[CentOS] rsyslog / rotation, best practices
centos6 in regards to /etc/logrotate.d/syslog the file is in charge of processing /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler If I wanted to make a specific setting just for maillog (since that file gets huge really quick) would I add 1- a new file /etc/logrotate.d/maillog with the parameters just like the other files 2- add parameters in the file it is already located in (/etc/log...d/syslog) 3- logrotate.conf where other settings for btmp and wtmp are located. Which is the 'best practice' or preferred solution to changing the defaults for the files in the logrotate.d/syslog file. Right now I have changed logrotate.conf to go off daily to keep the maillog from getting to huge. I do not know what the default is for size forcing the change, but when it got to 35MB logwatch was not properly accessing it and logrotate in debug mode was saying file too big must be config file. There seems to be no setting for file size to force rotation for the log files in the logrotate.d/syslog file. thanks bob ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSEC How To?
On 04/05/2012 04:55 PM, Helmut Drodofsky wrote: > Hello, > > now I have spent many hours to configure openswan for VPN connections > without any success. > > My goal: > > VPN Server CentOS 6 with public IPv4 > VPN Client (= road warrier) from private site with NAT router or from > mobile cell with Linux, Windows 7, Mac, iPhone or Android > > Is there any how to in the net? > > When I read > file:///usr/share/doc/openswan-doc-2.6.32/config.html > then I belive, there is no solution. It is written, that I have to > reconfigure the NAT router of the mobile provider or the hardware NAT > router of the private dsl uplink. > > Both is impossible. Maybe you get better luck on the Openswan mailing list but I would not get my hopes up. One of the Openswan developers has repeatedly mentioned that IPsec does not like NAT. Les' suggestion to try OpenVPN is what I did and it works well assuming you can find the tun.ko kernel module for your Android phone. I don't know if there is an OpenVPN client for Windows phone or iPhone. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 86, Issue 4
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEBA-2012:0452 CentOS 6 db4 FASTTRACK Update (Johnny Hughes) 2. CEBA-2012:0456 CentOS 6 expect FASTTRACK Update (Johnny Hughes) 3. CEBA-2012:0455 CentOS 6 libuser FASTTRACK Update (Johnny Hughes) 4. CEBA-2012:0454 CentOS 6 vim FASTTRACK Update (Johnny Hughes) -- Message: 1 Date: Thu, 5 Apr 2012 01:04:52 + From: Johnny Hughes Subject: [CentOS-announce] CEBA-2012:0452 CentOS 6 db4 FASTTRACK Update To: centos-annou...@centos.org Message-ID: <20120405010452.ga24...@chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2012:0452 Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-0452.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 0a466556f5dd693a22fe8b60a17f36ee520a86709a2bb8f9890892a744b5f744 db4-4.7.25-17.el6.i686.rpm f3ea647e99d9c6025aa9d52c0ea5a8fe6c87882983f96da7962ddae77f7fcd39 db4-cxx-4.7.25-17.el6.i686.rpm 1955922d352baef7a5762ff5120f19848156d8326435e0558b724aba665e8635 db4-devel-4.7.25-17.el6.i686.rpm 492f272e50760b050e493689b6f646322985a29afa090ff678ba557f1936ab4a db4-devel-static-4.7.25-17.el6.i686.rpm ddfff0ab683e1a8404c51187728eb2a8216b1e00f8a3874091976780df778387 db4-java-4.7.25-17.el6.i686.rpm 8a0a58dcbdf25de16c3f02a0c0344de1483543b64e9201bef0aca3aa0f6a392b db4-tcl-4.7.25-17.el6.i686.rpm cb92d90ac31fe066b5f7727244711c5312601b2c8bbb7eb813d88a9cf1bb9de9 db4-utils-4.7.25-17.el6.i686.rpm x86_64: 0a466556f5dd693a22fe8b60a17f36ee520a86709a2bb8f9890892a744b5f744 db4-4.7.25-17.el6.i686.rpm 1af69a9921742f41f57d09f03d2076174e28f9020b32fa6a18dc662fc7c77f2e db4-4.7.25-17.el6.x86_64.rpm f3ea647e99d9c6025aa9d52c0ea5a8fe6c87882983f96da7962ddae77f7fcd39 db4-cxx-4.7.25-17.el6.i686.rpm bade71631c61e4bc9ffe1f8c30060a3cbc4fcd1c453365fd223220d5d4c20868 db4-cxx-4.7.25-17.el6.x86_64.rpm 1955922d352baef7a5762ff5120f19848156d8326435e0558b724aba665e8635 db4-devel-4.7.25-17.el6.i686.rpm f6b7ae526caa8b0b771205d5ab6094accbc4cd32318a2a56330f83f2de5f0cb8 db4-devel-4.7.25-17.el6.x86_64.rpm 6651c2c68167b81b2848173c0a8fa13636a2e2e2fda085304e2d7d426816ae16 db4-devel-static-4.7.25-17.el6.x86_64.rpm 284f11258cc2a4ed52ea0eeb4fbbf914fdc06316d9e744545fe7af2bf4cb db4-java-4.7.25-17.el6.x86_64.rpm 471ce4382d34803462cc69a930d3bb0c8e06c35faaa5ae36b2796bd1ee96667e db4-tcl-4.7.25-17.el6.x86_64.rpm 1eb0fc38dfbfb019fecc3ab35e3f1e2e4fe38e4eb6a107a3e643bdefbbeb2cea db4-utils-4.7.25-17.el6.x86_64.rpm Source: 4d7e1cfb9d369a22052f4f1d519b28a2ce6c54eee67ce243a530b038f4b4b887 db4-4.7.25-17.el6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 2 Date: Thu, 5 Apr 2012 09:30:55 + From: Johnny Hughes Subject: [CentOS-announce] CEBA-2012:0456 CentOS 6 expect FASTTRACK Update To: centos-annou...@centos.org Message-ID: <20120405093055.ga17...@chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2012:0456 Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-0456.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 5586d8820e0bd92006b7106dbd0a84f68b0c740fb38a7ddab43c0fb82baf26a7 expect-5.44.1.15-4.el6.i686.rpm 4eff6af69f61bd24f891df0a4dd3e66feb8792bcfd0f39dd40f17ad3251af1eb expect-devel-5.44.1.15-4.el6.i686.rpm c3739d8f9a0ad6b29c001f2d7b6951e127834c634d29302d17500b5fdb3f84d0 expectk-5.44.1.15-4.el6.i686.rpm x86_64: a5b16ad36a6b3799bf1213155f6b74ddf97e2b12be3f4def9cd05cbd7f981535 expect-5.44.1.15-4.el6.x86_64.rpm 4eff6af69f61bd24f891df0a4dd3e66feb8792bcfd0f39dd40f17ad3251af1eb expect-devel-5.44.1.15-4.el6.i686.rpm a70e07f15107d548a3dcdcafcc8b73db5416b2603bf70c0f286b2663a3cb8d2c expect-devel-5.44.1.15-4.el6.x86_64.rpm 5bb6394a3bede9afedfb05665434d618d0e2fd9b378a6da8013ccb4410c4640f expectk-5.44.1.15-4.el6.x86_64.rpm Source: cae59720bc704b2e7ae1bbfb74b18badb58f675865d9e5fd38b9e3b2b457e240 expect-5.44.1.15-4.el6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 3 Date: Thu, 5 Apr 2012 09:31:12 + From: Johnny Hughes Subject: [CentOS-announce] CEBA-2012:0455 CentOS 6 libuser FASTTRACK U
Re: [CentOS] Next kernel?
On 04/05/2012 09:32 AM, m.r...@5-cent.us wrote: > First, let me say that I don't know if you're getting paid for the work > you do for CentOS, but the speed that you put out updates - they're out > around or before I get the email from RH - is very much appreciated, and > if we're ever at the same place, I'd like to buy you a drink. > > Now, a week or two ago, someone was posting here, having problems with NFS > hanging under a heavy load, and IIRC, mentioned successfully testing with > a newer RHEL kernel - was it 2.6.32-250 or so? - and I was wondering how > soon that was in the pipeline, because I'd like to play with it. We don't > have it hanging with the current and last couple 6.2 kernels, but reading > from and writing to an NFS-mounted directory is six times slower than > reading from that directory, and writing to the local disk; for that > reason, we've stopped pushing the migration from 5.x to 6.2 on our home > directory servers, and rolled several back to 5.x > I am pretty sure that kernel was provided via a customer support call that is hidden in bugzilla .. so we (CentOS) would not have access to the kernel or the SRPM until they release it via the public FTP. If they release the SRPM publicly (in a people.redhat.com directory or somewhere else via the bugzilla, I will be happy to rebuild it and release it as a test kernel. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSEC How To?
On Thu, Apr 5, 2012 at 9:55 AM, Helmut Drodofsky wrote: > > now I have spent many hours to configure openswan for VPN connections > without any success. > > My goal: > > VPN Server CentOS 6 with public IPv4 > VPN Client (= road warrier) from private site with NAT router or from > mobile cell with Linux, Windows 7, Mac, iPhone or Android > > Is there any how to in the net? > > When I read > file:///usr/share/doc/openswan-doc-2.6.32/config.html > then I belive, there is no solution. It is written, that I have to > reconfigure the NAT router of the mobile provider or the hardware NAT > router of the private dsl uplink. > > Both is impossible. > > Thank you for help in advance. Can you use openvpn instead of IPsec? It can run over udp and is nat-friendly. I think you need root access on android and a jailbroken iphone to make the clients work there, though. -- Les Mikesell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] IPSEC How To?
Hello, now I have spent many hours to configure openswan for VPN connections without any success. My goal: VPN Server CentOS 6 with public IPv4 VPN Client (= road warrier) from private site with NAT router or from mobile cell with Linux, Windows 7, Mac, iPhone or Android Is there any how to in the net? When I read file:///usr/share/doc/openswan-doc-2.6.32/config.html then I belive, there is no solution. It is written, that I have to reconfigure the NAT router of the mobile provider or the hardware NAT router of the private dsl uplink. Both is impossible. Thank you for help in advance. Helmut Helmut Drodofsky Internet XS Service GmbH Heßbrühlstraße 15 70565 Stuttgart Geschäftsführung Dr.-Ing. Roswitha Hahn-Drodofsky HRB 21091 Stuttgart USt.ID: DE190582774 Tel. 0711 781941 0 Fax: 0711 781941 79 Mail: i...@internet-xs.de www.internet-xs.de ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Next kernel?
First, let me say that I don't know if you're getting paid for the work you do for CentOS, but the speed that you put out updates - they're out around or before I get the email from RH - is very much appreciated, and if we're ever at the same place, I'd like to buy you a drink. Now, a week or two ago, someone was posting here, having problems with NFS hanging under a heavy load, and IIRC, mentioned successfully testing with a newer RHEL kernel - was it 2.6.32-250 or so? - and I was wondering how soon that was in the pipeline, because I'd like to play with it. We don't have it hanging with the current and last couple 6.2 kernels, but reading from and writing to an NFS-mounted directory is six times slower than reading from that directory, and writing to the local disk; for that reason, we've stopped pushing the migration from 5.x to 6.2 on our home directory servers, and rolled several back to 5.x mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 6.2 - How to check for a failed disk using LVM with a hardware RAID (3ware)
On 04/05/2012 05:38 AM, Jonathan Vomacka wrote: > CentOS Community, > > What commands can I use to check the disk health of the system when LVM2 > is being used on top of a RAID 10 using a HARDWARE 3ware raid card. The > OS sees a hardware raid usually as one big drive. Is there a way to > check the disks individually to see if any are failing, or throwing hard > or scsi transport errors? yum install smartmontools smartctl -a /dev/twa0 -d 3ware,0 You can check each drive by changing '3ware,0' to '3ware,x' where x is the drive #. You can automate the checks by configuring /etc/smartd.conf using lines like: /dev/twa0 -d 3ware,0 -H -l selftest -l error -o on -S on -s (O/../../6/22|S/../../1/2|L/../../2/1) -m r...@yourdomain.com Remember to comment out the default line (the first line of /etc/smartd.conf). -- Benjamin Franz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Block outgoing connections for certaing uids (root, apache, nobody)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/04/2012 10:15 AM, Lamar Owen wrote: > On Wednesday, April 04, 2012 05:13:11 AM Alexander Farber wrote: >> Good morning >> >> With iptables in CentOS 5 and 6 Linux - how can you please prevent >> processes running as "root", "apache" or "nobody" from initiating >> outgoing connections? > > This sounds more like something an SELinux rule could do better, and on a > per-process basis. > > Now, I don't have such a rule or policy file written, but I think for this > purpose SELinux is the right tool to try to use. You might have to go from > the rather lenient 'targeted' policy to the rather difficult to use > 'strict' policy to make it happen, though. > > Dan Walsh is on here, and he's the expert, so maybe he'll weigh in. > ___ CentOS mailing list > CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Very difficult to do, especially if you are talking about administrators running as root. If you want to allow everything except connection to the network, you will not stop a determined admin. Now we can block the apache process from connecting to the network. If you want to run confined admins we can also control them, but it is not easy. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk99nE0ACgkQrlYvE4MpobPNlwCgr/zQEe0pvM96wRwdCdda+d6S rOsAoN242buO0dwqEw5p7ZxTr5UY/Kgm =6w7I -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 6.2 - How to check for a failed disk using LVM with a hardware RAID (3ware)
On 04/05/2012 02:38 PM, Jonathan Vomacka wrote: > CentOS Community, > > What commands can I use to check the disk health of the system when LVM2 > is being used on top of a RAID 10 using a HARDWARE 3ware raid card. The > OS sees a hardware raid usually as one big drive. Is there a way to > check the disks individually to see if any are failing, or throwing hard > or scsi transport errors? You need to get the tw_cli tool from the 3ware page. With this you can check the health of the raid and its disks: # tw_cli /c0 show Unit UnitType Status %RCmpl %V/I/M Stripe Size(GB) Cache AVrfy -- u0RAID-10 OK - - 256K1862.62 ON OFF Port Status Unit SizeBlocksSerial --- p0 OK u0 931.51 GB 1953525168WD-WMATV4882192 p1 OK u0 931.51 GB 1953525168WD-WMATV4911813 p2 OK u0 931.51 GB 1953525168WD-WMATV4884633 p3 OK u0 931.51 GB 1953525168WD-WMATV4881597 p4 NOT-PRESENT - - - - p5 NOT-PRESENT - - - - p6 NOT-PRESENT - - - - p7 NOT-PRESENT - - - - Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: 6.2 - How to check for a failed disk using LVM with a hardware RAID (3ware)
centos-boun...@centos.org schrieb am 05.04.2012 14:38:39: > Jonathan Vomacka > Gesendet von: centos-boun...@centos.org > > 05.04.2012 14:44 > > Bitte antworten an > CentOS mailing list > > An > > CentOS mailing list > > Kopie > > Thema > > [CentOS] 6.2 - How to check for a failed disk using LVM with a > hardware RAID (3ware) > > CentOS Community, > > What commands can I use to check the disk health of the system when LVM2 > is being used on top of a RAID 10 using a HARDWARE 3ware raid card. The > OS sees a hardware raid usually as one big drive. Is there a way to > check the disks individually to see if any are failing, or throwing hard > or scsi transport errors? > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos Hi Jonathan, it depends on your Hardware. I've a 3ware Raid-Kontroller with Linux-Software (cmd-line and Web-gui) to contoll and manage the controller. Just look at the website of 3ware. Gruß Andreas Reschke Unix/Linux-Administration andreas.resc...@behrgroup.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 6.2 - How to check for a failed disk using LVM with a hardware RAID (3ware)
Le jeu. 05 avril 2012 08:38:39 CEST, Jonathan Vomacka a écrit: > CentOS Community, > > What commands can I use to check the disk health of the system when LVM2 > is being used on top of a RAID 10 using a HARDWARE 3ware raid card. The > OS sees a hardware raid usually as one big drive. Is there a way to > check the disks individually to see if any are failing, or throwing hard > or scsi transport errors? You can try : man smartctl smartd can access individual disks behind (supported) RAID controllers. -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 6.2 - How to check for a failed disk using LVM with a hardware RAID (3ware)
CentOS Community, What commands can I use to check the disk health of the system when LVM2 is being used on top of a RAID 10 using a HARDWARE 3ware raid card. The OS sees a hardware raid usually as one big drive. Is there a way to check the disks individually to see if any are failing, or throwing hard or scsi transport errors? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 32/64-bit Library Sharing and Placement
On 04/04/2012 11:33 PM, Brian McGrew wrote: > I'm rebuilding much of the gnu toolchain for some development testing I'm > working. GMP, MPC, MPFR, PPL, as well as many others. I need to be able to > have both 32 and 64 bit versions of these libraries avilable on the system, > in more or less the same path (/toolchain/lib, /toolchain/lib64). > > Generically speaking, is there an easy way to build both 32 and 64 bit > versions a the same time??? Or, more specifically, what is the best way to > get both versions built??? > > CentOS 6.2 on a Dell 1900 with Xeon 5130 CPU's. > > After a few more hours of digging, I believe what I'm wanting is multilib??? > > Is there a way to get a 32 and 64 bit build (multilib?) in one pass? If not, > what is the easiest way to do this? Your questions are not making sense to me ... You talk about /toolchain/lib and /toolchain/lib64 ... no idea what that is or what you are trying to build ... or what you are trying to build with. I will assume you want to build some 32 and 64 bit packages on the same machine with GCC on CentOS 6.2 IF you want to build items using the CC variable and if you are using gcc then you can install both glibc-devel.i686 and glibc-devel.x86_64 and IF you pass in the proper -m 32 or -m 64 flags with gcc you can compile either i[3,4,5,6]86 (-m 32) or x86_64 (-m 64) items. If you are talking about compiling 32 bit programs on x86_64 machine, then you need to install these i686 packages on your x86_64 machine: yum install glibc.i686 libstdc++-devel.i686 glibc-devel.i686 gcc make autoconf automake16 You should also add this line to your .rpmmacros file in the home directory of the user you will be compiling things under (and I also add it to the root user's home directory): %_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch} After adding that line, you can issue the command: rpm -qa | grep i[3,4,5,6]86 with that, you can see what 32 bit packages are installed on your machine. If you have multi-lib libraries, I personally would use something like mock to build chroots that contain only the packages you need to build the things you want to build. This allows you to keep your machine with very minimal packages installed and allows you to put development libraries in the chroots. Here is info on mock and sandboxes: http://fedoraproject.org/wiki/Extras/MockTricks (the epel repo has mock in it) signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos