Re: [CentOS] Completeley disabling SELinux?

[Craig White]

On Fri, 2009-01-23 at 23:39 -0600, Robert Nichols wrote:
> nate wrote:
> > 
> > I can certainly see value in SELinux in some environments, I have
> > yet to operate one where it would provide value to me.
> 
> I find that SELinux runs in enforcing mode quite unobtrusively on my
> laptop, where I'm running a pretty much out-of-the-box Fedora 10.
> On my CentOS 5 desktop, though, forget it!  I'm doing too many
> things like a dhclient-exit-hooks script that adjusts named.conf and
> tells the daemon to reload, a script that saves some accounting info
> when iptables is stopped, various cron jobs that invoke constrained
> executables to do horrible things like write something to a file,
> ..., that sort of thing.  Every time I take a stab at enabling
> SELinux in that environment and get close to figuring out enough
> local policy adjustments and custom labeling to make it work, a
> new release comes along and none of what I've done works any more.
> On that system, all removable parts of SELinux have been removed,
> and all security attributes have been purged from the filesystems.

yes and yes

it seems as though RHEL 5.3 has added all of the tools now in Fedora
9/10 and that means a lot of changes are coming down the pipe for
SELinux on CentOS 5.

But the tools are clearly better tools - i.e. SETroubleShooter

C'est la vie - the price of adding another layer of security I suppose.

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[Robert Nichols]

nate wrote:
> 
> I can certainly see value in SELinux in some environments, I have
> yet to operate one where it would provide value to me.

I find that SELinux runs in enforcing mode quite unobtrusively on my
laptop, where I'm running a pretty much out-of-the-box Fedora 10.
On my CentOS 5 desktop, though, forget it!  I'm doing too many
things like a dhclient-exit-hooks script that adjusts named.conf and
tells the daemon to reload, a script that saves some accounting info
when iptables is stopped, various cron jobs that invoke constrained
executables to do horrible things like write something to a file,
..., that sort of thing.  Every time I take a stab at enabling
SELinux in that environment and get close to figuring out enough
local policy adjustments and custom labeling to make it work, a
new release comes along and none of what I've done works any more.
On that system, all removable parts of SELinux have been removed,
and all security attributes have been purged from the filesystems.

-- 
Bob Nichols "NOSPAM" is really part of my email address.
 Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Single Session VNC

[karl balsmeier]

Currently most machines I connect to use a display, but I want to run
vncserver such that the display is always 0.

Is this possible.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Filipe Brandenburger]

Hi,

On Fri, Jan 23, 2009 at 20:45, Filipe Brandenburger
 wrote:
> 3) Rundirex.txt (even with a .txt extension) is a Postscript file. [...]
> [...] way to sort the list of files from inside Postscript.

I think I did it.

Inside your Rundirex.txt, you should have this snippet:


/RunDir {   % Uses PathName variable on the operand stack
{ /mysave save def  % Performs a save before running the PS file
  dup = flush   % Shows name of PS file being run
  RunFile   % Calls built in Distiller procedure
  clear cleardictstack  % Cleans up after PS file
  mysave restore% Restores save level
}
255 string
filenameforall
} def


Right?  If so, then add the definition of a bubble sort routine before
that (which I got from Wikipedia), and then modify /RunDir into the
snippet below. Ghostscript has a .sort built-in that does exaclty
that, but I'm including it here as I don't know if Distiller will too.


% Bubble sort from Wikibooks page on PostScript
/mybubblesort
  { 1 index length 1 sub -1 1
  { 2 index exch 2 copy get 3 copy  % arr proc arr i arr[i] arr i arr[i]
0 1 3 index 1 sub
  { 3 index 1 index get % arr proc arr i arr[i] arr
imax amax j arr[j]
2 index 1 index 10 index exec
  {   % ... amax < arr[j]
4 2 roll
  }
if pop pop
  }
for % arr proc arr i
arr[i] arr imax amax
4 -1 roll exch 4 1 roll put put
  }
for
pop
  } bind def

/RunDir {   % Uses PathName variable on the operand stack
/nf 0 def   % Reset counter for number of files
{ 255 string copy   % Copy to a separate string (otherwise
would be overwritten)
  /nf nf 1 add def  % Increment counter of number of files
}
255 string
filenameforall

nf array astore % Put all filenames in an array
{ lt } mybubblesort % And sort it

{ /mysave save def  % Performs a save before running the PS file
  dup = flush   % Shows name of PS file being run
  RunFile   % Calls built in Distiller procedure
  clear cleardictstack  % Cleans up after PS file
  mysave restore% Restores save level
}
forall  % Execute original procedure, but
using sorted array
} def


Of course I did not test it with Distiller which I don't have... I did
test the part of sorting the list of files with Ghostscript and it
works.

Maybe word wrapping in the e-mail will ruin the snippet, if that's the
case please let me know and I'll send it attached to you.

Let us know if that works!

Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ftp and iptables

[Robert Spangler]

On Thursday 22 January 2009 17:28, Agile Aspect wrote:

>  Regarding item (2), I would guess I would have to add the following
> entries:
> 
>  Active:
>  -
>
>  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20
>  --sport 4:6 -j ACCEPT
>  -A OUTPUT -p tcp -m tcp --sport 20 --dport 4:6 -j ACCEPT

All FTP connecting begin with port 21.  Port 20 is a DATA connection.  
ip_conntrack_ftp will track connection needing the Data port open.

>  Passive:
>  --
>  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
>  4:6 --sport 4:6 -j ACCEPT
>  -A OUTPUT -p tcp -m tcp --sport 4:6 --dport 4:6 -j ACCEPT

Do you have a rule like this:

-A OUTPUT --m state --state RELATED,ESTABLISHED -j ACCEPT

If not you should place this in your rules.  This rule eleminates the need to 
continuesly add rules to allow out going connection for allowed incoming 
connection.

If you do then you should not need the OUTPUT rules you listed above.


-- 

Regards
Robert

Linux User #296285
http://counter.li.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Filipe Brandenburger]

Hi,

You might want to try to look into the Distiller side of things.

1) I believe you are using Rundirex.txt file to convert all the .ps's
into one .pdf. This page from Adobe confirms that it will take the
files in directory order under Windows:

http://kb.adobe.com/selfservice/viewContent.do?externalId=318674
"-- Acrobat Distiller for Windows will process the files in the order
in which you put them into the folder and create the PDF pages in the
order in which it processes the files."
"-- Acrobat Distiller for Mac OS will process the files in alphabetical order."
(one solution would be getting a mac, hehehe).

Strange that you never hit the wrong order problem before, since
according to that page, you should...

2) That page also talks about Runfilex.ps file, which is basically the
same, only you have to list each .ps file in the order you want them
to be included. Any chance you could use this one instead of Rundirex?
Is the list of included files fixed? Could the Runfilex.ps file be
somehow generated on the server based on the list of files that are
there (maybe by a CGI in a web interface) instead of copied by the
guy?

3) From what I see, Rundirex.txt (even with a .txt extension) is a
Postscript file. AFAIK, Postscript is a full programming language,
I've even seen webservers written in Postscript. I'm sure there is a
way to sort the list of files from inside Postscript. However, I don't
know the language and wouldn't know how to do that, or even how to
start looking for it. I searched on the web for someone that did
implement this on Rundirex.txt specifically, but with no luck. Maybe
someone else on the list will know Postscript, or you could try to
look for it in a Postscript list, I'm sure the solution will exist
there.

Good luck! And let us know how you fixed it!

Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Filipe Brandenburger]

Hi,

On Fri, Jan 23, 2009 at 15:29, Miguel Medalha  wrote:
> I am now almost certain that dir_index will solve the problem. I already
> remotely did fsck -fD to that filesystem.

I don't really think so... I believe dir_index is the default, your
filesystem was probably already created with the dir_index option, and
yet your files are out of order. Looking at the man page, it's sorted
by the hash of the filename. The purpose is not to present you the
files in order, but to make it quicker to open a file in a directory
with a huge number of files.

> Now I will have to wait for monday to do the Distiller stuff.

You don't necessarily have to wait to see what the Distiller would do.
"ls -U" shows the files unsorted, in the directory order, that is
probably the order in which the Distiller is using them.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ping and traceroute...

[Bill Campbell]

On Fri, Jan 23, 2009, Lanny Marcus wrote:
>On Fri, Jan 23, 2009 at 12:16 PM, John Doe  wrote:
>> Right now, we are blocking pings and traceroutes to our website.
>> But, in order for our members to test the connection when they are 
>> experiencing slow browsing, we are thinking about unblocking them...
>> Are there still any security issues (flooding, etc...) in enabling them or 
>> is that an old problem fixed a long time ago?
>
>Our two web sites do permit ping. I like to ping them from time to
>time, for various reasons. Both have dedicated IP addresses. The one
>time one of our sites was attacked, years ago,  was someone connecting
>to the POP3 server every second. Nothing to do with ping or
>traceroutes.

We generally allow ping at the sites we support, but don't rely
on pings to test for systems being alive.

We test system status by doing an xmlrpc call to their web server
which should return some useful information in addition to making
sure that the system is actually responding to something useful
(NICs may return pings even if the underlying system is hung).

Many of our customer's roaming users connect with their home
system using OpenVPN, thus being able to access their systems
where they might otherwise be blocked.

Bill
-- 
INTERNET:   b...@celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186

You know the one thing that's wrong with this country? Everyone gets a
chance to have their fair say.  -- Bill Clinton, May 29, 1993, The White House
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[John Stan]

On Fri, Jan 23, 2009 at 2:43 PM, Miguel Medalha  wrote:
>
>> http://code.google.com/p/samba-dirsort-vfs/
>> Did you try that? I think someone recommended it to you.
> Well, I did try to compile it but make fails on all the Linux computers
> I have access to. They all run CentOS 5.2. It would be nice to have a
> .rpm... I am a sysadmin, not a programmer, I am not able to solve most
> compile errors.

I will have a hack at compiling it later on because I am very
interested in it. If I manage to get it rolling I will send out a mail
to you and update the thread here on the list. I have had great
success with the clamav vfs module.

JohnStanley
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [Samba] Re: OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Miguel Medalha]

>
> I based my speculation on some observations I had made on some of my 
> own systems when I implemented dir_index. It so happens that, on that 
> system at least, a "find /foo -print" returns the filenames in sorted 
> order. Unfortunately, it isn't true on another system that I just 
> checked. So now I will go and stand in the corner :(
>

:)

Anyway, your tip gave me some precious direction. Monday I will 
investigate and then report.
Thank you!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Miguel Medalha]

> I was under the impression that the Distiller app was running under 
> Windows.  If it isn't, it doesn't make much sense for it to expect NTFS 
> filesystem semantics.
>
>   

Yes, Distiller is running under Windows. When pages start to get ready, 
one of the graphic operators opens Distiller on his/her workstation 
which then starts watching a folder *on the server*.

> Can't the trigger operation of placing the special text file be replaced 
> by that person starting the script instead (perhaps click a button on a 
> web page or something similar)?
>
>   
Yes, that would be a possibility. But those people have strong rooted 
habits and they are not in the least technically minded. As such, I 
would prefer to keep a workflow that has been functioning very well.

(By the way, that "special text file" is a snippet of PostScript code 
that instructs Distiller on where to find the files and how to process 
them. It would be needed anyway.)

Perhaps this obstacle will be removed by applying the correct parameters 
to the EXT3 file system, as suggested by William Maltby and Steve 
Thompson above in this thread: mount option "dir_index" followed by a 
"fsck -Df". I will try this Monday.

Thank you for answering.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [Samba] Re: OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Steve Thompson]

On Fri, 23 Jan 2009, Miguel Medalha wrote:

>
>> This sounds to me like the dir_index option was applied to a file system
>> that didn't originally have it and an fsck -Df wasn't run at the time.
>
> That may well be the most relevant information given here! I will *certainly* 
> give it a try.

I based my speculation on some observations I had made on some of my own 
systems when I implemented dir_index. It so happens that, on that system 
at least, a "find /foo -print" returns the filenames in sorted order. 
Unfortunately, it isn't true on another system that I just checked. So now 
I will go and stand in the corner :(

Steve
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Les Mikesell]

Miguel Medalha wrote:
>> Did you consider sharing a directory from the machine running distiller 
>> and cifs-mounting it on the linux side to get ntfs behavior?
> That is out of question. The Windows machines are graphic workstations 
> which are not all connected all the time and the Distiller service is 
> essential to the network.

I was under the impression that the Distiller app was running under 
Windows.  If it isn't, it doesn't make much sense for it to expect NTFS 
filesystem semantics.

> When all the pages have been produced, one of the graphics people places 
> a special text file on a folder watched by Distiller and it begins to 
> bulk process all the individual PS files:

[...]

> The difficulty with the scripted solutions proposed here is that we 
> cannot know in advance at what time this process will take place and 
> what the number of pages involved will be.

Can't the trigger operation of placing the special text file be replaced 
by that person starting the script instead (perhaps click a button on a 
web page or something similar)?

 > At the end of each issue
> every minute counts. A watching process would have to poll the status of 
> the workflow for several hours with very small intervals, which would be 
> a waste of  processor cicles. And not a very elegant thing to do, I feel.

While I wouldn't call it elegant, filesystem caching makes such things 
efficient enough that you'll never notice them running.  If you need a 
script that looks for a file to appear or expands a wildcard in a 
directory, go ahead and use one as long as you can sleep for at least a 
few seconds in the loop. It's cheaper than having a person rearrange 
something.

-- 
   Les Mikesell
lesmikes...@gmail.com




> 
> 
> I am (for now...) convinced that the tip given to me here about 
> dir_index and the use of  fsck -fD will solve this problem.
>  Monday I will know. It will be a lng wait for me.
> 
> Thank you again.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ext4 in 5.3

[Florin Andrei]

Scott Silva wrote:
> on 1-23-2009 1:19 PM Ashley M. Kirchner spake the following:
>> Quoting Florin Andrei :
>>
>>> I like the stability of Ext3, but in terms of speed it's not the
>>> sharpest lightbulb in the toolshed.
>> Isn't that supposed to be "not the fastest lawnmower in the toolshed" ?
> Or " the sharpest crayon in the box".
> 
> Sounds like a Biff'ism  http://en.wikipedia.org/wiki/Biff_Tannen

Well, "fastest knife in the chandelier" didn't sound so good, so...

-- 
Florin Andrei

http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ext4 in 5.3

[Scott Silva]

on 1-23-2009 1:19 PM Ashley M. Kirchner spake the following:
> Quoting Florin Andrei :
> 
>> I like the stability of Ext3, but in terms of speed it's not the
>> sharpest lightbulb in the toolshed.
> 
> Isn't that supposed to be "not the fastest lawnmower in the toolshed" ?
Or " the sharpest crayon in the box".

Sounds like a Biff'ism  http://en.wikipedia.org/wiki/Biff_Tannen



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ext4 in 5.3

[Ashley M. Kirchner]

Quoting Florin Andrei :

> I like the stability of Ext3, but in terms of speed it's not the
> sharpest lightbulb in the toolshed.

Isn't that supposed to be "not the fastest lawnmower in the toolshed" ?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ext4 in 5.3

[Paul Heinlein]

On Fri, 23 Jan 2009, Florin Andrei wrote:

> I like the stability of Ext3, but in terms of speed it's not the 
> sharpest lightbulb in the toolshed.

ROTFL: "sharpest lightbulb in the toolshed."

-- 
Paul "the only sharp lightbulb is a broken one" Heinlein
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ping and traceroute...

[Lanny Marcus]

On Fri, Jan 23, 2009 at 12:16 PM, John Doe  wrote:
> Right now, we are blocking pings and traceroutes to our website.
> But, in order for our members to test the connection when they are 
> experiencing slow browsing, we are thinking about unblocking them...
> Are there still any security issues (flooding, etc...) in enabling them or is 
> that an old problem fixed a long time ago?

Our two web sites do permit ping. I like to ping them from time to
time, for various reasons. Both have dedicated IP addresses. The one
time one of our sites was attacked, years ago,  was someone connecting
to the POP3 server every second. Nothing to do with ping or
traceroutes.

However, I do not permit our ADSL router at home to be pinged.  For
security reasons, I think allowing it to be pinged just increases the
possibility someone might try to get in.

As a previous reply stated, it may be against the rules to turn it off
for your web site.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Resolved - svnserve with SASL on CentOS 5.2

[Ruslan Sivak]

I got this sorted out.  Turns out i needed the DIGEST-MD5 plugin for 
sasl.  Once I ran yum install cyrus sasl-md5, everything was right as rain.

Russ

Ruslan Sivak wrote:
> Hello List.  
>
> I'm cross posting this from svn-users, as I'm not sure whether this is an 
> CentOS specific issue. Perhaps someone here has an idea of what's going on?
>
> -
>
> I got a fresh install of CentOS 5.2 x32, svnserve, version 1.5.5 
> (r34862), here is my svnserve.conf file
>
> [general]
> anon-access = none
> auth-access = write
> realm = isf
> [sasl]
> use-sasl = true
> min-encryption = 128
> max-encryption = 256
>  
>
> and here is my /etc/sasl2/svn.conf file
>
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /svn/sassl
> mech_list: DIGEST-MD5
>
> On the client I am using TortoiseSVN 1.5.5
> (TortoiseSVN 1.5.5, Build 14361 - 64 Bit , 2008/10/24 18:06:34
> Subversion 1.5.4,
> apr 1.2.12
> apr-utils 1.2.12
> berkeley db 4.4.20
> neon 0.28.3
> OpenSSL 0.9.8i 15 Sep 2008
> zlib 1.2.3)
>
> When connecting to this repository, I am getting "Error: Could not 
> obtain the list of SASL mechanisms".
>
> I think I followed the instructions in the svn book : 
> http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sasl,
>  
> although the instructions are very sparse.  I'm not quite sure hwo sasl 
> is supposed to know to use the svn.conf file to authenticate with 
> svnserve. 
>
> I am running svnserve from xinetd.  Here is my /etc/xinetd.d/svnserve.conf
> # default: on
> # Subversion server
>
> service svnserve
> {
> socket_type = stream
> protocol = tcp
> user = root
> wait = no
> disable = no
> server = /usr/bin/svnserve
> server_args = -i -r /svn
> port = 3690
> }
>
>
> Not quite sure why this isn't working.  Does anyone have any ideas?
>
> Russ
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ext4 in 5.3

[Florin Andrei]

Stephen John Smoogen wrote:
> 
> I make it a habit of eating my own words if I screw up. If the results
> seen on Ubuntu by one test hold up, it might have a large increase in
> large writes (but nothing in large reads).
> 
> http://www.phoronix.com/scan.php?page=article&item=ubuntu_ext4&num=1

Right, so - Ext4 faster than Ext2? Not surprising. The on-disk format 
has changed. There's less fragmentation. There are all sorts of clever 
things included in the new FS. So, yes, it does more work with the disk, 
but in a much more intelligent way.

I like the stability of Ext3, but in terms of speed it's not the 
sharpest lightbulb in the toolshed. And after many years of using Linux, 
I'm not even buying the myth that "Linux doesn't need a FS 
defragmenter." That's just not true. It does get fragmented, and due to 
that it does get slower.

Ext4 is a welcome improvement. The upcoming btrfs perhaps even more so.

-- 
Florin Andrei

http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Miguel Medalha]

> Did you consider sharing a directory from the machine running distiller 
> and cifs-mounting it on the linux side to get ntfs behavior?
That is out of question. The Windows machines are graphic workstations 
which are not all connected all the time and the Distiller service is 
essential to the network.

>Also, I'm curious about the timing of the runs.  It doesn't sound like the 
> file 
> operations are grouped atomically.  How do you ensure that the whole set 
> is present when distiller starts, or that only one set is present?
This is a very peculiar implementation. As I said om my first post, we 
are a newspaper and, as all newspapers, we don't have a fixed time to 
close the edition. It closes when it is ready, that's all.

The PDFs for print are automatically produced one by one from PostScript 
files. The PS files fall on a folder watched by Acrobat Distiller and 
after being stable for more than 10 seconds the conversion begins. Each 
one contains only one page, which will then be joined to others to form 
a plan for a platesetter.

When all the pages have been produced, one of the graphics people places 
a special text file on a folder watched by Distiller and it begins to 
bulk process all the individual PS files: downsampling images, 
converting the color space to sRGB, consolidating font subsets, creating 
bookmarks and indexes, etc. The result is a multipage PDF for electronic 
distribution, containing the whole newspaper in the sRGB color space.

This always worked flawlessly until some days ago I replaced the win2k 
server with a new CentOS/Samba one. Everything worked better and faster 
except... the pages on this last PDF were in what seemed like an 
aleatory order. Ordering them by hand is a time consuming and error 
prone process, specially when everybody is now tired... Producing a 
newspaper is a pretty tense work, you know.

The difficulty with the scripted solutions proposed here is that we 
cannot know in advance at what time this process will take place and 
what the number of pages involved will be. At the end of each issue 
every minute counts. A watching process would have to poll the status of 
the workflow for several hours with very small intervals, which would be 
a waste of  processor cicles. And not a very elegant thing to do, I feel.


I am (for now...) convinced that the tip given to me here about 
dir_index and the use of  fsck -fD will solve this problem.
 Monday I will know. It will be a lng wait for me.

Thank you again.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Les Mikesell]

Miguel Medalha wrote:
>> I still think the dir_index _ought_ to do what you need it to do. But
>> I've never had to depend on it for that purpose so it is just wishful
>> supposition on my part.
>>
>>   
> I am now almost certain that dir_index will solve the problem. I already 
> remotely did fsck -fD to that filesystem.
> Now I will have to wait for monday to do the Distiller stuff.

I thought dir_index worked with a hash of the filename.  Without knowing 
the hash technique I wouldn't assume that the hash sort order would 
match the unhashed sort order - but it might.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Miguel Medalha]

> I still think the dir_index _ought_ to do what you need it to do. But
> I've never had to depend on it for that purpose so it is just wishful
> supposition on my part.
>
>   
I am now almost certain that dir_index will solve the problem. I already 
remotely did fsck -fD to that filesystem.
Now I will have to wait for monday to do the Distiller stuff.

Thank you.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Les Mikesell]

Miguel Medalha wrote:
>
>> (...) think your real problem lies in your processing software in
>> the file ordering. I would have a really good look at the software doing it.
>>   
> 
> The problem lies in EXT3. I discovered that if I mv the files to another 
> directory the files will then appear on the samba shares in 
> alphanumerical order and will be processed by Acrobat Distiller 
> accordingly. The move can even be done by Windows Explorer working on 
> the Samba share.
> 
> This seems a bit strange to me. Why doesn't EXT3 present the files in 
> alphanumerical order after they are first created one by one but then 
> presents them alphanumerically after a bulk move to another directory?

Directories grow as they are filled the first time.  If you use a shell 
script with a wildcard to do the move, the shell will sort the list on 
the command line as it expands it, so the names are linked into the new 
directory in sorted order.  However if you repeat this in the same 
directory instead of creating new ones each time it may not continue to 
work as existing empty slots may be reused in a different order.

> Also, I connected a FAT32 formated USB flash drive to the server and 
> directed Distiller to there. The files are correctly processed at the 
> first trial. I suppose I will install a smallish FAT32 formated IDE disk 
> on the server just for this purpose.

Did you consider sharing a directory from the machine running distiller 
and cifs-mounting it on the linux side to get ntfs behavior?   Also, I'm 
curious about the timing of the runs.  It doesn't sound like the file 
operations are grouped atomically.  How do you ensure that the whole set 
is present when distiller starts, or that only one set is present?  If I 
were doing it, I'd probably create a new tmp directory for each set of 
files (which should fix the ordering as a side effect) and rename it to 
the expected name after all files are present so you see all of them or 
none.  Or, I might put cygwin sshd on the windows box and use scp or 
rsync to copy the files over in a batch, then start the Distiller run 
(if you can start it from the command line).

-- 
   Les Mikesell
 lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[William L. Maltby]

On Fri, 2009-01-23 at 19:43 +, Miguel Medalha wrote:
> 

> > (...) think your real problem lies in your processing software in
> > the file ordering. I would have a really good look at the software doing it.
> >   
> 
> The problem lies in EXT3. I discovered that if I mv the files to another 
> directory the files will then appear on the samba shares in 
> alphanumerical order and will be processed by Acrobat Distiller 
> accordingly. The move can even be done by Windows Explorer working on 
> the Samba share.
> 
> This seems a bit strange to me. Why doesn't EXT3 present the files in 
> alphanumerical order after they are first created one by one but then 
> presents them alphanumerically after a bulk move to another directory?

In addition to the other reply about the dir_index/fsck reply, keep in
mind that a typical move (mv dir/* newdir/) will present the list of
files in alphanumeric order to the mv/cp command. So regardless of the
underlying order in the original directory, the order in the target
directory should be alphanumeric.

In that case, I would expect your software, which apparently processes
the directory itself, would see the stuff in the new directory in the
desired order, as seems to be indicated by your results above.

> 
> Also, I connected a FAT32 formated USB flash drive to the server and 
> directed Distiller to there. The files are correctly processed at the 
> first trial. I suppose I will install a smallish FAT32 formated IDE disk 
> on the server just for this purpose.

There has to be a better solution. Maybe the mv as a predecessor to the
application processing would be acceptable, presuming the dir_index
facility is really not working as hoped?

> 
> Thank you to all who answered my questions. We form a great community 
> indeed!
> 

I still think the dir_index _ought_ to do what you need it to do. But
I've never had to depend on it for that purpose so it is just wishful
supposition on my part.

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] can't install rrdtool, problems with dependancies

[Rudi Ahlers]

On Fri, Jan 23, 2009 at 2:19 PM, Kai Schaetzl  wrote:
> Rudi Ahlers wrote on Fri, 23 Jan 2009 13:17:39 +0200:
>
>> Error: Missing Dependency: perl(RRDp) is needed by package rrdtool
>> Error: Missing Dependency: perl(RRDs) is needed by package rrdtool
>
> I think you need perl-rrdtool as well.
>
> Kai
>
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
>
>
> ___


Yes, I know I need to install perl-rrdtool but get the same error when
doing so.

-- 

Kind Regards
Rudi Ahlers
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] can't install rrdtool, problems with dependancies

[Rudi Ahlers]

On Fri, Jan 23, 2009 at 2:19 PM, Kai Schaetzl  wrote:
> Rudi Ahlers wrote on Fri, 23 Jan 2009 13:17:39 +0200:
>
>> Error: Missing Dependency: perl(RRDp) is needed by package rrdtool
>> Error: Missing Dependency: perl(RRDs) is needed by package rrdtool
>
> I think you need perl-rrdtool as well.
>
> Kai
>
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


Thank you, although it isn't nice to hear " I told you so ", I guess
I'll just reinstall CentOS alltogether. Now I just need to figure out
how to get the client to accept his server being down for some time
while I redo everything.


-- 

Kind Regards
Rudi Ahlers
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Miguel Medalha]

> This sounds to me like the dir_index option was applied to a file system
> that didn't originally have it and an fsck -Df wasn't run at the time.

That may well be the most relevant information given here! I will 
*certainly* give it a try.

Thank you!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Steve Thompson]

On Fri, 23 Jan 2009, Miguel Medalha wrote:

> This seems a bit strange to me. Why doesn't EXT3 present the files in
> alphanumerical order after they are first created one by one but then
> presents them alphanumerically after a bulk move to another directory?

This sounds to me like the dir_index option was applied to a file system
that didn't originally have it and an fsck -Df wasn't run at the time.

Steve

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Support for i7 architecture?

[Scott Silva]

on 1-22-2009 2:43 PM Michael St. Laurent spake the following:
>>> What is the status of i7 architecture support for CentOS-5?  Do the
>>> latest updates support it?
> 
>> according to the upstream notes wait for 5.3
> 
> Is there a projected release date for CentOS-5.3?
> 
Sometime in the future.

Could you get your suits to add a space after the double dash?
That way e-mail clients can auto remove it on reply

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server -- SOLVED (kind of...)

[Miguel Medalha]

> http://code.google.com/p/samba-dirsort-vfs/
> Did you try that? I think someone recommended it to you.
Well, I did try to compile it but make fails on all the Linux computers 
I have access to. They all run CentOS 5.2. It would be nice to have a 
.rpm... I am a sysadmin, not a programmer, I am not able to solve most 
compile errors.
> (...) think your real problem lies in your processing software in
> the file ordering. I would have a really good look at the software doing it.
>   

The problem lies in EXT3. I discovered that if I mv the files to another 
directory the files will then appear on the samba shares in 
alphanumerical order and will be processed by Acrobat Distiller 
accordingly. The move can even be done by Windows Explorer working on 
the Samba share.

This seems a bit strange to me. Why doesn't EXT3 present the files in 
alphanumerical order after they are first created one by one but then 
presents them alphanumerically after a bulk move to another directory?

Also, I connected a FAT32 formated USB flash drive to the server and 
directed Distiller to there. The files are correctly processed at the 
first trial. I suppose I will install a smallish FAT32 formated IDE disk 
on the server just for this purpose.

Thank you to all who answered my questions. We form a great community 
indeed!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Antivirus for CentOS? (yuck!)

[Scott Silva]

on 1-22-2009 4:33 AM Ralph Angenendt spake the following:
> Anne Wilson wrote:
>> On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
>>> What do you do with clamav on a linux server? Especially: How is it run
>>> by you? What do you think it protects you against on a linux server?
>> 1 - it protects you against passing on any windows viruses to windows users
> 
> Yes, but how is it run? Hourly via cron? On which files? What does it
> protect against? Mind you, I'm not talking about workstations, but about
> servers.
> 
> Ralph
Cron a "clamscan -ir /"
It will check the entire filesystem and report infected files.
You probably don't want to automatically delete what you find, though.

You can also scan for things like ssn's in datafiles laying around.


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] svnserve with SASL on CentOS 5.2

[Ruslan Sivak]

Hello List.  

I'm cross posting this from svn-users, as I'm not sure whether this is an 
CentOS specific issue. Perhaps someone here has an idea of what's going on?

-

I got a fresh install of CentOS 5.2 x32, svnserve, version 1.5.5 
(r34862), here is my svnserve.conf file

[general]
anon-access = none
auth-access = write
realm = isf
[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256
 

and here is my /etc/sasl2/svn.conf file

pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /svn/sassl
mech_list: DIGEST-MD5

On the client I am using TortoiseSVN 1.5.5
(TortoiseSVN 1.5.5, Build 14361 - 64 Bit , 2008/10/24 18:06:34
Subversion 1.5.4,
apr 1.2.12
apr-utils 1.2.12
berkeley db 4.4.20
neon 0.28.3
OpenSSL 0.9.8i 15 Sep 2008
zlib 1.2.3)

When connecting to this repository, I am getting "Error: Could not 
obtain the list of SASL mechanisms".

I think I followed the instructions in the svn book : 
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sasl,
 
although the instructions are very sparse.  I'm not quite sure hwo sasl 
is supposed to know to use the svn.conf file to authenticate with 
svnserve. 

I am running svnserve from xinetd.  Here is my /etc/xinetd.d/svnserve.conf
# default: on
# Subversion server

service svnserve
{
socket_type = stream
protocol = tcp
user = root
wait = no
disable = no
server = /usr/bin/svnserve
server_args = -i -r /svn
port = 3690
}


Not quite sure why this isn't working.  Does anyone have any ideas?

Russ

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cpu load monitoring

[Richard Karhuse]

On Fri, Jan 23, 2009 at 1:04 PM, Brian Mathis  wrote:
>
> On Fri, Jan 23, 2009 at 12:01 PM, Alex H. Vandenham  wrote:
> > On Friday 23 January 2009 09:27:23 am Brian Mathis wrote:
> >> Another vote for sysstat/sar.  It has been around forever and this is
> >> it's purpose.  It also monitors all sorts of other parameters as well.
> >
> > Does anyone know of a useful guide to help me do the analysis of sysstat/sar
> > reports?
> >
> > A.
>
> Start with the man page, it's loaded with stuff.  Make sure to check
> the "See Also" section.  The sysstat homepage is here:
> http://pagesperso-orange.fr/sebastien.godard/

Check-out "ksar" which does a good job for plotting SAR data.

   -rak-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[nate]

Robert Nichols wrote:

> And what does "rpm -q libselinux" say is installed on those
> systems?
>
> Hint: Well over half the packages in a typical installation,
>bring in libselinux as a direct or indirect dependency.

Yeah that seems true, too bad. I guess as long as it's disabled
it's ok. I suppose.

[r...@pd1-rsync001:/etc/sysconfig]# sestatus
SELinux status: disabled

I can certainly see value in SELinux in some environments, I have
yet to operate one where it would provide value to me.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Antivirus for CentOS? (yuck!)

[Ross Walker]

On Fri, Jan 23, 2009 at 1:10 PM, David G. Miller  wrote:
> Stephen John Smoogen  wrote:
>
>> On Thu, Jan 22, 2009 at 12:42 PM, David G. Miller  wrote:
>>
>>> > Amos Shapira  wrote:
>>> >
>>>
 >> Hi All,
 >>
 >> Yes, I know, it's really really embarrassing to have to ask but I'm
 >> being pushed to the wall with PCI DSS Compliance procedure
 >> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
 >> we don't need to install an anti-virus or find an anti-virus to run on
 >> our CentOS 5 servers.
 >>
 >> Whatever I do - it needs to be convincing enough to make the PCI
 >> compliance guy tick the box.

> 
>>> > After reading all of the other replies (including the ones that pointed
>>> > out that the PCI DSS requirement had changed the terminology from
>>> > "virus" to "malware"), why not claim you are meeting the requirement by
>>> > doing something useful like running chkrootkit or rkhunter on a regular
>>> > basis?  That way you would be scanning the systems for the only malware
>>> > known to actually pose a threat to a Linux box.  It may be a low
>>> > probability of infection (as others have pointed out) but should satisfy
>>> > the auditor and hopefully will just be a low cost exercise in futility
>>> > as long as reasonable security policies are followed.
>>>
>>
>> Any tool will require the need to have a risk assessment against it.
>> What is the liklihood of it finding malware? How much is updated and
>> how does it compare to other tools. These will be questions that will
>> need to be available for auditors to know you did your due-diligence
>> on selecting a tool.
> Answering those questions would provide the arguments for running a root
> kit scanner instead of anti-virus software.  That is, the risk of
> malware affecting the systems in question is low with near zero
> likelihood that a true virus will cause a problem but with the
> possibility that a rootkit could compromise the systems.  Chkrootkit and
> rkhunter are arguably the best tools for finding a root kit.  The
> programs are updated whenever a new threat is identified.
>
> Obviously, the OP would need more than my say so as back up for these
> assertions.  Said back up would also make the case that scanning for
> non-existent threats (Linux viruses) would make no sense while scanning
> for a real threat makes the most sense.

Typically a multi-faceted approach to intrusion detection and
prevention will always be more successful and garner the best support.

Servers that deal with files, whether file servers or wikis, need
anti-virus software. For the best protection a different anti-virus
package should be deployed on the client (say clamav on the Linux file
servers/wikis, and Sophos on the client PCs).

All servers should have monitoring software installed to detect
changes to the environment, both for change management auditing and
intrusion detection. Having an external system collect the monitoring
logs and send alerts is the preferred way as manual collection and
monitoring isn't timely enough, nor reliable. A good system monitoring
platform like one from SolarWinds would be good here.

A change management platform to receive these alerts and match them up
against change requests or flag them as unauthorized events should
also be in place. A platform such as Numara Footprints or even a help
desk system or a bug tracking system on the low end could do this.

With those in place you should be in good shape. You should then do
routine vulneribility scans, penetration tests and if necessary buy
into an intrusion prevention system where it scans the network
activity looking for anything out of the ordinary where it can alert
you to it, or alert and drop it or whatever you see fit.

-Ross
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Managing change control in servers, LDAP, firewalls and switches question

[Les Mikesell]

Michael Grinnell wrote:
> Les Mikesell wrote:
>> Erick Perez wrote:
>>> Currently we manage several switches,firewalls and MS LDAP and Centos
>>> OpenLDAP installations.
>>> We are looking for a "man in the middle" or "framework" to manage
>>> change on our network devices and LDAP-based servers.
> 
>>> We are looking into a similar solution (Quest Software does not have
>>> that for devices) to perform change and control on the routers,
>>> switches and firewalls.
>> There was a tool called pancho (http://www.pancho.org/) that claimed to 
>> to do automated router and switch management, but it seems to no longer 
>> be supported, and personally, I'd trust a person more than a script with 
>> that sort of job.  On the other hand, maintaining backup copies of 
>> configurations before/after changes is something very worthwhile and not 
>> difficult for anything that has text based configurations.  Just make 
>> sure that changes are copied back and committed to a central version 
>> control system like cvs or svn (which you can wrap with viewvc for easy 
>> display of history and changes).  A tool called rancid 
>> (http://www.shrubbery.net/rancid/) will automate this for many routers, 
>> switches and firewalls, and will also pick up any unexpected changes.
>>
> 
> Rancid is a great tool, and has worked well for us as a configuration 
> monitor and config repository.  Another new alternative that is similar 
> is ZipTie, now called NetworkAuthority Inventory 
> (http://inventory.alterpoint.com/).  For a pay solution, I believe 
> SolarWinds has some products.

If you are also doing SNMP monitoring of these resources, I believe 
OpenNMS has some degree of integration with ziptie and some is currently 
being added for rancid.

-- 
   Les Mikesell
 lesmikes...@gmail.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[Filipe Brandenburger]

Hi,

Probably not what you wanted to hear, but:

On Fri, Jan 23, 2009 at 07:30, Kevin Thorpe  wrote:
> It's my development server under my desk

And how do you expect the things you develop to run under SELinux in production?

> so I reallly don't care about security.

Sounds bad. (Yes, I know it is out of context, but it is bad in any context.)

If you develop for Linux, in particular for RHEL/CentOS 4 or 5, you
should take the opportunity to learn more about SELinux and how to
work with it.

You can start here: http://wiki.centos.org/HowTos/SELinux

This mailing list is also a great resource to answer any questions on
problems related to SELinux.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[Robert Nichols]

nate wrote:
> Kevin Thorpe wrote:
> packages I make sure are not installed via kickstart:
> 
> CentOS 4.x
> libselinux
> libselinux-devel
> libsepol
> selinux-policy-targeted
> 
> CentOS 5.x
> libselinux
> libselinux-devel
> libselinux-python
> libsemanage
> libsepol
> libsepol-devel
> selinux-policy
> selinux-policy-targeted

And what does "rpm -q libselinux" say is installed on those
systems?

Hint: Well over half the packages in a typical installation,
   bring in libselinux as a direct or indirect dependency.

-- 
Bob Nichols "NOSPAM" is really part of my email address.
 Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Antivirus for CentOS? (yuck!)

[David G. Miller]

Stephen John Smoogen  wrote:

> On Thu, Jan 22, 2009 at 12:42 PM, David G. Miller  wrote:
>   
>> > Amos Shapira  wrote:
>> >
>> 
>>> >> Hi All,
>>> >>
>>> >> Yes, I know, it's really really embarrassing to have to ask but I'm
>>> >> being pushed to the wall with PCI DSS Compliance procedure
>>> >> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
>>> >> we don't need to install an anti-virus or find an anti-virus to run on
>>> >> our CentOS 5 servers.
>>> >>
>>> >> Whatever I do - it needs to be convincing enough to make the PCI
>>> >> compliance guy tick the box.
>>>   

>> > After reading all of the other replies (including the ones that pointed
>> > out that the PCI DSS requirement had changed the terminology from
>> > "virus" to "malware"), why not claim you are meeting the requirement by
>> > doing something useful like running chkrootkit or rkhunter on a regular
>> > basis?  That way you would be scanning the systems for the only malware
>> > known to actually pose a threat to a Linux box.  It may be a low
>> > probability of infection (as others have pointed out) but should satisfy
>> > the auditor and hopefully will just be a low cost exercise in futility
>> > as long as reasonable security policies are followed.
>> 
>
> Any tool will require the need to have a risk assessment against it.
> What is the liklihood of it finding malware? How much is updated and
> how does it compare to other tools. These will be questions that will
> need to be available for auditors to know you did your due-diligence
> on selecting a tool.
Answering those questions would provide the arguments for running a root 
kit scanner instead of anti-virus software.  That is, the risk of 
malware affecting the systems in question is low with near zero 
likelihood that a true virus will cause a problem but with the 
possibility that a rootkit could compromise the systems.  Chkrootkit and 
rkhunter are arguably the best tools for finding a root kit.  The 
programs are updated whenever a new threat is identified. 

Obviously, the OP would need more than my say so as back up for these 
assertions.  Said back up would also make the case that scanning for 
non-existent threats (Linux viruses) would make no sense while scanning 
for a real threat makes the most sense.

Cheers,
Dave

-- 
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SquirrelMail Sending Under Wrong Username

[Tru Huynh]

On Thu, Jan 22, 2009 at 10:07:03AM -0500, John Hinton wrote:
> CentOS team... as is already bug reported and marked solved... as we 
> await the upstream repair for this.
> 
> It was reported that this was happening on CentOS 5. You likely already 
> know, but it also happens on CentOS 4.

I will **try** to push it tonight or this week-end.

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B


pgpbMpJTz3s8z.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cpu load monitoring

[Brian Mathis]

On Fri, Jan 23, 2009 at 12:01 PM, Alex H. Vandenham  wrote:
> On Friday 23 January 2009 09:27:23 am Brian Mathis wrote:
>> Another vote for sysstat/sar.  It has been around forever and this is
>> it's purpose.  It also monitors all sorts of other parameters as well.
>
> Does anyone know of a useful guide to help me do the analysis of sysstat/sar
> reports?
>
> A.

Start with the man page, it's loaded with stuff.  Make sure to check
the "See Also" section.  The sysstat homepage is here:
http://pagesperso-orange.fr/sebastien.godard/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ping and traceroute...

[Tony Placilla]

>>> On Fri, Jan 23, 2009 at 12:41 PM, in message
, "Jacques B."
 wrote: 
> On 1/23/09, John Doe  wrote:
>> Hi everybody,
>>
>> Right now, we are blocking pings and traceroutes to our website.
>> But, in order for our members to test the connection when they are 
> experiencing slow browsing, we are thinking about unblocking them...
>> Are there still any security issues (flooding, etc...) in enabling them or 
> is that an old problem fixed a long time ago?
>>
>> Thanks,
>> JD
> 
> Can't help you on that specific question.  However do you have the
> luxury of having your members coming from a block of IPs so you could
> open pings to that block only.  Even if it included more than just
> your members (i.e. all pings from a particular ISP or geographical
> area) at least it would reduce your visibility thus reduce your
> vulnerability should it be an issue.
> 
> Jacques B.

Blocking ping has always been a pet peeve of mine. Aside from violating 
RFC-1122 (3.2.2.6 Echo Request/Reply: RFC-792 Every host MUST implement an ICMP 
Echo server function that receives Echo Requests and sends corresponding Echo 
Replies.) 

It provides *no* additional security & makes troubleshooting network issues 
that much more difficult.

this was on an ipfw list.

"Also, when blocking incoming ICMP requests and replies, please, please,
*please* take care to NOT block type 3 (destination unreachable) -
blocking 'need to fragment' packets (type 3, code 4) is a way to instant
gratification, if your idea of gratification is being a blackhole router
which breaks the Path MTU discovery for any poor soul who decides (or
simply has to) route through you, and for your own outgoing connections,
too.

Other useful ICMP types are 0 (echo/ping reply), 4 (source quench, for
throttling down (usually) TCP connections if some device further down
the path cannot handle the packet rate), 8 (echo/ping request), 30
(Windows traceroute), but you *could* block those without much harm to
the TCP/IP protocol stack, the only thing harmed would be functionality
- e.g. blocking types 0 and 8 would deprive you of pings, blocking type
30 would stop Windows traceroute from working, blocking type 4 would
mean that TCP connections going over a much slower link somewhere down
the line would be additionally slowed down by lots of retransmissions
instead of simply bringing down the packet rate. However, whatever you
block, please don't block type 3 code 4, and better not block any of the
type 3's :) "

my $0.02


Tony Placilla 
Sr. UNIX Systems Administrator
The Sheridan Libraries
Johns Hopkins University
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ping and traceroute...

[John R Pierce]

John Doe wrote:
> Hi everybody,
>
> Right now, we are blocking pings and traceroutes to our website.
> But, in order for our members to test the connection when they are 
> experiencing slow browsing, we are thinking about unblocking them...
> Are there still any security issues (flooding, etc...) in enabling them or is 
> that an old problem fixed a long time ago?
>   


a denial of service by ping flooding is going to swamp your connection 
whether or not your server ignores them.  if you're paranoid you can use 
iptables to rate limit ICMP responses.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ping and traceroute...

[Jacques B.]

On 1/23/09, John Doe  wrote:
> Hi everybody,
>
> Right now, we are blocking pings and traceroutes to our website.
> But, in order for our members to test the connection when they are 
> experiencing slow browsing, we are thinking about unblocking them...
> Are there still any security issues (flooding, etc...) in enabling them or is 
> that an old problem fixed a long time ago?
>
> Thanks,
> JD

Can't help you on that specific question.  However do you have the
luxury of having your members coming from a block of IPs so you could
open pings to that block only.  Even if it included more than just
your members (i.e. all pings from a particular ISP or geographical
area) at least it would reduce your visibility thus reduce your
vulnerability should it be an issue.

Jacques B.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Managing change control in servers, LDAP, firewalls and switches question

[Michael Grinnell]

Les Mikesell wrote:
> Erick Perez wrote:
>> Currently we manage several switches,firewalls and MS LDAP and Centos
>> OpenLDAP installations.
>> We are looking for a "man in the middle" or "framework" to manage
>> change on our network devices and LDAP-based servers.

>> We are looking into a similar solution (Quest Software does not have
>> that for devices) to perform change and control on the routers,
>> switches and firewalls.
> 
> There was a tool called pancho (http://www.pancho.org/) that claimed to 
> to do automated router and switch management, but it seems to no longer 
> be supported, and personally, I'd trust a person more than a script with 
> that sort of job.  On the other hand, maintaining backup copies of 
> configurations before/after changes is something very worthwhile and not 
> difficult for anything that has text based configurations.  Just make 
> sure that changes are copied back and committed to a central version 
> control system like cvs or svn (which you can wrap with viewvc for easy 
> display of history and changes).  A tool called rancid 
> (http://www.shrubbery.net/rancid/) will automate this for many routers, 
> switches and firewalls, and will also pick up any unexpected changes.
> 

Rancid is a great tool, and has worked well for us as a configuration 
monitor and config repository.  Another new alternative that is similar 
is ZipTie, now called NetworkAuthority Inventory 
(http://inventory.alterpoint.com/).  For a pay solution, I believe 
SolarWinds has some products.

Michael Grinnell
Information Security Engineer
The American University

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Managing change control in servers, LDAP, firewalls and switches question

[Les Mikesell]

Erick Perez wrote:
> Hi, being an off-topic questions with so many vendors involved I had
> no definitive place to go to ask but here. So maybe some of the list
> members have ideas in mind.
> 
> Currently we manage several switches,firewalls and MS LDAP and Centos
> OpenLDAP installations.
> We are looking for a "man in the middle" or "framework" to manage
> change on our network devices and LDAP-based servers.
> So far, using Quest ActiveRoles/Intrust has filled the part of LDAP,
> where administrators log into ActiveRoles/Intrust system, generate
> changes (delete OU, users, change passwords, etc) then the request has
> to be approved by a staff member in Activeroles/intrust. When the
> approval is sent to the system, the ActiveRoles/Intrust (and not the
> sysadmin) logs into the LDAP systems and perform the changes. This has
> proven useful in tracking changes (who did what, when, who approved
> it).
> We are looking into a similar solution (Quest Software does not have
> that for devices) to perform change and control on the routers,
> switches and firewalls.

There was a tool called pancho (http://www.pancho.org/) that claimed to 
to do automated router and switch management, but it seems to no longer 
be supported, and personally, I'd trust a person more than a script with 
that sort of job.  On the other hand, maintaining backup copies of 
configurations before/after changes is something very worthwhile and not 
difficult for anything that has text based configurations.  Just make 
sure that changes are copied back and committed to a central version 
control system like cvs or svn (which you can wrap with viewvc for easy 
display of history and changes).  A tool called rancid 
(http://www.shrubbery.net/rancid/) will automate this for many routers, 
switches and firewalls, and will also pick up any unexpected changes.

-- 
   Les Mikesell
lesmikes...@gmail.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Ping and traceroute...

[John Doe]

Hi everybody,

Right now, we are blocking pings and traceroutes to our website.
But, in order for our members to test the connection when they are experiencing 
slow browsing, we are thinking about unblocking them...
Are there still any security issues (flooding, etc...) in enabling them or is 
that an old problem fixed a long time ago?

Thanks,
JD


  

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cpu load monitoring

[Alex H. Vandenham]

On Friday 23 January 2009 09:27:23 am Brian Mathis wrote:
> Another vote for sysstat/sar.  It has been around forever and this is
> it's purpose.  It also monitors all sorts of other parameters as well.

Does anyone know of a useful guide to help me do the analysis of sysstat/sar 
reports?

A.


-- 
This message has been scanned for viruses and
dangerous content by Avantel Systems, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SquirrelMail Sending Under Wrong Username

[Joe Pruett]

the problem is mixed up session ids.  i have made a quick patch based on 
the upstream update.  i've attached it.  it is for the c4 version, 
but probably would apply to c5.  apply it with:


cd /usr/share/squirrelmail
patch -p3 < FILE

also, after this sometimes customers will have to clear the SQMSESSID 
cookie from their browser or they won't be able to login.diff -ru /usr/share/squirrelmail/functions/global.php 
usr/share/squirrelmail/functions/global.php
--- /usr/share/squirrelmail/functions/global.php2009-01-14 
13:40:23.0 -0800
+++ usr/share/squirrelmail/functions/global.php 2009-01-21 13:49:14.0 
-0800
@@ -123,6 +123,10 @@
 ini_set('session.use_cookies','1');
 }
 
+/* Make sure to have $base_uri always initialized to avoid having session
+   cookie set twice (for $base_uri and $base_uri/src. */
+$base_uri = sqm_baseuri();
+
 /* convert old-style superglobals to current method
  * this is executed if you are running PHP 4.0.x.
  * it is run via a require_once directive in validate.php
@@ -379,9 +383,12 @@
 
 global $base_uri;
 
-if (isset($_COOKIE[session_name()])) sqsetcookie(session_name(), '', 0, 
$base_uri);
-if (isset($_COOKIE['username'])) sqsetcookie('username', '', 0, $base_uri);
-if (isset($_COOKIE['key'])) sqsetcookie('key', '', 0, $base_uri);
+if (isset($_COOKIE[session_name()])) {
+sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri);
+sqsetcookie(session_name(), $_COOKIE[session_name()], 1, 
$base_uri."src/");
+}
+if (isset($_COOKIE['username'])) sqsetcookie('username', '', 1, $base_uri);
+if (isset($_COOKIE['key'])) sqsetcookie('key', '', 1, $base_uri);
 
 $sessid = session_id();
 if (!empty( $sessid )) {
@@ -428,6 +435,12 @@
 // could be: sq_call_function_suppress_errors('session_start');
 $session_id = session_id();
 
+// make sure 'deleted' is never a valid session identifier
+if ($session_id == 'deleted') {
+session_regenerate_id();
+$session_id = session_id();
+}
+
 // session_starts sets the sessionid cookie but without the httponly var
 // setting the cookie again sets the httponly cookie attribute
 //
diff -ru /usr/share/squirrelmail/functions/strings.php 
usr/share/squirrelmail/functions/strings.php
--- /usr/share/squirrelmail/functions/strings.php   2009-01-14 
13:40:25.0 -0800
+++ usr/share/squirrelmail/functions/strings.php2009-01-21 
13:49:16.0 -0800
@@ -16,7 +16,7 @@
  * SquirrelMail version number -- DO NOT CHANGE
  */
 global $version;
-$version = '1.4.8-5.el4.centos.2';
+$version = '1.4.8-5.3';
 
 /**
  * SquirrelMail internal version number -- DO NOT CHANGE
Binary files /usr/share/squirrelmail/images/sm_logo.png and 
usr/share/squirrelmail/images/sm_logo.png differ
Only in /usr/share/squirrelmail/plugins: abook_import_export
Only in /usr/share/squirrelmail/plugins: address_add
Only in /usr/share/squirrelmail/plugins: change_pass
Only in /usr/share/squirrelmail/plugins: gpg
Only in /usr/share/squirrelmail/plugins: vacation_local
Only in /usr/share/squirrelmail/plugins: vacation_spire
Only in /usr/share/squirrelmail/plugins: virtualtable
diff -ru /usr/share/squirrelmail/src/redirect.php 
usr/share/squirrelmail/src/redirect.php
--- /usr/share/squirrelmail/src/redirect.php2009-01-14 13:40:23.0 
-0800
+++ usr/share/squirrelmail/src/redirect.php 2009-01-21 13:49:14.0 
-0800
@@ -71,6 +71,9 @@
 if (!sqsession_is_registered('user_is_logged_in')) {
 do_hook ('login_before');
 
+// make sure to regenerate session id upon user login
+session_regenerate_id();
+
 $onetimepad = OneTimePadCreate(strlen($secretkey));
 $key = OneTimePadEncrypt($secretkey, $onetimepad);
 sqsession_register($onetimepad, 'onetimepad');
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[Thiago Avelino]

setenforce 0

2009/1/23 Kevin Thorpe 

> Hi all,
>  I've set SELinux to disabled using the security and firewall
> widget but I'm still getting a lot of messages in Logwatch
>
>  NULL security context for user, but SELinux in permissive mode, continuing
> ()
>
> So it looks like SELinux is still operating. Can anyone tell me how to
> turn it off completely? It's my development
> server under my desk so I reallly don't care about security.
>
> thanks
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
att.
  _
 °v°   Thiago Avelino
/(_)\   Programador | SysAdmin
 ^ ^Celular: (11) 7660-2933
www.avelino.us | www.centos-br.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT? File order on CentOS/Samba server

[John]

> -Original Message-
> From: centos-boun...@centos.org 
> [mailto:centos-boun...@centos.org] On Behalf Of Miguel Medalha
> Sent: Thursday, January 22, 2009 3:29 PM
> To: CentOS mailing list; sa...@lists.samba.org
> Subject: [CentOS] OT? File order on CentOS/Samba server

http://code.google.com/p/samba-dirsort-vfs/

Did you try that? I think someone recommended it to you. If it does indeed
work which I do not think it will for your situation, send me a personal
mail. Although I think your real problem lies in your processing software in
the file ordering. I would have a really good look at the software doing it.
Why because The Gimp can do this with no problem and it is OSS (file
ordering).

JohnStanley

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Managing change control in servers, LDAP, firewalls and switches question

[Ross Walker]

On Fri, Jan 23, 2009 at 10:32 AM, Erick Perez  wrote:
> Hi, being an off-topic questions with so many vendors involved I had
> no definitive place to go to ask but here. So maybe some of the list
> members have ideas in mind.
>
> Currently we manage several switches,firewalls and MS LDAP and Centos
> OpenLDAP installations.
> We are looking for a "man in the middle" or "framework" to manage
> change on our network devices and LDAP-based servers.
> So far, using Quest ActiveRoles/Intrust has filled the part of LDAP,
> where administrators log into ActiveRoles/Intrust system, generate
> changes (delete OU, users, change passwords, etc) then the request has
> to be approved by a staff member in Activeroles/intrust. When the
> approval is sent to the system, the ActiveRoles/Intrust (and not the
> sysadmin) logs into the LDAP systems and perform the changes. This has
> proven useful in tracking changes (who did what, when, who approved
> it).
> We are looking into a similar solution (Quest Software does not have
> that for devices) to perform change and control on the routers,
> switches and firewalls.
>
> Maybe someone can also point me to a mailing list where i can ask the
> same question?

Most people do change management through trust, but verify, where change
requests are submitted, approved, then an administrator implements by hand,
and then replies that it was done successfully or not and what the failure was.
Then at some point, these changes are verified by someone else and confirmed
to been in place.

You could try to automate the verification process by using IDS software to log
all the environment changes, then match those up with change requests. Any
that happen without a change request were unauthorized and need to be rolled
back.

This way you get 2 birds with 1 stone, change management verification and
intrusion detection. Couple that with a good backup/restore strategy and you
should have the major bases covered.

-Ross
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[nate]

Kevin Thorpe wrote:
> Hi all,
>   I've set SELinux to disabled using the security and firewall
> widget but I'm still getting a lot of messages in Logwatch
>
>  NULL security context for user, but SELinux in permissive mode, continuing
> ()
>
> So it looks like SELinux is still operating. Can anyone tell me how to
> turn it off completely? It's my development
> server under my desk so I reallly don't care about security.

I remove all of the selinux packages and disable it as well in


packages I make sure are not installed via kickstart:

CentOS 4.x
libselinux
libselinux-devel
libsepol
selinux-policy-targeted

CentOS 5.x
libselinux
libselinux-devel
libselinux-python
libsemanage
libsepol
libsepol-devel
selinux-policy
selinux-policy-targeted

on CentOS 4.x I also do this via kickstart:
sed -i s'/SELINUX=enforcing/SELINUX=disabled'/g /etc/sysconfig/selinux

as using kickstart's internal stuff to disable selinux didn't
seem to do the job.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cpu load monitoring

[Steve Lindemann]

Dave Stevens wrote:
>>>snip
> bandwidth requirements but I would like to check the cpu load. I can not be 
> at the server during the test and am interested in knowing if there is 
> logging of cpu load available. Anyone have experience with this? 
> Recommendations?

I've been using MRTG for ages to monitor cpu load and happily recommend 
it for all manner of monitoring (not just routers 8^).  MRTG can be 
found at:
http://oss.oetiker.ch/mrtg/index.en.html

...and the program to pass cpu load to mrtg can be found at:
http://oss.oetiker.ch/mrtg/pub/contrib/linux_loadavg_mrtg.tar.gz

...my mrtg.cfg for this bit
~~
 Global Config Options
WithPeak[_]: wmy
### loadavg
Target[loadavg]: `/usr/local/bin/linux_loadavg_mrtg`
MaxBytes[loadavg]: 50
Title[loadavg]: Load Average
PageTop[loadavg]: Load Average on Email Server
Options[loadavg]: growright,gauge,absolute,nopercent
YLegend[loadavg]: Load Average
ShortLegend[loadavg]: unit
Legend1[loadavg]: Load Average (1min)
Legend2[loadavg]: n/a
Legend3[loadavg]: Maximal 5 Minute Load Average
Legend4[loadavg]: n/a
LegendI[loadavg]:  Value:
LegendO[loadavg]:  n/a:
~~
--
Steve Lindemann __
Network Administrator  //\\  ASCII Ribbon Campaign
Marmot Library Network, Inc.   \\//  against HTML/RTF email,
http://www.marmot.org  //\\  vCards & M$ attachments
+1.970.242.3331 x116

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Support for i7 architecture?

[Vnpenguin]

On Thu, Jan 22, 2009 at 11:18 PM, Michael St. Laurent
 wrote:
> What is the status of i7 architecture support for CentOS-5?  Do the
> latest updates support it?
>

We have one box i7 with CentOS 5.2 here. It works very well ;-)

> uname -a
Linux xxx 2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 11:57:43 EST 2008
x86_64 x86_64 x86_64 GNU/Linux

> grep "model name" /proc/cpuinfo
model name  : Intel(R) Core(TM) i7 CPU 920  @ 2.67GHz
model name  : Intel(R) Core(TM) i7 CPU 920  @ 2.67GHz
model name  : Intel(R) Core(TM) i7 CPU 920  @ 2.67GHz
model name  : Intel(R) Core(TM) i7 CPU 920  @ 2.67GHz
model name  : Intel(R) Core(TM) i7 CPU 920  @ 2.67GHz
model name  : Intel(R) Core(TM) i7 CPU 920  @ 2.67GHz
model name  : Intel(R) Core(TM) i7 CPU 920  @ 2.67GHz
model name  : Intel(R) Core(TM) i7 CPU 920  @ 2.67GHz

> cat /etc/redhat-release
CentOS release 5.2 (Final)

-- 
http://vnoss.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Support for i7 architecture?

[RobertH]

did anyone give insight into the OP question, or is this just email bashing
class 099 ?

:-o

 - rh

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Seeking translators

[Ralph Angenendt]

Hi,

anyone here who wants to really help out with the CentOS project?

Then please check if you speak a language which is not yet on

 and help us
translate the Release Notes for 5.3 (and 5.4, 5.6, 6.0 and whatever
comes next).

If you want to help out, please contact me *off* list. 

I have a slight timing issue (some parts have to be done by next
Thursday, but that really is only a small part) and I'm sorry for not
contacting this list earlier :)

So if you can and want to help - send me a mail!

Cheers,

Ralph


pgpAJkt6PX3wP.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Looking for a timer/counter script

[tdukes]

 Rudi Ahlers  wrote: 
> On Fri, Jan 23, 2009 at 2:27 PM, Thomas Dukes  wrote:
> > Hello,
> >
> > Was hoping someone could help me find a script for a website that increments
> > at a specified rate over a specified period of time, something similar to
> > the US National Debt site.  I searched hotscripts but not really sure what
> > this type script would be called.
> >
> > TIA
> >
> > PS  I looked at the code for the national debt script but I can't make head
> > or tails of it.
> >
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> 
> 
> Well, a simple time ticker would do. You should be able to set the
> rate / time for the counter increments. Hotscripts.com, under PHP have
> quite a few turorials for this kind of thing.
> 
> Look, for exampe, for a "countdown timer", and the modify the code a
> bit to run forwards instead of backwards.
> -- 
> 
> Kind Regards
> Rudi Ahlers


Thanks, will look again!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: Managing change control in servers, LDAP, firewalls and switches question

[Erick Perez]

Hi, being an off-topic questions with so many vendors involved I had
no definitive place to go to ask but here. So maybe some of the list
members have ideas in mind.

Currently we manage several switches,firewalls and MS LDAP and Centos
OpenLDAP installations.
We are looking for a "man in the middle" or "framework" to manage
change on our network devices and LDAP-based servers.
So far, using Quest ActiveRoles/Intrust has filled the part of LDAP,
where administrators log into ActiveRoles/Intrust system, generate
changes (delete OU, users, change passwords, etc) then the request has
to be approved by a staff member in Activeroles/intrust. When the
approval is sent to the system, the ActiveRoles/Intrust (and not the
sysadmin) logs into the LDAP systems and perform the changes. This has
proven useful in tracking changes (who did what, when, who approved
it).
We are looking into a similar solution (Quest Software does not have
that for devices) to perform change and control on the routers,
switches and firewalls.

Maybe someone can also point me to a mailing list where i can ask the
same question?

thanks,


-- 

Erick Perez
Cel +(507) 6675-5083

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] libpython2.4.so.1.0 i386

[Ed Donahue]

I am running Kernel 2.6.18-92.1.18.el5 x86_64.
I need /usr/lib/libpython2.4.so.1.0 for virtualbox.
I have python-2.4.3-21.el5.i386.rpm installed which is supposed to provide it.
Can I just grab the rpm and take out libpython2.4.so.1.0 and just put
it in /usr/lib ?
Not sure how to do that.
I figured a sym-link would have the app not compile correctly (if at
all) with the 64-bit lib.

Tried yum with no luck:
yum localinstall -y --nogpgcheck VirtualBox-2.1.2_41885_rhel5-1.i386.rpm
--> Running transaction check
---> Package VirtualBox.i386 0:2.1.2_41885_rhel5-1 set to be updated
--> Processing Dependency: libpython2.4.so.1.0 for package: VirtualBox
--> Finished Dependency Resolution
Error: Missing Dependency: libpython2.4.so.1.0 is needed by package VirtualBox

rpm -qa|grep python|sort
...
python-2.4.3-21.el5
python-crypto-2.0-1.2.el5.rf
python-elementtree-1.2.6-5
python-game-1.8.1-1.el5.rf
python-iniparse-0.2.3-4.el5
python-khashmir-4.4.0-1.el5.rf
python-ldap-2.2.0-2.1
python-numeric-23.7-2.2.2
python-sqlite-1.1.7-1.2.1
python-urlgrabber-3.1.0-2
python-xdg-0.17-1.el5.rf
rpm-python-4.4.2-48.el5
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ext4 in 5.3

[Peter Kjellstrom]

On Friday 23 January 2009, Stephen John Smoogen wrote:
> On Tue, Jan 20, 2009 at 9:11 PM, Stephen John Smoogen  
wrote:
> > On Tue, Jan 20, 2009 at 6:33 PM, Jerry Geis  wrote:
> >> Hi guys - I'm really looking forward to 5.3 for the potential of ext4.
> >> I am moving/copying image files lately 8G file and it is slow. I am
> >> hoping that ext4 really speeds that up.
> >
> > I don't think it will speed things up much. 8GB files are mostly
> > hardware throughput and ext3/4 will actually be slower because the
> > journalling etc are to make it more robust but at a speed cost. You
> > would probably see better speed by going to ext2.
>
> I make it a habit of eating my own words if I screw up. If the results
> seen on Ubuntu by one test hold up, it might have a large increase in
> large writes

In my experience write performance for different filesystems is very dependant 
on the type of hardware. I have raid controllers where the difference between 
Ext3 and XFS is ~20% and I have those where it is 120%...

> (but nothing in large reads). 

Read (single thread seq.) is often limited by having a too low read ahead 
setting. "blockdev --setra 8192" can often push it up to bare metal speed for 
both Ext3 and XFS. It's important to note that this may not be very optimal 
for your typical I/O mix (non single thread, non seq.).

/Peter


signature.asc
Description: This is a digitally signed message part.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cpu load monitoring

[Brian Mathis]

Another vote for sysstat/sar.  It has been around forever and this is
it's purpose.  It also monitors all sorts of other parameters as well.


On Thu, Jan 22, 2009 at 7:56 PM, Dave Stevens  wrote:
> Hi,
>
> I have a server running Centos 5.2 and am implementing a GIS mapserver app. I
> have some sample logs from another implementation that give me an idea of
> bandwidth requirements but I would like to check the cpu load. I can not be
> at the server during the test and am interested in knowing if there is
> logging of cpu load available. Anyone have experience with this?
> Recommendations?
>
> Dave
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[Barry Brimer]

> So it looks like SELinux is still operating. Can anyone tell me how to
> turn it off completely? It's my development
> server under my desk so I reallly don't care about security.

Add the text "selinux=0" without the quotes to the kernel line in your 
/etc/grub.conf and reboot.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Support for i7 architecture?

[Drew Weaver]

It is trivial to create an initrd for the installer which has support the x58 
chipset.

If you would like my copy which also works with atom boards just e-mail me 
off-list.

-Drew

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Michael St. Laurent
Sent: Thursday, January 22, 2009 5:18 PM
To: centos@centos.org
Subject: [CentOS] Support for i7 architecture?

What is the status of i7 architecture support for CentOS-5?  Do the
latest updates support it?

--
This e-mail may contain technical information which is controlled by the United 
States Government, Department of State, International Traffic & Arms 
Regulations (ITAR) (22 CFR 120-130) which requires an export license prior to 
sharing with foreign persons. Lacking such license, ITAR technical data is 
limited to US Legal Residents only. It is the responsibility of the 
organization and individual in control of this data to abide by US export laws. 
If you are not a US Legal Resident, immediately forward this e-mail to 
not...@hartwellcorp.com or reply to sender without reading any further. Take no 
other action with this e-mail until contacted.

Notice:  The information in this document and document itself, in whole or in 
part, in any form ("Information") is proprietary and/or confidential property 
of Hartwell Corporation, Placentia, California.  Hartwell Corporation and its 
successors and assignees retain and reserve all right, title and interest in 
this information in whole or in part and in all forms.  This Information is 
provided to the original recipient only for confidential use, with the 
understanding that it will not be used in any manner detrimental to the 
interests of Hartwell Corporation, and subject to return on request.  
Reproduction, transmission, distribution or publication of this Information in 
any form, in whole or in part, for any purpose without prior written permission 
of Hartwell Corporation is strictly prohibited.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[Ned Slider]

Kevin Thorpe wrote:
> Hi all,
>   I've set SELinux to disabled using the security and firewall 
> widget but I'm still getting a lot of messages in Logwatch
> 
>  NULL security context for user, but SELinux in permissive mode, continuing ()
> 
> So it looks like SELinux is still operating. Can anyone tell me how to 
> turn it off completely? It's my development
> server under my desk so I reallly don't care about security.
> 
> thanks

It's on the Wiki:

http://wiki.centos.org/HowTos/SELinux#head-430e52f7f8a7b41ad5fc42a2f95d3e495d13d348

Edit the SELINUX= line in /etc/selinux/config to 'disabled' 
(SELINUX=disabld) and reboot.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[Kai Schaetzl]

Kevin Thorpe wrote on Fri, 23 Jan 2009 12:30:58 +:

> but SELinux in permissive mode

You didn't disable it, you set it to permissive (= report, but don't do 
anything).

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question on upgrading hardware

[Dave K]

On Thu, Jan 22, 2009 at 8:27 PM, nate  wrote:
> Bob Hoffman wrote:
>> For centos 5.x

>> 2- If I built another system, slightly different motherboard but most of the
>> rest the same as far as hardware, would taking a drive from the old system
>> and adding it to the new system work correctly and recognize what it needs?
>
> If the disk controller is the same you should be fine. If it is not
> the same you may want to adjust your /etc/modprobe.conf and rebuild
> your initrd prior to making the change to ensure the system boots.

I haven't tried this with CentOS 5.x, but have with other
distros/releases.  One thing that often happens is that the network
configuration will need to be re-run.  When kudzu (is that still in
5.x?  My 5.x system is down at the moment :( ) sees that the network
interface has changed, it deletes the config for the old one, than
asks you to configure the new one.  So be prepared to re-enter all the
interface details. Or save the existing config, and make the necessary
edits in single-user mode.

If you have a custom X setup, you should move it aside and let the
defaults take over again.

To make the transition easier, and to allow step-by-step testing, it
might be a good idea to set the initial run level to 1 before removing
the disk from the old system, make sure everything that you see looks
okay in single-user, jump to run-level 3, again check everything, then
try for run-level 5 (if that's where you're headed).  Leaving the
initial run-level at 1 or 3 is particularly helpful when you aren't
sure if the X config is working, as a bad X config can be a real pain
to work around (yes, you should be able to get to a virtual console
and so on, but SHOULD is the operative word).

In general, the more customizations you've made, the greater the
chance of problems.  One area of concern is the grub settings.  The
more specific they are to the hardware, the greater the chance of
failure.

Having a working live-cd (or usb key or whatever) that runs on the new
hardware could also be a life-saver.

If you have problems, there are some things I've done in the past to
recover failed systems:

1) Do an install to a "new" disk in the new hardware, and make note of
the various configuration settings.  Make the "old" drive the second
disk, and transfer those settings you need (ALWAYS KEEPING BACKUP
COPIES, of course).

2) If you mangle things to the point where things look unrecoverable,
don't despair.  You can try doing an "UPGRADE" installation of the
same distro/release using the old disk, that will often fix grub and
kernel configuration issues.  But that will also downgrade a lot of
packages back to the original release versions, so a full update will
be required afterwards.

By the way, you have made backups of all your
important/critical/valuable data, right? (Backups of /etc and /boot
can also be helpful if things start "going wrong".)

-- 
Dave K
Unix Systems & Network Administrator
Mount Laurel NJ
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[Craig White]

On Fri, 2009-01-23 at 12:30 +, Kevin Thorpe wrote:
> Hi all,
>   I've set SELinux to disabled using the security and firewall 
> widget but I'm still getting a lot of messages in Logwatch
> 
>  NULL security context for user, but SELinux in permissive mode, continuing ()
> 
> So it looks like SELinux is still operating. Can anyone tell me how to 
> turn it off completely? It's my development
> server under my desk so I reallly don't care about security.

changing mode doesn't take effect until next restart

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] where did all the nonfree rpms go? Nvidia? xine-lib-mp3?

[Rex Dieter]

Paul Johnson wrote:

> I installed Centos on some machines that need long term support.  I'm
> running up against some simple user convenience issues.
> 
> How to play MP3?
> 
> I've been really puzzled today that the addon rpm sites like livna,
> rpmforge, rpmfusion, epel, don't seem to have something like
> amarok-mp3 or xine-lib-mp3. 

Fwiw, rpmfusion uses more "PC" naming now :), with Obsoletes/Provides in
place, e.g.,  xine-lib-extras-freeworld

-- Rex




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Looking for a timer/counter script

[Rudi Ahlers]

On Fri, Jan 23, 2009 at 2:27 PM, Thomas Dukes  wrote:
> Hello,
>
> Was hoping someone could help me find a script for a website that increments
> at a specified rate over a specified period of time, something similar to
> the US National Debt site.  I searched hotscripts but not really sure what
> this type script would be called.
>
> TIA
>
> PS  I looked at the code for the national debt script but I can't make head
> or tails of it.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


Well, a simple time ticker would do. You should be able to set the
rate / time for the counter increments. Hotscripts.com, under PHP have
quite a few turorials for this kind of thing.

Look, for exampe, for a "countdown timer", and the modify the code a
bit to run forwards instead of backwards.
-- 

Kind Regards
Rudi Ahlers
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Completeley disabling SELinux?

[Laurent Wandrebeck]

2009/1/23 Kevin Thorpe :
> Hi all,
>  I've set SELinux to disabled using the security and firewall
> widget but I'm still getting a lot of messages in Logwatch
>
>  NULL security context for user, but SELinux in permissive mode, continuing ()
>
> So it looks like SELinux is still operating. Can anyone tell me how to
> turn it off completely? It's my development
> server under my desk so I reallly don't care about security.
system-config-securitylevel
selinux -> desactivated, disable (or something like that)
and you won't hear from selinux anymore.
Laurent.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Completeley disabling SELinux?

[Kevin Thorpe]

Hi all,
  I've set SELinux to disabled using the security and firewall 
widget but I'm still getting a lot of messages in Logwatch

 NULL security context for user, but SELinux in permissive mode, continuing ()

So it looks like SELinux is still operating. Can anyone tell me how to 
turn it off completely? It's my development
server under my desk so I reallly don't care about security.

thanks
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: Looking for a timer/counter script

[Thomas Dukes]

Hello,

Was hoping someone could help me find a script for a website that increments
at a specified rate over a specified period of time, something similar to
the US National Debt site.  I searched hotscripts but not really sure what
this type script would be called.

TIA

PS  I looked at the code for the national debt script but I can't make head
or tails of it.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] start network installation with HP 8530w with Intel ethernet card

[MOKRANI Rachid]

Hi,

I have an HP 8530w laptop. I need ti instal it under CentOS 5.2 x86_64 -
kernel 2.6.18-92.

The network card is not recognized. I have add the driver
e1000e-0.5.11.2 (dowload from Intel site). 
After compiled and installed the driver, all work fine!



But I need to make a network installation and the Intel network card
should be recognized before.

I found the following script on the net and try it.


--
wget http://my_web_server/CentOS/5.2/x86_64/images/diskboot.img
cp diskboot.img diskboot.orig.img

mkdir diskboot_mnt
mount -o loop diskboot.img diskboot_mnt

mkdir initrd_extracted
cd initrd_extracted
gunzip < ../diskboot_mnt/initrd.img | cpio -i --make-directories

cd ..
mkdir modules_extracted
cd modules_extracted
gunzip < ../initrd_extracted/modules/modules.cgz | cpio -i
--make-directories

cd 2.6.18-92.el5/x86_64
rm e1000e.ko
wget http://my_web_server/e1000e.ko

# Now put humpty back together again
cd ../../
find . -print |cpio -o -Hnewc | gzip -c9 > ../modules.cgz
cd ..
cp -fp --no-preserve=all modules.cgz initrd_extracted/modules/

cd initrd_extracted
find . -print |cpio -o -Hnewc | gzip -c9 > ../initrd.img
cd ..

cp -fp initrd.img diskboot_mnt/

# cleanup
umount diskboot_mnt
rm -rf diskboot_mnt/ initrd_extracted/ initrd.img  modules.cgz
modules_extracted/

mv diskboot.img diskboot.mod.img

dd if=diskboot.mod.img of=/dev/sdb


-

After trying to start on a USB key, the network card is not recognized
again :-(

Something is missing ...
how to add this network driver for starting a network installation ?
Anybody do this before ?

Best Regards (and sorry for my poor english)




__

Ce message (et toutes ses pièces jointes éventuelles) est confidentiel et 
établi à l'intention exclusive de ses destinataires. Toute utilisation de ce 
message non conforme à sa destination, toute diffusion ou toute publication, 
totale ou partielle, est interdite, sauf autorisation expresse. L'IFP décline 
toute responsabilité au titre de ce message.

This message and any attachments (the message) are confidential and intended 
solely for the addressees. Any unauthorised use or dissemination is prohibited. 
IFP should not be liable for this message.

Visitez notre site Web / Visit our web site : http://www.ifp.fr
__
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] can't install rrdtool, problems with dependancies

[Kai Schaetzl]

Rudi Ahlers wrote on Fri, 23 Jan 2009 13:17:39 +0200:

> Error: Missing Dependency: perl(RRDp) is needed by package rrdtool
> Error: Missing Dependency: perl(RRDs) is needed by package rrdtool

I think you need perl-rrdtool as well.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] where did all the nonfree rpms go? Nvidia? xine-lib-mp3?

[Sorin Srbu]

>-Original Message-
>From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf
Of
>Ralph Angenendt
>Sent: Friday, January 23, 2009 11:13 AM
>To: centos@centos.org
>Subject: Re: [CentOS] where did all the nonfree rpms go? Nvidia?
xine-lib-mp3?
>
>Sorin Srbu wrote:
>> Why don't you get your proprietary drivers from nvidia.com? Or do you need
an
>> actual rpm-package? Anyway, you're bound to get newest stuff from
Nvidia.com.
>
>Yes, using an rpm package is better, as the packaged drivers do not
>remove libGL.so, for example, like the nvidia driver does.

You need those for a particular reason? Backward-compatibility maybe? Just
curious.

/Sorin



smime.p7s
Description: S/MIME cryptographic signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] can't install rrdtool, problems with dependancies

[Tru Huynh]

On Fri, Jan 23, 2009 at 01:17:39PM +0200, Rudi Ahlers wrote:
> Hi all,
> 
> I have tried to install rrdtool manually, but have noticed that I need
> perl-rrdtool as well for it to work, and I have approached this the
> wrong way.

You knew it, and even though you tried...
http://wiki.centos.org/PackageManagement/SourceInstalls

http://www.arrfab.net/blog/?p=106
http://www.bofh-hunter.com/2009/01/02/evils-of-source/

> ...

> Finished
> Setting up Install Process
> Parsing package install arguments
> Resolving Dependencies
> --> Running transaction check
> ---> Package rrdtool-devel.x86_64 0:1.2.29-1.el5.rf set to be updated
> ---> Package rrdtool.x86_64 0:1.2.29-1.el5.rf set to be updated
> --> Processing Dependency: perl(RRDp) for package: rrdtool
> --> Processing Dependency: perl(RRDs) for package: rrdtool
> --> Finished Dependency Resolution
> Error: Missing Dependency: perl(RRDp) is needed by package rrdtool
> Error: Missing Dependency: perl(RRDs) is needed by package rrdtool
-> not CentOS provided, please take it the the rpmforge mailing list
for support.

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B


pgpGsoPpqrz5K.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] can't install rrdtool, problems with dependancies

[Rudi Ahlers]

Hi all,

I have tried to install rrdtool manually, but have noticed that I need
perl-rrdtool as well for it to work, and I have approached this the
wrong way.

So, instead of installing rpmforge first, I have downloaded the
rrdtool from sourceforge and installed it the old-fashioned way,
totally forgot about rpmforge.

So, now I want to remove it, and install it via rpmforge in order to
get perl-rrdtool installed as well.

The steps I initially took was:


yum install cairo-devel libxml2-devel pango-devel pango libpng-devel
freetype freetype-devel libart_lgpl-devel

# cd /opt/
# wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.3.1.tar.gz
# tar -zxvf rrdtool-1.3.1.tar.gz
# export PKG_CONFIG_PATH=/usr/lib/pkgconfig/
# ./configure
# make
# make install
# cd /usr/local/
# ln -s rrdtool-1.3.1/ rrdtool/
# cd rrdtool
# ls -l

I got the instructions here,
http://www.cyberciti.biz/faq/howto-install-rrdtool-on-rhel-linux/,
which originally came from here:
http://www.cyberciti.biz/faq/howto-install-ntop-on-rhel-centos-fedora-linux/


BUT, now that I want to move on, I can't. When I try and install /
update / remove either ntop or rrdtool via yum, I get the following
errors:



sh-3.2# yum install rrdtool-devel rrdtool
Loading "fastestmirror" plugin
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository addons is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
 * rpmforge: apt.sw.be
 * base: ftp.is.co.za
 * updates: ftp.is.co.za
 * addons: ftp.is.co.za
 * extras: ftp.is.co.za
Excluding Packages in global exclude list
Finished
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package rrdtool-devel.x86_64 0:1.2.29-1.el5.rf set to be updated
---> Package rrdtool.x86_64 0:1.2.29-1.el5.rf set to be updated
--> Processing Dependency: perl(RRDp) for package: rrdtool
--> Processing Dependency: perl(RRDs) for package: rrdtool
--> Finished Dependency Resolution
Error: Missing Dependency: perl(RRDp) is needed by package rrdtool
Error: Missing Dependency: perl(RRDs) is needed by package rrdtool




I have tried to remove rrdtool, as follows

# cd /opt/rrdtool
# make uninstall

Yet the errors are still the same.


So, how else can I get this working?

-- 

Kind Regards
Rudi Ahlers
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] where did all the nonfree rpms go? Nvidia? xine-lib-mp3?

[Ralph Angenendt]

Paul Johnson wrote:
> I installed Centos on some machines that need long term support.  I'm
> running up against some simple user convenience issues.
> 
> How to play MP3?
> 
> I've been really puzzled today that the addon rpm sites like livna,
> rpmforge, rpmfusion, epel, don't seem to have something like
> amarok-mp3 or xine-lib-mp3.  What am I missing?   It can be done in
> Ubuntu, Debian, and Fedora Linux.

No, but they have gstreamer plugins which can play mp3s, there's
xmms-mp3, and xine-lib from rpmforge also should play mp3s.

> In the worst case scenario, what must be done? get the xine source
> code and build an rpm that includes the mp3 components?

Have you checked that this isn't already the case?

> Do you have Nvidia cards?
> 
> Then I noticed there is a new Nvidia proprietary driver on
> www.nvidia.org, and I can't find an rpm package for it, or for the
> previous 2 releases of the nvidia driver.  The place to get those
> packages used to be rpm.livna.org, but that is now moved to rpmfusion,
> but on the rpmfusion site, the nonfree folders are empty.

livna.org *never* had rpms for CentOS/RHEL. atrpms and rpmforge have
nvidia drivers for CentOS/RHEL. If you need more current ones, please do
contact the appropriate venues (mailing lists, forums) for those
repositories.

> Oh, well. Just singing a complaining song.

Yes, but to the wrong audience. CentOS is not in control over what gets
into third party repositories.

Ralph


pgpL478u9MrpV.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] where did all the nonfree rpms go? Nvidia? xine-lib-mp3?

[Ralph Angenendt]

Sorin Srbu wrote:
> Why don't you get your proprietary drivers from nvidia.com? Or do you need an
> actual rpm-package? Anyway, you're bound to get newest stuff from Nvidia.com.

Yes, using an rpm package is better, as the packaged drivers do not
remove libGL.so, for example, like the nvidia driver does.

Cheers,

Ralph


pgpCxVFbNjus2.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] where did all the nonfree rpms go? Nvidia? xine-lib-mp3?

[Sorin Srbu]

>-Original Message-
>From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf
Of
>Paul Johnson
>Sent: Friday, January 23, 2009 7:04 AM
>To: CentOS mailing list
>Subject: [CentOS] where did all the nonfree rpms go? Nvidia? xine-lib-mp3?
>
>Then I noticed there is a new Nvidia proprietary driver on
>www.nvidia.org, and I can't find an rpm package for it, or for the
>previous 2 releases of the nvidia driver.  The place to get those
>packages used to be rpm.livna.org, but that is now moved to rpmfusion,
>but on the rpmfusion site, the nonfree folders are empty.

Why don't you get your proprietary drivers from nvidia.com? Or do you need an
actual rpm-package? Anyway, you're bound to get newest stuff from Nvidia.com.




smime.p7s
Description: S/MIME cryptographic signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cpu load monitoring

[Dougal Ballantyne]

On Fri, Jan 23, 2009 at 1:56 AM, Dave Stevens  wrote:
> Hi,
>
> I have a server running Centos 5.2 and am implementing a GIS mapserver app. I
> have some sample logs from another implementation that give me an idea of
> bandwidth requirements but I would like to check the cpu load. I can not be
> at the server during the test and am interested in knowing if there is
> logging of cpu load available. Anyone have experience with this?
> Recommendations?

I use munin  for almost all my server monitoring. It is quite
lightweight and you can easily configure it to only record basic CPU
info or more detail as required. It is available in the EPEL
repository.

http://download.fedora.redhat.com/pub/epel/4/i386/repoview/munin.html

http://munin.projects.linpro.no/

-Dougal

>
> Dave
>
> --
> Canada must refuse to be entangled in any more wars fought to make the world
> safe for capitalism.
>
> -- The Regina Manifesto, 1933
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos