Re: [CentOS-docs] Emulate a fixed IP address using MAC address with DHCP
On Sat, 2011-01-22 at 12:26 +0100, Mats Karlsson wrote: OK, Im happy to help. Can you change so I have permits to do the appropriate changes? My account is MatsOKarlsson Mats, Sorry, dropped the ball on this. Tried to add you but can't change ACL despite having created the page. Could someone with admin rights please add Mats to http://wiki.centos.org/TipsAndTricks/EmulateFixedAddressByDHCP Thanks, Phil ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Emulate a fixed IP address using MAC address with DHCP
Am 01.02.11 12:30, schrieb Phil Schaffner: On Sat, 2011-01-22 at 12:26 +0100, Mats Karlsson wrote: OK, Im happy to help. Can you change so I have permits to do the appropriate changes? My account is MatsOKarlsson Sorry, dropped the ball on this. Tried to add you but can't change ACL despite having created the page. Could someone with admin rights please add Mats to http://wiki.centos.org/TipsAndTricks/EmulateFixedAddressByDHCP Yupp, should work now. Ralph ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] The AIDE section of the Hardening CentOS wiki page
I have recently received an e-mail message regarding the above wiki page. I reproduce it, below, less the header. As I was the last to edit that page, I am mentioned in the details at its foot and that is from where the message author's error originates -- as I'm not the original creator of the page. The broken link is to a section of the blog of Jim Evolution Perrin. Are you still around Jim? If so, will you please fix it. :-) Alan. Original Message http://wiki.centos.org/HowTos/OS_Protection#head-474ca0c239384376ca6de28a5937a8de8a9d6235 points to a broken link (On AIDE). Can you flesh your version out or put up a cached version of the dead link? Thanks! -Mike ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] The AIDE section of the Hardening CentOS wiki page
On Tue, Feb 1, 2011 at 7:00 PM, Alan Bartlett a...@elrepo.org wrote: The broken link is to a section of the blog of Jim Evolution Perrin. Are you still around Jim? If so, will you please fix it. :-) Yep, that'd be my fault. The machine I was hosting that site from was old and decrepit. I took it out behind the woodshed and put it out of its misery. I should have that in an archive somewhere and will dig it up. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-es] Problemas MySql Socket UNIX - TCP
Gonzalo, espero que este paso a paso sirva: *Paso # 1: Ingresar a través de ssh *En primer lugar, entrar a través de SSH al servidor remoto de bases de datos MySQL* Paso # 2: Habilitar Networking *Una vez conectado necesitas editar el archivo de configuración my.cfg. En CentOS el archivo se encuentra en /etc/my.cnf # vi /etc/my.cnf * Paso # 3: Una vez abierto el archivo, busca la línea que diga [mysqld] *Comentar la línea skip-networking o bien quitarla y añadir la siguiente línea bind-address = SU-SERVER-IP Por ejemplo, si tu servidor MySQL es 172.19.32.2 entonces quedaria algo similar a esto: [Mysqld] user = mysql pid-file = /var/run/mysqld/ mysqld.pid socket = /var/run/mysqld/mysqld port = 3306 basedir = /usr datadir = /var/lib/ mysql tmpdir = /tmp idioma = /usr/share/mysql/english bind-address = 172.19.32.2 # Skip-networking Cuando, bind-address: dirección IP de bind. skip-networking: no hagas caso de las conexiones TCP/IP en absoluto. Toda interacción con mysqld debe hacerse a través de conectores Unix. Esta opción es muy recomendable para los sistemas donde sólo se permiten las solicitudes locales. Ya que se necesita para permitir la conexión remota de esta línea hay que extraerla del archivo o ponerlo en estado de observación. *Paso # 4 Guardar y cerrar el archivo y restartear el servicio. */etc/init.d/mysql restart * Paso # 5 Dar acceso a la dirección IP remota *mysql-u root-p mysql Dar acceso a la nueva base de datos Si queres agregar una nueva base de datos llamada cga para los usuarios y la IP remota es 172.19.70.11, entonces tenes que escribir los siguientes comandos en mysql: mysql CREATE DATABASE CGA; mysql GRANT ALL ON cga .* theuser A @ '172 .19.70.11 identificados por 'contraseña'; Saludos ... *Lic. Christian G. Araquistain* M. araqu...@gmail.com 2011/1/31 Gonzalo Cáceres gonzalocacere...@hotmail.com Gracias por las respuestas. Veamos... no he entendido mucho algunas cosas... pero creo que nos vamos acercando al problema. Yo he creado un usuario con el PhpMyAdmin... y he marcado todos los privilegios... incluido el de Grant. Luego he reiniciado el servidor... (lo hago cada vez que cambio algo). Supongo que da lo mismo crear el usuario y otorgarle privilegios desde la consola que desde el PhpMyadmin... Le he dado todos los privilegios a este usuario para cualquier servidor, %... para localhost... y para 127.0.0.1 Es exactamente lo mismo que he hecho con otros dos servidores de mysql donde tengo las mismas db. Uno en windows y otro en un NAS preinstalado ya de fábrica como comenté antes. Y siempre me funciona (conectarme con el PC en red local desde el que lo estoy intentando, y con el mismo usuario y password de siempre)... pero en la instalación limpia de Centos que he hecho no hay manera... de conectarse remotamente La IP local del servidor responde bien al hacer un ping puedo entrar desde otro PC en red al Apache y al PhpMyAdmin instalado en el servidor mysql... y funciona perfectamente el mysql... pero desde otro equipo en red local no encuentro el modo de conectar... He intentado conectar mediante Telnet desde el equipo PC en red local al servidor... por la IP del servidor y por el puerto 3306 pero salen unas caracteres extraños y se interrumpe la conexión... El SELinux y el Firewall desactivados. El el host local del servidor mysql se que está escuchando por el puerto 3306 por cualquier IP pero no se como comprobar esto desde otro host... Sigo en las mismas -- From: Elsa Alarcon onexecuador_sist...@hotmail.com Sent: Monday, January 31, 2011 3:15 PM To: centos-es@centos.org Subject: Re: [CentOS-es] Problemas MySql Socket UNIX - TCP Buenos dias Necesito ayuda urgente, tengo un servidor CEntos 5 confirgurado como servidor de correos con send mail, hace unas 3 semanas me esta dando problemas, me cambia la hora de los correos de entrada a los usuarios no entiendo por que la hora de cada PC esta correcta, y la hora del server tambien esta correcta ayudenme porfavor necesito resolver este problema urgente. Att. Elsa Alarcón From: araqu...@gmail.com Date: Mon, 31 Jan 2011 11:29:22 -0300 To: centos-es@centos.org Subject: Re: [CentOS-es] Problemas MySql Socket UNIX - TCP Gonzalo, una consulta ? desde el propio server si le tiras un nmap localhost que ports te dice tiene atendiendo por un lado ? y por otro si haces lo mismo desde un host diferente que ves ? Si la prueba que haces desde otro host te da como resultado que entre otros ports esta escuchando el 3306 el problema que tenes es que tenes que habilitar via Mysql conexiones desde otros hosts eso lo haces con un el comando grant. Saludos y espero que sirva. *Lic. Christian G. Araquistain* 2011/1/31 Gonzalo Cáceres gonzalocacere...@hotmail.com Buenas... Tengo un pequeño problemilla con MySql.
[CentOS] CentOS 5 updates
Hello, I've noticed that there haven't been any updates to centos-announce (or in Yum) for CentOS 5 since January 6th (that might be the 5th for a lot of you, I'm at +11:00 UTC). Since then, however, Red Hat have released the following updates for RHEL 5: Critical: https://rhn.redhat.com/errata/RHSA-2011-0169.html Important: https://rhn.redhat.com/errata/RHSA-2011-0017.html https://rhn.redhat.com/errata/RHSA-2011-0163.html https://rhn.redhat.com/errata/RHSA-2011-0182.html Moderate: https://rhn.redhat.com/errata/RHSA-2011-0013.html https://rhn.redhat.com/errata/RHSA-2011-0152.html https://rhn.redhat.com/errata/RHSA-2011-0153.html https://rhn.redhat.com/errata/RHSA-2011-0154.html https://rhn.redhat.com/errata/RHSA-2011-0170.html https://rhn.redhat.com/errata/RHSA-2011-0176.html https://rhn.redhat.com/errata/RHSA-2011-0180.html Low: https://rhn.redhat.com/errata/RHSA-2011-0025.html https://rhn.redhat.com/errata/RHSA-2011-0027.html https://rhn.redhat.com/errata/RHSA-2011-0028.html Does anyone have any idea when we might see these? In particular the kernel updates, but really all security updates are important. Not all of these are security updates, but enough of them are to be of some concern. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 updates
Work is currently ongoing on QA for 5.6 ... once that is out then you'll start seeing the other updates that depend on that. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 updates
On 1/02/11 10:50 PM, James Hogarth wrote: Work is currently ongoing on QA for 5.6 ... once that is out then you'll start seeing the other updates that depend on that. Ah, so that's what it is. I had kind of assumed everyone had been distracted by work on CentOS 6, until I saw the recent massive update to CentOS 4. Thanks. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 updates
Ah, so that's what it is. I had kind of assumed everyone had been distracted by work on CentOS 6, until I saw the recent massive update to CentOS 4. Centos6 is pretty much on hold until 5.6 is out the door due to the number of systems it has an impact on (ie no existing C6 systems to update and many many C5 ones). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 updates
On 1/02/11 11:13 PM, James Hogarth wrote: Centos6 is pretty much on hold until 5.6 is out the door due to the number of systems it has an impact on (ie no existing C6 systems to update and many many C5 ones). Now that is excellent news; exactly what I wanted to hear. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd problem
yes,it is clean reinstall server it has nothing error on server's logs (message secure) idc is like softlayer.com's company,only diffirult is the server is mine is it nignx or mysql's problem??it can ping ok,but ssh is not good,and when reboot,all thing ok soon thanks for you answer 2011/2/1 Cameron Kerr came...@humbledown.org The TCP connection is being built successfully. We can know this by the fact that it has progressed to sending an application-layer PDU. If it were a routing issue, it would have failed to build a TCP connection (the SYN-ACK would have failed to return). However, it is closed very soon after, during key exchange, so I would suggest you check your /etc/hosts.allow and /etc/hosts.deny. Check the contents of /etc/ssh/, in particular, is there anything in /etc/ssh/sshd_config that could be a problem? Was this a clean reinstall, or an upgrade over an existing system? Most importantly, is there anything in the server logs? You mentioned idc, what is that? Your issues with nginx,php,mysql etc, are probably separate. On 1/02/2011, at 12:52 AM, Yang Yang wrote: my server is on centos 5.5,it is just a new reinstall system i build a php depend on server and used nginx,php,mysql ssh is default 22 port The system perfomance good a few time.but it is always happen a problem only need hardware reboot to solve.the server is on idc.so i can not see the local screen information. the appearance is: 1.it can not use ssh to connect,it show server is down or rebooting 2.ping is ok 3.http can show nginx's information(nginx/0.8.46),but can not load right page,and it show 403 forbiden page i use another server usessh -vv xxx.xxx.xxx.xxx,and the responce is: SSH2_MSG_KEXINIT sent close sshd hangs after SSH2_MSG_KEXINIT sent i do not know what happen,please give me a good answer thanks erverbody ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 updates
On 02/01/2011 11:43 AM, Ben McGinnes wrote: Critical: https://rhn.redhat.com/errata/RHSA-2011-0169.html This is irrelevant to CentOS, its an RHEL update; if there was to be a critical or a remotely exploiteable issue that comes up we would then do a release into 5.5, but mostly things are now building /linking into 5.6, so releasing those with out the deps they build against might cause interesting issue. if there is specific concern about the kernel's released, those can be pushed into the c5-testing repo for early adopters.. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] centos 4.8 or centos 5.5 for server is great?
hi,i am new guy for linux world i made a server (centos5.5 8g ram 300g*2 sas 15k harddisc ),but some my friend use linux feveral years advise me use centos 4.8,he said it is much good than centos 5.5 it is trouble me ,is it newest is good than older? please give me some advice Thanks all ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Squid and SELinux
Hi Tsuyoshi,
The /home/squid dir have the user_u:object_r:squid_cache_t
The /home dir have the system_u:object_r:home_root_t
This seems that only can be achieved via audit2allow?
A lot of thks for your fast reply.
Regards.
El 01/02/11 02:29, Tsuyoshi Nagata escribió:
Hi Mrcos
(2011/02/01 0:31), Marcos Lois Bermúdez wrote:
semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?'
i check the files and are in the good context:
drwxr-xr-x squid squid user_u:object_r:squid_cache_t.
** drwxr-xr-x squid squid system_u:object_r:home_root_t ..
drwxr-x--- squid squid user_u:object_r:squid_cache_t00
drwxr-x--- squid squid user_u:object_r:squid_cache_t01
...
But when i want start it i get this:
type=AVC msg=audit(1296442326.932:739661): avc: denied { search }
for pid=30924 comm=squid name=/ dev=sda3 ino=2
scontext=user_u:system_r:squid_t:s0
tcontext=system_u:object_r:home_root_t:s0 tclass=dir
[root@localhost ~]# audit2allow -m squid
type=AVC msg=audit(1296442326.932:739661): avc: denied { search }
for pid=30924 comm=squid name=/ dev=sda3 ino=2
scontext=user_u:system_r:squid_t:s0
tcontext=system_u:object_r:home_root_t:s0 tclass=dir
Ctl-D
module squid 1.0;
require {
type home_root_t;
type squid_t;
class dir search;
}
#= squid_t ==
allow squid_t home_root_t:dir search;
[root@localhost ~]#
It seems the directory '/home/squid' has 'home_root_t' type.
Change it to 'squid_cache_t'
# chcon -u system_u -r object_r -t squid_cache_t /home/squid
--Tsuyoshi.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 4.8 or centos 5.5 for server is great?
use centos 5, it's good. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 4.8 or centos 5.5 for server is great?
Yang Yang wrote: hi,i am new guy for linux world i made a server (centos5.5 8g ram 300g*2 sas 15k harddisc ),but some my friend use linux feveral years advise me use centos 4.8,he said it is much good than centos 5.5 it is trouble me ,is it newest is good than older? please give me some advice The later version is better in most (practically ALL) respects. You only use the older versions if they are already in place and need to support old legacy software that will not run on the later kernel versions. One of the wonderful things about CentOS and Red Hat is that when these versions are released they are normally rock solid and then the added bonus of patch security updates for many years. Thanks all ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos attachment: rkampen.vcf___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 4.8 or centos 5.5 for server is great?
On Tue, Feb 01, 2011 at 11:54:40PM +0800, Yang Yang wrote: hi,i am new guy for linux world i made a server (centos5.5 8g ram 300g*2 sas 15k harddisc ),but some my friend use linux feveral years advise me use centos 4.8,he said it is much good than centos 5.5 it is trouble me ,is it newest is good than older? please give me some advice Sounds like you have a friend who has not learned much in several years. Use CentOS 5.5 (or wait just a little while and use CentOS 6.0) We have 5.5 on a room-full of important, must-be-up-all-the-time servers with a variety of applications and have no problem with the OS. We also have several OSen on many servers and probably like CentOS and FreeBSD the best. The others (MS, SUN, proprietary UNIX) are used only because some Dept bought some high-priced application that requires them. jerry Thanks all ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] limiting yum url question
Hi, I need to configure yum to limit the number of URLs going out for security reason. I don't find a configuration for include option. I do find an exclude option in /etc/yum/pluginconf.d/fastestmirror.conf. It would be impossible to exclude every url in this file. What is the best way to limit the traffic going out interest for yum? Is the local network repository a better way or does there exist an include option that I am not aware of? Thanks, --xinhuan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Setting up persistent LUNs
Hello everyone, I am trying to setup persistent LUNs and having problems. I've been following instructions I found on the web and they refer to editing /etc/scsi_id.config file and adding options=-g line there. After doing so, I should be able to run scsi_id -g -s /dev/sd* and get proper results. I've modified file /etc/scsi_id.config appropriately: [root@psrwjmsafs1 etc]# grep options /etc/scsi_id.config vendor=ATA,options=-p 0x80 options=-g but whenever I run scsi_id -g -s /b/sde1 - i get nothing. [root@psrwjmsafs1 etc]# df -k |grep sde /dev/sde11754602560 93383616 1572090328 6% /test How come? Am i missing something? Thank you! Asya ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to move forward/undo/revert/fix re: a failed CentOS 5.5 to SL 5.5 migration ... [SOLVED?]
Larry Vaden wrote on 01/30/2011 08:41 PM: ... With apologies for replying to my own post, the final solution (possibly regarded as draconian and puerile by others) which seemed to work to return to a consistent state was to download Oracle R5U6 and invoke 'rpm -ivh' following some rpm which must be set aside in order to avoid can not coexist. (e.g., bind vs. bind97 et al). So, out of morbid curiosity, and because it seems to have been my post on the SL list you quoted that helped get you into this state, was anything other than the replacement process actually broken? It is completely unsurprising that the kernel RPMS failed to install over the like versions, but I would have expected things to work with the CentOS kernels on the SL/CentOS mixed system. The replacement process was only suggested as something for those really paranoid about not having all the packages from the same distro to try, and I certainly would not have endorsed throwing Oracle into the mix. For the record, if I really wanted to replace the kernels, my process would have been something like: 1. Boot from an older OldOS kernel. 2. Remove the newer OldOS kernel[s]. 3. Install the latest NewOS kernel with yum. 4. Reboot to the NewOS kernel. 5. Remove the remaining OldOS kernel, or perhaps better leave for a fallback. By the way, my initial post in the SL thread started: The procedure (untested by me) should be similar to the procedure on the CentOS Wiki for migration from RHEL to CentOS Caveat Emptor! :-) Will be interesting to see how you fare with your three-way hybrid when CentOS 5.6 hits the mirrors. Good luck, Phil ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] limiting yum url question
AFAIK, you cannot limit. You can set it to check only one mirror. Which is not very clever or nice, so you should use your own repo. Apparently, you have a few more machines. Then you should use a repo, anyway. It's easily set up and filled with a nightly rsync. Reduces traffic quite a bit. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] limiting yum url question
That's what I thought. Is there a good resource that I can take a look for how to setting up a local repository server? Thanks, -xinhuan -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Kai Schaetzl Sent: Tuesday, February 01, 2011 2:31 PM To: centos@centos.org Subject: Re: [CentOS] limiting yum url question AFAIK, you cannot limit. You can set it to check only one mirror. Which is not very clever or nice, so you should use your own repo. Apparently, you have a few more machines. Then you should use a repo, anyway. It's easily set up and filled with a nightly rsync. Reduces traffic quite a bit. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] syslog socket limit
Hi, Syslogd has an option -a socket. According to man page, this additional sockets is limited to 19. Currently I do need to have more than 19 sockets that syslogd needs to listen on. How can I accomplish that if I don't want to change syslogd.c code? Thanks, - xinhuan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6.0 alpha testers
Hi guys, who do I need to contact to become CentOS tester? When is first alpha due for release and testing? Cheers, Valent. -- follow me - www.twitter.com/valentt http://kernelreloaded.blog385.com linux, anime, spirituality, wireless, scuba, linuxmce smart home, zwave ICQ: 2125241, Skype: valent.turkovic, MSN: valent.turko...@hotmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Squid and SELinux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/31/2011 08:29 PM, Tsuyoshi Nagata wrote:
Hi Mrcos
(2011/02/01 0:31), Marcos Lois Bermúdez wrote:
semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?'
i check the files and are in the good context:
drwxr-xr-x squid squid user_u:object_r:squid_cache_t.
** drwxr-xr-x squid squid system_u:object_r:home_root_t ..
drwxr-x--- squid squid user_u:object_r:squid_cache_t00
drwxr-x--- squid squid user_u:object_r:squid_cache_t01
...
But when i want start it i get this:
type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for
pid=30924 comm=squid name=/ dev=sda3 ino=2
scontext=user_u:system_r:squid_t:s0
tcontext=system_u:object_r:home_root_t:s0 tclass=dir
[root@localhost ~]# audit2allow -m squid
type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for
pid=30924 comm=squid name=/ dev=sda3 ino=2
scontext=user_u:system_r:squid_t:s0 tcontext=system_u:object_r:home_root_t:s0
tclass=dir
Ctl-D
module squid 1.0;
require {
type home_root_t;
type squid_t;
class dir search;
}
#= squid_t ==
allow squid_t home_root_t:dir search;
[root@localhost ~]#
It seems the directory '/home/squid' has 'home_root_t' type.
Change it to 'squid_cache_t'
# chcon -u system_u -r object_r -t squid_cache_t /home/squid
--Tsuyoshi.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Do not change the context of /home to anything other the home_root_t.
If you changed the label then you probably would blow up confined
applications that need to access the homedirs and would not be allowed
to search through squid_cache_t.
The problem you are having is you setup the squid_cache_t directory
under a directory that squid is not allowed to search in. The easiest
thing to do is to add a rule that allows squid_t to search home_root_t
# grep home_root_t /var/log/audit/audit.log | audit2allow -M mysquid
# semodule -i mysquid.pp
Another option would be to move the directory to / and then squid_t
would be able to read it.
semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?'
What the correct way to apply the label. Then run restorecon. Using
chcon should only be used for testing, since it is not permanent.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1IbWAACgkQrlYvE4MpobNqrACeK+nSf0h8h0II4UpbPipOI62o
RhQAoJMfxjOOVOx7qzS7rp0PwAWd05n3
=Q6ax
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to relocate $HOME directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/31/2011 01:19 PM, Paul Heinlein wrote: On Mon, 31 Jan 2011, Soo-Hyun Choi wrote: Hi there, As you know, $HOME is generally located at /home/$username by default. I would like to re-locate all users' $HOME directories to something like /export/home/$username without having a hassle/trouble. Initially, I've thought of just copying them to the new directory (under /export/home/xxx), but guessed it might trouble for the normal use (I'm pretty new to CentOS, although many experiences with Debian/Ubuntu). Is there any good tricks (or caveats) when moving users' home directory cleanly with CentOS? (I'm with CentOS 5.5 x86_64) For the sake of argument, I'm going to assume that your current /home and the new /export/home are on separate disks or partitions. That is, you need to make a full copy of the existing directories rather than just renaming them. The following instructions should all be done as root. 1. rsync -av --delete /home/ /export/home/ 2. Edit /etc/default/useradd so that HOME=/export/home 3. Run /usr/sbin/genhomedircon 4. Verify the change in /etc/selinux/SELINUXTYPE/contexts/files/file_contexts.homedirs 5. Make sure that /export/home has the right contect: semanage fcontext -a -t home_root_t /export/home 6. Run fixfiles to see if anything is amiss: /sbin/fixfiles check /export/home If something fixfile reports errors, use it to fix things: /sbin/fixfiles restore /export/home 7. Disable user logins (including your own). 8. Update /etc/password with new $HOME definitions 9. Re-run rsync, if necessary, to catch last-minute changes: rsync -av --delete /home/ /export/home/ 10. Make the older /home/* directories unreadable. 11. Enable user logins 12. Tell your users emphatically that they should use $HOME anywhere they're tempted to hardwire their home directory path into a script. :-) If you are using RHEL6 or its equivalent: # semanage fcontext -a -t home_root_t /export # semanage fcontext -a -e /home /export/home # restorecon -R -v /export/home # mkdir /export/home # mv /home/* /export/home/* # restorecon -R -v /export -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1IcTIACgkQrlYvE4MpobOk3QCeM+v1k1h7UHUQh+xCe/WSk5/y qgAAoLmg1eeH1WAdOPlnNgeEILRWhrIO =c39d -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel Errors Present...
On Wed, 12 Jan 2011, John R Pierce wrote: To: centos@centos.org From: John R Pierce pie...@hogranch.com Subject: Re: [CentOS] Kernel Errors Present... In the BIOS I turn DMA off for /dev/hda and /dev/hdc, but they still show up in /proc/ide/.../settings as using_dma 1. say HUH? IDE PIO modes are like 3-7 MBytes/sec and require 100% CPU utilization during the transfer phase. why in dogs name would you be doing this in 2011 ? ...snip... January 12, 2011 06:26PM Use the modern, 80 wire cables, and trust the technology - it's come a long way. Thanks for all the replies concerning this. I have bought an off-the-shelf 24 round ATA 133 IDE cable, and installed that in place of the 40-wire cable. The problem now appears to be fixed. Been keeping an eye on my logwatch emails, and they are no longer reporting this problem. Kind Regards, Keith Roberts - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setting up persistent LUNs
Am 01.02.2011 18:38, schrieb Dvorkin, Asya: Hello everyone, I am trying to setup persistent LUNs and having problems. I've been following instructions I found on the web and they refer to editing /etc/scsi_id.config file and adding options=-g line there. After doing so, I should be able to run scsi_id -g -s /dev/sd* and get proper results. I've modified file /etc/scsi_id.config appropriately: [root@psrwjmsafs1 etc]# grep options /etc/scsi_id.config vendor=ATA,options=-p 0x80 options=-g but whenever I run scsi_id -g -s /b/sde1 - i get nothing. [root@psrwjmsafs1 etc]# df -k |grep sde /dev/sde11754602560 93383616 1572090328 6% /test How come? Am i missing something? Thank you! Asya The proper scsi_id query would be scsi_id -g -s /block/sde Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to move forward/undo/revert/fix re: a failed CentOS 5.5 to SL 5.5 migration ... [SOLVED?]
On Tue, Feb 1, 2011 at 1:26 PM, Phil Schaffner philip.r.schaff...@nasa.gov wrote: So, out of morbid curiosity, and because it seems to have been my post on the SL list you quoted that helped get you into this state, was anything other than the replacement process actually broken? Actually, it was Karanbir's statement that led me to believe it would be possible to have a real choice ... As far as answering your question, other than BIND, the truth is I don't know. I certainly would not have endorsed throwing Oracle into the mix. There's an old saying that goes like make chicken salad with the chickens you've got. Will be interesting to see how you fare with your three-way hybrid when CentOS 5.6 hits the mirrors. Feel free to pen a stanza which I will run on the system to determine the actual DNA head count and thus whether it is a hybrid ... At the risk of irritating folks further with the great-grandmother of the situation, RH and downstreams need to get serious about BIND, et al. e.g. (and not the best one by far, just the one that led me down the path (yikes, www.yahoo is here in rural north Texas on a leaf node)), http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html-single/5.6_Technical_Notes/index.html#bind says, in part: * The host/dig/nslookup utilities queried only servers from resolv.conf. With this update, the utilities query the servers specified on command line instead of in resolv.conf and the issue is resolved. ( BZ#561299) AFAIK, that's the status of the clones at this time. Still unexplained is why 'host www.yahoo.com 208.67.220.220' and 'host www.yahoo.com 8.8.8.8' got completely different answers. kind regards/ldv ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ~/.forward file?
Hi all, I'm just poking thru our previous sysadmin's user adding script and saw reference to a ~/.forward file containing the users email address. Any idea what it might be for? It's a tricky one to Google ;-) Thanx, Russell Smithies === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ~/.forward file?
Any idea what it might be for? Procmail... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ~/.forward file?
On 2 February 2011 05:41, Joseph L. Casale jcas...@activenetwerx.com wrote: Any idea what it might be for? Procmail... If a mail message gets sent to the user with a .forward file, the message will be forwarded to all email addresses in the .forward file. Try Google for: unix mail .forward Regards, Andy. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 updates
On 2/02/11 12:16 AM, Karanbir Singh wrote: On 02/01/2011 11:43 AM, Ben McGinnes wrote: Critical: https://rhn.redhat.com/errata/RHSA-2011-0169.html This is irrelevant to CentOS, its an RHEL update; if there was to be a critical or a remotely exploiteable issue that comes up we would then do a release into 5.5, but mostly things are now building /linking into 5.6, so releasing those with out the deps they build against might cause interesting issue. Fair enough. I must admit to not caring as much about the Java stuff anyway, I was mainly collating a list of notices which might correspond. I use the RH lists to give myself an idea of what is likely to appear from CentOS. if there is specific concern about the kernel's released, those can be pushed into the c5-testing repo for early adopters.. Good to know, thanks. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL-6 vs. CentOS-5.5 (was: Static assignment of, SCSI device names?)
Les Mikesell wrote: On 1/30/11 1:37 PM, Chuck Munro wrote: Hello list members, My adventure into udev rules has taken an interesting turn. I did discover a stupid error in the way I was attempting to assign static disk device names on CentOS-5.5, so that's out of the way. But in the process of exploring, I installed a trial copy of RHEL-6 on the new machine to see if anything had changed (since I intend this box to run CentOS-6 anyway). Lots of differences, and it's obvious that RedHat does things a bit differently here and there. My focus has been on figuring out how best to solve my udev challenge, and I found that tools like 'scsi_id' and udev admin/test commands have changed. The udev rules themselves seem to be the same. Do any of the names under /dev/disk/* work for your static identifiers? You should be able to use them directly instead of using udev to map them to something else, making it more obvious what you are doing. And are these names the same under RHEL6? I was happy to see that device names (at least for SCSI disks) have not changed. The more I look into the whole problem the more I realize that I've overstated the difficulty, now that I know how to map out the hardware path for any given /dev/sdX I might need to replace. I've never dug as deeply into this before, mostly because I never could find the spare time. I'm happy with simply writing a little script which accepts a /dev/sdX device name argument and reformats the output of: 'udevadm info --query=path --name=/dev/sdX' to extract the hardware path. It's a bit cleaner than the current RHEL-5/CentOS-5 'udevinfo' command. Using the numeric path assumes knowledge of how the motherboard sockets are laid out and the order in which I/O controller channels are discovered, of course. It's then not difficult to trace a failed drive by attaching little tags to the SATA cables from the controller cards. The real key is to carefully label each SATA cable and its associated drive. Then the little mapping script can be used to identify the faulty drive which mdadm reports by its device name. It just occurred to me that whenever mdadm sends an email report, it can also run a script which groks out the path info and puts it in the email message. Problem solved :-) So even though I figured out how to add 'alias' symlink names to each disk drive, I'm not going to bother with it. It was a very useful learning experience, though. Chuck ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] glibc++6.2?
Greetings ALL... V 5.5 Gnome. Desktop Looking for glibc++6.2 and higher. --Hal -- Hal Davison Observe Goal, Set the course, Burn the map Davison Consulting This correspondence was composed using Dragon Speaking Version 10 Peg#: 2007011701 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] what pkg contains libstdc++-libc6.2-2.so.3
-- Hal Davison Observe Goal, Set the course, Burn the map Davison Consulting This correspondence was composed using Dragon Speaking Version 10 Peg#: 2007011701 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what pkg contains libstdc++-libc6.2-2.so.3
Hal Davison h...@faams.net asked as above: And the answer is: compat-libstdc++-296-2.96-138 (on Centos 5.5, that is). Best, --- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ~/.forward file?
On Wed, 2 Feb 2011, Smithies, Russell wrote: To: CentOS mailing list centos@centos.org From: Smithies, Russell russell.smith...@agresearch.co.nz Subject: [CentOS] ~/.forward file? Hi all, I'm just poking thru our previous sysadmin's user adding script and saw reference to a ~/.forward file containing the users email address. Any idea what it might be for? It's a tricky one to Google ;-) Hi Russell. So which user's email address are you talking about? The email addy of the newly created account, or the email address of the previous sys admin? Regards, Keith - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
