Re: [CentOS-docs] Updated How to Setup a Software RAID on CentOS 5
Dear Russ, There's always going to be an argument about whether to put /boot and swap on RAID. It's all about performance most of the time being slightly better versus stability in the event of device failure. I can't think of a good argument for not having /boot on the raid1. Then you do not support it, and see the recurring support load in #centos -- we get this load all the time. It is from clueless newbies, barely able to communicate, with unknown controllers. Putting /boot on raid adds complexity, it breaks, and it is needless in most cases. I personally cannot agree on that. Syncing /boot 'manually' adds much more complexibility, unless you add scripts that automate the process. I also wonder what's wrong in having /boot on a RAID1 partition, because rescue mode should offer all necessary tools to mount raid partitions. Instead I would suggest to add a separate page with common recovery scenarios. Best Regards Marcus ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] computer output blocks on wiki page
On Thu, 2009-04-30 at 08:02 -0400, Phil Schaffner wrote: Akemi Yagi wrote: .. If I'm not mistaken, adding a ?action=raw to the URL will show the raw text regardless of the edit rights. ?? Senility strikes again! Akemi has this knack for coming up with all the things that I should know but forgot. :-P Exactly the reason why the Borg will triumph, eventually. :-) snip sig stuff -- Bill ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Proposal: Java HowTo Section
Sean Gilligan wrote: Ralph Angenendt wrote: ... Maybe someone with a bit better java background than I have would like to chime in? Ned-style disclaimer, I am not a Java expert; OTOH, I have built/rebuilt-from-SRPM a lot of Java packages over the years using the HowTo or variations on that theme, so I'm chiming in anyway. Russ Herrold added the special note on OpenJDK, hopefully he will chime in. Sorry, again for the long-winded proposal. To make a real quick summary of what I'm suggesting: 1) Move the current HowTo to a new Java Section 2) Create a new NowTo for OpenJDK on CentOS 5.3 and later Makes sense to me, but the older 5.x stuff should be moved out of the main article to a footnote, or better yet to a Legacy [sub]page to avoid confusion - if it is to be kept at all. We don't want to encourage people to use the 5.0-5.2 approach on 5.3, nor to fail to keep up to date. The current HowTo describes various methods of installing Sun or IBM's commercial Java. OpenJDK makes CentOS 5.3 the first version of CentOS to have a built-in Java that is fully compatible with Sun's latest Java. This is a significant change from earlier releases and for most 5.3 users makes the previous HowTo obsolete. +1 with the caveat that plugins are not provided by the upstream packages. Sounds like a CentOSplus candidate, or we are forced to point people to 3rd party repos for browser plugins that IMHO really ought to be part of the core. http://bugs.centos.org/view.php?id=3574 Phil ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] Updated How to Setup a Software RAID on CentOS 5
On Wed, 29 Apr 2009, Phil Schaffner wrote: R P Herrold wrote: On Wed, 29 Apr 2009, Ned Slider wrote: unknown prior wrote ... There's always going to be an argument about whether to put /boot and swap on RAID. It's all about performance most of the time being slightly better versus stability in the event of device failure. I can't think of a good argument for not having /boot on the raid1. Then you do not support it, and see the recurring support load in #centos -- we get this load all the time. ... That's pretty much what the article started with if you follow the long history of the first thread on the contribution, but the consensus of the people who commented was overwhelmingly in favor of /boot on RAID1, ... My response was simply in reply to the 'I can't think of a good argument' comment by 'Ned Slider'. To respond to 'the consensus ... overwhelmingly' remark, the mice also overwhelmingly voted to bell the cat. Counting noses does not make a bad answer more correct; using raid rather than flat RO /boot partitions is still less robust so that's where it is now. Would be glad to add a footnote with your POV, or feel free to do so yourself. No, when it irritates me enough that the clueless newbies who don't read and don't research are not helped by yet another writeup not to read, and keep coming back for spoons, I may add a Method B subsection. Or more likely ignore what I consider a bad support method and point to our rebuild of upstreams doc's I remain unconvinced that replicating documentation, and adding places for entropy to rot in a wiki is a win. I'd upstream the change, instead, as there is NO CentOS specific aspect here. -- Russ herrold ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] Updated How to Setup a Software RAID on CentOS 5
On Thu, 30 Apr 2009, Marcus Moeller wrote: I personally cannot agree on that. Syncing /boot 'manually' adds much more complexibility, unless you add scripts that automate the process. Setup: /etc/yum.conf contains a: exclude=kernel\* /etc/yum-kernel.conf does not Actions: trivially wrappable in a script # mount -n -w /boot # yum -c /etc/yum-kernel.conf update kernel\* # mount -n -r /boot # [ ! -d /mnt/boot ] mkdir /mnt/boot # mount -w /mnt/boot /dev/sdbX (/boot1) # rsync -a /boot/. /mnt/boot/. # umount /mnt/boot A copy and paste of the first stanza (zero index is our convention here) with one edit for /boot's root (hd0,0) to make it: root (hd1,0) finishes the job I also wonder what's wrong in having /boot on a RAID1 partition, because rescue mode should offer all necessary tools to mount raid partitions. Instead I would suggest to add a separate page with common recovery scenarios. No rescue media may be available, or the host may lack a drive to boot it from; my method, and an alternate 'fallback' boot stanza in grub.conf # Fallback to the second entry. fallback 1 and one can recover with nothing more than a grub system prompt -- Russ herrold ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Updated How to Setup a Software RAID on CentOS 5
On 04/30/2009 10:22 AM, R P Herrold wrote: ... To respond to 'the consensus ... overwhelmingly' remark, the mice also overwhelmingly voted to bell the cat. Counting noses does not make a bad answer more correct; using raid rather than flat RO /boot partitions is still less robust less robust != bad answer ;-) so that's where it is now. Would be glad to add a footnote with your POV, or feel free to do so yourself. No, when it irritates me enough that the clueless newbies who don't read and don't research are not helped by yet another writeup not to read, and keep coming back for spoons, I may add a Method B subsection. Or more likely ignore what I consider a bad support method and point to our rebuild of upstreams doc's I remain unconvinced that replicating documentation, and adding places for entropy to rot in a wiki is a win. I'd upstream the change, instead, as there is NO CentOS specific aspect here. Sadly, it's more than the newbies that get this wrong. Getting started is still hard. Understanding and wisdom takes time. Many people don't even know how to start or search for what they need. How can one find the words for something that is not understood? That's more rhetorical than anything else. I, for one, find an explicit howto for CentOS comforting. That sure makes the centos raid setup google search pretty easy. It lends credibility to the idea that CentOS is more than a knock-off RHEL. Part of this situation seems (to me) to be more of a blurring of backup -vs- RAID. Both are good and have a place. Either by itself is non-optimal. Sadly, neither are capable on my laptops or my m-itx cases etc. Rejoice in divergence of opinions. I still want to see the mdadm resync'ing or parity scrub info added somewhere :-) pjwelsh ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Proposal: Java HowTo Section
Phil Schaffner wrote: I have built/rebuilt-from-SRPM a lot of Java packages over the years using the HowTo or variations on that theme, so I'm chiming in anyway. And I'm assuming that you're hoping those days are behind you? Also, am I correct in assuming that almost nobody uses the Java VM from GCJ? Russ Herrold added the special note on OpenJDK, hopefully he will chime in. Sorry, again for the long-winded proposal. To make a real quick summary of what I'm suggesting: 1) Move the current HowTo to a new Java Section 2) Create a new NowTo for OpenJDK on CentOS 5.3 and later Makes sense to me, but the older 5.x stuff should be moved out of the main article to a footnote, or better yet to a Legacy [sub]page to avoid confusion - if it is to be kept at all. Yes, that's why I'm advocating a Java section and (initially) two HowTo's. One for the older legacy approach, and one for the new OpenJDK approach. +1 with the caveat that plugins are not provided by the upstream packages. Sounds like a CentOSplus candidate, or we are forced to point people to 3rd party repos for browser plugins that IMHO really ought to be part of the core. http://bugs.centos.org/view.php?id=3574 Thanks for the information. The OpenJDK HowTo should have a section that addresses browser plugin issues. -- Sean ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Updated How to Setup a Software RAID on CentOS 5
R P Herrold wrote: On Wed, 29 Apr 2009, Phil Schaffner wrote: R P Herrold wrote: On Wed, 29 Apr 2009, Ned Slider wrote: unknown prior wrote ... There's always going to be an argument about whether to put /boot and swap on RAID. It's all about performance most of the time being slightly better versus stability in the event of device failure. I can't think of a good argument for not having /boot on the raid1. Then you do not support it, and see the recurring support load in #centos -- we get this load all the time. ... That's pretty much what the article started with if you follow the long history of the first thread on the contribution, but the consensus of the people who commented was overwhelmingly in favor of /boot on RAID1, ... My response was simply in reply to the 'I can't think of a good argument' comment by 'Ned Slider'. To respond to 'the consensus ... overwhelmingly' remark, the mice also overwhelmingly voted to bell the cat. Counting noses does not make a bad answer more correct; using raid rather than flat RO /boot partitions is still less robust Well it seems you are alone in your view (at present, on this list). I have yet to see a convincing argument to change my opinion to not place /boot on a software RAID1 where one has chosen to use software RAID1. You state 'putting /boot on raid adds complexity' - I disagree in this case (for software raid1), it removes the additional complexity of having to manually resync /boot if it's *not* on the software RAID1 every time it's updated, and that appears to be the opinion held by others (and the very reason the page was created in the first place). Why add complexity - why not let the raid do the work for you. If either drive fails the system will still boot and the faulty drive can be replaced. More robust, but with additional complexity doesn't necessarily make a better solution for new (inexperienced) users. Best practices are usually derived through discussion and consensus, something I believe this thread is striving to achieve. so that's where it is now. Would be glad to add a footnote with your POV, or feel free to do so yourself. No, when it irritates me enough that the clueless newbies who don't read and don't research are not helped by yet another writeup not to read, and keep coming back for spoons, I may add a Method B subsection. Or more likely ignore what I consider a bad support method and point to our rebuild of upstreams doc's Upstream docs appear to advocate *exactly* what the current Wiki page describes (as do the CentOS docs): http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-raid-config.html http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-raid-diskdruid-manual-devmnt.html I remain unconvinced that replicating documentation, and adding places for entropy to rot in a wiki is a win. I'd upstream the change, instead, as there is NO CentOS specific aspect here. I guess the point here is people don't read the docs but might search/read the Wiki, and we are able to amend/add to the Wiki were we are unable to do so in upstream derived docs. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] Proposal: Java HowTo Section
On Wed, 29 Apr 2009, Sean Gilligan wrote: Russ Herrold added the special note on OpenJDK, hopefully he will chime in. Sean, I think you are on the right track; I would refactor the java articles into a couple of them in a sub-tree, with a chooser at the head, probably forming on pre/post 5.3, and on Method A and Method B, to better handle sub issues, and aid maintenance. The 'political' background on Java and the absence of a Four Freedoms freely availabile test suite to produce a conforming Java (it is seriously not free, and remains so) constrains the CentOS project mightily. We need nothing but elideable trademarks (and no other IP constraints) to be able to safely build it. No NDA's no indemnifications, no patent threats, no non-freely reproduceable copyrights. See my IA_AL disclaimer in the piece cited in a moment, included by reference here. In the absence of a reasonable test suite for EACH OF 1) a given Java implementation, and disjunctly 2) a given Java application, I have led (strenuously) opposition to the inclusion of Java in the LSB standard, and will continue to so drive my views, until and unless Sun's entire toolchain [of that from another project] becomes Four Freedoms (or at least OSI FOSS) compatible. https://lists.linux-foundation.org/pipermail/lsb-discuss/2008-August/005410.html has all the gory details. This opposition does not mean I oppose Java and its use; it is just not FOSS. I am please to see that the java application I use (also using the AWT) 'just works' under 5.3 with the addition of some fonts; when I have time I'll narrow down just what I need in a minimal install. -- Russ herrold ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Updated How to Setup a Software RAID on CentOS 5
Dear Ned, ... That's pretty much what the article started with if you follow the long history of the first thread on the contribution, but the consensus of the people who commented was overwhelmingly in favor of /boot on RAID1, ... My response was simply in reply to the 'I can't think of a good argument' comment by 'Ned Slider'. To respond to 'the consensus ... overwhelmingly' remark, the mice also overwhelmingly voted to bell the cat. Counting noses does not make a bad answer more correct; using raid rather than flat RO /boot partitions is still less robust Well it seems you are alone in your view (at present, on this list). I have yet to see a convincing argument to change my opinion to not place /boot on a software RAID1 where one has chosen to use software RAID1. You state 'putting /boot on raid adds complexity' - I disagree in this case (for software raid1), it removes the additional complexity of having to manually resync /boot if it's *not* on the software RAID1 every time it's updated, and that appears to be the opinion held by others (and the very reason the page was created in the first place). Why add complexity - why not let the raid do the work for you. If either drive fails the system will still boot and the faulty drive can be replaced. More robust, but with additional complexity doesn't necessarily make a better solution for new (inexperienced) users. Best practices are usually derived through discussion and consensus, something I believe this thread is striving to achieve. I totally agree and also think it's not so hard to handle /boot on RAID1 even in recovery situations. As mentioned we could add some d-r sections describing some typical scenarios. Best Regards Marcus ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Proposal: Java HowTo Section
R P Herrold wrote: Sean, I think you are on the right track; I would refactor the java articles into a couple of them in a sub-tree, with a chooser at the head, probably forming on pre/post 5.3, and on Method A and Method B, to better handle sub issues, and aid maintenance. Thanks, Russ. I think the Java section or sub-tree should start with two articles to keep it simple and not create too much work (for me). It will be an incremental improvement and we can always split things in to more articles later. The 'political' background on Java and the absence of a Four Freedoms freely availabile test suite ... snip ... This opposition does not mean I oppose Java and its use; it is just not FOSS. This would be a reason for some to continue using the GCJ VM. Thanks for the information. This should (continue to) be addressed in the Wiki as it might direct different users to different HowTo's. Perhaps someone will write a GCJ or pure-FOSS Java HowTo that could be added to the section. I am pleased to see that the java application I use (also using the AWT) 'just works' under 5.3 with the addition of some fonts; when I have time I'll narrow down just what I need in a minimal install. I look forward to seeing that. --- Sean ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] Updated How to Setup a Software RAID on CentOS 5
On Thu, 30 Apr 2009, pjwelsh wrote: On 04/30/2009 10:22 AM, R P Herrold wrote: ... To respond to 'the consensus ... overwhelmingly' remark, the mice also overwhelmingly voted to bell the cat. Counting noses does not make a bad answer more correct; using raid rather than flat RO /boot partitions is still less robust less robust != bad answer ;-) I understand your position; I do not concur as it introduces failure points in my opinion; we vary easy. It lends credibility to the idea that CentOS is more than a knock-off RHEL. I have no such goal to court public opinion, and I think neither does the core value of the project; that people feel a need to use CentOS as a locus to contribute is a matter beyond the core scope mandate of a strict rebuild project The CentOS core mandate, to me, is to elide trademarks from an upstream FOSS sources rebuild; solving the issue of the non-free updater solution upstream; and preserving (lovingly) all bugs to match upstream. I see NO shame in being called knock-off _out of_ a commercial product, any more than Red Hat should feel shame in stabilising the enormous effort of the free software community that preceded them (and that continues independent of, or in conjunction with them) _into_ a commercial product. This is the point of FOSS [ESR, and the 'chasing the tail-lights' example]. RHT is a 'pure play' FOSS company by and large; NOVL much less so; ORCL to my thinking has been a 'white hat' when it decides to open something; JAVA [ne SUNW], less so. See my prior post as to Java -- I am encouraged by recent events as to Java. I think people who are willing to let themselves feel slighted into being _just_ a 'knock-off' need to clarify their thinking. It is their issue to solve. I am not in a 'credibility lending' business -- I speak with my results, and I do not let others triangulate me so simply. The mandate is the point of my comment to Farkas Levente earlier in centos-devel ML today, that there is a slight abi change in the gcc across point releases of CentOS (and one assumes, in its upstream, Red Hat product) in 5 in a minor and slightly tested side package. It happens; when material a bug is filed; it is NOT the end of the world. I saw the gcc ABI change in my code as well, and we conformed our code to the later gcc interpretation or implementation. Not the end of the world, and not worth more than a passing observation once fixed. Part of this situation seems (to me) to be more of a blurring of backup -vs- RAID. Both are good and have a place. Either by itself is non-optimal. properly /boot is _just not used_ once booting is done, except for kernel updates -- it can be wholly umounted if on a separate partition (as is a customary practice by some) all of the above, my $0.02 -- Russ herrold ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-virt] Machine freeze
Mathew S. McCarrell wrote: Well, I'm actually not using a PAExen kernel but I don't believe that I need to be since I'm running the 64-bit version of CentOS. Am I mistaken in that assumption? Matthew, you are right. Also, the idea of running a PAE kernel on CentOS is non relevant -- Karanbir Singh : http://www.karan.org/ : 2522...@icq ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Machine freeze
Karanbir, can you please, in short, explain to me current status of 64-bit CentOS compared to i386? Is it's maturity same as of i386? I started to actively use CentOS when 4.2 was last version. My decision to use i386-only was based on issues with some (or many?) drivers like madwifi for AR5007, it's unavailability for older PC's, my impression in that time was that it was not stable enough, and the main thing was since I decided to create my own mirror of main and third party repositories for internal use, I went with i386. What is actual gain in using X86_64? Performance in %? Main advantages beside performance? The real question is, does it pay off to spend 20-30 GB of HDD space for X86_64 if i386 does the job nicely? Just a sentence or two would be most appreciated. Karanbir Singh wrote: Mathew S. McCarrell wrote: Well, I'm actually not using a PAExen kernel but I don't believe that I need to be since I'm running the 64-bit version of CentOS. Am I mistaken in that assumption? Matthew, you are right. Also, the idea of running a PAE kernel on CentOS is non relevant ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Machine freeze
I've discovered what the issue is. The machine is rebooting when a sector error occurs on one of the drives that is part of a software RAID where the VMs are currently being stored. Thanks for the help though. Matt -- Mathew S. McCarrell Clarkson University '10 mccar...@gmail.com mccar...@clarkson.edu On Thu, Apr 30, 2009 at 3:19 PM, Ljubomir Ljubojevic off...@plcomputers.net wrote: Karanbir, can you please, in short, explain to me current status of 64-bit CentOS compared to i386? Is it's maturity same as of i386? I started to actively use CentOS when 4.2 was last version. My decision to use i386-only was based on issues with some (or many?) drivers like madwifi for AR5007, it's unavailability for older PC's, my impression in that time was that it was not stable enough, and the main thing was since I decided to create my own mirror of main and third party repositories for internal use, I went with i386. What is actual gain in using X86_64? Performance in %? Main advantages beside performance? The real question is, does it pay off to spend 20-30 GB of HDD space for X86_64 if i386 does the job nicely? Just a sentence or two would be most appreciated. Karanbir Singh wrote: Mathew S. McCarrell wrote: Well, I'm actually not using a PAExen kernel but I don't believe that I need to be since I'm running the 64-bit version of CentOS. Am I mistaken in that assumption? Matthew, you are right. Also, the idea of running a PAE kernel on CentOS is non relevant ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-es] pdc centos winxp
Tengo el tema bastante currado porque he tenido que preparar un par de servidores así (para varios cientos de usuarios). Te recomiendo que empieces leyéndote Samba-3 by example, muy ilustrativo. En especial capítulos 3 a 5. Sigue con esto: http://www.alcancelibre.org/staticpages/index.php/como-ldap-auth y luego con esto: http://www.alcancelibre.org/staticpages/index.php/SAMBALDAP-CENTOS5 http://www.alcancelibre.org/staticpages/index.php/Samba-LDAP-GUI-LAM-Centos5 En cuanto a perfiles móviles, es muy recomendable redireccionar al servidor las carpetas pesadas se puede hacer con las Powertoys de Microsoft o a pelo editando el registro. De esa forma, carpetas como Mis Documentos estarán permanentemente en el servidor, y no irán y vendrán con el perfil, que es lo que mata a los perfiles móviles. LDAP no es imprescindible, pero te agradecerás a ti mismo llegar a dominarlo, sobre todo si tienes planes de pasar de unas decenas de usuarios. Esto no es para dos días, a mi me ha llevado más de un centenar de horas de hacerme con todo el tinglado, pero vale la pena. Otros enlaces que te interesarán: http://support.microsoft.com/kb/319974/en-us http://wiki.debianperu.org/doku.php?id=tutoriales:samba-ldap http://www.microsoft.com/spain/windowsxp/downloads/powertoys/xppowertoys.mspx http://technet.microsoft.com/en-us/library/cc785925.aspx http://www.eggheadcafe.com/conversation.aspx?messageid=30166807threadid=30166807 http://dns.bdat.net/w2000_xp/directivas_de_grupo/c631.html http://jaka.kubje.org/2007/05/14/unix-samba-password-sync-on-debian-etch/ http://isg.ee.ethz.ch/tools/realmen/det/skel.en.html http://www.ldap-es.org/foros/08/06/solucionado-openldap-y-samba-pdc-editor-de-politicas-de-usuarios Saludos. El 30 de abril de 2009 1:18, killerfs kille...@star.com.pe escribió: hola comunidad se me ocurrido hacer lo siguiente: un laboratorio de 10 computadoras (winxp), y con 20 usuarios. (10 de siseño grafico, 10 programadores) usado en dos turnos. ahora el user01 viene el dia lunes y usa la maq01, pero el dia martes decide entrar a la maq08. (dia lunes )quiero que al momento de ingresar su login y paswword en winxp, muestre su escritorio y que lo configure, y guarde archivos mis documentos, y muestre sus programas que debe usar (diseño grafico) (dia lunes) el usuario user 15 entra a la maquina maq 06 con su login y pass, muestra su escritorio, sus archivos de mis docuemntos, y programas que peude usar (programador) (dia martes) el usuario user01 entra a la maquina maq08 y debe mostar su escritorio, lo que configuró, sus archivos en mis documentos y sus programas que usa (diseño grafico) (dia martes) el usuario user 15 entra a la maquina maq 01 , con su login y password, muestra el escritori que configuro al dia anterior , sus archivos, etc y sus programas alguien sabe como puedo hacer esto, o como buscarlo? el pdc de samba me peude ayudar a ejecutar esto? les agradeceria, si me dieran la manera como hacerlo, o de lo contrario, el tema en si d elo que estoy buscando ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] montar servidor web, servidor de correo y proxy
*Buenos días, soy novato en Centos, he instalado el centos 5.1 en una máquina y quiero colocar allí un servidor web, un servidor de correo y un proxy para una red que actualmente funciona bajo Windows 2003 Server; les agradezco cualquier indicación que me pueda ayudar a conseguir este objetivo. * ** *Un abrazo desde Bogotá Colombia.* ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] PETICION DE CONSEJO
HOLA BUEN DÍA TENGO YA TIEMPO SIGUIENDO LOS CORREOS DE ESTA LISTA, Y DE ECHO ME HAN AYUDADO EN VARIAS INQUIETUDES CON ÉXITO TOTAL PERO ESTOY PERDIDO TENGO LA INQUIETUD DE APRENDER A MANEJAR BIEN CENTOS PERO NO TENGO IDEA DE POR DONDE EMPEZAR, Y LLEVO ALGÚN TIEMPO PICANDO DE TEMA EN TEMA SIN COMPRENDER TOTALMENTE; MI PETICIÓN ES ALGUNA SUGERENCIA DE CON QUE MANUAL O CON QUE PUEDO EMPEZAR PARA COMPRENDER MEJOR EL MANEJO GLOBAL DE LINUX SIN CAER EN LO ABSURDO O EN UN IMPOSIBLE? Y PODER LLEGAR A MANEJAR LINUX DE FORMA NATURAL. DE ANTEMANO LES AGRADEZCO Y LES MANDO UN SALUDOTE A TODOS!!! ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] PETICION DE CONSEJO
El día 30 de abril de 2009 10:05, Mario Villela Larraza mario.villelalarr...@gmail.com escribió: HOLA BUEN DÍA TENGO YA TIEMPO SIGUIENDO LOS CORREOS DE ESTA LISTA, Y DE ECHO ME HAN AYUDADO EN VARIAS INQUIETUDES CON ÉXITO TOTAL PERO ESTOY PERDIDO TENGO LA INQUIETUD DE APRENDER A MANEJAR BIEN CENTOS PERO NO TENGO IDEA DE POR DONDE EMPEZAR, Y LLEVO ALGÚN TIEMPO PICANDO DE TEMA EN TEMA SIN COMPRENDER TOTALMENTE; MI PETICIÓN ES ALGUNA SUGERENCIA DE CON QUE MANUAL O CON QUE PUEDO EMPEZAR PARA COMPRENDER MEJOR EL MANEJO GLOBAL DE LINUX SIN CAER EN LO ABSURDO O EN UN IMPOSIBLE? Y PODER LLEGAR A MANEJAR LINUX DE FORMA NATURAL. DE ANTEMANO LES AGRADEZCO Y LES MANDO UN SALUDOTE A TODOS!!! ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Podrías empezar por leer los manuales de alcance libre (http://www.alcancelibre.org/staticpages/index.php/manuales-indice) que son muy buenos y de ahí irte creando tu experiencia, están bastante bien explicados. Saludos, ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] montar servidor web, servidor de correo y proxy
hola, mira, esas preguntas son extremadamente genericas y de amplia respuesta, lo mejor seria que empiezes a hacerlo y envies consultas puntuales con las que podremos darte una solucion mas exacta, anyway, en esta direccion podras encontrar lo necesario para empezar; http://wiki.centos.org/es/ Saludos!. El 30 de abril de 2009 11:49, Jaime H. Díaz G. jhu...@gmail.com escribió: *Buenos días, soy novato en Centos, he instalado el centos 5.1 en una máquina y quiero colocar allí un servidor web, un servidor de correo y un proxy para una red que actualmente funciona bajo Windows 2003 Server; les agradezco cualquier indicación que me pueda ayudar a conseguir este objetivo. * ** *Un abrazo desde Bogotá Colombia.* ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] montar servidor web, servidor de correo y proxy
Hola, mira, yo tambien soy un poco nuevo en esto, pero ayer mismo acabé de montar eso mismo que quieres. Todo depende en primer lugar de que servidores piensas utilizar, que tipos de conexiones tienes y otras cosas así Yo, por ejemplo, monté Dovecot+postfix como server de correo Squid como proxy httpd como server Web y me conecto a mi proveedor por una conexion conmutada y bajo el correo por fetchmail si esto te sirve te puedo ayudar, solo escribe. Saludos desde Cuba *Buenos días, soy novato en Centos, he instalado el centos 5.1 en una máquina y quiero colocar allí un servidor web, un servidor de correo y un proxy para una red que actualmente funciona bajo Windows 2003 Server; les agradezco cualquier indicación que me pueda ayudar a conseguir este objetivo. * ** *Un abrazo desde Bogotá Colombia.* ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es - Yunior del Toro Portelles Administrador del Nodo PEXAC - O. Central - ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] montar servidor web, servidor de correo y proxy
Tienes que empezar leyendo sobre apache, proxy puede usar squid, sendmail, Mailscanner, spamassasin De: centos-es-boun...@centos.org [mailto:centos-es-boun...@centos.org] En nombre de Jaime H. Díaz G. Enviado el: Jueves, 30 de Abril de 2009 09:50 a.m. Para: centos-es Asunto: [CentOS-es] montar servidor web, servidor de correo y proxy Buenos días, soy novato en Centos, he instalado el centos 5.1 en una máquina y quiero colocar allí un servidor web, un servidor de correo y un proxy para una red que actualmente funciona bajo Windows 2003 Server; les agradezco cualquier indicación que me pueda ayudar a conseguir este objetivo. Un abrazo desde Bogotá Colombia. -- This message has been scanned for viruses and dangerous content by http://www.mailscanner.info/ MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] montar servidor web, servidor de correo y proxy
todo en uno solo? se puede hacer aunque no es lo apropiado, se recomienda hacerlo en equipos separados. puedes optar primero por hacer un firewall/proxy y detras de ellos tu servidores web y correo o puedes poner tu servidor web y correo delante del firewall/proxy. ahora bien sino tienes experiencia en como implementarlos te sugiero que contrates los servicios de alguien experimentado, segundo aunque te llevara algo de tiempo es que tu lo hagas. si optas por la segunda opcion en la red hay infinidad de manuales para todos los gustos. divierte Cesar *Buenos días, soy novato en Centos, he instalado el centos 5.1 en una máquina y quiero colocar allí un servidor web, un servidor de correo y un proxy para una red que actualmente funciona bajo Windows 2003 Server; les agradezco cualquier indicación que me pueda ayudar a conseguir este objetivo. * ** *Un abrazo desde Bogotá Colombia.* ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] monitor de ancho de banda
iptraf 2009/4/30 Freddy Angulo samilo...@yahoo.com amigos necesito de su ayuda, me podrian decir de algun software en linux que me indicque en linea que ip de mi lan satura mi ancho de banda, por mas q el firewall este en drop veo mucha saturacion dentro de mi red. gracias por sus respuestas. -- ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8 http://downloads.yahoo.com/ieak8/?l=e1 ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- esta es mi vida e me la vivo hasta que dios quiera ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] ventajas de usar ldap con samba a no usarlo.
Compañeros y amigos, en breves palabras ¿cual es la ventaja de usar samba en conjunto con ldap frente a usar samba tal y como viene con el centos? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] monitor de ancho de banda
El 30 de abril de 2009 13:37, Freddy Angulo samilo...@yahoo.com escribió: amigos necesito de su ayuda, me podrian decir de algun software en linux que me indicque en linea que ip de mi lan satura mi ancho de banda, por mas q el firewall este en drop veo mucha saturacion dentro de mi red. gracias por sus respuestas. Freddy, Análisis de trafico basado en hosts Ntop : http://www.ntop.org/) Iptraf : http://iptraf.seul.org/) y para analisis sofisticado de red (IDS Sniffing) Snort : http://www.snort.org/ Wireshark : http://www.wireshark.org/ Saludos, Sebastian ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Rv: monitor de ancho de banda
el tema es q tengo mi fw con politica en DROP la cual impide cualquier red p2p, pero a veces obervo que mi ancho de banda se satura y no se como ver que ip de mi lan esta realizando tantas consultas a la internet. --- El jue 30-abr-09, Freddy Angulo samilo...@yahoo.com escribió: De: Freddy Angulo samilo...@yahoo.com Asunto: [CentOS-es] monitor de ancho de banda A: centos-es@centos.org Fecha: jueves, 30 abril, 2009, 12:37 pm amigos necesito de su ayuda, me podrian decir de algun software en linux que me indicque en linea que ip de mi lan satura mi ancho de banda, por mas q el firewall este en drop veo mucha saturacion dentro de mi red. gracias por sus respuestas. ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8 http://downloads.yahoo.com/ieak8/?l=e1 -Adjunto en línea a continuación- ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8. http://downloads.yahoo.com/ieak8/?l=e1___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] monitor de ancho de banda
Hola. Podrias usar de pronto esta herramienta, creo que ayudaria a lo que deseas hacer. http://bandwidthd.sourceforge.net/ Saludos El 30 de abril de 2009 12:37, Freddy Angulo samilo...@yahoo.com escribió: amigos necesito de su ayuda, me podrian decir de algun software en linux que me indicque en linea que ip de mi lan satura mi ancho de banda, por mas q el firewall este en drop veo mucha saturacion dentro de mi red. gracias por sus respuestas. -- ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8 http://downloads.yahoo.com/ieak8/?l=e1 ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] eth0 killed when adding virtual interface and multiple NICs are present
On Tue, 2009-04-28 at 23:31 +0200, Kai Schaetzl wrote: JohnS wrote on Mon, 27 Apr 2009 11:09:56 -0400: If you don't mind when you come to an answer would you please let me know. I am interested to know. I could not find a real solution. I had to go to another way of creating the network setup for this machine (and maybe others, I will see) and disable the network-bridge script from xen. That new solution is documented on the xen-users mailing-list. Kai --- Kai, I read the Xen list and the way your doing it (the last option) looks like something I may try for testing in VMs. Although I do want to say Virtual Box does that very same behavior that you first described in your post. When you start up Virtual Box it takes out my eth1 and I am left with eth0. Makes eth1 Brigded if that makes sense to you like Xen was doing. I have to say it really seems like a better solution the way your doing it now. In fact I am going to give it a try also. It may be a little more effort into doing it but the approach is much better. Indeed also I when I installed Xen I had to manually take out peth0 when I uninstalled it. JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.3 on an EeePC??
Beartooth wrote: I try never to install Ffx anywhere without NoScript, Adblock, and several more. I do not use Adblock because I am a member of an online community that specifically forbids blocking of advertisements, their primary revenue source. An exception is made for noscript - which will block flash advertisements not on white listed servers because they do not expect a user to compromise security measures (it's a geek community) to use the site, and the advertiser has the option of using a standard jpeg or gif banner which won't be blocked by noscript (but will be blocked by adblock). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tool for packet detection
From: Agnello George agnello.dso...@gmail.com I have small query, all our server are centos based 5 and 5.2 . We are looking ofr a tool to that measure packet loss. we have servers in two IDC's bothin the US and we are trying to download a 2gb file from the internet. Some server are able to download the file at a higher b/w rate in one IDC ...while servers at he the other IDC download the same file at a lowe b/w rate . Is ther any tool to measure packet losses. Thanks a lot ! In the mean time, ifconfig shows you the values for errors/dropped/collisions... You can also see them in /proc/net/dev JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] eth0 killed when adding virtual interface and multiple NICs are present
JohnS wrote on Thu, 30 Apr 2009 02:17:13 -0400: Kai, I read the Xen list and the way your doing it (the last option) looks like something I may try for testing in VMs. It works fine, I'm converting all my setups to that now. Indeed also I when I installed Xen I had to manually take out peth0 when I uninstalled it. How did you manually take it down? The problem seems to be that peth0 is the physical interface now. But I'm not able to take it down as a bridge nor as a physical interface. And not without breaking the network connection, anyway. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.3 on an EeePC??
nate wrote: (There are even some things the simpler Red Hattish tools can do that the Debian ones can't, easily. rpm -qa, for one.) rpm -qa typically just lists all of the packages on the system, the equivalent in debian is dpkg -l. Not really equivalent. The output is only sort of greppable. I frequently say something like rpm -qa |grep -i mysql-, in that particular case because MySQL, Inc. keeps changing the way they name their RPMs, so I can never remember the exact package name to query on a given system when I'm looking at versions to decide whether to upgrade. If the truncated part of a long package name has what you want to grep, you won't find that package. And yes, I do remember RTFMing dpkg(1) and found that you can change the output format of dpkg -l to be more like rpm -qa, but I recall that the required command was way too long to type each time. Sure, I can wrap it in a script, but then I'm customizing all my systems to add commands to it that should have been in the base distro. Of such minor things are distro choices made. A single unified source for patches, security fixes etc. Yes, that's one of the things I take into account when deciding whether I want to use Ubuntu for a particular task: whether I need access to its huge repositories, or if I can get by with what CentOS provides, plus maybe a few third-party add-ons. Beyond a certain point, the choice becomes clear. This is not the case for most of my server-class machines, however. Basics like LAMP and Samba are all I really need in most cases. Also the debian package databases are in plain text format, while I'm sure it has happened I have never personally heard of someone suffering from package database corruption on debian(assuming they were running the 'stable' version). Such corruption reports seem somewhat common in the RPM world with the binary databases. It's been many years since I had to run rpm --rebuilddb. It never did fail on me the few times I did have to run it, and the need to run it was *always* due to a kernel panic while manipulating the RPM DB, or proximate in time to it. Kernel panics always were rare on stable Linux distros even way back in the mid 90s, increasingly rare now, and RPM DB updates are rare in their own right. Rare squared. Add to that the well tested ability to upgrade between minor and major version numbers time and time again. I don't have to hold my breath when I go from Debian 4.0 to 5.0, I can do it from remote without ever losing connectivity, I don't even have to reboot at the end I can continue running the older kernel if I want. I like that feature in principle, though I can't think I'd actually want it on any of my servers. On a desktop, sure, but never on a production server. I'd rather keep something creaking along on CentOS 3, running the server's tired old hardware into the ground, building a new CentOS 5 box to replace it in a swift cut-over, rather than upgrade that old box in place. I do like the way Ubuntu LTS works in this regard, though. It stays locked in the LTS jail, mostly as stable as CentOS with regard to updates, as long as you just do apt-get upgrade, but you can break out with a dist-upgrade to get onto the bleeding edge releases if you really want to. I still can't see myself ever doing that on a production server, but I guess it's nice to know I could. I've never really been fond of yum myself, though it is much better than what was there before(nothing, before rhn at least). The only thing I don't like about yum is how hard it is to kill an in-progress yum update, while it's still in the package downloading phase. Other than that, I greatly prefer it to the wordy apt-foo commands. I currently maintain roughly 100 SRPMS And does your experience line up with mine, which is that the debian/* big-tree-of-assorted-files is a mess, nowhere near as clean as package-name.spec? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Defaults of CentOS Install not working with SELinux
Following a hard drive corruption I have reinstalled the latest
version of CentOS and all current patch files.
For most applications I selected the default options. By doing this I
expected that the packages would play nice with one another and I
could customize as necessary.
Setting SELinux to enforce I encountered all sorts of problems - but
most were resolvable, save for Dovecot, Procmail (for spamc), and an
odd one with Apache.
Given that these were all installed with the CentOS install defaults,
I can't believe I am the only one with these issues but finding a
solution has not been self evident. Hoping someone here can help.
For Dovecot I get the following:
SELinux is preventing dovecot (dovecot_t) create to Unknown
(dovecot_t). For complete SELinux messages. run sealert -l
e1b070ab-586a-4c5a-befe-b6a46b9ab992
For procmail I get the following:
SELinux is preventing procmail (procmail_t) execute to ./spamc
(spamc_exec_t). For complete SELinux messages. run sealert -l
0a554689-4948-4edf-9964-dddbfe6a2492
SELinux is preventing sh (procmail_t) read to ./spamc
(spamc_exec_t). For complete SELinux messages. run sealert -l
1f1ebd83-412d-4e93-a36f-6f3d34c663df
For Apache it's even more strange - When started I get:
Syntax error on line 283 of /etc/httpd/conf/httpd.conf
DocumentRoot must be directory
But it is a directory, has the correct permissions and I have even run
chcon -R -h -t httpd_sys_content_t /web/www/ in an effort to correct
the problem. I run a virtual server too, and in trying to find a fix
for this that may be a problem - but first things first.
All the other issues I had I could resolve when I ran the specified
sealert tag and followed the suggested instructions - but those
above don't budge. When I go to the fedora.redhat.com/docs/selinux-fq-
fc5 site to take on making a local policy module I am quickly getting
lost . The option to simply disable SElinux with respect to Apache,
Dovecote or anything else is suggested - but not something I see in
the GUI window, and I have not figured out how to do it from the
command line.
Again, because these are default packages, I hope that someone else
knows how to resolve these.
With respect to the to reports from SELinux regarding Dovecot and
promail, here is a bit more info:
The info and Raw Audit message for dovecot_t is:
Source Contextsystem_u:system_r:dovecot_t:s0
Target Contextsystem_u:system_r:dovecot_t:s0
Target ObjectsNone [ socket ]
Sourcedovecot
Source Path /usr/sbin/dovecot
Port Unknown
Host trailrunner
Source RPM Packages dovecot-1.0.7-7.el5
Target RPM Packages
Policy RPMselinux-policy-2.4.6-203.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing ModeEnforcing
Plugin Name catchall
Host Name trailrunner
Platform Linux trailrunner 2.6.18-128.1.6.el5xen
#1 SMP Wed
Apr 1 10:38:05 EDT 2009 i686 athlon
Alert Count 2
First SeenWed Apr 29 15:39:51 2009
Last Seen Wed Apr 29 15:47:31 2009
Local ID e1b070ab-586a-4c5a-befe-b6a46b9ab992
Line Numbers
Raw Audit Messages
host=trailrunner type=AVC msg=audit(1241041651.976:33): avc: denied
{ create } for pid=3884 comm=dovecot
scontext=system_u:system_r:dovecot_t:s0
tcontext=system_u:system_r:dovecot_t:s0 tclass=socket
host=trailrunner type=SYSCALL msg=audit(1241041651.976:33):
arch=4003 syscall=102 success=no exit=-13 a0=1 a1=bf851070
a2=9e45030 a3=3e1 items=0 ppid=3883 pid=3884 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm=dovecot exe=/usr/sbin/dovecot
subj=system_u:system_r:dovecot_t:s0 key=(null)
The Raw Audit Message for Procmail is:
Source Contextsystem_u:system_r:procmail_t:s0
Target Contextsystem_u:object_r:spamc_exec_t:s0
Target Objects./spamc [ file ]
Sourceprocmail
Source Path /usr/bin/procmail
Port Unknown
Host trailrunner
Source RPM Packages procmail-3.22-17.1.el5.centos
Target RPM Packages
Policy RPMselinux-policy-2.4.6-203.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Re: [CentOS] 5.3 on an EeePC??
R P Herrold wrote: oh please -- move advocacy to a new thread raher than hijacking. It's just a natural evolution of the conversation. IMO, the answer to the original question is No, so the obvious next direction to the conversation is okay, what instead, then? Nate's answer was polite, factual, and helpful. Hardly the sort of noise you find on advocacy forums. You can't wave the off-topic flag, either. Last month we were talking about network switches here, for Bob's sake. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tool for packet detection
Agnello George wrote: Hi I have small query, all our server are centos based 5 and 5.2 . We are looking ofr a tool to that measure packet loss. we have servers in two IDC's bothin the US and we are trying to download a 2gb file from the internet. Some server are able to download the file at a higher b/w rate in one IDC ...while servers at he the other IDC download the same file at a lowe b/w rate . Is ther any tool to measure packet losses. Thanks a lot ! ping. Also latency is much more likey a culprit of your bandwidth issues rather than packet loss. Use ping or traceroute to measure the latency from the sources to the destination(s). I have one of my sites upload roughly 550GB of data per day to another site that is on the other side of the country, fortunately the data comes from 40+ servers so running them all in parallel I can get the data pretty fast(about 350Mbit). Running each server one at a time I tend to get roughly 7Mbit/s a pop(each side has a gigabit internet link). In order to improve throughput I'm using rsync over HPNSSH, which does some basic TCP magic to improve throughput over higher latency connections - http://www.psc.edu/networking/projects/hpn-ssh/ Interestingly enough on downloads I get higher performance, with 10 connections I can get 250Mbit, whereas on uploads I get about 70mbit, just came across that a couple of days ago. Perhaps for some reason HPNSSH is not as optimized for uploads(?). In any case I work around it with multiple threads/processes since I'm dealing with roughly 150k files of various sizes per day. Worst case split the file up on the other side and transfer it in parallel and reconstruct it locally. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] eth0 killed when adding virtual interface and multiple NICs are present
On Apr 30, 2009, at 7:31 AM, Kai Schaetzl mailli...@conactive.com wrote: JohnS wrote on Thu, 30 Apr 2009 02:17:13 -0400: Kai, I read the Xen list and the way your doing it (the last option) looks like something I may try for testing in VMs. It works fine, I'm converting all my setups to that now. Indeed also I when I installed Xen I had to manually take out peth0 when I uninstalled it. How did you manually take it down? The problem seems to be that peth0 is the physical interface now. But I'm not able to take it down as a bridge nor as a physical interface. And not without breaking the network connection, anyway. The problem with Xen's network scripts are they assume a bare bones default network setup. If you have anything more then that then I recommend disabling the automated network setup in xend.sxp and manually setting up your bridges which sounds like the conclusion you came to after much discussion. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Defaults of CentOS Install not working with SELinux
Hi
Dovecot is trying to open a socket, and procmail is trying to execute
spamc, You should be able to fix these issues using audit2allow.
Andrew.
On 30 Apr 2009, at 4:07 PM, Dan Roberts wrote:
Following a hard drive corruption I have reinstalled the latest
version of CentOS and all current patch files.
For most applications I selected the default options. By doing this
I expected that the packages would play nice with one another and I
could customize as necessary.
Setting SELinux to enforce I encountered all sorts of problems - but
most were resolvable, save for Dovecot, Procmail (for spamc), and an
odd one with Apache.
Given that these were all installed with the CentOS install
defaults, I can't believe I am the only one with these issues but
finding a solution has not been self evident. Hoping someone here
can help.
For Dovecot I get the following:
SELinux is preventing dovecot (dovecot_t) create to Unknown
(dovecot_t). For complete SELinux messages. run sealert -l
e1b070ab-586a-4c5a-befe-b6a46b9ab992
For procmail I get the following:
SELinux is preventing procmail (procmail_t) execute to ./spamc
(spamc_exec_t). For complete SELinux messages. run sealert -l
0a554689-4948-4edf-9964-dddbfe6a2492
SELinux is preventing sh (procmail_t) read to ./spamc
(spamc_exec_t). For complete SELinux messages. run sealert -l
1f1ebd83-412d-4e93-a36f-6f3d34c663df
For Apache it's even more strange - When started I get:
Syntax error on line 283 of /etc/httpd/conf/httpd.conf
DocumentRoot must be directory
But it is a directory, has the correct permissions and I have even
run chcon -R -h -t httpd_sys_content_t /web/www/ in an effort to
correct the problem. I run a virtual server too, and in trying to
find a fix for this that may be a problem - but first things first.
All the other issues I had I could resolve when I ran the specified
sealert tag and followed the suggested instructions - but those
above don't budge. When I go to the fedora.redhat.com/docs/selinux-
fq-fc5 site to take on making a local policy module I am quickly
getting lost . The option to simply disable SElinux with respect
to Apache, Dovecote or anything else is suggested - but not
something I see in the GUI window, and I have not figured out how to
do it from the command line.
Again, because these are default packages, I hope that someone else
knows how to resolve these.
With respect to the to reports from SELinux regarding Dovecot and
promail, here is a bit more info:
The info and Raw Audit message for dovecot_t is:
Source Contextsystem_u:system_r:dovecot_t:s0
Target Contextsystem_u:system_r:dovecot_t:s0
Target ObjectsNone [ socket ]
Sourcedovecot
Source Path /usr/sbin/dovecot
Port Unknown
Host trailrunner
Source RPM Packages dovecot-1.0.7-7.el5
Target RPM Packages
Policy RPMselinux-policy-2.4.6-203.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing ModeEnforcing
Plugin Name catchall
Host Name trailrunner
Platform Linux trailrunner
2.6.18-128.1.6.el5xen #1 SMP Wed
Apr 1 10:38:05 EDT 2009 i686 athlon
Alert Count 2
First SeenWed Apr 29 15:39:51 2009
Last Seen Wed Apr 29 15:47:31 2009
Local ID e1b070ab-586a-4c5a-befe-b6a46b9ab992
Line Numbers
Raw Audit Messages
host=trailrunner type=AVC msg=audit(1241041651.976:33): avc:
denied { create } for pid=3884 comm=dovecot
scontext=system_u:system_r:dovecot_t:s0
tcontext=system_u:system_r:dovecot_t:s0 tclass=socket
host=trailrunner type=SYSCALL msg=audit(1241041651.976:33):
arch=4003 syscall=102 success=no exit=-13 a0=1 a1=bf851070
a2=9e45030 a3=3e1 items=0 ppid=3883 pid=3884 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm=dovecot exe=/usr/sbin/dovecot
subj=system_u:system_r:dovecot_t:s0 key=(null)
The Raw Audit Message for Procmail is:
Source Contextsystem_u:system_r:procmail_t:s0
Target Contextsystem_u:object_r:spamc_exec_t:s0
Target Objects./spamc [ file ]
Sourceprocmail
Source Path /usr/bin/procmail
Port Unknown
Host trailrunner
Source RPM Packages procmail-3.22-17.1.el5.centos
Target RPM Packages
Re: [CentOS] Defaults of CentOS Install not working with SELinux
Ok, but how?
There appear to be a lot of different options when employing
audit2allow and I am reluctant to start blazing away trying different
elements. I am missing the details of what socket an dhow the
execution is occuring so that I can begin to develop the proper
audit2allow sequence.
On Apr 30, 2009, at 8:43 AM, Andrew Colin Kissa wrote:
Hi
Dovecot is trying to open a socket, and procmail is trying to
execute spamc, You should be able to fix these issues using
audit2allow.
Andrew.
On 30 Apr 2009, at 4:07 PM, Dan Roberts wrote:
Following a hard drive corruption I have reinstalled the latest
version of CentOS and all current patch files.
For most applications I selected the default options. By doing
this I expected that the packages would play nice with one another
and I could customize as necessary.
Setting SELinux to enforce I encountered all sorts of problems -
but most were resolvable, save for Dovecot, Procmail (for spamc),
and an odd one with Apache.
Given that these were all installed with the CentOS install
defaults, I can't believe I am the only one with these issues but
finding a solution has not been self evident. Hoping someone here
can help.
For Dovecot I get the following:
SELinux is preventing dovecot (dovecot_t) create to Unknown
(dovecot_t). For complete SELinux messages. run sealert -l
e1b070ab-586a-4c5a-befe-b6a46b9ab992
For procmail I get the following:
SELinux is preventing procmail (procmail_t) execute to ./spamc
(spamc_exec_t). For complete SELinux messages. run sealert -l
0a554689-4948-4edf-9964-dddbfe6a2492
SELinux is preventing sh (procmail_t) read to ./spamc
(spamc_exec_t). For complete SELinux messages. run sealert -l
1f1ebd83-412d-4e93-a36f-6f3d34c663df
For Apache it's even more strange - When started I get:
Syntax error on line 283 of /etc/httpd/conf/httpd.conf
DocumentRoot must be directory
But it is a directory, has the correct permissions and I have even
run chcon -R -h -t httpd_sys_content_t /web/www/ in an effort to
correct the problem. I run a virtual server too, and in trying to
find a fix for this that may be a problem - but first things first.
All the other issues I had I could resolve when I ran the specified
sealert tag and followed the suggested instructions - but those
above don't budge. When I go to the fedora.redhat.com/docs/selinux-
fq-fc5 site to take on making a local policy module I am quickly
getting lost . The option to simply disable SElinux with respect
to Apache, Dovecote or anything else is suggested - but not
something I see in the GUI window, and I have not figured out how
to do it from the command line.
Again, because these are default packages, I hope that someone else
knows how to resolve these.
With respect to the to reports from SELinux regarding Dovecot and
promail, here is a bit more info:
The info and Raw Audit message for dovecot_t is:
Source Contextsystem_u:system_r:dovecot_t:s0
Target Contextsystem_u:system_r:dovecot_t:s0
Target ObjectsNone [ socket ]
Sourcedovecot
Source Path /usr/sbin/dovecot
Port Unknown
Host trailrunner
Source RPM Packages dovecot-1.0.7-7.el5
Target RPM Packages
Policy RPMselinux-policy-2.4.6-203.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing ModeEnforcing
Plugin Name catchall
Host Name trailrunner
Platform Linux trailrunner
2.6.18-128.1.6.el5xen #1 SMP Wed
Apr 1 10:38:05 EDT 2009 i686 athlon
Alert Count 2
First SeenWed Apr 29 15:39:51 2009
Last Seen Wed Apr 29 15:47:31 2009
Local ID e1b070ab-586a-4c5a-befe-b6a46b9ab992
Line Numbers
Raw Audit Messages
host=trailrunner type=AVC msg=audit(1241041651.976:33): avc:
denied { create } for pid=3884 comm=dovecot
scontext=system_u:system_r:dovecot_t:s0
tcontext=system_u:system_r:dovecot_t:s0 tclass=socket
host=trailrunner type=SYSCALL msg=audit(1241041651.976:33):
arch=4003 syscall=102 success=no exit=-13 a0=1 a1=bf851070
a2=9e45030 a3=3e1 items=0 ppid=3883 pid=3884 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm=dovecot exe=/usr/sbin/dovecot
subj=system_u:system_r:dovecot_t:s0 key=(null)
The Raw Audit Message for Procmail is:
Source Contextsystem_u:system_r:procmail_t:s0
Target Context
[CentOS] ps error
Hi does anyone know what the problem here is [r...@dnstest lib]# ps ps: error while loading shared libraries: libproc-3.2.3.so: cannot open shared object file: No such file or directory [r...@dnstest lib]# ln -s libproc-3.2.7.so libproc-3.2.3.so [r...@dnstest lib]# ps ps: /lib/libproc-3.2.3.so: version `_3_1_14' not found (required by ps) as far as I know only ps is giving me this error. CentOS release 5.3 (Final) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Defaults of CentOS Install not working with SELinux
The audit.log should contain more detail than is being provided here,
if it is a unix socket you should see the path, i suspect it is the
unix socket not the tcp sockets (pop3/imap)
On 30 Apr 2009, at 4:50 PM, Dan Roberts wrote:
Ok, but how?
There appear to be a lot of different options when employing
audit2allow and I am reluctant to start blazing away trying
different elements. I am missing the details of what socket an dhow
the execution is occuring so that I can begin to develop the proper
audit2allow sequence.
On Apr 30, 2009, at 8:43 AM, Andrew Colin Kissa wrote:
Hi
Dovecot is trying to open a socket, and procmail is trying to
execute spamc, You should be able to fix these issues using
audit2allow.
Andrew.
On 30 Apr 2009, at 4:07 PM, Dan Roberts wrote:
Following a hard drive corruption I have reinstalled the latest
version of CentOS and all current patch files.
For most applications I selected the default options. By doing
this I expected that the packages would play nice with one another
and I could customize as necessary.
Setting SELinux to enforce I encountered all sorts of problems -
but most were resolvable, save for Dovecot, Procmail (for spamc),
and an odd one with Apache.
Given that these were all installed with the CentOS install
defaults, I can't believe I am the only one with these issues but
finding a solution has not been self evident. Hoping someone here
can help.
For Dovecot I get the following:
SELinux is preventing dovecot (dovecot_t) create to Unknown
(dovecot_t). For complete SELinux messages. run sealert -l
e1b070ab-586a-4c5a-befe-b6a46b9ab992
For procmail I get the following:
SELinux is preventing procmail (procmail_t) execute to ./spamc
(spamc_exec_t). For complete SELinux messages. run sealert -l
0a554689-4948-4edf-9964-dddbfe6a2492
SELinux is preventing sh (procmail_t) read to ./spamc
(spamc_exec_t). For complete SELinux messages. run sealert -l
1f1ebd83-412d-4e93-a36f-6f3d34c663df
For Apache it's even more strange - When started I get:
Syntax error on line 283 of /etc/httpd/conf/httpd.conf
DocumentRoot must be directory
But it is a directory, has the correct permissions and I have even
run chcon -R -h -t httpd_sys_content_t /web/www/ in an effort to
correct the problem. I run a virtual server too, and in trying to
find a fix for this that may be a problem - but first things first.
All the other issues I had I could resolve when I ran the
specified sealert tag and followed the suggested instructions -
but those above don't budge. When I go to the fedora.redhat.com/
docs/selinux-fq-fc5 site to take on making a local policy module I
am quickly getting lost . The option to simply disable SElinux
with respect to Apache, Dovecote or anything else is suggested -
but not something I see in the GUI window, and I have not figured
out how to do it from the command line.
Again, because these are default packages, I hope that someone
else knows how to resolve these.
With respect to the to reports from SELinux regarding Dovecot and
promail, here is a bit more info:
The info and Raw Audit message for dovecot_t is:
Source Contextsystem_u:system_r:dovecot_t:s0
Target Contextsystem_u:system_r:dovecot_t:s0
Target ObjectsNone [ socket ]
Sourcedovecot
Source Path /usr/sbin/dovecot
Port Unknown
Host trailrunner
Source RPM Packages dovecot-1.0.7-7.el5
Target RPM Packages
Policy RPMselinux-policy-2.4.6-203.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing ModeEnforcing
Plugin Name catchall
Host Name trailrunner
Platform Linux trailrunner
2.6.18-128.1.6.el5xen #1 SMP Wed
Apr 1 10:38:05 EDT 2009 i686 athlon
Alert Count 2
First SeenWed Apr 29 15:39:51 2009
Last Seen Wed Apr 29 15:47:31 2009
Local ID e1b070ab-586a-4c5a-befe-b6a46b9ab992
Line Numbers
Raw Audit Messages
host=trailrunner type=AVC msg=audit(1241041651.976:33): avc:
denied { create } for pid=3884 comm=dovecot
scontext=system_u:system_r:dovecot_t:s0
tcontext=system_u:system_r:dovecot_t:s0 tclass=socket
host=trailrunner type=SYSCALL msg=audit(1241041651.976:33):
arch=4003 syscall=102 success=no exit=-13 a0=1 a1=bf851070
a2=9e45030 a3=3e1 items=0 ppid=3883 pid=3884 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm=dovecot
Re: [CentOS] ps error
P.A wrote: Hi does anyone know what the problem here is [r...@dnstest lib]# ps ps: error while loading shared libraries: libproc-3.2.3.so: cannot open shared object file: No such file or directory rpm -qf $(which ps) rpm -V procps [r...@dnstest lib]# ln -s libproc-3.2.7.so libproc-3.2.3.so [r...@dnstest lib]# ps ps: /lib/libproc-3.2.3.so: version `_3_1_14' not found (required by ps) Why should that work? as far as I know only ps is giving me this error. ps --version CentOS release 5.3 (Final) Was that a CentOS 4 machine in an earlier life? Ralph pgp4YQliFHbmx.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Directory and File Perms
Joseph L. Casale wrote: I have a directory shared out via Samba for Quickbooks and seem to have some issues with permissions. The directory being shared is a subdirectory in an ext3 partition being mounted with the acl option. It has been setup as follows: chown root:DOMAIN\AD_Group /mnt/Intuit_Data/ chmod 2770 /mnt/Intuit_Data/ And the Samba share config is has: create mask = 0660 directory mask = 0770 So when a user creates a file from their Windows box through Explorer or any other app, it gets perms as you might expect: -rw-rw 1 Domain+jcasale DOMAIN+AD_Group 0 Apr 29 14:24 test.txt and it can be deleted by anyone. Problem is QB uses gamin and this file monitoring daemon runs as root and all sorts of changes take place as you work with the data, from creating the company file to editing it in QB, it ends up slowly changing to 0400? Here is what I am seeing now: User creates a new company file through QB (this is already fubar'ed): # ll -rw--- 1 Domain+jcasale DOMAIN+AD_Group 7647232 Apr 29 14:37 Company.QBW -rw-r--r-- 1 root DOMAIN+AD_Group 420 Apr 29 14:36 Company.QBW.ND -rw-r--r-- 1 Domain+jcasale DOMAIN+AD_Group 1114112 Apr 29 14:36 Company.QBW.TLG drwx-- 2 root root 16384 Apr 24 09:34 lost+found -rw-rw 1 root DOMAIN+AD_Group 300 Apr 24 10:17 qbdir.dat Now after working with the company in QB, this is what happens: # ll -rw--- 1 Domain+jcasale DOMAIN+AD_Group 7331840 Apr 29 14:37 Company.QBW -rw-r--r-- 1 root DOMAIN+AD_Group 420 Apr 29 14:37 Company.QBW.ND -rw--- 1 Domain+jcasale DOMAIN+AD_Group 1245184 Apr 29 14:37 Company.QBW.TLG drwx-- 2 root root 16384 Apr 24 09:34 lost+found -rw-rw 1 root DOMAIN+AD_Group 300 Apr 24 10:17 qbdir.dat What are my options to control this here? Edit init scripts for that daemon? I don't know what would happen if it doesn't run as root, but maybe as a user that has GID of DOMAIN+AD_Group? I've handled these kind of complex samba rights problems by either using acls or if it's particularly thorny, an inotify script - needs inotify-tools-3.13-1.el5.rf. -- tkb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Directory and File Perms
I've handled these kind of complex samba rights problems by either using acls or if it's particularly thorny, an inotify script - needs inotify-tools-3.13-1.el5.rf. Nice tool! That's far more elegant than what I had planned. Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ps error
On Thu, Apr 30, 2009, P.A wrote: Hi does anyone know what the problem here is [r...@dnstest lib]# ps ps: error while loading shared libraries: libproc-3.2.3.so: cannot open shared object file: No such file or directory When programs like ps, sed, find, etc. start showing shared library problems, it is usually an indication that the box has been partially cracked. I say partially since the cracker will install/replace versions of /bin/ps et al with ones that are built for another version of Linux. As other have noted, ``rpm -V'' is usually useful to detect changed files. Frequently crackers put their programs under /tmp, /var/tmp, or the /dev directories with directory names such as ``..'' that are not easily seen. They try to install versions of find, ps, netstat, etc. that are designed to hide their processes. If you have a good system to monitor changes on *ALL* critical files and directories, and can identify changed, added, or deleted files, it is possible to restore a cracked system without a complete reinstall. Otherwise the only safe method is to take the system off line, do a fresh install, and try to figure out how the system was cracked. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 If you have to choose between trusting the natural stability of gold and the honesty and intelligence of members of the government, with due respect for these gentlemen, I advise you, as long as the capitalist system lasts, to vote for gold. -- George Bernard Shaw ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Defaults of CentOS Install not working with SELinux
On Thu, Apr 30, 2009 at 9:07 AM, Dan Roberts d...@jlazyh.com wrote: Following a hard drive corruption I have reinstalled the latest version of CentOS and all current patch files. For most applications I selected the default options. By doing this I expected that the packages would play nice with one another and I could customize as necessary. Setting SELinux to enforce I encountered all sorts of problems - but most were resolvable, save for Dovecot, Procmail (for spamc), and an odd one snip take on making a local policy module I am quickly getting lost . The option to simply disable SElinux with respect to Apache, Dovecote or anything else is suggested - but not something I see in the GUI window, and I have not figured out how to do it from the command line. Disabling SELinux is *not* recommended, by those who know, on this mailing list and in other places. Maybe drop it down from Enforcing to Permissive, until you get it configured properly. You might want to go to http://www.nsa.gov/ and download the .pdf version of their manual about hardening RHEL 5. Look for the December 20, 2007 version. On page 42, they begin discussing SELinux and how to configure/troubleshoot it. Guide to the Secure Configuration of Red Hat Enterprise Linux 5. HTH and GL ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ps error
Bill, good point but I looked and don't think that is what happened. This box is not in production and has a private ip. I took care of the ps issue by reinstalling procps-3.2.7-11.1.el5.i386. The RPM issue was fix by reinstalling the rpm package. -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Bill Campbell Sent: Thursday, April 30, 2009 12:54 PM To: centos@centos.org Subject: Re: [CentOS] ps error On Thu, Apr 30, 2009, P.A wrote: Hi does anyone know what the problem here is [r...@dnstest lib]# ps ps: error while loading shared libraries: libproc-3.2.3.so: cannot open shared object file: No such file or directory When programs like ps, sed, find, etc. start showing shared library problems, it is usually an indication that the box has been partially cracked. I say partially since the cracker will install/replace versions of /bin/ps et al with ones that are built for another version of Linux. As other have noted, ``rpm -V'' is usually useful to detect changed files. Frequently crackers put their programs under /tmp, /var/tmp, or the /dev directories with directory names such as ``..'' that are not easily seen. They try to install versions of find, ps, netstat, etc. that are designed to hide their processes. If you have a good system to monitor changes on *ALL* critical files and directories, and can identify changed, added, or deleted files, it is possible to restore a cracked system without a complete reinstall. Otherwise the only safe method is to take the system off line, do a fresh install, and try to figure out how the system was cracked. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 If you have to choose between trusting the natural stability of gold and the honesty and intelligence of members of the government, with due respect for these gentlemen, I advise you, as long as the capitalist system lasts, to vote for gold. -- George Bernard Shaw ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Defaults of CentOS Install not working with SELinux
Dan Roberts wrote: Ok, but how? http://wiki.centos.org/HowTos/SELinux ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Defaults of CentOS Install not working with SELinux
I would like not to disable SELinux, and I have the guide from the nsa. But try as I might these three things are being difficult. Given that it was a default install for them I have no idea how or why. Some google searches and even the SELinux FAQ suggest remedy options that involve data that I just don't seem to have - that's where the expertise of someone who has had to deal with something similar would be very helpful. On Apr 30, 2009, at 11:44 AM, Lanny Marcus wrote: On Thu, Apr 30, 2009 at 9:07 AM, Dan Roberts d...@jlazyh.com wrote: Following a hard drive corruption I have reinstalled the latest version of CentOS and all current patch files. For most applications I selected the default options. By doing this I expected that the packages would play nice with one another and I could customize as necessary. Setting SELinux to enforce I encountered all sorts of problems - but most were resolvable, save for Dovecot, Procmail (for spamc), and an odd one snip take on making a local policy module I am quickly getting lost . The option to simply disable SElinux with respect to Apache, Dovecote or anything else is suggested - but not something I see in the GUI window, and I have not figured out how to do it from the command line. Disabling SELinux is *not* recommended, by those who know, on this mailing list and in other places. Maybe drop it down from Enforcing to Permissive, until you get it configured properly. You might want to go to http://www.nsa.gov/ and download the .pdf version of their manual about hardening RHEL 5. Look for the December 20, 2007 version. On page 42, they begin discussing SELinux and how to configure/troubleshoot it. Guide to the Secure Configuration of Red Hat Enterprise Linux 5. HTH and GL ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync/SSH automation problem?
James Bensley wrote: I have a win2k3 server that its backing up to a CentOS 5.3 server. On the Win2k3 machine I plan to have rsync back up nightly to the CentOS server through ssh. The command I am using is as follows: rsync -vrPtz -e ssh myu...@myserver:/remote/backup/folder/ /local/backup/folder/ The first thing I'm sure you noticed was that this syntax copies data from a remote system to the local one, which is the opposite of what you described doing, above. The second thing you will notice, eventually, is that rsync over ssh under Cygwin is unreliable. This has been the case for years and has something to do with Cygwin's emulation of blocking sockets which causes rsync to hang. Even if your backups are working now, I strongly recommend against continuing in this manner. If you want to use rsync on Windows, the best thing to do is run rsync and ssh daemons on the Windows host. Rsync should only listen for localhost connections. Run your backup jobs from Linux; ssh to the Windows machine and forward a port for rsync. A local rsync can then connect to the Windows machine over the port forward. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] esata
I am trying to get esata working. my lspci is below. When I plug in the disk an turn it on - dmesg reports nothing. Is it supposed to report anything like a usb disk does? Is there a module to load? My motherboard is GA-MA78GM-US2H. Jerry - 00:00.0 Host bridge: Advanced Micro Devices [AMD] RS780 Host Bridge 00:01.0 PCI bridge: Advanced Micro Devices [AMD] RS780 PCI to PCI bridge (int gfx) 00:0a.0 PCI bridge: Advanced Micro Devices [AMD] RS780 PCI to PCI bridge (PCIE port 5) 00:11.0 SATA controller: ATI Technologies Inc SB700/SB800 SATA Controller [AHCI mode] 00:12.0 USB Controller: ATI Technologies Inc SB700/SB800 USB OHCI0 Controller 00:12.1 USB Controller: ATI Technologies Inc SB700 USB OHCI1 Controller 00:12.2 USB Controller: ATI Technologies Inc SB700/SB800 USB EHCI Controller 00:13.0 USB Controller: ATI Technologies Inc SB700/SB800 USB OHCI0 Controller 00:13.1 USB Controller: ATI Technologies Inc SB700 USB OHCI1 Controller 00:13.2 USB Controller: ATI Technologies Inc SB700/SB800 USB EHCI Controller 00:14.0 SMBus: ATI Technologies Inc SBx00 SMBus Controller (rev 3a) 00:14.1 IDE interface: ATI Technologies Inc SB700/SB800 IDE Controller 00:14.2 Audio device: ATI Technologies Inc SBx00 Azalia (Intel HDA) 00:14.3 ISA bridge: ATI Technologies Inc SB700/SB800 LPC host controller 00:14.4 PCI bridge: ATI Technologies Inc SBx00 PCI to PCI Bridge 00:14.5 USB Controller: ATI Technologies Inc SB700/SB800 USB OHCI2 Controller 00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 10h [Opteron, Athlon64, Sempron] HyperTransport Configuration 00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 10h [Opteron, Athlon64, Sempron] Address Map 00:18.2 Host bridge: Advanced Micro Devices [AMD] Family 10h [Opteron, Athlon64, Sempron] DRAM Controller 00:18.3 Host bridge: Advanced Micro Devices [AMD] Family 10h [Opteron, Athlon64, Sempron] Miscellaneous Control 00:18.4 Host bridge: Advanced Micro Devices [AMD] Family 10h [Opteron, Athlon64, Sempron] Link Control 01:05.0 VGA compatible controller: ATI Technologies Inc Radeon HD 3200 Graphics 01:05.1 Audio device: ATI Technologies Inc RS780 Azalia controller ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync/SSH automation problem?
Gordon Messmer wrote: James Bensley wrote: I have a win2k3 server that its backing up to a CentOS 5.3 server. On the Win2k3 machine I plan to have rsync back up nightly to the CentOS server through ssh. The command I am using is as follows: rsync -vrPtz -e ssh myu...@myserver:/remote/backup/folder/ /local/backup/folder/ The first thing I'm sure you noticed was that this syntax copies data from a remote system to the local one, which is the opposite of what you described doing, above. The second thing you will notice, eventually, is that rsync over ssh under Cygwin is unreliable. This has been the case for years and has something to do with Cygwin's emulation of blocking sockets which causes rsync to hang. Even if your backups are working now, I strongly recommend against continuing in this manner. You have always been able to initiate the command over ssh from a windows box with the answering copy under sshd on linux. Very recent versions may even work the other way. If you want to use rsync on Windows, the best thing to do is run rsync and ssh daemons on the Windows host. Rsync should only listen for localhost connections. Run your backup jobs from Linux; ssh to the Windows machine and forward a port for rsync. A local rsync can then connect to the Windows machine over the port forward. Or, if you want it automated more nicely to keep a history of backups with a web interface to browse/restore them, look at backuppc. http://backuppc.sourceforge.net/ You can still use rsync as the copy mechanism if you want. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Defaults of CentOS Install not working with SELinux
Thanks - this is helpful but still not quite a fix. The suggested
fixes seem general for the three issues of dovecot, nmbd, and spamc -
but audit2allow does at least create them.
[...@trailrunner ~]$ cat dovecotsocketselinux.te
module dovecotsocketselinux 1.0;
require {
type dovecot_t;
class socket create;
}
#= dovecot_t ==
allow dovecot_t self:socket create;
[...@trailrunner ~]$
[...@trailrunner ~]$
[...@trailrunner ~]$ cat nmbdselinux.te
module nmbdselinux 1.0;
require {
type samba_share_t;
type nmbd_t;
class file { rename getattr unlink append };
class dir { search setattr };
}
#= nmbd_t ==
allow nmbd_t samba_share_t:dir { search setattr };
allow nmbd_t samba_share_t:file { rename getattr unlink append };
[...@trailrunner ~]$
[...@trailrunner ~]$
[...@trailrunner ~]$ cat spamcselinux.te
module spamcselinux 1.0;
require {
type spamc_exec_t;
type procmail_t;
class file { read execute execute_no_trans };
}
#= procmail_t ==
allow procmail_t spamc_exec_t:file { read execute execute_no_trans };
[...@trailrunner ~]$
The problem is that when these are installed, dovecot fails - port 993
already in use.
So now what - again, default CentOS options and configuration for all
three of these.
On Apr 30, 2009, at 1:38 PM, Ned Slider wrote:
Dan Roberts wrote:
Ok, but how?
http://wiki.centos.org/HowTos/SELinux
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.3 and XFS
On Thu, Apr 16, 2009 at 07:34:13AM -0700, Akemi Yagi wrote: On Thu, Apr 16, 2009 at 7:21 AM, Karanbir Singh mail-li...@karan.org wrote: Joseph L. Casale wrote: I never thought of that given that they come from the plus repo. So its only iirc, the xfs kmod's are not kernel ver dependant anymore, and havent been for a while. Tru / Akemi ? The kABI-tracking kmod-xfs for CentOS-5 started in Oct 2008. The CentOS-4 version has been tested and will be offered shortly (as soon as you/Tru builds it for release). :-D But the code is somewhat getting old. Maybe it's time to get the project xfs going again? Tru is the leader of this project. OLD? What is broken that needs fixing? XFS is in rather good shape and should not require much activity. As technology goes it was cutting edge technology when SGI designed it. It may be that ext4 will catch up but based on the clock the new ext4 may not be as stable as XFS is. A year from now... who knows. I do see xfs related patches going to Linus today ... so it is not idle. -- T o m M i t c h e l l Found me a new hat, now what? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
