Re: [CentOS] Using Samba to share Apache web root, securely
Hello Craig, On Wed, 2011-08-10 at 18:18 -0700, Craig White wrote: > please explain to me how the above octal permissions with user root & > group department_a translate to giving apache write access or even world > write access. I think you misunderstood what I meant... I claimed that if apache is no part of the department_a group the only way to give apache write access is by giving the world write access. With the setup as you suggested it is impossible to give apache write access without giving the whole world write access where apache needs to write. Of course with my setup the problem is apache has write access everywhere the group has write access (using 2770 for directories). (The approach of adding apache to a shared user-apache group does work well for single user directories. Using 2750 for apache read and 2770 for apache write. Perhaps an smb mapping to a user on the affected shares fixes the issue with my approach.) > I think this is reasonably secure configuration. Perhaps the setup you suggest is the best approach, but it has it's limitations. It makes it impossible to give apache write access to certain directories without giving the world write access there, and it makes it impossible to use php with safe_mode. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] drop manitu.net
On Thu, 11 Aug 2011, Always Learning wrote: snip > Why not run your own mail server ? I use Exim (a Sendmail replacement) > on several servers. I refuse incoming mails where the sender's HELO / > EHLO does not match the sender's IP host name, because that - for me - > eliminates 90% or more of spam and I absolutely detest spam. snip > No Centos fan should have to depend on other's email services for daily > communications, so do consider operating your own mail server. I have been wondering about that myself. I'm using postfix instead of sendmail: postfix 0:off 1:off 2:on3:on4:on5:on 6:off ... sendmail0:off 1:off 2:off 3:off 4:off 5:off 6:off Can I use postfix to send outgoing emails directly from my machine, without opening any external ports? Or is that required for the server handshake protocol? I did have problems with UCEprotect blocking outgoing emails from my ISP, on the m...@gnome.org list. But that appears to have rectified itself now :) One way around it was to configure alpine MUA to send my outgoing email via my web hosting providers mail server, which they kindly agreed to. Only problem with that was their mail server needed a password to connect to the server, and alpine is currently compiled without that option. So I had to enter the password whenever I wanted to send an email. Kind Regards, Keith Roberts - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ffmpeg
On Wed, 10 Aug 2011, tdu...@sc.rr.com wrote: *snip* > I use ffmpeg with Zoneminder. If you go to their website, > there some links to download the latest version with svn. > I never could find a rpm that worked. I was looking at that recently. Is there a suitable Centos 5.6 386 RPM for Zoneminder, or do I have to compile it from the source code? Regards, Keith - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using Samba to share Apache web root, securely
Ngày 09:32 09/08/2011, Trey Dockendorf viết: > I'm setting up a shared web server running Apache. If they are OK with svn, why not go for svn+ssh and and and svn update cronjob on httpd side? I presume that human being always makes error, so the reason is that you can track the change and save their ass of misoperation. Cheers, Nguyen Vu Hung ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] drop manitu.net
On Wed, 2011-08-10 at 21:36 -0500, John R. Dennison wrote: > Waste of time and resources. Learn how to properly handle email and > none of this nonsense is necessary. Properly handling emails means, to me, not being too reliant on others whose faults and omissions could impair your ability to send and receive mail . and not being a willing victim of spam ;-) -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] drop manitu.net
On Thu, Aug 11, 2011 at 03:08:46AM +0100, Always Learning wrote: > > Why not run your own mail server ? I use Exim (a Sendmail replacement) > on several servers. I refuse incoming mails where the sender's HELO / > EHLO does not match the sender's IP host name, because that - for me - > eliminates 90% or more of spam and I absolutely detest spam. Not everyone is in a position to run their own server. Nor should people be required to do so if they don't care to take on the burden of doing so. > Discardable sub-domain names for mailing list subscriptions also helps. > (currently on my third change for this list ... u61) Why? I've been on this list for years all using the same address, which I might add is the same address I have been using since the late 80s. > Having spare domains, control over the DNS and assigning unique email > addresses for different purposes means you can simply bloke a > compromised email address whilst continuing to receive emails from > everyone else. I've been doing this for about 10 years with great > success. Waste of time and resources. Learn how to properly handle email and none of this nonsense is necessary. > Spam is a USA invention created by someone called Wallace? about 15? > years ago. It is now a world-wide pest. The question marks indicate that you indeed don't know what you are talking about. > No Centos fan should have to depend on other's email services for daily > communications, so do consider operating your own mail server. Can you please stop with the sweeping statements that are without merit until you fully understand the problem at hand? John -- Simply put, it's time. Time for me. And time for Chicago to move on. -- Richard M. Daley, mayor of Chicago since 1989, announcing that he would not seek re-election, New York Times, 8 September 2010 pgpUkvtVuzJQ8.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using Samba to share Apache web root, securely
On Wed, 2011-08-10 at 18:18 -0700, Craig White wrote: > For that matter, please explain how if any html directory served by > apache (runs as user/group apache/apache)... > > user/group root/department_group > files 0664 > directories 1775 > > are in any way vulnerable to world write access or otherwise represent > an insecure configuration because I want to learn. All mine are:- files: root r/w, group r, others r directories: root rwx, group x, others x except .htaccess for each domain which is writable by Apache because, at the slightest hacking attempt, the hackers IP address is instantly added to the .htaccess with a Deny statement. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] drop manitu.net
On Wed, 2011-08-10 at 17:10 -0400, m.r...@5-cent.us wrote: > listadmin, > >Can you PLEASE, PLEASE find *any* other blacklist than manitu? This > asshole's method was ok a dozen years ago; these days, with hosting sites > hosting tens or hundreds of thousands of domains, with too many running > Windows, and so infected and sending out spam. They then send all mail via > one mailhost, with the result that those of us with *no* spam coming out > are frequently blocked. > > This ain't the first time for me with this jerk, either. A few years > ago, Cogeco in Canada was using him, and on and off for *months* I was > blocked from exchanging email with an old friend... because I was > mailing from Roadrunner in Chicago (hosting hundreds of thousands of > households), until my friend dropped Cogeco. > > mark, who is wondering if this will be blocked No I got it in England, Europe. Why not run your own mail server ? I use Exim (a Sendmail replacement) on several servers. I refuse incoming mails where the sender's HELO / EHLO does not match the sender's IP host name, because that - for me - eliminates 90% or more of spam and I absolutely detest spam. Discardable sub-domain names for mailing list subscriptions also helps. (currently on my third change for this list ... u61) Having spare domains, control over the DNS and assigning unique email addresses for different purposes means you can simply bloke a compromised email address whilst continuing to receive emails from everyone else. I've been doing this for about 10 years with great success. Spam is a USA invention created by someone called Wallace? about 15? years ago. It is now a world-wide pest. No Centos fan should have to depend on other's email services for daily communications, so do consider operating your own mail server. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using Samba to share Apache web root, securely
On Tue, 2011-08-09 at 23:03 +0200, Leonard den Ottolander wrote: > Hello Craig, > > On Tue, 2011-08-09 at 08:44 -0700, Craig White wrote: > > I'm quite sure that if all the files are owned by the 'department_a' > > group and 'readable' by user apache as I have indicated, > > > - create mask 664 & directory mask 775 > > Perhaps I should have made explicit in my post that I wouldn't recommend > such file permissions. Apache accessing files with world permissions is > ugly and it makes it impossible to run f.e. php with safe_mode or have > apache write files other than by allowing the world write access. Which > is why I described that setup with a shared group. please explain to me how the above octal permissions with user root & group department_a translate to giving apache write access or even world write access. For that matter, please explain how if any html directory served by apache (runs as user/group apache/apache)... user/group root/department_group files 0664 directories 1775 are in any way vulnerable to world write access or otherwise represent an insecure configuration because I want to learn. I think this is reasonably secure configuration. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ffmpeg (resending, blocked by dnsbl.manitu.net)
On 8/10/2011 4:37 PM, m.r...@5-cent.us wrote: > >>> I've run into problems with libfaad being missing before. Here's the > real question: how were the ffmpeg and ffmpeg-libs *built*, if a > libfaad package isn't available in the repository? >>> >> I just use rpmforge's and never have issues. It's not always the latest > version, but I've always been able to do everything with it that I need. >> > *sigh* My manager doesn't want us to use rpmforge (though he'll make an > exception, at least for my testing, for kmod-nvidia, and even then, he > wants it disabled *except* for updating that). Is he aware of the rearrangement of the rpmforge repository? See http://repoforge.org/faq/ (and note what is in an updated rpmforge-release.rpm). Regardless, I just keep the yum repo files set to enabled=0 and explicitly use --enablerepo= on the yum command line when I want to install or update something from there. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sieveshell fails to start on CentOS 6.0
On 8/10/2011 5:40 PM, Simon Matter wrote: > SELinux? I'm out of ideas apart from that. > > Simon > > audit2allow http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sieveshell fails to start on CentOS 6.0
> On 8/10/2011 2:28 PM, Simon Matter wrote: >>> On 8/10/2011 2:00 PM, Simon Matter wrote: > I don't know if this is the right place to report this or not. > > I am building a new server on a 64 bit CentOS 6.0 platform. > > [root@newmick ~]# cat /etc/redhat-release > CentOS Linux release 6.0 (Final) > [root@newmick ~]# uname -a > Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP > Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux > > Mail subsystem consists of: > sendmail > spamassassin > spamass-milter > cyrus-imap > > All of these appear to be working. Mail sent to the system > appears in the inbox of the user it is sent to. > > My problem: > > I am unable to get the cyrus sieve to work. Attempting to run > sieveshell to load the filter fails as shown below. > > [harold@newmick ~]$ sieveshell localhost > connecting to localhost > unable to connect to server at /usr/bin/sieveshell line 170. > [harold@newmick ~]$ Maybe sieveshell tries to connect to the wrong port? Did you try sieveshell localhost:sieve >>> [harold@newmick ~]$ sieveshell localhost:sieve >>> connecting to localhost:sieve >>> connect: Connection refused >>> unable to connect to server at /usr/bin/sieveshell line 170. >>> [harold@newmick ~]$ sieveshell localhost:2000 >>> connecting to localhost:2000 >>> unable to connect to server at /usr/bin/sieveshell line 170. >>> [harold@newmick ~]$ >> And on which port does it listen for sieve? Note that port 2000 is not >> the >> managesieve port anymore. >> > [root@newmick etc]# grep sieve /etc/services > sieve-filter2000/tcpcisco-sccp # Sieve Mail Filter Daemon > sieve-filter2000/udpcisco-sccp # Sieve Mail Filter Daemon > sieve 4190/tcp# ManageSieve Protocol > [root@newmick etc]# > > [harold@newmick ~]$ sieveshell localhost:4190 > connecting to localhost:4190 > connect: Connection refused > unable to connect to server at /usr/bin/sieveshell line 170. > [harold@newmick ~]$ > > I checked /etc/services, and it's 4190 and not 2000. But 4190 fails just > the same. SELinux? I'm out of ideas apart from that. Simon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ffmpeg (resending, blocked by dnsbl.manitu.net)
Scott Robbins wrote: > On Wed, Aug 10, 2011 at 05:11:12PM -0400, m.r...@5-cent.us wrote: >> This is annoying. I've been trying to get motion working correctly on CentOS 6. First, there was no ffmpeg rpms. Now, I try to install it, and >> I've run into problems with libfaad being missing before. Here's the real question: how were the ffmpeg and ffmpeg-libs *built*, if a libfaad package isn't available in the repository? >> > I just use rpmforge's and never have issues. It's not always the latest version, but I've always been able to do everything with it that I need. > *sigh* My manager doesn't want us to use rpmforge (though he'll make an exception, at least for my testing, for kmod-nvidia, and even then, he wants it disabled *except* for updating that). > > Don't know if that helps at all, probably doesn't, but the repoforge ones have always worked well for me, through CentOS 5, and now 6. Thanks, but not really. I'll also mention that he really, really prefer that we not build except where absolutely necessary (like gspca for the video device). There's still the question: how can they build the package, if the dependency's not there? mark PS And I had to remove my hosting provider's mailhost *again* ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ffmpeg
On Wed, Aug 10, 2011 at 05:11:12PM -0400, m.r...@5-cent.us wrote: > This is annoying. I've been trying to get motion working correctly on > CentOS 6. First, there was no ffmpeg rpms. Now, I try to install it, and > it's found on rpmfusion... except that it will not install. It insists > that libfaad.so.0 is required, and tells me faad2-libs-2.6.1-5 from el5 is > available. (I've done some stuff with my repos to try to get what I need > for motion.) > > I installed faad2-libs. It *still* will not install, telling me the same: > Error: Package: ffmpeg-libs-0.4.9-0.52.20080908.el5.x86_64 > (rpmfusion-free-updates5-testing) >Requires: libfaad.so.0()(64bit) >Available: 1:faad2-libs-2.6.1-5.el5.x86_64 > (rpmfusion-free-updates5-testing) >libfaad.so.0()(64bit) > > I've run into problems with libfaad being missing before. Here's the real > question: how were the ffmpeg and ffmpeg-libs *built*, if a libfaad > package isn't available in the repository? > > mark > I just use rpmforge's and never have issues. It's not always the latest version, but I've always been able to do everything with it that I need. Don't know if that helps at all, probably doesn't, but the repoforge ones have always worked well for me, through CentOS 5, and now 6. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Buffy: Look, I know this new guy's a dork, but... Well, I have nothing to follow that. He's pretty much just a dork. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos6(64) SSH sessions fail irregularly [SOLVED]
Folks I just installed a centos6 system on a 64-bit box. My methods include remote administration, using ssh from a windows machine. I use this method successfully on several Centos5 boxes and one Centos6 (32bit) machine as well. However, on this latest one, I get inconsistent results with ssh. This is a server, SELINUX is disabled, it's command line only, and I have installed sendmail, apache, vsftpd (but haven't used the last two yet). The machine is connnected internally only (behind NAT), so is invisible to the outside world. In a successful use of SSH just after installing the needed software, I installed the DSA keys so no password is used. Subsequent to that, and at seemingly unpredictable frequent attempts, I get results such as a) A successful SSH login as desired. Variious commands, sucn as "ls" and such, work fine. b) A successful login, but a write failure with whatever I enter next c) Connection refused d) A request for password (followed by failure) I can't seem to connect these various errors with any activity on the server -- I'm monitoring /var/log/messages /var/log/secure and /var/log/audit/audit.log, on a terminal directly attached to the server. The server, and my windows box (which is my admin box) are on the same internal IPV4 network (192.168.xxx.xxx), all controlled by a Centos5 gateway running just fine which provides DHCP and NAT when needed. I haven't been able to correlate these failures with anything I do; there's no indication on the server that anything is happening. Of course, when the SSH login succeeds, there's a notation in the logs, but no evidence of the failures. I tend to get "best" results after a bootstrap, With no evidence of anything abnormal showing up in the logs, it's not clear where to look. I would appreciate some clues as to where to look next. The server seems to have functioning internet access through the gateway. I can easily redo the install if needed. The hardware was previously running Win7, so I suspect it's good hardware. It's a roll-you-own machine built with components from Fry's, so don't ask me for the model name :-) I'd appreciate advice or guidance. David Kurn SOLUTION: (with embarrassment) It turns out that one of the Ethernet switches in the path was not behaving properly. I removed it, and the problem disappeared. Sorry to have raised a red-flag ... the problem has been bugging me for 5 days and only today did I look at the switch. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ffmpeg
m.r...@5-cent.us wrote: > This is annoying. I've been trying to get motion working correctly on > CentOS 6. First, there was no ffmpeg rpms. Now, I try to install it, and > it's found on rpmfusion... except that it will not install. It insists > that libfaad.so.0 is required, and tells me faad2-libs-2.6.1-5 from el5 is > available. (I've done some stuff with my repos to try to get what I need > for motion.) > > I installed faad2-libs. It *still* will not install, telling me the same: > Error: Package: ffmpeg-libs-0.4.9-0.52.20080908.el5.x86_64 > (rpmfusion-free-updates5-testing) >Requires: libfaad.so.0()(64bit) >Available: 1:faad2-libs-2.6.1-5.el5.x86_64 > (rpmfusion-free-updates5-testing) >libfaad.so.0()(64bit) > > I've run into problems with libfaad being missing before. Here's the real > question: how were the ffmpeg and ffmpeg-libs *built*, if a libfaad > package isn't available in the repository? > > mark I use ffmpeg with Zoneminder. If you go to their website, there some links to download the latest version with svn. I never could find a rpm that worked. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ffmpeg
This is annoying. I've been trying to get motion working correctly on CentOS 6. First, there was no ffmpeg rpms. Now, I try to install it, and it's found on rpmfusion... except that it will not install. It insists that libfaad.so.0 is required, and tells me faad2-libs-2.6.1-5 from el5 is available. (I've done some stuff with my repos to try to get what I need for motion.) I installed faad2-libs. It *still* will not install, telling me the same: Error: Package: ffmpeg-libs-0.4.9-0.52.20080908.el5.x86_64 (rpmfusion-free-updates5-testing) Requires: libfaad.so.0()(64bit) Available: 1:faad2-libs-2.6.1-5.el5.x86_64 (rpmfusion-free-updates5-testing) libfaad.so.0()(64bit) I've run into problems with libfaad being missing before. Here's the real question: how were the ffmpeg and ffmpeg-libs *built*, if a libfaad package isn't available in the repository? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] drop manitu.net
listadmin, Can you PLEASE, PLEASE find *any* other blacklist than manitu? This asshole's method was ok a dozen years ago; these days, with hosting sites hosting tens or hundreds of thousands of domains, with too many running Windows, and so infected and sending out spam. They then send all mail via one mailhost, with the result that those of us with *no* spam coming out are frequently blocked. This ain't the first time for me with this jerk, either. A few years ago, Cogeco in Canada was using him, and on and off for *months* I was blocked from exchanging email with an old friend... because I was mailing from Roadrunner in Chicago (hosting hundreds of thousands of households), until my friend dropped Cogeco. mark, who is wondering if this will be blocked ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase audio volume
On Wed, 2011-08-10 at 16:48 +0100, Keith Roberts wrote: > On Wed, 10 Aug 2011, m.r...@5-cent.us wrote: > > > To: CentOS mailing list > > From: m.r...@5-cent.us > > Subject: Re: [CentOS] Increase audio volume > > > > Juan C. Valido wrote: > >> Is there a way to increase the audio volume on CentOS 6. I have it set > >> at the max and still very low. Thank you. > > > > How 'bout system-config-soundcard? > > > >mark > > Also check out alsamixer from the command line, as that > sometimes shows control that are not always listed in the > other mixers. > > Kind Regards, > > Keith Roberts > > - > Websites: > http://www.karsites.net > http://www.php-debuggers.net > http://www.raised-from-the-dead.org.uk > > All email addresses are challenge-response protected with > TMDA [http://tmda.net] > - > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Thank you. Sound card took cara of the problem. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase audio volume
On Wed, 2011-08-10 at 11:42 -0400, m.r...@5-cent.us wrote: > Juan C. Valido wrote: > > Is there a way to increase the audio volume on CentOS 6. I have it set > > at the max and still very low. Thank you. > > How 'bout system-config-soundcard? > > mark > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > No,didn't try that. I installed an old Sound Blaster 24 and that did the trick. Thank you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux prohibiting sssd usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/10/2011 02:24 PM, Paul Heinlein wrote: > On Wed, 10 Aug 2011, Daniel J Walsh wrote: > >> I am adding the allow rule to allow http_git_script_t to resolve >> usernames to Fedora and Rhel policies. > > Thanks, Dan! I'm a big fan of the work you've done integrating RHEL > and SELinux, and improving SELinux in general. > > Do you have a diff or policy fragment I can use until your changes > appear in CentOS? > auth_use_nsswitch(http_git_script_t) Is what I am adding to 6.2 policy. This will show up in selinux-policy-3.7.19-107.el6 when we build it later this week. You can always grab the latest policy for the upcoming release at http://people.redhat.com/dwalsh/SELinux/RHEL6 selinux-policy-3.7.19-106.el6 is out there now. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5C5jwACgkQrlYvE4MpobNxkgCgmhSpiK2WxGN9df4YgK3xscxE HtsAoMXyMm4iZYRcHqiEWb7HzMWKy90d =mPtD -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos6(64) SSH sessions fail irregularly
Folks I just installed a centos6 system on a 64-bit box. My methods include remote administration, using ssh from a windows machine. I use this method successfully on several Centos5 boxes and one Centos6 (32bit) machine as well. However, on this latest one, I get inconsistent results with ssh. This is a server, SELINUX is disabled, it's command line only, and I have installed sendmail, apache, vsftpd (but haven't used the last two yet). The machine is connnected internally only (behind NAT), so is invisible to the outside world. In a successful use of SSH just after installing the needed software, I installed the DSA keys so no password is used. Subsequent to that, and at seemingly unpredictable frequent attempts, I get results such as a) A successful SSH login as desired. Variious commands, sucn as "ls" and such, work fine. b) A successful login, but a write failure with whatever I enter next c) Connection refused d) A request for password (followed by failure) I can't seem to connect these various errors with any activity on the server -- I'm monitoring /var/log/messages /var/log/secure and /var/log/audit/audit.log, on a terminal directly attached to the server. The server, and my windows box (which is my admin box) are on the same internal IPV4 network (192.168.xxx.xxx), all controlled by a Centos5 gateway running just fine which provides DHCP and NAT when needed. I haven't been able to correlate these failures with anything I do; there's no indication on the server that anything is happening. Of course, when the SSH login succeeds, there's a notation in the logs, but no evidence of the failures. I tend to get "best" results after a bootstrap, With no evidence of anything abnormal showing up in the logs, it's not clear where to look. I would appreciate some clues as to where to look next. The server seems to have functioning internet access through the gateway. I can easily redo the install if needed. The hardware was previously running Win7, so I suspect it's good hardware. It's a roll-you-own machine built with components from Fry's, so don't ask me for the model name :-) I'd appreciate advice or guidance. David Kurn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sieveshell fails to start on CentOS 6.0
On 8/10/2011 2:28 PM, Simon Matter wrote: >> On 8/10/2011 2:00 PM, Simon Matter wrote: I don't know if this is the right place to report this or not. I am building a new server on a 64 bit CentOS 6.0 platform. [root@newmick ~]# cat /etc/redhat-release CentOS Linux release 6.0 (Final) [root@newmick ~]# uname -a Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux Mail subsystem consists of: sendmail spamassassin spamass-milter cyrus-imap All of these appear to be working. Mail sent to the system appears in the inbox of the user it is sent to. My problem: I am unable to get the cyrus sieve to work. Attempting to run sieveshell to load the filter fails as shown below. [harold@newmick ~]$ sieveshell localhost connecting to localhost unable to connect to server at /usr/bin/sieveshell line 170. [harold@newmick ~]$ >>> Maybe sieveshell tries to connect to the wrong port? Did you try >>> sieveshell localhost:sieve >>> >> [harold@newmick ~]$ sieveshell localhost:sieve >> connecting to localhost:sieve >> connect: Connection refused >> unable to connect to server at /usr/bin/sieveshell line 170. >> [harold@newmick ~]$ sieveshell localhost:2000 >> connecting to localhost:2000 >> unable to connect to server at /usr/bin/sieveshell line 170. >> [harold@newmick ~]$ > And on which port does it listen for sieve? Note that port 2000 is not the > managesieve port anymore. > [root@newmick etc]# grep sieve /etc/services sieve-filter2000/tcpcisco-sccp # Sieve Mail Filter Daemon sieve-filter2000/udpcisco-sccp # Sieve Mail Filter Daemon sieve 4190/tcp# ManageSieve Protocol [root@newmick etc]# [harold@newmick ~]$ sieveshell localhost:4190 connecting to localhost:4190 connect: Connection refused unable to connect to server at /usr/bin/sieveshell line 170. [harold@newmick ~]$ I checked /etc/services, and it's 4190 and not 2000. But 4190 fails just the same. Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sieveshell fails to start on CentOS 6.0
> On 8/10/2011 2:00 PM, Simon Matter wrote: >>> I don't know if this is the right place to report this or not. >>> >>> I am building a new server on a 64 bit CentOS 6.0 platform. >>> >>> [root@newmick ~]# cat /etc/redhat-release >>> CentOS Linux release 6.0 (Final) >>> [root@newmick ~]# uname -a >>> Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP >>>Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux >>> >>> Mail subsystem consists of: >>>sendmail >>>spamassassin >>>spamass-milter >>>cyrus-imap >>> >>> All of these appear to be working. Mail sent to the system >>> appears in the inbox of the user it is sent to. >>> >>> My problem: >>> >>> I am unable to get the cyrus sieve to work. Attempting to run >>> sieveshell to load the filter fails as shown below. >>> >>> [harold@newmick ~]$ sieveshell localhost >>> connecting to localhost >>> unable to connect to server at /usr/bin/sieveshell line 170. >>> [harold@newmick ~]$ >> Maybe sieveshell tries to connect to the wrong port? Did you try >> sieveshell localhost:sieve >> > [harold@newmick ~]$ sieveshell localhost:sieve > connecting to localhost:sieve > connect: Connection refused > unable to connect to server at /usr/bin/sieveshell line 170. > [harold@newmick ~]$ sieveshell localhost:2000 > connecting to localhost:2000 > unable to connect to server at /usr/bin/sieveshell line 170. > [harold@newmick ~]$ And on which port does it listen for sieve? Note that port 2000 is not the managesieve port anymore. Simon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux prohibiting sssd usage
On Wed, 10 Aug 2011, Daniel J Walsh wrote: > I am adding the allow rule to allow http_git_script_t to resolve > usernames to Fedora and Rhel policies. Thanks, Dan! I'm a big fan of the work you've done integrating RHEL and SELinux, and improving SELinux in general. Do you have a diff or policy fragment I can use until your changes appear in CentOS? -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sieveshell fails to start on CentOS 6.0
On 8/10/2011 2:00 PM, Simon Matter wrote: >> I don't know if this is the right place to report this or not. >> >> I am building a new server on a 64 bit CentOS 6.0 platform. >> >> [root@newmick ~]# cat /etc/redhat-release >> CentOS Linux release 6.0 (Final) >> [root@newmick ~]# uname -a >> Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP >>Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux >> >> Mail subsystem consists of: >>sendmail >>spamassassin >>spamass-milter >>cyrus-imap >> >> All of these appear to be working. Mail sent to the system >> appears in the inbox of the user it is sent to. >> >> My problem: >> >> I am unable to get the cyrus sieve to work. Attempting to run >> sieveshell to load the filter fails as shown below. >> >> [harold@newmick ~]$ sieveshell localhost >> connecting to localhost >> unable to connect to server at /usr/bin/sieveshell line 170. >> [harold@newmick ~]$ > Maybe sieveshell tries to connect to the wrong port? Did you try > sieveshell localhost:sieve > [harold@newmick ~]$ sieveshell localhost:sieve connecting to localhost:sieve connect: Connection refused unable to connect to server at /usr/bin/sieveshell line 170. [harold@newmick ~]$ sieveshell localhost:2000 connecting to localhost:2000 unable to connect to server at /usr/bin/sieveshell line 170. [harold@newmick ~]$ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] libsafe on CentOS 5.6
Hello all, IIRC, libsafe was officially included in previous versions of Redhat. However, I found that libsafe is not on CentOS 5.6 yum repo. Is that any reason that such a good library like libsafe is excluded? Maybe is there any better alternative for libsafe recently? Regards, Nguyen Vu Hung ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux prohibiting sssd usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/10/2011 01:59 PM, Paul Heinlein wrote: > On Wed, 10 Aug 2011, david wrote: > >> At 09:32 AM 8/10/2011, you wrote: >>> Part of the environment is gitweb, which works as expected with >>> one glitch: SELinux doesn't allow gitweb.cgi to query sssd to >>> display who owns the repositories. [] >> >> Paul >> >> I've just spent three days trying to figure out why SSH worked >> sometimes, sometimes not. Just minutes before your note arrived, I >> figured I had to disable SELINUX, and now it works just fine. >> Your note confirmed that there's a link there. > > I haven't had any trouble with ssh. I'll note that the system in > question gets user account information from ldap. > > Oddly, when using sssd+ldap, getent without a specific key won't > return ldap account information, but with a key it will. That is, > "getent passwd" will return only accounts in the local /etc/passwd > database, but "getent passwd bob" will return ldap-supplied > information about user bob. > I am adding the allow rule to allow http_git_script_t to resolve usernames to Fedora and Rhel policies. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5CyoYACgkQrlYvE4MpobMtJACfdV+snqKEs+kM3PaK1JLssEFv C0UAoJrBvbuUNgDC6qdx+pbQOTtMDTqx =77oc -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sieveshell fails to start on CentOS 6.0
I don't know if this is the right place to report this or not.
I am building a new server on a 64 bit CentOS 6.0 platform.
[root@newmick ~]# cat /etc/redhat-release
CentOS Linux release 6.0 (Final)
[root@newmick ~]# uname -a
Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP
Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux
Mail subsystem consists of:
sendmail
spamassassin
spamass-milter
cyrus-imap
All of these appear to be working. Mail sent to the system
appears in the inbox of the user it is sent to.
My problem:
I am unable to get the cyrus sieve to work. Attempting to run
sieveshell to load the filter fails as shown below.
[harold@newmick ~]$ sieveshell localhost
connecting to localhost
unable to connect to server at /usr/bin/sieveshell line 170.
[harold@newmick ~]$
I have googled the error message and can find entries going
back as far as the early 2000's. Nothing recent which seems
to apply.
Details:
[root@newmick etc]# telnet localhost sieve
Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.el6"
"SASL" ""
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
"STARTTLS"
OK
[root@newmick etc]# telnet 127.0.0.1 sieve
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.el6"
"SASL" ""
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
"STARTTLS"
OK
The following subsystems are running:
[root@newmick ~]# service --status-all | grep running
abrtd (pid 2538) is running...
acpid (pid 1768) is running...
atd (pid 2557) is running...
auditd (pid 2604) is running...
automount (pid 1894) is running...
avahi-daemon (pid 1743) is running...
crond (pid 2546) is running...
cyrus-imapd (pid 13884) is running...
hald (pid 1777) is running...
ip6tables: Firewall is not running.
iptables: Firewall is not running.
irqbalance (pid 1577) is running...
mdmonitor (pid 1621) is running...
messagebus (pid 1731) is running...
rpc.statd (pid 1609) is running...
rpcbind (pid 1591) is running...
rpc.idmapd (pid 1656) is running...
rsyslogd (pid 1536) is running...
saslauthd (pid 2472) is running...
sendmail (pid 2510) is running...
sm-client (pid 2519) is running...
slapd (pid 1877) is running...
spamass-milter (pid 2528) is running...
spamd (pid 9308) is running...
openssh-daemon (pid 1912) is running...
xinetd (pid 1920) is running...
[root@newmick ~]#
Notes on the above... Firewall is NOT running.
saslauthd is running.
slapd is running.
No errors in the selinux audit logs.
Configuration files look like this:
[root@newmick etc]# cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/tls/certs/cyrus.pem
tls_key_file: /etc/pki/tls/certs/cyrus.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13
[root@newmick etc]#
[root@newmick etc]# cat /etc/cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
# imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
# pop3 cmd="pop3d" listen="pop3" prefork=3
# pop3scmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntpscmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp"
prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
[root@newmick etc]#
What other information do you need? Is there something obvious I
have missed?
I tried to send this with a "rpm -qa" attached, but my mail server timed
out. too big I guess...
Harol
Re: [CentOS] sieveshell fails to start on CentOS 6.0
> I don't know if this is the right place to report this or not. > > I am building a new server on a 64 bit CentOS 6.0 platform. > > [root@newmick ~]# cat /etc/redhat-release > CentOS Linux release 6.0 (Final) > [root@newmick ~]# uname -a > Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP > Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux > > Mail subsystem consists of: > sendmail > spamassassin > spamass-milter > cyrus-imap > > All of these appear to be working. Mail sent to the system > appears in the inbox of the user it is sent to. > > My problem: > > I am unable to get the cyrus sieve to work. Attempting to run > sieveshell to load the filter fails as shown below. > > [harold@newmick ~]$ sieveshell localhost > connecting to localhost > unable to connect to server at /usr/bin/sieveshell line 170. > [harold@newmick ~]$ Maybe sieveshell tries to connect to the wrong port? Did you try sieveshell localhost:sieve Simon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux prohibiting sssd usage
On Wed, 10 Aug 2011, david wrote: > At 09:32 AM 8/10/2011, you wrote: >> Part of the environment is gitweb, which works as expected with one >> glitch: SELinux doesn't allow gitweb.cgi to query sssd to display >> who owns the repositories. [] > > Paul > > I've just spent three days trying to figure out why SSH worked > sometimes, sometimes not. Just minutes before your note arrived, I > figured I had to disable SELINUX, and now it works just fine. Your > note confirmed that there's a link there. I haven't had any trouble with ssh. I'll note that the system in question gets user account information from ldap. Oddly, when using sssd+ldap, getent without a specific key won't return ldap account information, but with a key it will. That is, "getent passwd" will return only accounts in the local /etc/passwd database, but "getent passwd bob" will return ldap-supplied information about user bob. -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sieveshell fails to start on CentOS 6.0
I don't know if this is the right place to report this or not.
I am building a new server on a 64 bit CentOS 6.0 platform.
[root@newmick ~]# cat /etc/redhat-release
CentOS Linux release 6.0 (Final)
[root@newmick ~]# uname -a
Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP
Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux
Mail subsystem consists of:
sendmail
spamassassin
spamass-milter
cyrus-imap
All of these appear to be working. Mail sent to the system
appears in the inbox of the user it is sent to.
My problem:
I am unable to get the cyrus sieve to work. Attempting to run
sieveshell to load the filter fails as shown below.
[harold@newmick ~]$ sieveshell localhost
connecting to localhost
unable to connect to server at /usr/bin/sieveshell line 170.
[harold@newmick ~]$
I have googled the error message and can find entries going
back as far as the early 2000's. Nothing recent which seems
to apply.
Details:
[root@newmick etc]# telnet localhost sieve
Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.el6"
"SASL" ""
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
"STARTTLS"
OK
[root@newmick etc]# telnet 127.0.0.1 sieve
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.el6"
"SASL" ""
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
"STARTTLS"
OK
The following subsystems are running:
[root@newmick ~]# service --status-all | grep running
abrtd (pid 2538) is running...
acpid (pid 1768) is running...
atd (pid 2557) is running...
auditd (pid 2604) is running...
automount (pid 1894) is running...
avahi-daemon (pid 1743) is running...
crond (pid 2546) is running...
cyrus-imapd (pid 13884) is running...
hald (pid 1777) is running...
ip6tables: Firewall is not running.
iptables: Firewall is not running.
irqbalance (pid 1577) is running...
mdmonitor (pid 1621) is running...
messagebus (pid 1731) is running...
rpc.statd (pid 1609) is running...
rpcbind (pid 1591) is running...
rpc.idmapd (pid 1656) is running...
rsyslogd (pid 1536) is running...
saslauthd (pid 2472) is running...
sendmail (pid 2510) is running...
sm-client (pid 2519) is running...
slapd (pid 1877) is running...
spamass-milter (pid 2528) is running...
spamd (pid 9308) is running...
openssh-daemon (pid 1912) is running...
xinetd (pid 1920) is running...
[root@newmick ~]#
Notes on the above... Firewall is NOT running.
saslauthd is running.
slapd is running.
No errors in the selinux audit logs.
Configuration files look like this:
[root@newmick etc]# cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/tls/certs/cyrus.pem
tls_key_file: /etc/pki/tls/certs/cyrus.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13
[root@newmick etc]#
[root@newmick etc]# cat /etc/cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
# imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
# pop3 cmd="pop3d" listen="pop3" prefork=3
# pop3scmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntpscmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp"
prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
[root@newmick etc]#
What other information do you need? Is there something obvious I
have missed?
and finally, a list of everything installed...
[root@newmick etc]# rpm -qa | sort
ConsoleKit-0.4.1-3.el
Re: [CentOS] selinux prohibiting sssd usage
On Wed, 10 Aug 2011, Adam Wead wrote: > I can't think of any booleans off-hand, but you might try moving the > location of the gitweb.cgi to a folder where SELinux expects cgi > executables to be, such as /var/www. Then if you relabel, it might > put it in the correct security context to fix the error. This is > how I solve about 90% of my SELinux problems... just moving the > files to the right location. There's a whole httpd_git_* slew of labels in CentOS 6 -- and I'm using the stock gitweb RPM -- so I'd rather fix it as-is so package updates have fewer special instructions down the road. > Systems and Digital Collections Librarian > Rock and Roll Hall of Fame and Museum Hands-down, the coolest job title I've seen on the centos mailing list! -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux prohibiting sssd usage
At 09:32 AM 8/10/2011, you wrote:
>I've got a CentOS 6 machine that's slated to go into production
>providing some web and development-repository services.
>
>Part of the environment is gitweb, which works as expected with one
>glitch: SELinux doesn't allow gitweb.cgi to query sssd to display who
>owns the repositories.
>
>The audit log entries are pretty straightforward, e.g.,
>
>type=AVC msg=audit(): avc: denied { search } for
>pid= comm="gitweb.cgi" name="sss" dev=XXX ino=XXX
>scontext=unconfined_u:system_r:httpd_git_script_t:s0
>tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir
>
>I'll use audit2allow to build a custom policy if need be, but what I'd
>really like to hear is that there's an SELinux boolean that can be
>tweaked or a file context that can be altered to make things work as
>expected.
>
>--
>Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
>_
Paul
I've just spent three days trying to figure out why SSH worked
sometimes, sometimes not. Just minutes before your note arrived, I
figured I had to disable SELINUX, and now it works just fine. Your
note confirmed that there's a link there.
David Kurn
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux prohibiting sssd usage
I can't think of any booleans off-hand, but you might try moving the
location of the gitweb.cgi to a folder where SELinux expects cgi executables
to be, such as /var/www. Then if you relabel, it might put it in the
correct security context to fix the error. This is how I solve about 90% of
my SELinux problems... just moving the files to the right location.
Adam Wead
Systems and Digital Collections Librarian
Rock and Roll Hall of Fame and Museum
216.515.1960 (t)
215.515.1964 (f)
On Wed, Aug 10, 2011 at 12:32 PM, Paul Heinlein wrote:
> I've got a CentOS 6 machine that's slated to go into production
> providing some web and development-repository services.
>
> Part of the environment is gitweb, which works as expected with one
> glitch: SELinux doesn't allow gitweb.cgi to query sssd to display who
> owns the repositories.
>
> The audit log entries are pretty straightforward, e.g.,
>
> type=AVC msg=audit(): avc: denied { search } for
> pid= comm="gitweb.cgi" name="sss" dev=XXX ino=XXX
> scontext=unconfined_u:system_r:httpd_git_script_t:s0
> tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir
>
> I'll use audit2allow to build a custom policy if need be, but what I'd
> really like to hear is that there's an SELinux boolean that can be
> tweaked or a file context that can be altered to make things work as
> expected.
>
> --
> Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] selinux prohibiting sssd usage
I've got a CentOS 6 machine that's slated to go into production
providing some web and development-repository services.
Part of the environment is gitweb, which works as expected with one
glitch: SELinux doesn't allow gitweb.cgi to query sssd to display who
owns the repositories.
The audit log entries are pretty straightforward, e.g.,
type=AVC msg=audit(): avc: denied { search } for
pid= comm="gitweb.cgi" name="sss" dev=XXX ino=XXX
scontext=unconfined_u:system_r:httpd_git_script_t:s0
tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir
I'll use audit2allow to build a custom policy if need be, but what I'd
really like to hear is that there's an SELinux boolean that can be
tweaked or a file context that can be altered to make things work as
expected.
--
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setting up bare minimal CentOS VM
From: Rudi Ahlers > Does anyone know where (if?) I can get a list of applications which > gets installed with CentOS 6 if every option is deselected in the > installer so that I can see what I can remove which isn't really > necessary once installed? Maybe try something like: grep '\|mandatory\|default' /PATH/TO/REPO/6/os/x86_64/repodata/*comps.xml | sed 's/<[a-z/]*>//g; s/' ' ' JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase audio volume
On Wed, 10 Aug 2011, m.r...@5-cent.us wrote: > To: CentOS mailing list > From: m.r...@5-cent.us > Subject: Re: [CentOS] Increase audio volume > > Juan C. Valido wrote: >> Is there a way to increase the audio volume on CentOS 6. I have it set >> at the max and still very low. Thank you. > > How 'bout system-config-soundcard? > >mark Also check out alsamixer from the command line, as that sometimes shows control that are not always listed in the other mixers. Kind Regards, Keith Roberts - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase audio volume
Juan C. Valido wrote: > Is there a way to increase the audio volume on CentOS 6. I have it set > at the max and still very low. Thank you. How 'bout system-config-soundcard? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Two Samba Servers and Rsync
On Tue, 9 Aug 2011, John R Pierce wrote: > On 08/09/11 12:50 PM, Railic Njegos wrote: >> I plan to use rsync to sync data from second to first server. It is OK ? >> Any suggestion ? > > rsync doesn't much tolerate network glitches in my experience. its > also a incremental file backup/copy, and won't be doing a 'snapshot' so > if any of these files you're copying are things that are randomly > updated like a database, its quite possible for the copy to be useless. > > as a backup strategy, having a single copy that you overwrite when you > make a new copy is weak. you have no history, you can't recover the file > that the user overwrote 2 days ago and forgot to tell you until today, > as you just overwrote your backup with his mistake last night. There is also rdiff-backup if you need history. Of course it is not a perfect solution either. Any solution is going to have trade offs. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase audio volume
On Wed, 2011-08-10 at 09:55 -0400, Earl Ramirez wrote: > > > On Wed, Aug 10, 2011 at 9:51 AM, Juan C. Valido > wrote: > Is there a way to increase the audio volume on CentOS 6. I > have it set > at the max and still very low. Thank you. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > Hi Juan, > > Have you tried adjusting the volume under System -> Preference -> > Sound? > > There you can increase the volume as well even for each application. > > -- > Kind Regards > Earl Ramirez > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos Yes, I have that to the max also, I may try to install a sound card. Thanks... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setting up bare minimal CentOS VM
+1 I use Cobbler/KOAN all the time... And setting up a bare bones VM - super trivial... On Wed, 10 Aug 2011, Tom Diehl wrote: > On Tue, 9 Aug 2011, John R Pierce wrote: > >> On 08/09/11 4:02 PM, Craig White wrote: >>> you have a complete kickstart script written for you already... >>> >>> /root/anaconda-ks.cfg >> >> speaking of kickstart... I may need to setup a portable kickstart >> server for CentOS 6 , and I've never really messed with it... how do >> you supply the ks.cfg file when you're PXE booting and have no CD or floppy? >> >> is there a good how-to on setting up kickstart servers for EL6 ? >> >> redhat can't be serious when they say... >> >> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-netboot-pxe-config.html >> >>30.2. PXE Boot Configuration >> >>The next step is to copy the files necessary to start the >>installation to the tftp server so they can be found when the client >>requests them. The tftp server is usually the same server as the >>network server exporting the installation tree. >> >>(end of section) >> >> >> like, *WHAT* files?? does anyone PROOF READ this stuff ?!? (yeah, I >> know, this is upstream's problem, not CentOS...) > > You might want to look at https://fedorahosted.org/cobbler/ > > Regards, > > -- > Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setting up bare minimal CentOS VM
On Tue, 9 Aug 2011, John R Pierce wrote: > On 08/09/11 4:02 PM, Craig White wrote: >> you have a complete kickstart script written for you already... >> >> /root/anaconda-ks.cfg > > speaking of kickstart... I may need to setup a portable kickstart > server for CentOS 6 , and I've never really messed with it... how do > you supply the ks.cfg file when you're PXE booting and have no CD or floppy? > > is there a good how-to on setting up kickstart servers for EL6 ? > > redhat can't be serious when they say... > > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-netboot-pxe-config.html > >30.2. PXE Boot Configuration > >The next step is to copy the files necessary to start the >installation to the tftp server so they can be found when the client >requests them. The tftp server is usually the same server as the >network server exporting the installation tree. > >(end of section) > > > like, *WHAT* files?? does anyone PROOF READ this stuff ?!? (yeah, I > know, this is upstream's problem, not CentOS...) You might want to look at https://fedorahosted.org/cobbler/ Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setting up bare minimal CentOS VM
On Tue, 9 Aug 2011, Craig White wrote: > > On Aug 9, 2011, at 3:40 PM, John R Pierce wrote: > >> On 08/09/11 3:10 PM, Rudi Ahlers wrote: >>> Does anyone know where (if?) I can get a list of applications which >>> gets installed with CentOS 6 if every option is deselected in the >>> installer so that I can see what I can remove which isn't really >>> necessary once installed? >> >> rpm -qa >> >> (after doing that minimal install) >> >> "really isn't neccessary" is highly subjective, noone else can make that >> call for you. > > sheesh... > > after doing that minimal install, you have a complete kickstart script > written for you already... > > /root/anaconda-ks.cfg > > I can't believe that no one actually picked up on that In C6 this is very broken!! It is not useful. Sometimes it shows the packages that were installed and most of the time it does not. In addition, it does not even get the disk layout right. If I take what is in anaconda-ks.cfg and paste it into a kickstart file. It blows chunks. Sometimes I can figure out what is wrong but other times I cannot get it to work. I fought with a software raid 1 setup yesterday and never did get it to work. At some point I need to file a bug wrt this but I have not taken the time to do it yet. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] keyboard problem
On Tuesday, August 09, 2011 01:29:09 PM bcb wrote: > OK, I know what I'm doing is "officially unsupported", ... > I have a CentOS 5.6 system running as a virtual machine using VMware > player. I cloned the system, booted the clone to make sure everything > worked after cloning, it did. I then booted off a CentOS 6 ISO and did an > upgrade (I know, unsupported!). I've got the system to the point where > everything works except the keyboard. Well, I ran into an ephemeral issue yesterday during a scratch install of C6 onto VMware ESX 3.5U5 (also not supported, but this time it's unsupported by VMware, not by CentOS). The install went well, and the initial update (200+ packages or so) went well, but the first reboot did not. I got a 'prefdm respawning too fast' issue and a text-mode console; I switched to a different VC, logged in as root, and issued a startx. Both the keyboard and mouse went away, and I could neither click on anything nor even switch to a different VC. I had to reset the VM hard, and was expecting a long day of troubleshooting, but when it rebooted that time it came up without issue, and everything works ok. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] setting the screen background with gconftool-2
I centos 5 I can run this command: su myuser -c "/usr/bin/gconftool-2 -t string --set /desktop/gnome/background/picture_filename /usr/share/backgrounds/images/mypic.png" and this works fine. under centos 6 it does not appear to be working... I can run the similiar --get command and it tells me its set to what I asked for. However the screen is not showing mypic.png I can use gconf-editor to set it manually and it works. I looked to see if gconfd-2 is running and it is. What might be happening that the screen is not changing and showing the actual pic? Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase audio volume
On Wed, Aug 10, 2011 at 9:51 AM, Juan C. Valido wrote: > Is there a way to increase the audio volume on CentOS 6. I have it set > at the max and still very low. Thank you. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Hi Juan, Have you tried adjusting the volume under System -> Preference -> Sound? There you can increase the volume as well even for each application. -- Kind Regards Earl Ramirez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using Samba to share Apache web root, securely
On Tuesday, August 09, 2011 05:34:52 PM Trey Dockendorf wrote: > That will probably be the best option while we move these sites to a CMS. > The users are accustomed to using Windows drive letters that are mapped by > our AD to access their content, and I'd like to have to leave that intact > for now. Just as a pointer, have you looked at some form of WebDAV? Many CMS's (Plone, for instance) can do WebDAV out of the box, and it's rather transparent, especially with a frontend like Enfold Desktop. You could then migrate one user at a time, even, if you stage it properly. It seems to be more efficient and at least as secure as SMB/CIFS shares are. And requires many fewer network 'concessions' to the protocol involved On the first page of a google search for 'WebDAV "mapped drive letter"' I find: http://systembash.com/content/map-drive-letter-sftp-ssh-review/ which looks pretty interesting to me ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Increase audio volume
Is there a way to increase the audio volume on CentOS 6. I have it set at the max and still very low. Thank you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Two Samba Servers and Rsync
Backuppc is better solutions? Anyone similar software for this problem ? On Wed, Aug 10, 2011 at 3:03 PM, Les Mikesell wrote: > On 8/10/11 1:20 AM, Railic Njegos wrote: >> I plan to use copy as backup, because second server will be old >> physical computer(about 2TB disk) >> in remote office and first server will be virtual machine on storage. >> On first server i plan to >> have one folder where i plan to copy over rsync all files from second server. > > That plan will work, but it won't protect against things like accidental > deletions or overwriting important files that aren't noticed until after the > next rsync run wipes out your copy. Backuppc or a similar backup framework > can > keep a history of copies online and cover both scenarios. Backuppc is > particularly nice in that it's compression and pooling makes it not use a lot > of > space for the history and it provides a web interface for browsing the backups > and restoring - and you can download files directly from the browser if you > want. 2TB is a lot to copy remotely, though. You may want to use some other > means to get the initial copy over - like copying to an external drive. Once > the > first copy is in place rsync will only need to copy the changes. > > -- > Les Mikesell > lesmikes...@gmail.com > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tweek startup and logon
On Wed, 2011-08-10 at 12:22 +0200, Johan Vermeulen wrote: > how can I always see the text lines during startup? (so no graphical > screen ) /boot/grub/grub.conf >>> kernel /boot/vmlinuz-2.6.18-238.el5 ro root=LABEL=d6sys rhgb quiet remove "rhgb quiet" Kopie kopie :-) -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos6 Migration glitch - Samba
On Mon, 8 Aug 2011, Craig White wrote: > > On Aug 8, 2011, at 12:46 PM, david wrote: > >> Folks >> >> My experiments have shown that Samba behaves differently in Centos >> 5.6 and Centos 6 (updated). >> >> In Centos 5, >> service smb restart >> restarts both smb and nmb. >> >> In Centos 6, however, it restarts only smb. >> >> REMEDY: >> a) Make sure that both services running >> b) Issue >> chkconfig smb on >> chkconfig nmb on >> >> IS THIS THE DESIRED BEHAVIOR >> I have no idea if this difference is a "bug" or a "feature", and >> leave it to others to determine that. > > feature - been that way in Fedora for many versions now. It is also that way in Centos 5 if you run samba3x. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Two Samba Servers and Rsync
On 8/10/11 1:20 AM, Railic Njegos wrote: > I plan to use copy as backup, because second server will be old > physical computer(about 2TB disk) > in remote office and first server will be virtual machine on storage. > On first server i plan to > have one folder where i plan to copy over rsync all files from second server. That plan will work, but it won't protect against things like accidental deletions or overwriting important files that aren't noticed until after the next rsync run wipes out your copy. Backuppc or a similar backup framework can keep a history of copies online and cover both scenarios. Backuppc is particularly nice in that it's compression and pooling makes it not use a lot of space for the history and it provides a web interface for browsing the backups and restoring - and you can download files directly from the browser if you want. 2TB is a lot to copy remotely, though. You may want to use some other means to get the initial copy over - like copying to an external drive. Once the first copy is in place rsync will only need to copy the changes. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fail2ban help
On 9/8/2011 7:00 μμ, centos-requ...@centos.org wrote:
>> > Hello list.
>> > I have a question for fail2ban for bad logins on sasl.
>> > I use sasl, sendmail and cyrus-imapd.
>> > In jail.conf I use the following syntax:
>> >
>> > [sasl-iptables]
>> >
>> > enabled = true
>> > filter = sasl
>> > backend = polling
>> > action = iptables[name=sasl, port=smtp, protocol=tcp]
>> >sendmail-whois[name=sasl, dest=my@email]
>> > logpath = /var/log/maillog
>> > maxretry = 6
>> >
>> > and the following filter:
>> >
>> > failregex = (?i): warning: [-._\w]+\[\]: SASL
>> > (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
>> > [A-Za-z0-9+/]*={0,2})?$
>> >
>> > in iptables:
>> >
>> > fail2ban-sasl tcp -- anywhere anywheretcp
>> > dpt:smtp
>> > ...
>> >
>> > Chain fail2ban-sasl (2 references)
>> > target prot opt source destination
>> > RETURN all -- anywhere anywhere
>> >
>> >
>> > The problem is that never ban bad logins.
>> >
>> > I tried to change action as port="imap,imaps,pop3,pop3s,smtp" but
>> > nothing change.
>> >
>> > Can somebody help me?
>> >
>> > Thank you,
>> > Nikos
>> >
>> >
>> >
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > http://lists.centos.org/mailman/listinfo/centos
> Hello Nikos,
> I have nearly the same regex as you:
>
> failregex = : warning: [-._\w]+\[\]: SASL
> (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed.*
> and it works with
> fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/sasl.conf
>
>
> Gru?
Hello list
I change failregex and finally show results!
failregex = : badlogin: [-._\w]+ \[\] plaintext [A-Za-z0-9+/]
SASL\(-13\): authentication failure: checkpass failed
fail2ban-regex find hits.
However, although a line added in iptables and I recieve an email that
show the ban ip address, badlogins still continuing from the same IP.
iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-sasl tcp -- anywhere anywheretcp
dpt:smtp
fail2ban-SSH tcp -- anywhere anywheretcp dpt:ssh
...
Chain fail2ban-sasl (1 references)
target prot opt source destination
DROP all -- [ip.ip.ip.ip] anywhere
RETURN all -- anywhere anywhere
What is wrong now?
Thank you
Nikos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antwort: tweek startup and logon
Hello Andreas, yes, indeed, that worked! I'm back in the old-style boot and logon. Many thanks! greetings, James Op 10-08-11 12:29, Andreas Reschke schreef: centos-boun...@centos.org schrieb am 10.08.2011 12:22:26: > Johan Vermeulen > Gesendet von: centos-boun...@centos.org > > 10.08.2011 12:22 > > Bitte antworten an > CentOS mailing list > > An > > CentOS mailing list > > Kopie > > Thema > > [CentOS] tweek startup and logon > > Dear All, > > CentOs 6 is great, but I would like to get back 2 things from 5.6 : > > how can I always see the text lines during startup? (so no graphical screen ) > how can I not see all the users on the system when loging on? (so > that users also have to remember their username) > > thanks for any advise. > > James > -- > Johan Vermeulen > IT-medewerker > Caw De Kempen > johan.vermeu...@cawdekempen.be > 0479.82.01.41 > > Opensource Software is the future. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos Hi Johan, 1. look for this 2 words: "rhgb quiet" in in "/boot/grub/grub.conf and remove them 2. sudo -u gdm gconftool-2 --type bool --set /apps/gdm/simple-greeter/disable_user_list true Hope this helps Gruß Andreas Reschke BG-IM173 Unix/Linux-Administration Siemensstrasse 164 70469 Stuttgart Behr GmbH & Co. KG ST B29, 3.OG Tel.: +49 711 896-4598 Fax: ++49 711-8902-4598 Mobil: 0173-3197397 andreas.resc...@behrgroup.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: tweek startup and logon
centos-boun...@centos.org schrieb am 10.08.2011 12:22:26: > Johan Vermeulen > Gesendet von: centos-boun...@centos.org > > 10.08.2011 12:22 > > Bitte antworten an > CentOS mailing list > > An > > CentOS mailing list > > Kopie > > Thema > > [CentOS] tweek startup and logon > > Dear All, > > CentOs 6 is great, but I would like to get back 2 things from 5.6 : > > how can I always see the text lines during startup? (so no graphical screen ) > how can I not see all the users on the system when loging on? (so > that users also have to remember their username) > > thanks for any advise. > > James > -- > Johan Vermeulen > IT-medewerker > Caw De Kempen > johan.vermeu...@cawdekempen.be > 0479.82.01.41 > > Opensource Software is the future. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos Hi Johan, 1. look for this 2 words: "rhgb quiet" in in "/boot/grub/grub.conf and remove them 2. sudo -u gdm gconftool-2 --type bool --set /apps/gdm/simple-greeter/disable_user_list true Hope this helps Gruß Andreas Reschke BG-IM173 Unix/Linux-Administration Siemensstrasse 164 70469 Stuttgart Behr GmbH & Co. KG ST B29, 3.OG Tel.: +49 711 896-4598 Fax: ++49 711-8902-4598 Mobil: 0173-3197397 andreas.resc...@behrgroup.com___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] tweek startup and logon
Dear All, CentOs 6 is great, but I would like to get back 2 things from 5.6 : how can I always see the text lines during startup? (so no graphical screen ) how can I *not *see all the users on the system when loging on? (so that users also have to remember their username) thanks for any advise. James -- Johan Vermeulen IT-medewerker Caw De Kempen johan.vermeu...@cawdekempen.be 0479.82.01.41 Opensource Software is the future. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Intel 82599 driver?
On Friday, August 05, 2011 05:25:13 PM Les Mikesell wrote: > On 8/5/2011 9:46 AM, Peter Kjellström wrote: > > Our X520 are still stable except for one recent problem, 2.6.18-238.9.1 > > -> 2.6.18-238.12.1 broke it quite bad. With 238.12.1 our servers start > > dropping all incomming packets after a while. Sanity can be (temporarily > > restored with a "ethtool --negotiate ethX"). > > > > We are currently running a kernel that excludes: > > linux-2.6-net-ixgbe-fix-for-82599-erratum-on-header-splitting.patch > > > > since that's what seems to break our setup. > > Has the bug been reported upstream? Nope, due to: 1) no reproducer and 2) the "next" EL kernel will have a new major version of the driver code making it quite pointless to invest effort/time in the 2.x driver. If more information surfaces (maybe in this thread) and/or the problem persists with the 3.x driver then a bz will most likely be created. /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setting up bare minimal CentOS VM
On Wed, 10 Aug 2011, Rudi Ahlers wrote: *snip* > Hi Scott, > > I didn't know about the minimal CD until now. > > And it's not really about "trimming a few extra megs", but rather > about removing, and disabling services which users generally won't use > but gets installed and often cause security issues down the road cause > it was never disabled My ALI scripts should be able to handle setting up which services are running from bootup. That's what I wrote them for ;) http://www.karsites.net/centos/anyuser/auto-linux-installer.php Once those scripts have been setup and configured for a particular machine, I can do a minimal fresh kickstart installation in 20-30 minutes. The rest can be downloaded and installed overnight while I'm sleeping :) Also you can use a USB flash drive for storing your kickstart file. Please see my Fedora guide 'Putting a kickstart file onto USB flash drive' here: http://forums.fedoraforum.org/showthread.php?t=235489 Kind Regards, Keith Roberts - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Two Samba Servers and Rsync
On Wed, Aug 10, 2011 at 1:05 PM, Les Mikesell wrote: > On 8/9/11 7:37 PM, Cliff Pratt wrote: >> On Wed, Aug 10, 2011 at 8:05 AM, Les Mikesell wrote: >>> On 8/9/2011 2:50 PM, Railic Njegos wrote: Hi all, I plan to implement two file servers on CentOS 6 i a two remote location. i need to backup all data from second server on first. First server will be a virtual machine on Esxi, and second server will be physical machine. I plan to use rsync to sync data from second to first server. It is OK ? Any suggestion ? >>> >>> Rsync is probably the best thing you will find for this. As long as >>> whatever you are doing can tolerate the possible differences between >>> rsync runs it should be fine. Rysnc normally creates a new file under a >>> tmp name, renaming only when the transfer is complete so programs >>> accessing the data will only see one version or the other, not an >>> inconsistent copy as the transfer progresses. >>> >> rsync has its own issues. I still use it, but I've learned not to >> trust it completely. If you have a deep directory hierarchy and lots >> of files, it may run out of memory and crash. > > I'm not sure I'd blame rsync if you don't have enough RAM... But the 3.x > versions are probably better about that. > Well, up to a point I'd agree with you. However, I can't going to my boss and asking for more RAM to get rsync to work on top of what was specced for the app, he'd probably walk away muttering things like "Windows" My point was however not to diss a really good utility but to give some hints and tips. I started to use rsync when I had the need and everyone told me how good it was. And it is. But it does have its little quirks. > >> I've also had it fail silently to copy files. > > That's odd, unless it actually was killed by the OOM killer. > You are likely correct, but I didn't have time (at the time) to investigate further. > >> In the past I've written wrapper scripts that >> break down the rsync into several 'chunks', and check the number of >> files on source and target servers at the end. Some people run rsync >> and then immediately run it again! > > Running twice is a reasonable thing - maybe even running until no files are > changing. > Yes, indeed. Cheers, Cliff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fail2ban help
Nikos Gatsis - Qbit
Gesendet von: centos-boun...@centos.org
09.08.2011 10:40
Bitte antworten an
CentOS mailing list
An
centos@centos.org
Kopie
Thema
[CentOS] fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=my@email]
logpath = /var/log/maillog
maxretry = 6
and the following filter:
failregex = (?i): warning: [-._\w]+\[\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
[A-Za-z0-9+/]*={0,2})?$
in iptables:
fail2ban-sasl tcp -- anywhere anywheretcp
dpt:smtp
...
Chain fail2ban-sasl (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
The problem is that never ban bad logins.
I tried to change action as port="imap,imaps,pop3,pop3s,smtp" but
nothing change.
Can somebody help me?
Thank you,
Nikos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Hello Nikos,
I have nearly the same regex as you:
failregex = : warning: [-._\w]+\[\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed.*
and it works with
fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/sasl.conf
Gru?
Andreas Reschke
-
I try yours and get no matches on maillog.
Do you thing that the following is correct?
... port="imap,imaps,pop3,pop3s,smtp" ...
Thank you
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
