[CentOS-docs] Join translator group
Hey,everybody!I'd like to introduce myself into this group.My name is Christopher Meng from Beijing,China.I'm good at translating wiki pages,I now work in Fedoraproject.My aim is to translate CENTOS wiki into Simplified Chinese. -- My personal blog is http://cicku.me,hope you can visit and say something about it. Who am I:http://about.me/cicku ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-announce] CESA-2011:1851 Critical CentOS 5 krb5 Update
CentOS Errata and Security Advisory 2011:1851 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-1851.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 13b66e24262104d1a535e5d40d683de4da3847eb1b66b4430231f933af68d8a5 krb5-devel-1.6.1-63.el5_7.i386.rpm 2217c3794890bce4ed9ffe6955bed543a7c973dfebbb3bc46948e054802d4108 krb5-libs-1.6.1-63.el5_7.i386.rpm 869e0eabefe615cd7167af8cc5bb1eb107e77f26b6d45eed40ab836214e1e87f krb5-server-1.6.1-63.el5_7.i386.rpm 4bce7ce2cc6103d26833a788ac12fa5783c2458124fadd48283ee516ae3b3b0f krb5-server-ldap-1.6.1-63.el5_7.i386.rpm 74ff72965b4795c3aa25b3bb55eb0cf172517f05b71cd4b01c42fce7e1a92504 krb5-workstation-1.6.1-63.el5_7.i386.rpm x86_64: 13b66e24262104d1a535e5d40d683de4da3847eb1b66b4430231f933af68d8a5 krb5-devel-1.6.1-63.el5_7.i386.rpm 8a1a675ad00fa74748330392835b1113b1f5568f67241af1e5662f8ef85635bb krb5-devel-1.6.1-63.el5_7.x86_64.rpm 2217c3794890bce4ed9ffe6955bed543a7c973dfebbb3bc46948e054802d4108 krb5-libs-1.6.1-63.el5_7.i386.rpm e2b0de48044aed6f9f60c7ce728e83697e3c1bcc7c5d445f4b3915bc76e5fc1f krb5-libs-1.6.1-63.el5_7.x86_64.rpm 4a709c9b9b9c9c405f24a5282949619573de32e7cda13cf661b3b58c659f5bce krb5-server-1.6.1-63.el5_7.x86_64.rpm 0c67699c07c9a71f6aa33cf293ec91d737b2d81d9ff8c0c34ded40e940d6ff85 krb5-server-ldap-1.6.1-63.el5_7.x86_64.rpm 46e1ea8f197c7e94fd006ac72c6020d8b05baeeac26ff9f762dcf586af8ce3e3 krb5-workstation-1.6.1-63.el5_7.x86_64.rpm Source: 17982c402403263dc16764e2f8d9ea546bc94f7a5e2eda3bc0f1acc964ae3ba2 krb5-1.6.1-63.el5_7.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2011:1851 Critical CentOS 4 krb5 Update
CentOS Errata and Security Advisory 2011:1851 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-1851.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: ae7eff91d77062264e811abe4f12b3b158564d8e3e538c66de30b33e5e57f854 krb5-devel-1.3.4-65.el4.i386.rpm c1e001823d14741ad9fb53b7e987b70a7189e3e93e4efc36c706b67966077494 krb5-libs-1.3.4-65.el4.i386.rpm 90b52f16650bef67a0d6cd1a3c074ed499d10518857085f52b7af8d253ebbaad krb5-server-1.3.4-65.el4.i386.rpm daef8cc7d6544effbdee59eadac25c3647b559386592089b645dae81c5a34d21 krb5-workstation-1.3.4-65.el4.i386.rpm x86_64: 70b16a0d10dce2498ef5849b9c0ee56f28c49d2a7ee8ca8bd3396a0c70912bfb krb5-devel-1.3.4-65.el4.x86_64.rpm c1e001823d14741ad9fb53b7e987b70a7189e3e93e4efc36c706b67966077494 krb5-libs-1.3.4-65.el4.i386.rpm 7b9a183dbc97a0586c5d215fc362f812d37c61be3c5c62b5846d41983344a896 krb5-libs-1.3.4-65.el4.x86_64.rpm e4a5601d4971bc9d293960d9c0ce88c1a569e2631c6951710ec73b3b56438ab2 krb5-server-1.3.4-65.el4.x86_64.rpm 2abcb05e02d67f2fa465eb9816f2fcc678a3e54c6fdb9f835e50609d18381532 krb5-workstation-1.3.4-65.el4.x86_64.rpm Source: 6fee71efd6e6b9452cb7ee9190102e950f4d4001b5e086d8e728877244fc18e3 krb5-1.3.4-65.el4.src.rpm -- Tru Huynh CentOS Project { http://www.centos.org/ } irc: tru_tru, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2011:1852 Critical CentOS 6 krb5-appl Update
CentOS Errata and Security Advisory 2011:1852 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-1852.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 466dbcf8db95757ba00840de0649ed411fa0250567235a3e40c6894e08b06edb krb5-appl-clients-1.0.1-7.el6_2.i686.rpm 774dbb2d54420543d91d7436daab81b2fa5d82df88690782894f136d07794759 krb5-appl-servers-1.0.1-7.el6_2.i686.rpm x86_64: b743b093a909def7bffc2ed1a2c56293681518a60cd6d51ee2a6fe07be0180ba krb5-appl-clients-1.0.1-7.el6_2.x86_64.rpm 201ffd065ff0e4dcfa43322c563c5788b689cc6575d81bc409a7a464d06e243a krb5-appl-servers-1.0.1-7.el6_2.x86_64.rpm Source: 853a15caa8310d4e67cd792beaee51e7bd758813281d1f19b7c4473f3089a644 krb5-appl-1.0.1-7.el6_2.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CentOS 4, CentOS 5, and CentOS 6 Announce List messages
Moving forward, all CentOS Announce List messages for updates will be like the ones released today. There will no longer be a separate e-mail for each ARCH within a major version, but only one combined e-mail for each major version. This will result in 1/2 the announce list traffic as there used to be a separate i386 and x86_64 for each major version ... or in today's case, there would be 6 e-mails and not 3. If you did not receive any of the 3 announce list e-mails today and you want to to get them, please check that you have the applicable Topics checked in your profile on the CentOS Announce list here: http://lists.centos.org/mailman/listinfo/centos-announce (the last option on the page is unsubscribe or edit options ... enter the e-mail address that you have subscribed to the list, login with your password and pick the Topics you are interested in. Most of the time, people do not go back and add new Major Versions ... like CentOS 6 ... and so they are not getting e-mails for the new releases) Also, be advised that a Digested version of all the announcements goes to the main CentOS list daily, so if you are a member of that list and if a daily digest of all announcements is good enough, then you do not even need to subscribe to the CentOS Announce List separately to be informed of updates. -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net signature.asc Description: OpenPGP digital signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS-es] Una de DNS
El hecho de que en /etc/resolv.conf tengas la entrada nameserver 10.13.0.3 probablemente este reenviando la peticion de DNS al servidor de DNS que tienes en la maquina host donde instalaste VMware. Si quitas esa linea podrás mandar la resolución local, pero solo resolveras localdomain. El dominio soltiven.com no lo tienes en tu DNS local. Por eso cuando pides que resuelva, reenvia la peticion al servidor de DNS 10.13.0.3 Si quieres que rep-mgr.soltiven.com te resuelva a rep-mgr.localdomain, tendrás que añadir una entrada en /etc/hosts o en el servidor de DNS local. Miguel On 27/12/2011 13:48, reynie...@gmail.com wrote: Hola a todos, estoy tratando de configurar un DNS para hacer pruebas pero debo estar haciendo algo mal porque no me resuelve bien los NS. Tengo dos VM dentro de Vmware Workstation y cada una de ellas tiene dos interfaces de red: eth0 (que tiene la misma subred que mi tarjeta fisica, la de mi compturadora o sea la 10.13.13.x) y eth1 (que es un NAT para que las VM se vean entre ellas cuya subred es 192.168.1.x). La VM que finge como DNS tiene IP 192.168.1.2 y este es el named.conf: options { listen-on port 53 { 192.168.1.2; }; listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; recursion yes; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; zone local.domain.com { type master; file /var/named/local.domain.com.hosts; }; Y el fichero local.domain.com.hosts contiene lo siguiente: $ttl 38400 local.domain.com. IN SOA ns.local.domain.com. ad...@local.domain.com. ( 1324940087 10800 3600 604800 38400 ) local.domain.com. IN NS ns.local.domain.com. rep-mgr.local.domain .com. IN A 192.168.1.30 squid.local.domain .com. IN A 192.168.1.10 ns.local.domain .com.IN A 192.168.1.2 bacula.local.domain .com.IN CNAME rep-mgr Todo esta correctamente configurado porque el DNS (Bind) inicia correctamente. Ahora bien el tema esta en que si desde la VM rep-mgr.local.domain.com hago un [root@rep-mgr bacula]# dig rep-mgr.soltiven.com ; DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.1 rep-mgr.soltiven.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 48443 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;rep-mgr.soltiven.com. IN A ;; AUTHORITY SECTION: com.5 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1324989377 1800 900 604800 612 ;; Query time: 1 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Tue Dec 27 08:11:50 2011 ;; MSG SIZE rcvd: 111 Me responden unos servidores a.gtld-servers.net. nstld.verisign-grs.com. que no se de donde salen. El fichero /etc/hosts de ese servidor tiene esto: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.2 ns.local.domain.com Y el fichero /etc/resolv.conf domain local.domain.com search local.domain.com nameserver 192.168.1.2 nameserver 10.13.0.3 Donde esta el error? Alguna ayuda? Saludos y gracias por adelantado Ing. Reynier Pérez Mira Cel: +58 424.180.5609 / +58 416.921.7406 Correo: reynie...@gmail.com / reynie...@hotmail.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es This message and any attachments are intended for the use of the addressee or addressees only. The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its content is not permitted. If you received this message in error, please notify the sender and delete it from your system. Emails can be altered and their integrity cannot be guaranteed by the sender. Please consider the environment before printing this email. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Una de DNS
Hay algo raro en el servidor de DNS xq lo reinicie y ahora si me resuelve bien los nombres :) alguna idea de que podria estar pasando? Cual log he de revisar /var/log/messages o ... ? Saludos y gracias por la ayuda Ing. Reynier Pérez Mira Cel: +58 424.180.5609 / +58 416.921.7406 Correo: reynie...@gmail.com / reynie...@hotmail.com 2011/12/27 Miguel González Castaños miguel_3_gonza...@yahoo.es On 27/12/2011 14:18, reynie...@gmail.com wrote: Ya reinicie el bind como 15 veces y tambien reinicie rep-mgr.local.domain.com (192.168.1.30), este es el resultado de nslookup: 1) Seteando el servidor a 192.168.1.2 (por si acaso) [root@rep-mgr ~]# nslookup server 192.168.1.2 Default server: 192.168.1.2 Address: 192.168.1.2#53 rep-mgr.local.domain.com Server: 192.168.1.2 Address:192.168.1.2#53 Nslookup esta preguntando al servidor correcto (no esta reenviando la petición a los servidores que indicabas antes). El problema esta en el DNS, yo miraría en los logs del servicio named a ver que te dice. Miguel This message and any attachments are intended for the use of the addressee or addressees only. The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its content is not permitted. If you received this message in error, please notify the sender and delete it from your system. Emails can be altered and their integrity cannot be guaranteed by the sender. Please consider the environment before printing this email. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Una de DNS
Ya reinicie el bind como 15 veces y tambien reinicie rep-mgr.local.domain.com (192.168.1.30), este es el resultado de nslookup: 1) Seteando el servidor a 192.168.1.2 (por si acaso) [root@rep-mgr ~]# nslookup server 192.168.1.2 Default server: 192.168.1.2 Address: 192.168.1.2#53 rep-mgr.local.domain.com Server: 192.168.1.2 Address:192.168.1.2#53 ** server can't find rep-mgr.local.domain.com: NXDOMAIN 2) Por defecto [root@rep-mgr ~]# nslookup rep-mgr.local.domain.com Server: 192.168.1.2 Address:192.168.1.2#53 ** server can't find rep-mgr.local.domain.com: NXDOMAIN Ing. Reynier Pérez Mira Cel: +58 424.180.5609 / +58 416.921.7406 Correo: reynie...@gmail.com / reynie...@hotmail.com 2011/12/27 Miguel González Castaños miguel_3_gonza...@yahoo.es Reinicia el servicio de bind y de red. De todas maneras porque no ejecutas nslookup? Miguel On 27/12/2011 14:03, reynie...@gmail.com wrote: Hola Miguel, le puse un comentario a esa linea o sea a nameserver 10.13.0.3 e igual me sigue apuntando a los mismos servidores :-( (una pregunta: debo reiniciar algun servicio para que tome los cambios o simplemente con poner un comentario #nameserver 10.13.0.3 basta?) Lo de rep-mgr.soltiven.com fue un error mio en realidad el dig lo hice a: [root@rep-mgr bacula]# dig rep-mgr.local.domain.com ; DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.1 rep-mgr.local.domain .com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 39916 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;rep-mgr.local.domain .com. IN A ;; AUTHORITY SECTION: com.5 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1324990335 1800 900 604800 411 ;; Query time: 2 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Tue Dec 27 08:31:12 2011 ;; MSG SIZE rcvd: 111 Sigo sin entender que sucede porque ya he buscado por Google y he probado cuanta solucion a dado la gente :-( Saludos Ing. Reynier Pérez Mira Cel: +58 424.180.5609 / +58 416.921.7406 Correo: reynie...@gmail.com / reynie...@hotmail.com 2011/12/27 Miguel González Castaños miguel_3_gonza...@yahoo.es El hecho de que en /etc/resolv.conf tengas la entrada nameserver 10.13.0.3 probablemente este reenviando la peticion de DNS al servidor de DNS que tienes en la maquina host donde instalaste VMware. Si quitas esa linea podrás mandar la resolución local, pero solo resolveras localdomain. El dominio soltiven.com no lo tienes en tu DNS local. Por eso cuando pides que resuelva, reenvia la peticion al servidor de DNS 10.13.0.3 Si quieres que rep-mgr.soltiven.com te resuelva a rep-mgr.localdomain, tendrás que añadir una entrada en /etc/hosts o en el servidor de DNS local. Miguel On 27/12/2011 13:48, reynie...@gmail.com wrote: Hola a todos, estoy tratando de configurar un DNS para hacer pruebas pero debo estar haciendo algo mal porque no me resuelve bien los NS. Tengo dos VM dentro de Vmware Workstation y cada una de ellas tiene dos interfaces de red: eth0 (que tiene la misma subred que mi tarjeta fisica, la de mi compturadora o sea la 10.13.13.x) y eth1 (que es un NAT para que las VM se vean entre ellas cuya subred es 192.168.1.x). La VM que finge como DNS tiene IP 192.168.1.2 y este es el named.conf: options { listen-on port 53 { 192.168.1.2; }; listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; recursion yes; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; zone local.domain.com { type master; file /var/named/local.domain.com.hosts; }; Y el fichero local.domain.com.hosts contiene lo siguiente: $ttl 38400 local.domain.com. IN SOA ns.local.domain.com. ad...@local.domain.com. ( 1324940087 10800 3600 604800 38400 ) local.domain.com. IN NS ns.local.domain.com. rep-mgr.local.domain .com. IN A 192.168.1.30 squid.local.domain .com. IN A 192.168.1.10 ns.local.domain .com.IN A 192.168.1.2 bacula.local.domain .com.IN CNAME rep-mgr Todo esta correctamente configurado porque el DNS (Bind) inicia correctamente. Ahora bien el tema esta en que si desde la VM rep-mgr.local.domain.com hago un [root@rep-mgr bacula]# dig rep-mgr.soltiven.com ; DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.1 rep-mgr.soltiven.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status:
Re: [CentOS-es] Una de DNS
On 27/12/2011 14:18, reynie...@gmail.com wrote: Ya reinicie el bind como 15 veces y tambien reinicie rep-mgr.local.domain.com http://rep-mgr.local.domain.com (192.168.1.30), este es el resultado de nslookup: 1) Seteando el servidor a 192.168.1.2 (por si acaso) [root@rep-mgr ~]# nslookup server 192.168.1.2 Default server: 192.168.1.2 Address: 192.168.1.2#53 rep-mgr.local.domain.com http://rep-mgr.local.domain.com Server: 192.168.1.2 Address:192.168.1.2#53 Nslookup esta preguntando al servidor correcto (no esta reenviando la petición a los servidores que indicabas antes). El problema esta en el DNS, yo miraría en los logs del servicio named a ver que te dice. Miguel This message and any attachments are intended for the use of the addressee or addressees only. The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its content is not permitted. If you received this message in error, please notify the sender and delete it from your system. Emails can be altered and their integrity cannot be guaranteed by the sender. Please consider the environment before printing this email. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Una de DNS
Hola Miguel, le puse un comentario a esa linea o sea a nameserver 10.13.0.3 e igual me sigue apuntando a los mismos servidores :-( (una pregunta: debo reiniciar algun servicio para que tome los cambios o simplemente con poner un comentario #nameserver 10.13.0.3 basta?) Lo de rep-mgr.soltiven.com fue un error mio en realidad el dig lo hice a: [root@rep-mgr bacula]# dig rep-mgr.local.domain.com ; DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.1 rep-mgr.local.domain .com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 39916 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;rep-mgr.local.domain .com. IN A ;; AUTHORITY SECTION: com.5 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1324990335 1800 900 604800 411 ;; Query time: 2 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Tue Dec 27 08:31:12 2011 ;; MSG SIZE rcvd: 111 Sigo sin entender que sucede porque ya he buscado por Google y he probado cuanta solucion a dado la gente :-( Saludos Ing. Reynier Pérez Mira Cel: +58 424.180.5609 / +58 416.921.7406 Correo: reynie...@gmail.com / reynie...@hotmail.com 2011/12/27 Miguel González Castaños miguel_3_gonza...@yahoo.es El hecho de que en /etc/resolv.conf tengas la entrada nameserver 10.13.0.3 probablemente este reenviando la peticion de DNS al servidor de DNS que tienes en la maquina host donde instalaste VMware. Si quitas esa linea podrás mandar la resolución local, pero solo resolveras localdomain. El dominio soltiven.com no lo tienes en tu DNS local. Por eso cuando pides que resuelva, reenvia la peticion al servidor de DNS 10.13.0.3 Si quieres que rep-mgr.soltiven.com te resuelva a rep-mgr.localdomain, tendrás que añadir una entrada en /etc/hosts o en el servidor de DNS local. Miguel On 27/12/2011 13:48, reynie...@gmail.com wrote: Hola a todos, estoy tratando de configurar un DNS para hacer pruebas pero debo estar haciendo algo mal porque no me resuelve bien los NS. Tengo dos VM dentro de Vmware Workstation y cada una de ellas tiene dos interfaces de red: eth0 (que tiene la misma subred que mi tarjeta fisica, la de mi compturadora o sea la 10.13.13.x) y eth1 (que es un NAT para que las VM se vean entre ellas cuya subred es 192.168.1.x). La VM que finge como DNS tiene IP 192.168.1.2 y este es el named.conf: options { listen-on port 53 { 192.168.1.2; }; listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.**db; statistics-file /var/named/data/named_stats.**txt; memstatistics-file /var/named/data/named_mem_**stats.txt; recursion yes; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; zone local.domain.com { type master; file /var/named/local.domain.com.**hosts; }; Y el fichero local.domain.com.hosts contiene lo siguiente: $ttl 38400 local.domain.com. IN SOA ns.local.domain.com. ad...@local.domain.com. ( 1324940087 10800 3600 604800 38400 ) local.domain.com. IN NS ns.local.domain.com. rep-mgr.local.domain .com. IN A 192.168.1.30 squid.local.domain .com. IN A 192.168.1.10 ns.local.domain .com.IN A 192.168.1.2 bacula.local.domain .com.IN CNAME rep-mgr Todo esta correctamente configurado porque el DNS (Bind) inicia correctamente. Ahora bien el tema esta en que si desde la VM rep-mgr.local.domain.com hago un [root@rep-mgr bacula]# dig rep-mgr.soltiven.com ; DiG 9.7.3-P3-RedHat-9.7.3-8.P3.**el6_2.1 rep-mgr.soltiven.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 48443 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;rep-mgr.soltiven.com. IN A ;; AUTHORITY SECTION: com.5 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1324989377 1800 900 604800 612 ;; Query time: 1 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Tue Dec 27 08:11:50 2011 ;; MSG SIZE rcvd: 111 Me responden unos servidores a.gtld-servers.net. nstld.verisign-grs.com. que no se de donde salen. El fichero /etc/hosts de ese servidor tiene esto: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.2 ns.local.domain.com Y el fichero /etc/resolv.conf domain local.domain.com search local.domain.com nameserver 192.168.1.2 nameserver 10.13.0.3 Donde esta el error? Alguna ayuda? Saludos y gracias por adelantado
[CentOS-es] Una de DNS
Hola a todos, estoy tratando de configurar un DNS para hacer pruebas pero debo estar haciendo algo mal porque no me resuelve bien los NS. Tengo dos VM dentro de Vmware Workstation y cada una de ellas tiene dos interfaces de red: eth0 (que tiene la misma subred que mi tarjeta fisica, la de mi compturadora o sea la 10.13.13.x) y eth1 (que es un NAT para que las VM se vean entre ellas cuya subred es 192.168.1.x). La VM que finge como DNS tiene IP 192.168.1.2 y este es el named.conf: options { listen-on port 53 { 192.168.1.2; }; listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; recursion yes; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; zone local.domain.com { type master; file /var/named/local.domain.com.hosts; }; Y el fichero local.domain.com.hosts contiene lo siguiente: $ttl 38400 local.domain.com. IN SOA ns.local.domain.com. ad...@local.domain.com. ( 1324940087 10800 3600 604800 38400 ) local.domain.com. IN NS ns.local.domain.com. rep-mgr.local.domain .com. IN A 192.168.1.30 squid.local.domain .com. IN A 192.168.1.10 ns.local.domain .com.IN A 192.168.1.2 bacula.local.domain .com.IN CNAME rep-mgr Todo esta correctamente configurado porque el DNS (Bind) inicia correctamente. Ahora bien el tema esta en que si desde la VM rep-mgr.local.domain.com hago un [root@rep-mgr bacula]# dig rep-mgr.soltiven.com ; DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.1 rep-mgr.soltiven.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 48443 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;rep-mgr.soltiven.com. IN A ;; AUTHORITY SECTION: com.5 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1324989377 1800 900 604800 612 ;; Query time: 1 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Tue Dec 27 08:11:50 2011 ;; MSG SIZE rcvd: 111 Me responden unos servidores a.gtld-servers.net. nstld.verisign-grs.com. que no se de donde salen. El fichero /etc/hosts de ese servidor tiene esto: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.2 ns.local.domain.com Y el fichero /etc/resolv.conf domain local.domain.com search local.domain.com nameserver 192.168.1.2 nameserver 10.13.0.3 Donde esta el error? Alguna ayuda? Saludos y gracias por adelantado Ing. Reynier Pérez Mira Cel: +58 424.180.5609 / +58 416.921.7406 Correo: reynie...@gmail.com / reynie...@hotmail.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Una de DNS
Reinicia el servicio de bind y de red. De todas maneras porque no ejecutas nslookup? Miguel On 27/12/2011 14:03, reynie...@gmail.com wrote: Hola Miguel, le puse un comentario a esa linea o sea a nameserver 10.13.0.3 e igual me sigue apuntando a los mismos servidores :-( (una pregunta: debo reiniciar algun servicio para que tome los cambios o simplemente con poner un comentario #nameserver 10.13.0.3 basta?) Lo de rep-mgr.soltiven.com http://rep-mgr.soltiven.com fue un error mio en realidad el dig lo hice a: [root@rep-mgr bacula]# dig rep-mgr.local.domain.com http://rep-mgr.local.domain.com ; DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.1 rep-mgr.local.domain .com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 39916 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;rep-mgr.local.domain .com. IN A ;; AUTHORITY SECTION: com.5 IN SOA a.gtld-servers.net http://a.gtld-servers.net. nstld.verisign-grs.com http://nstld.verisign-grs.com. 1324990335 1800 900 604800 411 ;; Query time: 2 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Tue Dec 27 08:31:12 2011 ;; MSG SIZE rcvd: 111 Sigo sin entender que sucede porque ya he buscado por Google y he probado cuanta solucion a dado la gente :-( Saludos Ing. Reynier Pérez Mira Cel: +58 424.180.5609 / +58 416.921.7406 Correo: reynie...@gmail.com mailto:reynie...@gmail.com / reynie...@hotmail.com mailto:reynie...@hotmail.com 2011/12/27 Miguel González Castaños miguel_3_gonza...@yahoo.es mailto:miguel_3_gonza...@yahoo.es El hecho de que en /etc/resolv.conf tengas la entrada nameserver 10.13.0.3 probablemente este reenviando la peticion de DNS al servidor de DNS que tienes en la maquina host donde instalaste VMware. Si quitas esa linea podrás mandar la resolución local, pero solo resolveras localdomain. El dominio soltiven.com http://soltiven.com no lo tienes en tu DNS local. Por eso cuando pides que resuelva, reenvia la peticion al servidor de DNS 10.13.0.3 Si quieres que rep-mgr.soltiven.com http://rep-mgr.soltiven.com te resuelva a rep-mgr.localdomain, tendrás que añadir una entrada en /etc/hosts o en el servidor de DNS local. Miguel On 27/12/2011 13:48, reynie...@gmail.com mailto:reynie...@gmail.com wrote: Hola a todos, estoy tratando de configurar un DNS para hacer pruebas pero debo estar haciendo algo mal porque no me resuelve bien los NS. Tengo dos VM dentro de Vmware Workstation y cada una de ellas tiene dos interfaces de red: eth0 (que tiene la misma subred que mi tarjeta fisica, la de mi compturadora o sea la 10.13.13.x) y eth1 (que es un NAT para que las VM se vean entre ellas cuya subred es 192.168.1.x). La VM que finge como DNS tiene IP 192.168.1.2 y este es el named.conf: options { listen-on port 53 { 192.168.1.2; }; listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; recursion yes; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca http://named.ca; }; zone local.domain.com http://local.domain.com { type master; file /var/named/local.domain.com http://local.domain.com.hosts; }; Y el fichero local.domain.com.hosts contiene lo siguiente: $ttl 38400 local.domain.com http://local.domain.com. IN SOA ns.local.domain.com http://ns.local.domain.com. ad...@local.domain.com mailto:ad...@local.domain.com. ( 1324940087 10800 3600 604800 38400 ) local.domain.com http://local.domain.com. IN NS ns.local.domain.com http://ns.local.domain.com. rep-mgr.local.domain .com. IN A 192.168.1.30 squid.local.domain .com. IN A 192.168.1.10 ns.local.domain .com.IN A 192.168.1.2 bacula.local.domain .com.IN CNAME rep-mgr Todo esta correctamente configurado porque el DNS (Bind) inicia correctamente. Ahora bien el tema esta en que si desde la VM rep-mgr.local.domain.com
Re: [CentOS-es] Una de DNS
On 27/12/11 09:48, reynie...@gmail.com wrote: Hola a todos, estoy tratando de configurar un DNS para hacer pruebas pero debo estar haciendo algo mal porque no me resuelve bien los NS. Tengo dos VM dentro de Vmware Workstation y cada una de ellas tiene dos interfaces de red: eth0 (que tiene la misma subred que mi tarjeta fisica, la de mi compturadora o sea la 10.13.13.x) y eth1 (que es un NAT para que las VM se Acá vos ponés... 10.13.13.x vean entre ellas cuya subred es 192.168.1.x). La VM que finge como DNS tiene IP 192.168.1.2 y este es el named.conf: options { listen-on port 53 { 192.168.1.2; }; listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; recursion yes; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; zone local.domain.com { type master; file /var/named/local.domain.com.hosts; }; Y el fichero local.domain.com.hosts contiene lo siguiente: $ttl 38400 local.domain.com. IN SOA ns.local.domain.com. ad...@local.domain.com. ( 1324940087 10800 3600 604800 38400 ) local.domain.com. IN NS ns.local.domain.com. rep-mgr.local.domain .com. IN A 192.168.1.30 squid.local.domain .com. IN A 192.168.1.10 ns.local.domain .com.IN A 192.168.1.2 bacula.local.domain .com.IN CNAME rep-mgr Todo esta correctamente configurado porque el DNS (Bind) inicia correctamente. Ahora bien el tema esta en que si desde la VM rep-mgr.local.domain.com hago un [root@rep-mgr bacula]# dig rep-mgr.soltiven.com ; DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.1 rep-mgr.soltiven.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 48443 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;rep-mgr.soltiven.com. IN A ;; AUTHORITY SECTION: com.5 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1324989377 1800 900 604800 612 ;; Query time: 1 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Tue Dec 27 08:11:50 2011 ;; MSG SIZE rcvd: 111 Me responden unos servidores a.gtld-servers.net. nstld.verisign-grs.com. que no se de donde salen. El fichero /etc/hosts de ese servidor tiene esto: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.2 ns.local.domain.com Y el fichero /etc/resolv.conf domain local.domain.com search local.domain.com nameserver 192.168.1.2 nameserver 10.13.0.3 Y acá vos ponés 10.13.0.3 ... No será ese el error??? Donde esta el error? Alguna ayuda? Saludos y gracias por adelantado Ing. Reynier Pérez Mira Cel: +58 424.180.5609 / +58 416.921.7406 Saludos Rolfo ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Installation on a Macbook Pro with nVidia MCP89 SATA controller
On Tue, 2011-12-27 at 15:00 +0100, Ljubomir Ljubojevic wrote: On 12/27/2011 02:10 PM, B.J. McClure wrote: On Tue, 2011-12-27 at 09:30 +0100, Peter Hopfgartner wrote: Did anybody succeed in installing CentOS on a MacBook Pro with nVidia chipset (2010 edition, http://www.heise.de/mac-and-i/produkte/macbook-13-2-4-ghz-mitte-2010-86/#produkt_detail)? When I boot with the current minimal install disk, Linux does simply see non disks. Regards, Peter I tried CentOS 6.0 and 6.1 on Mac-Air with SSD. Installer could not find SSD and Google did not help. FWIW, Ubuntu installed fine. If you find the solution please post. All other machines in our shop are CentOS 5.x, 6.x or RHEL 6.x, so commonality would be perfect. Sorry I could not help. B.J. CentOS release 6.2 (Final) It is not clear if either of you tried CentOS 6.2, or just 6.0 and 6.2. Errr, maybe a re-read is in order? I tried CentOS 6.0 and 6.1 on Mac-Air with SSD. B.J. CentOS release 6.2 (Final) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Hyper V integration question
Hello everyone, I have Hyper V integration working properly, but needed to do an update to 2.6.18-274.12.1.el5-x86_64. Since then, it no longer works. As discovered previously, one needs to rebuild Hyper V Integration tools due to the kernel panic. http://www.sudonym.com/398/kernel-panic-after-yum-update-centos-with-hyper-v-linux-integration-components Done. But I'm getting an error message: Your system DOES NOT support the timesource driver when running make. adjtimex is installed - adjtimex-1.20-2.1. Any ideas? I've successfully followed the same steps in the past, but right now they are just not working. Thank you! Asya ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hyper V integration question
Sorry, this is CentOS 5.7 On Dec 27, 2011, at 11:53 AM, Dvorkin, Asya wrote: Hello everyone, I have Hyper V integration working properly, but needed to do an update to 2.6.18-274.12.1.el5-x86_64. Since then, it no longer works. As discovered previously, one needs to rebuild Hyper V Integration tools due to the kernel panic. http://www.sudonym.com/398/kernel-panic-after-yum-update-centos-with-hyper-v-linux-integration-components Done. But I'm getting an error message: Your system DOES NOT support the timesource driver when running make. adjtimex is installed - adjtimex-1.20-2.1. Any ideas? I've successfully followed the same steps in the past, but right now they are just not working. Thank you! Asya ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Plymouth Failed to read image
On 12/27/2011 11:32 PM, 夜神 岩男 wrote: I'm trying to learn more about Plymouth, but am having trouble finding sufficient documentation on it. ... Perhaps the error message is just confusing me. If it is just the background image, then what is not valid about the splash.xpm.gz now? I've reduced it to 14 indexed colors, 640x480 resolution (which I thought were the criteria?). A little more information. It seems the image issue really is with visual images, not data sort. The problem I'm having is that the background cannot be updated. At all. For some reason the screen will now redraw, but only on the foreground. -So the grub splash cannot be drawn. +But the Plymouth theme can run correctly. -Then the gdm splash cannot be drawn (leaves a frozen image of whatever the last Plymouth loading image was) +But then a desktop can be loaded and drawn just fine (but its slower to load than previously) -Then if the screen is locked the lock screen (blank) will never get overdrawn at all +But entering a password blind brings a mouse pointer back on the black screen, and you can see the pointer change as it passes over items known to be on the desktop. -Other ttys can be accessed, but not seen when Ctrl+Alt+F# is used. Has anyone ever experienced this sort of behavior with gdm, plymouth or X in general? I'm confused, but at least the problem is narrowed down to whatever controls the splash/gdm-background/lock layer of display. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Plymouth Failed to read image
I'm trying to learn more about Plymouth, but am having trouble finding sufficient documentation on it. After a rebuild of Plymouth with a few theme changes, I am getting an error message on boot Failed to read image and then it gives me the grub screen to boot one of the three kernels installed. Boot works fine and I actually see the proper splash once I select a kernel. Changing themes works, etc. The single problem is that weird message about image read failure. So my question: Since Plymouth actually is working fine after the 5 second delay, just what image is it that can't be read? Is this a message about, say, the background image for the menu (the screen background *is* black, actually) or the ramfs boot image which apparently works just fine after a moment? Perhaps the error message is just confusing me. If it is just the background image, then what is not valid about the splash.xpm.gz now? I've reduced it to 14 indexed colors, 640x480 resolution (which I thought were the criteria?). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installation on a Macbook Pro with nVidia MCP89 SATA controller
On 12/27/2011 02:10 PM, B.J. McClure wrote: On Tue, 2011-12-27 at 09:30 +0100, Peter Hopfgartner wrote: Did anybody succeed in installing CentOS on a MacBook Pro with nVidia chipset (2010 edition, http://www.heise.de/mac-and-i/produkte/macbook-13-2-4-ghz-mitte-2010-86/#produkt_detail)? When I boot with the current minimal install disk, Linux does simply see non disks. Regards, Peter I tried CentOS 6.0 and 6.1 on Mac-Air with SSD. Installer could not find SSD and Google did not help. FWIW, Ubuntu installed fine. If you find the solution please post. All other machines in our shop are CentOS 5.x, 6.x or RHEL 6.x, so commonality would be perfect. Sorry I could not help. B.J. CentOS release 6.2 (Final) It is not clear if either of you tried CentOS 6.2, or just 6.0 and 6.2. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Installation on a Macbook Pro with nVidia MCP89 SATA controller
Did anybody succeed in installing CentOS on a MacBook Pro with nVidia chipset (2010 edition, http://www.heise.de/mac-and-i/produkte/macbook-13-2-4-ghz-mitte-2010-86/#produkt_detail)? When I boot with the current minimal install disk, Linux does simply see non disks. Regards, Peter -- Peter Hopfgartner R3 GIS http://www.r3-gis.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installation on a Macbook Pro with nVidia MCP89 SATA controller
On 12/27/2011 03:05 PM, B.J. McClure wrote: On Tue, 2011-12-27 at 15:00 +0100, Ljubomir Ljubojevic wrote: On 12/27/2011 02:10 PM, B.J. McClure wrote: On Tue, 2011-12-27 at 09:30 +0100, Peter Hopfgartner wrote: Did anybody succeed in installing CentOS on a MacBook Pro with nVidia chipset (2010 edition, http://www.heise.de/mac-and-i/produkte/macbook-13-2-4-ghz-mitte-2010-86/#produkt_detail)? When I boot with the current minimal install disk, Linux does simply see non disks. Regards, Peter I tried CentOS 6.0 and 6.1 on Mac-Air with SSD. Installer could not find SSD and Google did not help. FWIW, Ubuntu installed fine. If you find the solution please post. All other machines in our shop are CentOS 5.x, 6.x or RHEL 6.x, so commonality would be perfect. Sorry I could not help. B.J. CentOS release 6.2 (Final) It is not clear if either of you tried CentOS 6.2, or just 6.0 and 6.2. Errr, maybe a re-read is in order? I tried CentOS 6.0 and 6.1 on Mac-Air with SSD. B.J. CentOS release 6.2 (Final) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I've tried 6.1 and 6.2. The entry in the kernel bugzilla should be (does not open, for me): https://bugzilla.kernel.org/show_bug.cgi?id=15923 In the Fedora Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=6080340 I guess, it all comes down to Red Hat including this patch or not. Regards, Peter -- Peter Hopfgartner R3 GIS http://www.r3-gis.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installation on a Macbook Pro with nVidia MCP89 SATA controller
On Tue, 2011-12-27 at 09:30 +0100, Peter Hopfgartner wrote: Did anybody succeed in installing CentOS on a MacBook Pro with nVidia chipset (2010 edition, http://www.heise.de/mac-and-i/produkte/macbook-13-2-4-ghz-mitte-2010-86/#produkt_detail)? When I boot with the current minimal install disk, Linux does simply see non disks. Regards, Peter I tried CentOS 6.0 and 6.1 on Mac-Air with SSD. Installer could not find SSD and Google did not help. FWIW, Ubuntu installed fine. If you find the solution please post. All other machines in our shop are CentOS 5.x, 6.x or RHEL 6.x, so commonality would be perfect. Sorry I could not help. B.J. CentOS release 6.2 (Final) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hyper V integration question
On Dec 27, 2011, at 11:54 AM, Dvorkin, Asya wrote: Sorry, this is CentOS 5.7 On Dec 27, 2011, at 11:53 AM, Dvorkin, Asya wrote: Hello everyone, I have Hyper V integration working properly, but needed to do an update to 2.6.18-274.12.1.el5-x86_64. Since then, it no longer works. As discovered previously, one needs to rebuild Hyper V Integration tools due to the kernel panic. http://www.sudonym.com/398/kernel-panic-after-yum-update-centos-with-hyper-v-linux-integration-components Done. But I'm getting an error message: Your system DOES NOT support the timesource driver when running make. adjtimex is installed - adjtimex-1.20-2.1. Any ideas? I've successfully followed the same steps in the past, but right now they are just not working. Thank you! Asya So the problem got fixed by totally ignoring make failures and running make install immediately after. No issues and everything is working properly… On my other system it all worked as expected (same OS, same kernel, same RPMs). Thank you and Happy new year! Asya ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installation on a Macbook Pro with nVidia MCP89 SATA controller
Take a look for your self: On 12/27/2011 03:05 PM, B.J. McClure wrote: I tried CentOS 6.0 and 6.1 on Mac-Air with SSD. B.J. CentOS release 6.2 (Final) Your signature has 6.2. So... I wanted to be sure 6.2 was tested, that is all. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installation on a Macbook Pro with nVidia MCP89 SATA controller
On 12/27/2011 03:30 PM, Peter Hopfgartner wrote: The entry in the kernel bugzilla should be (does not open, for me): https://bugzilla.kernel.org/show_bug.cgi?id=15923 I am unable to open bugzilla.kernel.org also, it is not just you. Fedora bugzilla shows unknown ID. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Is Biarch with 6.x now dead?
I'm experimenting with 6.2 now. Things seem to be really great so far! Distribution closure is one of my favourite pets. So I tried to install everything. I found only one problem, but that's another (minor) thing. But I found almost nothing under /usr/lib. So, Biarch is really dead? Funny! A couple of years back, I finally opted for CentOS instead of Debian just because of Biarch ... I'm getting real old ... -Michael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] what percent of time are there unpatched exploits against default config?
Suppose I have a CentOS 5.7 machine running the default Apache with no extra modules enabled, and with the yum-updatesd service running to pull down and install updates as soon as they become available from the repository. (Assume further the password is strong, etc.) On the other hand, suppose that as the admin, I'm not subscribed to any security alert mailing lists which send out announcements like Please disable this feature as a workaround until this hole is plugged, so the machine just hums along with all of its default settings. So the machine can still be broken into, if there is an unpatched exploit released in the wild, in the window of time before a patch is released for that update. On the other hand, at any point in time where there are no unpatched exploits in the wild, the machine should be much harder to break into. Roughly what percent of the time is there such an unpatched exploit in the wild, so that the machine can be hacked by someone keeping up with the exploits? 5%? 50%? 95%? Hopefully this is specific enough that the answer is not it depends :) , an actual numeric answer should exist -- although I don't know if anyone has ever tried to work it out. But if not, then what's a good guess, based on observing how frequently root exploits are released in the wild, and how long the patches usually take. Bennett ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is Biarch with 6.x now dead?
hi, On 12/28/2011 01:47 AM, Michael Lampe wrote: I'm experimenting with 6.2 now. Things seem to be really great so far! nice! Distribution closure is one of my favourite pets. So I tried to install everything. thats tricky, ~ multiple things can provide overlapping functionality as well.. So, Biarch is really dead? nope. its actually quite a major pain to manage.. you forgot to mention what you installed, how you did it and what you expected V/s achieved - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is Biarch with 6.x now dead?
On Tue, Dec 27, 2011 at 7:47 PM, Michael Lampe la...@gcsc.uni-frankfurt.de wrote: But I found almost nothing under /usr/lib. When you were using the 5.x branch, biarch was done on install via what some consider a glitch in the installer. There was generally much complaining about the whole load of x86 packages when people wanted clean x86_64 systems. So, Biarch is really dead? Not at all, it's simply not as much of as a default as it once was. the command yum list available *.i?86 should show you a whole host of packages available to put your shiny bits back in /usr/lib -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
On 12/28/2011 03:13 AM, Bennett Haselton wrote: Roughly what percent of the time is there such an unpatched exploit in the wild, so that the machine can be hacked by someone keeping up with the exploits? 5%? 50%? 95%? there is no way to tell, and there is no metric to work against unless there is some source that can identify exactly when and how a specific exploit was discovered ( but then again, many exploits are not reported by the people who find them, they just abuse those exploits till such time as they can ) - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
On Tue, 27 Dec 2011, Bennett Haselton wrote: Suppose I have a CentOS 5.7 machine running the default Apache with no extra modules enabled, and with the yum-updatesd service running to pull down and install updates as soon as they become available from the repository. So the machine can still be broken into, if there is an unpatched exploit released in the wild, in the window of time before a patch is released for that update. Roughly what percent of the time is there such an unpatched exploit in the wild, so that the machine can be hacked by someone keeping up with the exploits? 5%? 50%? 95%? There's no way to give you an exact number, but let me put it this way: If you've disable as much as you can (which by default, most stuff is disabled, so that's good), and you restart Apache after each update, your chances of being broken into are better by things like SSH brute force attacks. There's always a chance someone will get in, but when you look at the security hole history of Apache, particularly over the past few years, there have been numerous CVE's, but workarounds and they aren't usually earth-shattering. Very few of them have. The latest version that ships with 5.7 is as secure as they come. If it wasn't, most web sites on the Internet would be hacked by now, as most run Apache. *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
On Tue, Dec 27, 2011 at 8:33 PM, Gilbert Sebenste seben...@weather.admin.niu.edu wrote: On Tue, 27 Dec 2011, Bennett Haselton wrote: Suppose I have a CentOS 5.7 machine running the default Apache with no extra modules enabled, and with the yum-updatesd service running to pull down and install updates as soon as they become available from the repository. So the machine can still be broken into, if there is an unpatched exploit released in the wild, in the window of time before a patch is released for that update. Roughly what percent of the time is there such an unpatched exploit in the wild, so that the machine can be hacked by someone keeping up with the exploits? 5%? 50%? 95%? There's no way to give you an exact number, but let me put it this way: If you've disable as much as you can (which by default, most stuff is disabled, so that's good), and you restart Apache after each update, your chances of being broken into are better by things like SSH brute force attacks. There's always a chance someone will get in, but when you look at the security hole history of Apache, particularly over the past few years, there have been numerous CVE's, but workarounds and they aren't usually earth-shattering. Very few of them have. The latest version that ships with 5.7 is as secure as they come. If it wasn't, most web sites on the Internet would be hacked by now, as most run Apache I was asking because I had a server that did get broken into, despite having yum-updatesd running and a strong password. He said that even if you apply all latest updates automatically, there were still windows of time where an exploit in the wild could be used to break into a machine; in particular he said: For example, there was a while back ( ~march ) a kernel exploit that affected CentOS / RHEL. The patch came after 1-2 weeks of the security announcement. The initial announcement provided a simple work around until the new version is released. Was this a sufficiently high-profile incident that you know what he's referring to? If this kind of thing happens once a year or more, than surely this is a much greater threat than brute forcing the SSH password? That's what I'm talking about -- how often does this sort of thing happen, where you need to be subscribed to be a security mailing list in order to know what workaround to make to stay safe, as opposed to simply running yum-updatesd to install latest patches automatically. Bennett ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
On 12/28/2011 04:29 AM, Bennett Haselton wrote: I was asking because I had a server that did get broken into, despite having yum-updatesd running and a strong password. He said that even if the software component compromised was a part of the updates being dished out from the distro ( and therefore likely covered via the yum-updatesd? ) - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installation on a Macbook Pro with nVidia MCP89 SATA controller
On 12/27/2011 01:10 PM, B.J. McClure wrote: I tried CentOS 6.0 and 6.1 on Mac-Air with SSD. Installer could not find SSD and Google did not help. FWIW, Ubuntu installed fine. If you I've seen a couple of MacbookAir's now running CentOS-6, do you need to set some mode (bootcamp like ?) - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
Everything installed on the machine had been installed with yum. So I assumed that meant that it would also be updated by yum if an update was available from the distro. On Tue, Dec 27, 2011 at 9:38 PM, Karanbir Singh mail-li...@karan.orgwrote: On 12/28/2011 04:29 AM, Bennett Haselton wrote: I was asking because I had a server that did get broken into, despite having yum-updatesd running and a strong password. He said that even if the software component compromised was a part of the updates being dished out from the distro ( and therefore likely covered via the yum-updatesd? ) - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
On 12/28/2011 01:29 PM, Bennett Haselton wrote: On Tue, Dec 27, 2011 at 8:33 PM, Gilbert Sebenste seben...@weather.admin.niu.edu wrote: On Tue, 27 Dec 2011, Bennett Haselton wrote: Suppose I have a CentOS 5.7 machine running the default Apache with no extra modules enabled, and with the yum-updatesd service running to pull down and install updates as soon as they become available from the repository. So the machine can still be broken into, if there is an unpatched exploit released in the wild, in the window of time before a patch is released for that update. Roughly what percent of the time is there such an unpatched exploit in the wild, so that the machine can be hacked by someone keeping up with the exploits? 5%? 50%? 95%? There's no way to give you an exact number, but let me put it this way: If you've disable as much as you can (which by default, most stuff is disabled, so that's good), and you restart Apache after each update, your chances of being broken into are better by things like SSH brute force attacks. There's always a chance someone will get in, but when you look at the security hole history of Apache, particularly over the past few years, there have been numerous CVE's, but workarounds and they aren't usually earth-shattering. Very few of them have. The latest version that ships with 5.7 is as secure as they come. If it wasn't, most web sites on the Internet would be hacked by now, as most run Apache I was asking because I had a server that did get broken into, despite having yum-updatesd running and a strong password. He said that even if you apply all latest updates automatically, there were still windows of time where an exploit in the wild could be used to break into a machine; in particular he said: For example, there was a while back ( ~march ) a kernel exploit that affected CentOS / RHEL. The patch came after 1-2 weeks of the security announcement. The initial announcement provided a simple work around until the new version is released. Was this a sufficiently high-profile incident that you know what he's referring to? If this kind of thing happens once a year or more, than surely this is a much greater threat than brute forcing the SSH password? That's what I'm talking about -- how often does this sort of thing happen, where you need to be subscribed to be a security mailing list in order to know what workaround to make to stay safe, as opposed to simply running yum-updatesd to install latest patches automatically. Nearly every time servers get broken into they are web servers, and web servers serving applications the greatest percentage of those. The web never having been intended as an applications platform provides a huge number of attack vectors which are entirely separate from the OS layer. For example, a perfectly secure operating system running a perfectly secure Apache configuration on a perfectly secure MySQL deployment could be running an application that permits injection of arbitrary SQL commands into the database. The server itself may not be compromised (or it may, depending on what else that SQL command can touch/be referenced by) in the sense that someone can open a shell, but in most cases there is nothing of interest on a web server anyway. What is interesting is what is in the database or lives within the application being served, and that is an application/database layer problem, not an OS, web-server or kernel problem. With the vast majority of web applications being developed on frameworks like Drupal, Django and Plone, the overwhelming majority of server hacks with regard to the web have to do with attacking these structures (at least initially), not the actual OS layer directly at the outset. Compare this with email server software, which, if the OS layer were the inherent problem, would be heard about every day -- much more often than web-related cracks. But email server software is mature and just as secure as Apache is. However, web-based email is a common target, and for a good reason. http is inherently insecure, and bouncing someone from http to https is just as insecure because the initial http link and DNS can be attacked, both being deliberately insecure, public protocols. Blah blah. My point is, the OS is rarely attacked directly in web-related cracks. A good cracker tries to discover flaws in young, fast changing web frameworks which require priviledged access to things like MySQL instead of trying to attack Apache or an SE-enabled OS layer directly. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
Yeah I know that most break-ins do happen using third-party web apps; fortunately the servers I'm running don't have or need any of those. But then what about what my friend said: For example, there was a while back ( ~march ) a kernel exploit that affected CentOS / RHEL. The patch came after 1-2 weeks of the security announcement. The initial announcement provided a simple work around until the new version is released. Is that an extremely rare freak occurrence? Or are you just saying it's rare *compared* to breakins using web apps? Or am I misunderstanding what my friend was referring to in the above paragraph? Bennett 2011/12/27 夜神 岩男 supergiantpot...@yahoo.co.jp On 12/28/2011 01:29 PM, Bennett Haselton wrote: On Tue, Dec 27, 2011 at 8:33 PM, Gilbert Sebenste seben...@weather.admin.niu.edu wrote: On Tue, 27 Dec 2011, Bennett Haselton wrote: Suppose I have a CentOS 5.7 machine running the default Apache with no extra modules enabled, and with the yum-updatesd service running to pull down and install updates as soon as they become available from the repository. So the machine can still be broken into, if there is an unpatched exploit released in the wild, in the window of time before a patch is released for that update. Roughly what percent of the time is there such an unpatched exploit in the wild, so that the machine can be hacked by someone keeping up with the exploits? 5%? 50%? 95%? There's no way to give you an exact number, but let me put it this way: If you've disable as much as you can (which by default, most stuff is disabled, so that's good), and you restart Apache after each update, your chances of being broken into are better by things like SSH brute force attacks. There's always a chance someone will get in, but when you look at the security hole history of Apache, particularly over the past few years, there have been numerous CVE's, but workarounds and they aren't usually earth-shattering. Very few of them have. The latest version that ships with 5.7 is as secure as they come. If it wasn't, most web sites on the Internet would be hacked by now, as most run Apache I was asking because I had a server that did get broken into, despite having yum-updatesd running and a strong password. He said that even if you apply all latest updates automatically, there were still windows of time where an exploit in the wild could be used to break into a machine; in particular he said: For example, there was a while back ( ~march ) a kernel exploit that affected CentOS / RHEL. The patch came after 1-2 weeks of the security announcement. The initial announcement provided a simple work around until the new version is released. Was this a sufficiently high-profile incident that you know what he's referring to? If this kind of thing happens once a year or more, than surely this is a much greater threat than brute forcing the SSH password? That's what I'm talking about -- how often does this sort of thing happen, where you need to be subscribed to be a security mailing list in order to know what workaround to make to stay safe, as opposed to simply running yum-updatesd to install latest patches automatically. Nearly every time servers get broken into they are web servers, and web servers serving applications the greatest percentage of those. The web never having been intended as an applications platform provides a huge number of attack vectors which are entirely separate from the OS layer. For example, a perfectly secure operating system running a perfectly secure Apache configuration on a perfectly secure MySQL deployment could be running an application that permits injection of arbitrary SQL commands into the database. The server itself may not be compromised (or it may, depending on what else that SQL command can touch/be referenced by) in the sense that someone can open a shell, but in most cases there is nothing of interest on a web server anyway. What is interesting is what is in the database or lives within the application being served, and that is an application/database layer problem, not an OS, web-server or kernel problem. With the vast majority of web applications being developed on frameworks like Drupal, Django and Plone, the overwhelming majority of server hacks with regard to the web have to do with attacking these structures (at least initially), not the actual OS layer directly at the outset. Compare this with email server software, which, if the OS layer were the inherent problem, would be heard about every day -- much more often than web-related cracks. But email server software is mature and just as secure as Apache is. However, web-based email is a common target, and for a good reason. http is inherently insecure, and bouncing someone from http to https is just as insecure because the initial http link and DNS can be attacked, both being
Re: [CentOS] Is Biarch with 6.x now dead?
nope. its actually quite a major pain to manage.. you forgot to mention what you installed, how you did it and what you expected V/s achieved I have installed all the packages from the two x86_64 DVDs with (eventually): yum install --exclude=ovirt\* \* I'm not using any internet-based repos for now, because of limited bandwidth at home. I haven't touched 6.x before 6.2 and just thought it would be as in 5.x (biarch wise). With 6.2 everything on my X301 semms to be working much better or at least as good as in 5.7. I will slowly, carefully, and thankfully play with your Christmas present in the next two weeks. :) -Michael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
password? That's what I'm talking about -- how often does this sort of thing happen, where you need to be subscribed to be a security mailing list in order to know what workaround to make to stay safe, as opposed to simply running yum-updatesd to install latest patches automatically. Happens all the time! Count on it! If running any server available to the public there is no set and forget if you're responsible for that server you best stay informed/subscribed and ready to take action be it a work around, update or whatever. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
On Dec 27, 2011, at 11:29 PM, Bennett Haselton benn...@peacefire.org wrote: On Tue, Dec 27, 2011 at 8:33 PM, Gilbert Sebenste seben...@weather.admin.niu.edu wrote: On Tue, 27 Dec 2011, Bennett Haselton wrote: Suppose I have a CentOS 5.7 machine running the default Apache with no extra modules enabled, and with the yum-updatesd service running to pull down and install updates as soon as they become available from the repository. So the machine can still be broken into, if there is an unpatched exploit released in the wild, in the window of time before a patch is released for that update. Roughly what percent of the time is there such an unpatched exploit in the wild, so that the machine can be hacked by someone keeping up with the exploits? 5%? 50%? 95%? There's no way to give you an exact number, but let me put it this way: If you've disable as much as you can (which by default, most stuff is disabled, so that's good), and you restart Apache after each update, your chances of being broken into are better by things like SSH brute force attacks. There's always a chance someone will get in, but when you look at the security hole history of Apache, particularly over the past few years, there have been numerous CVE's, but workarounds and they aren't usually earth-shattering. Very few of them have. The latest version that ships with 5.7 is as secure as they come. If it wasn't, most web sites on the Internet would be hacked by now, as most run Apache I was asking because I had a server that did get broken into, despite having yum-updatesd running and a strong password. He said that even if you apply all latest updates automatically, there were still windows of time where an exploit in the wild could be used to break into a machine; in particular he said: For example, there was a while back ( ~march ) a kernel exploit that affected CentOS / RHEL. The patch came after 1-2 weeks of the security announcement. The initial announcement provided a simple work around until the new version is released. What was the nature of the break-in, if I may ask? Security is more than just updates and a strong password. - Rilindo Foster http://monzell.com http://www.linkedin.com/pub/rilindo-foster/2/b32/43b ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
On Tue, Dec 27, 2011 at 10:17 PM, Rilindo Foster rili...@me.com wrote: On Dec 27, 2011, at 11:29 PM, Bennett Haselton benn...@peacefire.org wrote: On Tue, Dec 27, 2011 at 8:33 PM, Gilbert Sebenste seben...@weather.admin.niu.edu wrote: On Tue, 27 Dec 2011, Bennett Haselton wrote: Suppose I have a CentOS 5.7 machine running the default Apache with no extra modules enabled, and with the yum-updatesd service running to pull down and install updates as soon as they become available from the repository. So the machine can still be broken into, if there is an unpatched exploit released in the wild, in the window of time before a patch is released for that update. Roughly what percent of the time is there such an unpatched exploit in the wild, so that the machine can be hacked by someone keeping up with the exploits? 5%? 50%? 95%? There's no way to give you an exact number, but let me put it this way: If you've disable as much as you can (which by default, most stuff is disabled, so that's good), and you restart Apache after each update, your chances of being broken into are better by things like SSH brute force attacks. There's always a chance someone will get in, but when you look at the security hole history of Apache, particularly over the past few years, there have been numerous CVE's, but workarounds and they aren't usually earth-shattering. Very few of them have. The latest version that ships with 5.7 is as secure as they come. If it wasn't, most web sites on the Internet would be hacked by now, as most run Apache I was asking because I had a server that did get broken into, despite having yum-updatesd running and a strong password. He said that even if you apply all latest updates automatically, there were still windows of time where an exploit in the wild could be used to break into a machine; in particular he said: For example, there was a while back ( ~march ) a kernel exploit that affected CentOS / RHEL. The patch came after 1-2 weeks of the security announcement. The initial announcement provided a simple work around until the new version is released. What was the nature of the break-in, if I may ask? I don't know how they did it, only that the hosting company had to take the server offline because they said it was sending a DOS attack to a remote host and using huge amounts of bandwidth in the process. The top priority was to get the machine back online so they reformatted it and re-connected it, so there are no longer any logs showing what might have happened. (Although of course once the server is compromised, presumably the logs can be rewritten to say anything anyway.) Security is more than just updates and a strong password. - Rilindo Foster Well that's what I'm trying to determine. Is there any set of default settings that will make a server secure without requiring the admin to spend more than, say, 30 minutes per week on maintenance tasks like reading security newsletters, and applying patches? And if there isn't, are there design changes that could make it so that it was? Because if an OS/webserver/web app combination requires more than, say, half an hour per week of maintenance, then for the vast majority of servers and VPSs on the Internet, the maintenance is not going to get done. It doesn't matter what our opinion is about whose fault it is or whether admins should be more diligent. The maintenance won't get done and the machines will continue to get hacked. (And half an hour per week is probably a generous estimate of how much work most VPS admins would be willing to do.) On the other hand, if the most common causes of breakins can be identified, maybe there's a way to stop those with good default settings and automated processes. For example, if exploitable web apps are a common source of breakins, maybe the standard should be to have them auto-update themselves like the operating system. (Last I checked, WordPress and similar programs could *check* if updates were available, and alert you next time you signed in, but they didn't actually patch themselves. So if you never signed in to a web app on a site that you'd forgotten about, you might never realize it needed patching.) Bennett ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what percent of time are there unpatched exploits against default config?
On Tue, Dec 27, 2011 at 10:08 PM, Ken godee k...@perfect-image.com wrote: password? That's what I'm talking about -- how often does this sort of thing happen, where you need to be subscribed to be a security mailing list in order to know what workaround to make to stay safe, as opposed to simply running yum-updatesd to install latest patches automatically. Happens all the time! Really? An exploit is released in the wild, and there's a lag of several days before a patch is available through updates -- all the time? How often? Every week? Since Gilbert and supergiantpotato seemed to be saying the opposite (that unpatched OS- and web-server-level exploits were pretty rare), what data were you relying on when you said that it happens all the time? Count on it! If running any server available to the public there is no set and forget if you're responsible for that server you best stay informed/subscribed and ready to take action be it a work around, update or whatever. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos