...you do not appear to have a blanket accept for your internal interface. What services are supposed to be open to the internal lan? Really just intersted in web, ftp and maybe samba 'netstat -ntlp' Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:2 0.0.0.0:* LISTEN 3580/perl tcp0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2960/hpiod tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN 3138/mysqld tcp0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 3049/clamd tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2667/portmap tcp0 0 0.0.0.0:60000.0.0.0:* LISTEN 3958/X tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN 3588/perl tcp0 0 192.168.1.101:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2980/cupsd tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3218/sendmail: acce tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2639/named tcp0 0 0.0.0.0:766 0.0.0.0:* LISTEN 2704/rpc.statd tcp0 0 0.0.0.0:35510.0.0.0:* LISTEN 3032/apcupsd tcp0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 2965/python tcp0 0 :::80 :::* LISTEN 5464/httpd tcp0 0 :::6000 :::* LISTEN 3958/X tcp0 0 ::1:953 :::* LISTEN 2639/named tcp0 0 :::443 :::* LISTEN 5464/httpd Not sure what all this means. Hope someone can. You should be able to connect to the web service from the internal lan using the internal ip and also to the smtp service. But I guess your web service is probably apache doing proxy work unless you have a different meaning to 'internal boxes can access the internet'... What services were internal boxes supposed to be able to access again? webmin? mysql? dns? Not really relying on my server for dns for the local machines, just for local services, ftp, webmin, local web. I'm not on a commercial account with my isp so 'external' mail is not an issue. I have most services turned off but can activate them , remotely, from webmin if I need ssh or ftp. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
Hmm...you do not appear to have a blanket accept for your internal interface. What services are supposed to be open to the internal lan? Really just intersted in web, ftp and maybe samba Well, the rules do accept connections for them three so no problem here. Not really relying on my server for dns for the local machines, just for local services, ftp, webmin, local web. I'm not on a commercial account with my isp so 'external' mail is not an issue. ftp is not running, webmin is blocked. You should be able to connect to apache. samba is not running either. I have most services turned off but can activate them , remotely, from webmin if I need ssh or ftp. Well, I guess you first need to allow connections to webmin (from INSIDE - even if you are absolutely certain no one can guess your password) unless you are only going to do it from the desktop on the box. No rules for ssh so you will need to add them if you do enable ssh. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Christopher Chan Sent: Tuesday, July 06, 2010 10:31 PM To: centos@centos.org Subject: Re: [CentOS] DNS or firewall problem Hmm...you do not appear to have a blanket accept for your internal interface. What services are supposed to be open to the internal lan? Really just intersted in web, ftp and maybe samba Well, the rules do accept connections for them three so no problem here. Not really relying on my server for dns for the local machines, just for local services, ftp, webmin, local web. I'm not on a commercial account with my isp so 'external' mail is not an issue. ftp is not running, webmin is blocked. You should be able to connect to apache. samba is not running either. ftp is turned off. Samba, I thought was running but haven't tried to set it up as I was more interested in just accessing web services, locally. I have most services turned off but can activate them , remotely, from webmin if I need ssh or ftp. Well, I guess you first need to allow connections to webmin (from INSIDE - even if you are absolutely certain no one can guess your password) unless you are only going to do it from the desktop on the box. No rules for ssh so you will need to add them if you do enable ssh. I can ssh in remotely but don't have a need for it locally. I can access webmin remotely but not from a local machine. I see no need for my server to use additional resources for the x window environment. I don't use webmin that much except when I need to turn a service on or off remotely or want to upload a file to the server without having to turn of ftp. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM virtual guest can not use serial port
On Tue, 2010-07-06 at 20:02 -0500, Doug Coats wrote: I would expect it to be guest os independent, that means it has to be configured in the host ? Regards, Markus So does anyone know how to configure a serial port properly in CentOS 5.5? Thanks again --- Try man setserial. John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
I have most services turned off but can activate them , remotely, from webmin if I need ssh or ftp. Well, I guess you first need to allow connections to webmin (from INSIDE - even if you are absolutely certain no one can guess your password) unless you are only going to do it from the desktop on the box. No rules for ssh so you will need to add them if you do enable ssh. I can ssh in remotely but don't have a need for it locally. I can access webmin remotely but not from a local machine. I see no need for my server to use additional resources for the x window environment. I don't use webmin that much except when I need to turn a service on or off remotely or want to upload a file to the server without having to turn of ftp. You can access webmin remotely? That contradicts the iptables rules you posted... If you can ssh in remotely then that also contradicts both the rules and the list of ports that have a daemon bound to them. No sshd nor anything bound to port 22. You might want to turn off X/gdm then...that is what is listening on port 6000. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] Lockup with (none) login
On Mon, Jul 05, 2010 at 09:34:25PM -0400, Ben M. wrote: I had a CentOS 5.5 Xen standard virtualization install lockup on reboot after an battery backup (apcusbd) orderly shutdown induced by a power outage. It may have been sitting with two kernel updates without a reboot. I have to head to the site (with a fractured ankle), but reports indicate that it is at - (none) login: which only returns back to itself after a user login at console, including root. - the local user says, though the monitor speed was too fast that it is failing to find its mounts OR that the disk reported errors. It is on a dmraid (I know, please don't flame me). There is some critical information on the drives that did NOT backup. I need a list of tools and ideas to have a checklist to try and resurrect this machine. Of course I will go with - Live CD - CentOS 5.5 install. - Hard drives. I would appreciate any procedural methods to go about this and try to resurrect this machine. Hmm.. boot log would be good, then it'd be obvious what's wrong. Try using a serial console to capture the Xen/kernel messages? http://wiki.xensource.com/xenwiki/XenSerialConsole Other than that.. did you check redhat bugzilla if there's some dmraid related regression on 5.5 ? Or maybe some other regression.. -- Pasi ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-es] Syslog
2010/7/6 Lorenzo Ortega lorenzo.ort...@freebyte.es: tengo tres servidores de aplicaciones con centos 5.3. La aplicación vuelca logs en disco, pero quiero llevármelos a una cuarta máquina con syslog, que se trata de un centos escuchando el syslog en red (-r), donde aqui recopila el log de las demás en un solo fichero en disco. Lo quiero es la aplicación, use una facility local (he usado local4), para que esa misma, sea la que los envie a la facility de la máquina remota. Si yo, a la aplicación la configuro la facility y el host remoto, si me funciona, pero lo que quiero es que sea la facility de cada máquina la que envie a la remota, no la propia aplicación, por que, puede que nos encontremos con un problema importante de io en la máquina remota. Una prueba que he hecho ha sido, configurar el syslog de cada una de las 3 máquinas de la siguiente forma: local4.info @maquina_destino La máquina que recibe los logs, además de escuchar en red syslogd -r -m 0, su syslog: local4.info /var/log/stats.log Me funciona si en la máquina origen, ejecuto logger -p local4.info Prueba , eso si se escribe en log de la maquina_destino, y como os he contado antes, si en la aplicación, la introduzco directamente. ¿alguna idea? ¿que opinaís de enviar los logs directamente al local4 remoto en vez de pasarlo por el de la máquina local? Hola Lorenzo, no conozco bastante sobre syslog como para evaluar tu propuesta a priori, pero sería interesante si haces las dos experiencias y nos muestras una comparación numérica. Por favor explícanos de qué manera cambia la situación en los sistemas de los servidores si defines facilities locales y cuál es la situación de e/s que quieres evitar sobre el server. Leyendo lo que propones, no me queda claro qué efecto lograrías sobre la e/s del server de log remoto; en cambio sospecho que cambiaría el patrón de los demás servidores al distribuir de otra manera la e/s a través del tiempo (en todo caso evitando competencia con las ráfagas de actividad de la aplicación). -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Problema con SELinux.
Buenas: Estoy teniendo el siguiente problema, resulta que se me cierra sesion cada hora mas o menos, no solo, sale el típico mensaje de si desea terminar la sesión, y t da la sopciones de cerrar, apagar, etc He mirado los logs y me sale la siguiente advertencia: Jul 6 08:53:41 STA31LX setroubleshoot: SELinux is preventing access to files with the label, file_t. For complete SELinux messages. run sealert -l fdef4efd-4ec6-4596-8e4e-504ae578b219 Jul 6 08:53:41 STA31LX setroubleshoot: SELinux is preventing /usr/bin/xauth (hotplug_t) create access to .Xauthority-c (user_home_dir_t). For complete SELinux messages. run sealert -l 63934506-dc3b-441c-a525-98db46555ae4 Jul 6 08:53:41 STA31LX setroubleshoot: SELinux is preventing /usr/bin/xauth (hotplug_t) link access to .Xauthority-c (user_home_dir_t). For complete SELinux messages. run sealert -l 6a188c8a-7c94-4bb3-a391-83d308da85b1 Jul 6 08:53:41 STA31LX setroubleshoot: SELinux is preventing /usr/bin/xauth (hotplug_t) write access to .Xauthority (user_home_dir_t). For complete SELinux messages. run sealert -l b6a96052-09d3-4174-9fa2-a6fe94036c90 Jul 6 08:53:41 STA31LX setroubleshoot: SELinux is preventing /usr/bin/xauth (hotplug_t) read access to .Xauthority (user_home_dir_t). For complete SELinux messages. run sealert -l a06cc30d-b189-4041-89b3-2e494b2f7dde Jul 6 08:53:41 STA31LX setroubleshoot: SELinux is preventing /usr/bin/xauth (hotplug_t) getattr access to /home/taam/.Xauthority (user_home_dir_t). For complete SELinux messages. run sealert -l f60fee74-6970-4581-ae39-1de0b3de805e Jul 6 08:53:41 STA31LX setroubleshoot: SELinux is preventing /usr/bin/xauth (hotplug_t) unlink access to .Xauthority (user_home_dir_t). For complete SELinux messages. run sealert -l 6931f170-ba32-4462-8b20-588acf4cd1c5 Jul 6 08:53:44 STA31LX setroubleshoot: SELinux is preventing /bin/su (hotplug_t) read access to shadow (shadow_t). For complete SELinux messages. run sealert -l dff3256b-ba64-4eff-9bcc-d5dbea855870 Jul 6 08:53:51 STA31LX setroubleshoot: SELinux is preventing /bin/su (hotplug_t) write access to log (device_t). For complete SELinux messages. run sealert -l afd327cd-1c3f-47d5-93b4-07605e661f1b He ejecutado ese comando, me muestra el texto y la posible solución, la ejecuto y me da error. He intentado ejecutar el SELinux en modo gráfico y no me funciona correctamente, y he mirado estas soluciones: http://itknowledgeexchange.techtarget.com/linux-lotus-domino/maintaining-your-sanity-with-selinux/ http://mdious.fedorapeople.org/drafts/html/sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html http://docs.fedoraproject.org/es-ES/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html Tenéis alguna idea de por que está pasando? otra cosa extraña es que he ido a ejecutar el chkconfig y me dice que no existe el comando ¿? es probable que tenga que ver con esto. Un saludo y muchas gracias. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] reabro caso del server bloqueado
Hola, siento insistir pero estoy desesperado, el server de forma aleatoria se me bloquea y aun mirando los logs, no sé por que; pongo los datos: ASUS P5Q Premium, 775,DDR2, 2PCIe, sATA2,sonido 7.1, GLan, Fw Intel Core 2 Duo E7500 2x2,93GHz 775/1066MHz/3Mb 2 Modulo DDR2 2Gb 1066Mhz HyperX KHX8500D2/2G XFX PCIe HD4650 512Mb DDR2 (HD-465X-YAD2) 1 2 WD 250Gb SATA2 7200rpm 8Mb (WD2500AAJS) 2 2 WD 500Gb SATA2 7200rpm 16Mb (WD5000AAKS) La distribución instalada es: Centos 5.5 i386 Lo tengo como sevidor samba con perfiles móviles, dovecot instalado con fetchmail, servidor local dns. Estoy usando 3 adsl conectadas a las tarjetas integradas que vinieron con shorewall. -- ___ REPARACIONONLINE GARANTIA PARA SU PC ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Syslog
En primer lugar, muchas gracias por tu respuesta. Solo puedo probar la situación en la que la aplicación envia datos al syslog remoto, la situación en la que los syslogs locales lo envian al syslog remoto es la que no me funciona. Usando el Syslog local, tal vez, y solo tal vez, tendría algo más de contención en las máquinas para evitar un cuello de botella en el syslog remoto... de ahí mi segunda pregunta... se que un paso me lo ahorro, pero las implicaciones que tiene, las desconozco... ¿como lo harías vosotros? gracias L. No puedo hacer pruebas, ya que se trata de un entorno en producción. El 06/07/10 11:45, Eduardo Grosclaude escribió: 2010/7/6 Lorenzo Ortegalorenzo.ort...@freebyte.es: tengo tres servidores de aplicaciones con centos 5.3. La aplicación vuelca logs en disco, pero quiero llevármelos a una cuarta máquina con syslog, que se trata de un centos escuchando el syslog en red (-r), donde aqui recopila el log de las demás en un solo fichero en disco. Lo quiero es la aplicación, use una facility local (he usado local4), para que esa misma, sea la que los envie a la facility de la máquina remota. Si yo, a la aplicación la configuro la facility y el host remoto, si me funciona, pero lo que quiero es que sea la facility de cada máquina la que envie a la remota, no la propia aplicación, por que, puede que nos encontremos con un problema importante de io en la máquina remota. Una prueba que he hecho ha sido, configurar el syslog de cada una de las 3 máquinas de la siguiente forma: local4.info @maquina_destino La máquina que recibe los logs, además de escuchar en red syslogd -r -m 0, su syslog: local4.info /var/log/stats.log Me funciona si en la máquina origen, ejecuto logger -p local4.info Prueba , eso si se escribe en log de la maquina_destino, y como os he contado antes, si en la aplicación, la introduzco directamente. ¿alguna idea? ¿que opinaís de enviar los logs directamente al local4 remoto en vez de pasarlo por el de la máquina local? Hola Lorenzo, no conozco bastante sobre syslog como para evaluar tu propuesta a priori, pero sería interesante si haces las dos experiencias y nos muestras una comparación numérica. Por favor explícanos de qué manera cambia la situación en los sistemas de los servidores si defines facilities locales y cuál es la situación de e/s que quieres evitar sobre el server. Leyendo lo que propones, no me queda claro qué efecto lograrías sobre la e/s del server de log remoto; en cambio sospecho que cambiaría el patrón de los demás servidores al distribuir de otra manera la e/s a través del tiempo (en todo caso evitando competencia con las ráfagas de actividad de la aplicación). ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] sobre servidores de correo..., ayuda
Hola anigos listeros, agradeceria q me orienten un poco mas acerca de servidores de coreeo, he vsito q habaln sobre psofix y sendmail, el ultino lei q es via web, tambien sobre dovecot, mi duda es posxfix y sendmail son distintos verda?¿? puede ser uno u otro, pero no los dos, estoy en lo cierto'¡'¿ y cuales son su ventajas? uno respecto del otro?, el dovecot es encesario para los dos?, lei por ahi q para q funcioones el sendmaul , necesitan servidor web corriendo, claro es via web y necesita, tambien le ponen squirremail, todo eso , existen otros pero vi q solo necesita ingresar user y paswsword y como hacen eso como yahoo y hotnail cdonde el usuario puede crear su cuenta y hacer su correito, saludos amifgos y gracias por su paciencia si he sdo demasiado novato... Edgar Rodolfo: https://fedoraproject.org/wiki/User:Edgarr789 http://cybernautape.wordpress.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] sobre servidores de correo..., ayuda
Hola Edgar 2010/7/6 Edgar Vargas edgarr...@gmail.com: Hola anigos listeros, agradeceria q me orienten un poco mas acerca de servidores de coreeo, he vsito q habaln sobre psofix y sendmail, Sí, son posiblemente los dos más importantes para nosotros, pero no los únicos el ultino lei q es via web, Esto no es así, tanto sendmail como postfix son servidores de correo electrónico, es decir, implementan el protocolo de email SMTP. En principio, ninguno de los dos tiene nada que ver con HTTP, que es el protocolo de los servidores de web. Lo cual no quiere decir que no puedan funcionar junto con programas auxiliares sobre HTTP, como consolas de administración o de envío de mail para usuarios. tambien sobre dovecot, mi duda es posxfix y sendmail son distintos verda?¿? puede ser uno u otro, pero no los dos, estoy en lo cierto'¡' Sí, son dos programas distintos que cumplen más o menos las mismas funciones. No tiene mayor sentido instalar y usar ambos a la vez. ¿ y cuales son su ventajas? uno respecto del otro?, A grandes rasgos, mayor facilidad de configuración para Postfix. el dovecot es encesario para los dos?, Dovecot es un servidor de otros dos protocolos de mail, POP3 e IMAP. Estos protocolos son los que permiten al usuario rescatar su mail de un servidor o manejar sus carpetas. Estos servicios (POP3 e IMAP) comunican al usuario con el servidor de mail; el restante (SMTP) se usa o bien para enviar un mensaje desde el usuario a un servidor, o para comunicar servidores con servidores cuando se transfieren masas de mensajes entre ellos. lei por ahi q para q funcioones el sendmaul , necesitan servidor web corriendo, claro es via web y necesita, tambien le ponen squirremail, todo eso , existen otros pero vi q solo necesita ingresar user y paswsword y como hacen eso como yahoo y hotnail cdonde el usuario puede crear su cuenta y hacer su correito, Esa forma de uso (como Yahoo y Hotmail) corresponde a una aplicación web (como squirrelmail) que presenta al usuario las pantallas necesarias para usar su cuenta, y por debajo (sin que el usuario lo vea) utiliza a algún servidor de mail (como postfix o sendmail) usando todos los protocolos nombrados. Si haces búsquedas con cuatro o cinco palabras de las que hemos comentado seguramente encontrarás más información para proseguir. Si te instalas la Guía de Instalación de CentOS, tienes perfectamente explicado el papel de todas estas piezas de software. -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Javier González
hola, soy nuevo administrando una red con centos, tengo que ponerle kuota a los usuarios que navegan en internet a traves de mi servidor y no se como hacerlo. me pueden ayudar. gracias y un saludo___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] reabro caso del server bloqueado
Para verificar la memoria puedes correr el memtest que viene incluído en el el DVD/CD de instalación de CentOS. Otra falla común es por problemas con fuentes de no muy buena calidad que no entregan alimentación en forma adecuada para todos los elementos. Asegurate que la fuente del equipo tiene potencia suficiente en cada tensión de alimentación. Aún así he debido reemplazar alguna fuente de dudosa calidad por alguna de marca reconocida y esto ha resuelto varios problemas de resets misteriosos. Saludos! 2010/7/6 Rubén González rhu...@msn.com Parece un problema de memoria ram, si aún no las has cambiado prueba a cambiarlas una por una o si te parece las 2 al mismo tiempo también sirve y aprovecha para buscar con el tacto focos de calentamiento anormales. Pienso que se trata de esta razón ya que el bloqueo es aleatorio. -- Date: Tue, 6 Jul 2010 11:27:19 +0100 From: reparaciononl...@gmail.com To: centos-es@centos.org Subject: [CentOS-es] reabro caso del server bloqueado Hola, siento insistir pero estoy desesperado, el server de forma aleatoria se me bloquea y aun mirando los logs, no sé por que; pongo los datos: ASUS P5Q Premium, 775,DDR2, 2PCIe, sATA2,sonido 7.1, GLan, Fw Intel Core 2 Duo E7500 2x2,93GHz 775/1066MHz/3Mb 2 Modulo DDR2 2Gb 1066Mhz HyperX KHX8500D2/2G XFX PCIe HD4650 512Mb DDR2 (HD-465X-YAD2) 1 2 WD 250Gb SATA2 7200rpm 8Mb (WD2500AAJS) 2 2 WD 500Gb SATA2 7200rpm 16Mb (WD5000AAKS) La distribución instalada es: Centos 5.5 i386 Lo tengo como sevidor samba con perfiles móviles, dovecot instalado con fetchmail, servidor local dns. Estoy usando 3 adsl conectadas a las tarjetas integradas que vinieron con shorewall. -- ___ REPARACIONONLINE GARANTIA PARA SU PC -- Discover the new Windows Vista Learn more!http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] sobre servidores de correo..., ayuda
Muchas garcias por aclara algunas ideas q tenia, os cuento q aun no he mplementado un servidor de correo, hasta el momento solo samba, web, y por ahi recien le entro mas a linux, he leido por ahi que emdiante yum install y el tutorial en español creo se isntala la guia, podrian alcanzarme co o hacerlo por aqui en la lista una vez lei algo de eso, alguien me dijo q lo instalara mediante yum toda la guia en español, agardecere su respuesta..., salu2 a todos..., buen día El 06/07/10, Eduardo Grosclaude eduardo.groscla...@gmail.com escribió: Hola Edgar 2010/7/6 Edgar Vargas edgarr...@gmail.com: Hola anigos listeros, agradeceria q me orienten un poco mas acerca de servidores de coreeo, he vsito q habaln sobre psofix y sendmail, Sí, son posiblemente los dos más importantes para nosotros, pero no los únicos el ultino lei q es via web, Esto no es así, tanto sendmail como postfix son servidores de correo electrónico, es decir, implementan el protocolo de email SMTP. En principio, ninguno de los dos tiene nada que ver con HTTP, que es el protocolo de los servidores de web. Lo cual no quiere decir que no puedan funcionar junto con programas auxiliares sobre HTTP, como consolas de administración o de envío de mail para usuarios. tambien sobre dovecot, mi duda es posxfix y sendmail son distintos verda?¿? puede ser uno u otro, pero no los dos, estoy en lo cierto'¡' Sí, son dos programas distintos que cumplen más o menos las mismas funciones. No tiene mayor sentido instalar y usar ambos a la vez. ¿ y cuales son su ventajas? uno respecto del otro?, A grandes rasgos, mayor facilidad de configuración para Postfix. el dovecot es encesario para los dos?, Dovecot es un servidor de otros dos protocolos de mail, POP3 e IMAP. Estos protocolos son los que permiten al usuario rescatar su mail de un servidor o manejar sus carpetas. Estos servicios (POP3 e IMAP) comunican al usuario con el servidor de mail; el restante (SMTP) se usa o bien para enviar un mensaje desde el usuario a un servidor, o para comunicar servidores con servidores cuando se transfieren masas de mensajes entre ellos. lei por ahi q para q funcioones el sendmaul , necesitan servidor web corriendo, claro es via web y necesita, tambien le ponen squirremail, todo eso , existen otros pero vi q solo necesita ingresar user y paswsword y como hacen eso como yahoo y hotnail cdonde el usuario puede crear su cuenta y hacer su correito, Esa forma de uso (como Yahoo y Hotmail) corresponde a una aplicación web (como squirrelmail) que presenta al usuario las pantallas necesarias para usar su cuenta, y por debajo (sin que el usuario lo vea) utiliza a algún servidor de mail (como postfix o sendmail) usando todos los protocolos nombrados. Si haces búsquedas con cuatro o cinco palabras de las que hemos comentado seguramente encontrarás más información para proseguir. Si te instalas la Guía de Instalación de CentOS, tienes perfectamente explicado el papel de todas estas piezas de software. -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Edgar Rodolfo: https://fedoraproject.org/wiki/User:Edgarr789 http://cybernautape.wordpress.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Javier González
Hola, 2010/7/6 Javier Glez Valdes jav...@dme.ca.rimed.cu: hola, soy nuevo administrando una red con centos, tengo que ponerle kuota a los usuarios que navegan en internet a traves de mi servidor y no se como hacerlo. me pueden ayudar. gracias y un saludo ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Recuerd que en el wiki de centOS y en la sección de documentación tienes recursos... http://www.centos.org/docs/5/html/5.2/Deployment_Guide/ch-disk-quotas.html -- Oscar Osta Pueyo oostap.lis...@gmail.com _kiakli_ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] sobre servidores de correo..., ayuda
2010/7/6 Edgar Vargas edgarr...@gmail.com: Muchas garcias por aclara algunas ideas q tenia, os cuento q aun no he mplementado un servidor de correo, hasta el momento solo samba, web, y por ahi recien le entro mas a linux, he leido por ahi que emdiante yum install y el tutorial en español creo se isntala la guia, podrian alcanzarme co o hacerlo por aqui en la lista una vez lei algo de eso, alguien me dijo q lo instalara mediante yum toda la guia en español, agardecere su respuesta..., salu2 a todos..., buen día Haz como superusuario: yum install Deployment_Guide-es-ES Te aparecerá la guía en castellano, accesible en la zona de documentación del menú del escritorio. -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] sobre servidores de correo..., ayuda
garcias amigo... El 06/07/10, Eduardo Grosclaude eduardo.groscla...@gmail.com escribió: 2010/7/6 Edgar Vargas edgarr...@gmail.com: Muchas garcias por aclara algunas ideas q tenia, os cuento q aun no he mplementado un servidor de correo, hasta el momento solo samba, web, y por ahi recien le entro mas a linux, he leido por ahi que emdiante yum install y el tutorial en español creo se isntala la guia, podrian alcanzarme co o hacerlo por aqui en la lista una vez lei algo de eso, alguien me dijo q lo instalara mediante yum toda la guia en español, agardecere su respuesta..., salu2 a todos..., buen día Haz como superusuario: yum install Deployment_Guide-es-ES Te aparecerá la guía en castellano, accesible en la zona de documentación del menú del escritorio. -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Edgar Rodolfo: https://fedoraproject.org/wiki/User:Edgarr789 http://cybernautape.wordpress.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es