Re: [CentOS] PCI/DSS compliance on CentOS

[Eero Volotinen]

2012/5/26 Ken godee :
>>> What "level" of PCI/DSS compliance are you going for?
>>
>> I have to check this with the client.   Credit card information will
>> be encrypted and stored in client's own db.
>
> Yup, this is exactly what they don't want people to do and
> I believe in the future they'll strive for just a handful
> of processors that will meet there criteria.
>
>> The client will be hosting it on their own office premise (the
>> physical security aspect is being handled by another vendor).
>>
>
> I'm sure I'm talking way over my head at this point but
> this must be for a fairly large merchant (1M+ transactions yearly).

"The client will be hosting it on their own office premise" sounds
really bad. Usually this kind of systems are located in really secured
datacenters.

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCI/DSS compliance on CentOS

[Ken godee]

>> What "level" of PCI/DSS compliance are you going for?
>
> I have to check this with the client.   Credit card information will
> be encrypted and stored in client's own db.

Yup, this is exactly what they don't want people to do and
I believe in the future they'll strive for just a handful
of processors that will meet there criteria.

> The client will be hosting it on their own office premise (the
> physical security aspect is being handled by another vendor).
>

I'm sure I'm talking way over my head at this point but
this must be for a fairly large merchant (1M+ transactions yearly).

Not quite sure why one wouldn't use one of processors gateway 
facilities, there's convenient api's that would handle anything to do
with cc's and at a "small fraction" of the price to set up and maintain.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCI/DSS compliance on CentOS

[Eero Volotinen]

2012/5/26 Arun Khan :
> Hi Eero,
>
> On Sat, May 26, 2012 at 1:12 AM, Eero Volotinen  wrote:
>> 2012/5/25 Arun Khan :
>>> I have a client project to implement PCI/DSS compliance.
>>>
>>> The PCI/DSS auditor has stipulated that the web server, application
>>> middleware (tomcat), the db server have to be on different systems.
>>
>> requirement "one primary function per server".
>>
>>> In addition the auditor has also stipulated that there be a NTP
>>> server, a "patch" server,
>>
>> true also.
>
> ... snip ...
>
>
> Thanks for your input on each points in OP.   I appreciate it.

Usually you also need to implement WAF (web application firewall) on
front of public webservers.

I think cheapest solution is use mod_security*) on apache and then
proxy valid requests to tomcat.

*) http://www.modsecurity.org/


--
Eero, RHCE, CISSP
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCI/DSS compliance on CentOS

[Arun Khan]

Hi Eero,

On Sat, May 26, 2012 at 1:12 AM, Eero Volotinen  wrote:
> 2012/5/25 Arun Khan :
>> I have a client project to implement PCI/DSS compliance.
>>
>> The PCI/DSS auditor has stipulated that the web server, application
>> middleware (tomcat), the db server have to be on different systems.
>
> requirement "one primary function per server".
>
>> In addition the auditor has also stipulated that there be a NTP
>> server, a "patch" server,
>
> true also.

... snip ...


Thanks for your input on each points in OP.   I appreciate it.

-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCI/DSS compliance on CentOS

[Arun Khan]

On Fri, May 25, 2012 at 11:27 PM, Ken godee  wrote:
> wow, seems like quite a lot.
>
> What "level" of PCI/DSS compliance are you going for?

I have to check this with the client.   Credit card information will
be encrypted and stored in client's own db.

> The only other thing I might add
>
> Are you hosting the hardware? If it's
> hosted else where then the "facility" that's
> hosting the hardware needs to be PCI/DSS complaint.

The client will be hosting it on their own office premise (the
physical security aspect is being handled by another vendor).

Thanks,
-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Mysterious versioning reported by file command

[Frank Cox]

I just noticed this, which doesn't actually seem to affect anything but does
create a mystery:

[frankcox@mutt temp]$ cat test.c
#include 
int main(void)
{
printf("Hello world\n");
return 0;
}
[frankcox@mutt temp]$ gcc -o test test.c
[frankcox@mutt temp]$ file test
test: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked
(uses shared libs), for GNU/Linux 2.6.18, not stripped
[frankcox@mutt temp]$ uname -a
Linux mutt.melvilletheatre.net 2.6.32-220.17.1.el6.x86_64 #1 SMP Wed May 16
00:01:37 BST 2012 x86_64 x86_64 x86_64 GNU/Linux

Why does the output from file say "Linux 2.6.18" when the actual kernel in use
is 2.6.32?

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] biggest disk partition on 5.8?

[Rajagopal Swaminathan]

Greetings,


On Wed, May 23, 2012 at 11:53 PM, Alan McKay  wrote:
> Hey folks,
>
> I have a Sun J4400 SAS1 disk array with 24 x 1T drives in it connected
> to a Sunfire x2250 running 5.8 ( 64 bit )

You can perhaps think about using GFS apart from XFS


-- 
Regards,

Rajagopal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum problem with glibc

[Timothy Murphy]

m.r...@5-cent.us wrote:

>> I think I understand how it occurred.
>> I tried to yum-remove a package
>> (I don't remember which one, but it wasn't important)
>> and I was told that 300+ packages would be removed.
>> I wasn't sure it I would be asked yes/no to this
>> (I know now that I will always be asked to approve)
>> so I stopped the commend with ctrt-C.
>> Since then I have had these problems.
> 
> I think you have bigger problems. I don't think that  out of yum
> is the problem.
> 
> One dumb question: what's the output of uname -a - *are* you running a
> 64-bit kernel?

Thanks for your response.

[tim@alfred glibc]$ uname -a
Linux alfred.gayleard.eu 2.6.32-220.17.1.el6.x86_64 #1 SMP Wed May 16 
00:01:37 BST 2012 x86_64 x86_64 x86_64 GNU/Linux

> Have you tried yum clean all?

I have.
More than once.

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?

[Les Mikesell]

On Fri, May 25, 2012 at 7:42 PM, Max Pyziur  wrote:
>>>
>>> I *do* still have an FC2 box.
>>>
>>> Would anyone second this procedure:
>>> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14052&forum=37&post_id=47945
>>>
>>
>> It might possibly work, but I can't quite imagine why anyone would
>> want to do it at this point.  Why not back up anything you might want
>> to keep, install a nice clean Centos 6.x and put back the files you
>> wanted?
>
> It's a test machine that replicates a production server. The production
> machine was setup in May 2011 when CentOS was in 5.8 and no 6.x had shown
> up.
>
> So, I need a text 5.x box.

Even so, what's the point of an in-place upgrade compared to a fresh
5.x install?Even if it works, there will be old cruft left around
that you don't need and that may cause surprises later.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?

[Max Pyziur]

On Fri, 25 May 2012, Les Mikesell wrote:

> On Fri, May 25, 2012 at 5:03 PM, Max Pyziur  wrote:
>>
>> I *do* still have an FC2 box.
>>
>> Would anyone second this procedure:
>> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14052&forum=37&post_id=47945
>>
>
> It might possibly work, but I can't quite imagine why anyone would
> want to do it at this point.  Why not back up anything you might want
> to keep, install a nice clean Centos 6.x and put back the files you
> wanted?

It's a test machine that replicates a production server. The production 
machine was setup in May 2011 when CentOS was in 5.8 and no 6.x had shown 
up.

So, I need a text 5.x box.

So do you (or anyone) second this or am I going to have to find out on my 
own and report back to you.



Max Pyziur
p...@brama.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] print job gui for remote access

[Frank Cox]

On Sat, 26 May 2012 00:05:40 +0200
Nicolas Thierry-Mieg wrote:

> Frank Cox wrote:
> > Users on Machine A with rights to log into and run jobs on Machine B using
> > ssh want to be able to view and cancel print jobs on Machine B.
> >
> > This is easily accomplished via the commandline with lpq and lprm, but is
> > there a GUI that I can give them?  I have them running things like scribus
> > using launchers like "ssh -X machineb scribus" and would like to provide
> > similar functionality for the printer job control.
> >
> 
> if machine B is running cups, perhaps using the cups web interface? it 
> should be running on port 631 (and has to be configured to allow this).

While that would work, I can imagine my phone ringing with questions about why
someone's printer disappeared.  I'm really just trying to front-end lpq and
lprm.

If I have to I'll write something to do this since it's not a complicated
thing and it's an excuse to play with gtk, but I don't want to re-invent the
wheel.

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?

[Les Mikesell]

On Fri, May 25, 2012 at 5:03 PM, Max Pyziur  wrote:
>
> I *do* still have an FC2 box.
>
> Would anyone second this procedure:
> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14052&forum=37&post_id=47945
>

It might possibly work, but I can't quite imagine why anyone would
want to do it at this point.  Why not back up anything you might want
to keep, install a nice clean Centos 6.x and put back the files you
wanted?

-- 
  Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] print job gui for remote access

[Nicolas Thierry-Mieg]

Frank Cox wrote:
> Users on Machine A with rights to log into and run jobs on Machine B using ssh
> want to be able to view and cancel print jobs on Machine B.
>
> This is easily accomplished via the commandline with lpq and lprm, but is 
> there
> a GUI that I can give them?  I have them running things like scribus using
> launchers like "ssh -X machineb scribus" and would like to provide similar
> functionality for the printer job control.
>

if machine B is running cups, perhaps using the cups web interface? it 
should be running on port 631 (and has to be configured to allow this).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?

[Max Pyziur]

Greetings,

I *do* still have an FC2 box.

Would anyone second this procedure:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14052&forum=37&post_id=47945

Thanks.

Max Pyziur
p...@brama.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] print job gui for remote access

[Frank Cox]

Users on Machine A with rights to log into and run jobs on Machine B using ssh
want to be able to view and cancel print jobs on Machine B.

This is easily accomplished via the commandline with lpq and lprm, but is there
a GUI that I can give them?  I have them running things like scribus using
launchers like "ssh -X machineb scribus" and would like to provide similar
functionality for the printer job control.

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] support for Broadcom BCM4313

[Akemi Yagi]

On Fri, May 25, 2012 at 7:45 AM, Philippe Naudin
 wrote:
> Le ven. 25 mai 2012 09:42:14 CEST, Phil Schaffner a écrit:

>> Check http://elrepo.org/tiki/kmod-compat-wireless to see if it supports
>> your hardware with the standard kernel.
>
> Phil, Earl,
>
> Thanks for pointing me to elrepo : yes, the kmod-compat-wireless page
> lists brcmsmac.ko.
>
> If someone else find this mail while wanting to use its bcm4313
> adapter :
> rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm
> download the firmware from http://git.kernel.org/?p=linux/kernel/git/firmware/
> tar xzf linux-firmware-*.tar.gz
> mv linux-firmware-*/brcm/ /lib/firmware/
> restorecon -rv /lib/firmware
> depmod -a : modprobe brcmsmac
> ... and it works.

Philippe,

Thank you for the note. The kmod-compat-wireless wiki page has been
updated using your lines as an example for installation.

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCI/DSS compliance on CentOS

[Eero Volotinen]

2012/5/25 Arun Khan :
> I have a client project to implement PCI/DSS compliance.
>
> The PCI/DSS auditor has stipulated that the web server, application
> middleware (tomcat), the db server have to be on different systems.

requirement "one primary function per server".

> In addition the auditor has also stipulated that there be a NTP
> server, a "patch" server,

true also.

>
> The Host OS on all of the above nodes will be CentOS 6.2.
>
> Below is a list of things that would be necessary.
>
> 1. Digital Certificates for each host on the PCI/DSS segment

Usually needed, if you use https or similar protocols.

> 2. SELinux on each Linux host in the PCI/DSS network segment

SELinux is not usually needed.

> 3. Tripwire/AIDE on each Linux host in the PCI/DSS segment

Ossec (www.ossec.net) can do this.

> 4. OS hardening scripts (e.g. Bastille Linux)

Some hardening needed.

> 5. Firewall

Hardware and software firewall on each network segment with nat enabled.

> 6. IDS (Snort)

Ossec can do this

> 6. Central “syslog” server

Ossec server with samhain is good solution for that.

>
> However, beyond this I would appreciate any comments/feedback /
> suggestion if you or your organization has undergone a PCI/DSS audit
> and what are the gotchas that you encountered, especially with respect
> to CentOS/ open source stack.

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Third party repo differences

[Phil Schaffner]

Bowie Bailey wrote on 05/25/2012 01:00 PM:
> Is "Fedora Project" EPEL?
Yes.

Phil

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCI/DSS compliance on CentOS

[m . roth]

Ken godee wrote:
> wow, seems like quite a lot.

Heh. When I was working for the company, I had a guy who sat in easy
earshot who was one of their folks who dealt with questions from companies
and businesses. The *easiest* one, the lowest level, was 60 or 63
questions. The serious, highest one was over 220, and really required
people on at least our level to answer some of them.

mark
>
> What "level" of PCI/DSS compliance are you going for?
>
> The only other thing I might add
>
> Are you hosting the hardware? If it's
> hosted else where then the "facility" that's
> hosting the hardware needs to be PCI/DSS complaint.
>
> On 5/25/2012 10:22 AM, Arun Khan wrote:
>> I have a client project to implement PCI/DSS compliance.
>>
>> The PCI/DSS auditor has stipulated that the web server, application
>> middleware (tomcat), the db server have to be on different systems.
>> In addition the auditor has also stipulated that there be a NTP
>> server, a "patch" server,
>>
>> The Host OS on all of the above nodes will be CentOS 6.2.
>>
>> Below is a list of things that would be necessary.
>>
>> 1. Digital Certificates for each host on the PCI/DSS segment
>> 2. SELinux on each Linux host in the PCI/DSS network segment
>> 3. Tripwire/AIDE on each Linux host in the PCI/DSS segment
>> 4. OS hardening scripts (e.g. Bastille Linux)
>> 5. Firewall
>> 6. IDS (Snort)
>> 6. Central “syslog” server
>>
>> However, beyond this I would appreciate any comments/feedback /
>> suggestion if you or your organization has undergone a PCI/DSS audit
>> and what are the gotchas that you encountered, especially with respect
>> to CentOS/ open source stack.
>>
>> I came across this which kind of brings out issues between the
>> implementer and the PCI/DSS auditor.
>> 
>>
>> Thanks very much.
>>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCI/DSS compliance on CentOS

[Ken godee]

wow, seems like quite a lot.

What "level" of PCI/DSS compliance are you going for?

The only other thing I might add

Are you hosting the hardware? If it's
hosted else where then the "facility" that's
hosting the hardware needs to be PCI/DSS complaint.

On 5/25/2012 10:22 AM, Arun Khan wrote:
> I have a client project to implement PCI/DSS compliance.
>
> The PCI/DSS auditor has stipulated that the web server, application
> middleware (tomcat), the db server have to be on different systems.
> In addition the auditor has also stipulated that there be a NTP
> server, a "patch" server,
>
> The Host OS on all of the above nodes will be CentOS 6.2.
>
> Below is a list of things that would be necessary.
>
> 1. Digital Certificates for each host on the PCI/DSS segment
> 2. SELinux on each Linux host in the PCI/DSS network segment
> 3. Tripwire/AIDE on each Linux host in the PCI/DSS segment
> 4. OS hardening scripts (e.g. Bastille Linux)
> 5. Firewall
> 6. IDS (Snort)
> 6. Central “syslog” server
>
> However, beyond this I would appreciate any comments/feedback /
> suggestion if you or your organization has undergone a PCI/DSS audit
> and what are the gotchas that you encountered, especially with respect
> to CentOS/ open source stack.
>
> I came across this which kind of brings out issues between the
> implementer and the PCI/DSS auditor.
> 
>
> Thanks very much.
>

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCI/DSS compliance on CentOS

[m . roth]

Arun Khan wrote:
> I have a client project to implement PCI/DSS compliance.
>
> The PCI/DSS auditor has stipulated that the web server, application
> middleware (tomcat), the db server have to be on different systems.
> In addition the auditor has also stipulated that there be a NTP
> server, a "patch" server,
>
> The Host OS on all of the above nodes will be CentOS 6.2.
>
> Below is a list of things that would be necessary.
>
> 1. Digital Certificates for each host on the PCI/DSS segment
> 2. SELinux on each Linux host in the PCI/DSS network segment
> 3. Tripwire/AIDE on each Linux host in the PCI/DSS segment
> 4. OS hardening scripts (e.g. Bastille Linux)
> 5. Firewall
> 6. IDS (Snort)
> 6. Central “syslog” server
>
> However, beyond this I would appreciate any comments/feedback /

I had a short-term contract with a company that a) did managed security,
and b) was a root CA. I *think* the auditor missed one thing: as I
understand it, if the three servers aren't hardwired to each other, *all*
communications must be encrypted between them.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] PCI/DSS compliance on CentOS

[Arun Khan]

I have a client project to implement PCI/DSS compliance.

The PCI/DSS auditor has stipulated that the web server, application
middleware (tomcat), the db server have to be on different systems.
In addition the auditor has also stipulated that there be a NTP
server, a "patch" server,

The Host OS on all of the above nodes will be CentOS 6.2.

Below is a list of things that would be necessary.

1. Digital Certificates for each host on the PCI/DSS segment
2. SELinux on each Linux host in the PCI/DSS network segment
3. Tripwire/AIDE on each Linux host in the PCI/DSS segment
4. OS hardening scripts (e.g. Bastille Linux)
5. Firewall
6. IDS (Snort)
6. Central “syslog” server

However, beyond this I would appreciate any comments/feedback /
suggestion if you or your organization has undergone a PCI/DSS audit
and what are the gotchas that you encountered, especially with respect
to CentOS/ open source stack.

I came across this which kind of brings out issues between the
implementer and the PCI/DSS auditor.


Thanks very much.

-- 
Arun Khan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Third party repo differences

[Bowie Bailey]

On 5/25/2012 12:43 PM, Les Mikesell wrote:
> On Fri, May 25, 2012 at 11:00 AM, John Doe  wrote:
>> From: Bowie Bailey 
>>
>>> On a related note, I have a server that is using both the epel and
>>> rpmforge repos.  Is there a way to determine which packages came from
>>> which repo?
>> You could try something like this:
>>   rpm -qa --qf "%-30{NAME}%{VENDOR}\n"

That looks interesting.  I see four vendor names listed.

CentOS
Dag Apt Repository
Fedora Project
(none)

Is "Fedora Project" EPEL?

> In 6.x, yum keeps track of where packages were installed from.
> yum history packages-info packagename(s)
> will show that among other things.  There might be a better way to get
> the whole list.

Unfortunately, this is an older system that I am trying to rebuild as
CentOS 6.

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Third party repo differences

[Jesus del Valle]

>
> > You could try something like this:
> >   rpm -qa --qf "%-30{NAME}%{VENDOR}\n"
>
> In 6.x, yum keeps track of where packages were installed from.
> yum history packages-info packagename(s)
>
Hi. From http://forums.fedoraforum.org/showthread.php?t=240877
yum list installed | grep repositoryname
Regards,
Jesus
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Third party repo differences

[Les Mikesell]

On Fri, May 25, 2012 at 11:00 AM, John Doe  wrote:
> From: Bowie Bailey 
>
>> On a related note, I have a server that is using both the epel and
>> rpmforge repos.  Is there a way to determine which packages came from
>> which repo?
>
> You could try something like this:
>   rpm -qa --qf "%-30{NAME}%{VENDOR}\n"

In 6.x, yum keeps track of where packages were installed from.
yum history packages-info packagename(s)
will show that among other things.  There might be a better way to get
the whole list.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Force permissions by directory

[Nicolas Thierry-Mieg]

Frank Cox wrote:
> Is there a way to force file permissions by directory (and subdirectories
> under it)?
>
> For example, the user's default umask value is 022 but I want it to be 002 in
> certain directories.
>

I have cronjobs like this to regularly give group read permissions (and 
x for dirs) on /some/dir and all it's subdirs:

/usr/bin/find /some/dir -xdev ! -perm -g+r -print -exec chmod g+r \{\} +

/usr/bin/find  /some/dir -xdev -type d ! -perm -g+x -print -exec  chmod 
g+x \{\} +

hth
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Third party repo differences

[John Doe]

From: Bowie Bailey 

> On a related note, I have a server that is using both the epel and
> rpmforge repos.  Is there a way to determine which packages came from
> which repo?

You could try something like this:
  rpm -qa --qf "%-30{NAME}%{VENDOR}\n"

See the man for more useful tags.

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Force permissions by directory

[Frank Cox]

Is there a way to force file permissions by directory (and subdirectories
under it)?

For example, the user's default umask value is 022 but I want it to be 002 in
certain directories.

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Third party repo differences

[Bowie Bailey]

On 5/24/2012 8:00 PM, Lamar Owen wrote:
> I'll step out on a limb here and generalize somewhat; I would think that most 
> CentOS users use at least one third-party repository, if the traffic on this 
> list is any indication (and, again, I reserve the right to be wrong).  So 
> knowing how to properly determine how to use those repos (which was the OP's 
> question, after all) is very useful indeed, IMO.

On a related note, I have a server that is using both the epel and
rpmforge repos.  Is there a way to determine which packages came from
which repo?

The rpmforge ones are fairly easy:

$ rpm -qa | grep '\.rf$'

but epel doesn't use the repotag, so I'm not sure how to do it.

Any suggestions?

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] support for Broadcom BCM4313

[Phil Schaffner]

Earl Ramirez wrote on 05/25/2012 09:37 AM:
>
> Philippe,
>
> You can try ELRepo, I believe that they have the drivers for boderdom, they
> also have kernel 3.3.x, please read their note about using kernel 3.3.x. I
> have tried it and I did not have any issues with it.
>
> http://elrepo.org/tiki/kernel-ml
>

Check http://elrepo.org/tiki/kmod-compat-wireless to see if it supports 
your hardware with the standard kernel.

Phil


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] support for Broadcom BCM4313

[Philippe Naudin]

Le ven. 25 mai 2012 09:42:14 CEST, Phil Schaffner a écrit:

> Philippe Naudin wrote on 05/25/2012 08:39 AM:
> > Hello,
> >
> > The support for Broadcom Corporation BCM4313 802.11b/g/n Wireless is
> > native in the kernel since 2.6.37 (module brcm80211, renamed brcmsmac
> > since 2.6.39).
> >
> > But is it backported to some kernel available for CentOS ?
> >
> > Thanks,
> >
> 
> Check http://elrepo.org/tiki/kmod-compat-wireless to see if it supports 
> your hardware with the standard kernel.

Phil, Earl,

Thanks for pointing me to elrepo : yes, the kmod-compat-wireless page
lists brcmsmac.ko.

If someone else find this mail while wanting to use its bcm4313 
adapter :
rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm
download the firmware from http://git.kernel.org/?p=linux/kernel/git/firmware/
tar xzf linux-firmware-*.tar.gz
mv linux-firmware-*/brcm/ /lib/firmware/
restorecon -rv /lib/firmware
depmod -a : modprobe brcmsmac
... and it works.

Thanks again,

-- 
Philippe Naudin
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum problem with glibc

[m . roth]

Tim,

Timothy Murphy wrote:
> Johnny Hughes wrote:
>> On 05/23/2012 04:41 PM, Timothy Murphy wrote:
>>> Johnny Hughes wrote:

>> 3.  The real issue here is to make sure you figure out HOW you got in
>> this position and how NOT to get into it again.
>
> I think I understand how it occurred.
> I tried to yum-remove a package
> (I don't remember which one, but it wasn't important)
> and I was told that 300+ packages would be removed.
> I wasn't sure it I would be asked yes/no to this
> (I know now that I will always be asked to approve)
> so I stopped the commend with ctrt-C.
> Since then I have had these problems.

I think you have bigger problems. I don't think that  out of yum
is the problem.

One dumb question: what's the output of uname -a - *are* you running a
64-bit kernel?

Have you tried yum clean all?

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum problem with glibc

[Timothy Murphy]

Johnny Hughes wrote:

First, thanks very much for continuing to help me.

> On 05/23/2012 04:41 PM, Timothy Murphy wrote:
>> Johnny Hughes wrote:
>>
 ---
 Error: Protected multilib versions: glibc-2.12-1.47.el6_2.12.x86_64 !=
 glibc-2.12-1.47.el6_2.9.i686
 ** Found 3 pre-existing rpmdb problem(s), 'yum check' output follows:
 bash-4.1.2-9.el6_2.x86_64 is a duplicate with
 bash-4.1.2-8.el6.centos.x86_64 glibc-common-2.12-1.47.el6_2.12.x86_64
 is a duplicate with glibc- common-2.12-1.47.el6_2.9.x86_64
 glibc-common-2.12-1.47.el6_2.12.x86_64 has missing requires of glibc =
 ('0', '2.12', '1.47.el6_2.12')
 ---

>>> You have both the i686 and x86_64 versions of glibc installed.  That
>>> error means that the repo you are trying to update from has a different
>>> version of i686 glibc and x86_64 glibc ... or you are trying to upgrade
>>> one (the x86_64 version) and not the other (the i686 version).
>>>
>>> Since multilib installs share some files (all the Documentation, etc.),
>>> that means you must install the same version of each arch if you install
>>> both i686 and x86_64 packages.
>> Thank you very much for your response.
>>
>> But I'm afraid I'm not clear what action I can take.
>> I don't like to remove any glibc or glibc-common packages,
>> as I'm afraid it might have a disastrous effect,
>> since they seem to be required by so many other packages,
>> including the kernel.

> Based on your errors, what I would do is this:
> 
> 1.   You only need 1 version of glibc-common.x86_64.  The only way you
> could have gotten into this position is either your machine died in the
> middle of a yum update or someone force installed the later glibc-common
> via the rpm -i command.
> 
> I would first try to install the yum-utils package with this command:

I do have this package installed.

> once that is installed, I would try:
> 
> yum-complete-transaction

When I run this, an enormous list of packages (I think over 300)
that will be deleted appears, eg
-
---> Package kdelibs-common.x86_64 6:4.3.4-11.el6_1.4 will be erased
---> Package kernel.x86_64 0:2.6.32-220.2.1.el6 will be erased
---> Package kernel.x86_64 0:2.6.32-220.4.1.el6 will be erased
---> Package kernel.x86_64 0:2.6.32-220.7.1.el6 will be erased
---> Package kernel.x86_64 0:2.6.32-220.13.1.el6 will be erased
-
But before I can answer yes or no, the command fails with
-
Error: Trying to remove "yum", which is protected
-
I still get this error if I say "yum-complete-transaction --exclude=yum"

> I would figure out exactly what packages I had installed for glibc and
> get them all on one version ... you need to be careful with glibc (and
> its sub packages) ... it is the most important package on your machine.

The only glibc* packages listed in /var/log/yum.* are 64-bit, eg
-
[tim@alfred ~]$ sudo grep glibc /var/log/yum*
/var/log/yum.log:Feb 07 02:20:29 Updated: glibc-
common-2.12-1.47.el6_2.5.x86_64
/var/log/yum.log:Feb 07 02:20:45 Updated: glibc-2.12-1.47.el6_2.5.x86_64
...
/var/log/yum.log:Mar 17 17:51:11 Updated: glibc-
common-2.12-1.47.el6_2.9.x86_64
/var/log/yum.log:Mar 17 17:51:24 Updated: glibc-2.12-1.47.el6_2.9.x86_64
...
/var/log/yum.log:May 22 11:38:50 Installed: glibc-2.12-1.47.el6_2.9.x86_64


I haven't deliberately installed any versions other than these.
This is on a server running CentOS-6.2 (in another country),
and I never say anything relevant on it except "sudo yum update".

> How I would do this is that I would download all the RPMs for the latest
> version of all the packages you have installed ... for me that would be:
> 
> glibc-devel-2.12-1.47.el6_2.12.x86_64.rpm
> glibc-headers-2.12-1.47.el6_2.12.x86_64.rpm
> glibc-2.12-1.47.el6_2.12.i686.rpm
> glibc-common-2.12-1.47.el6_2.12.x86_64.rpm
> glibc-2.12-1.47.el6_2.12.x86_64.rpm
> nscd-2.12-1.47.el6_2.12.x86_64.rpm

After "yum-update" the server tried to download the 2.12 versions,
but wasn't able to for the same above reason:

I have them all on another server also running CentOS-6.2:

[tim@grover ~]$ sudo grep glibc /var/log/yum.log*
...
/var/log/yum.log:May 11 13:58:46 Updated: glibc-
common-2.12-1.47.el6_2.12.x86_64
/var/log/yum.log:May 11 13:59:20 Updated: glibc-2.12-1.47.el6_2.12.x86_64
/var/log/yum.log:May 11 13:59:54 Updated: glibc-
headers-2.12-1.47.el6_2.12.x86_64
/var/log/yum.log:May 11 13:59:59 Updated: glibc-
devel-2.12-1.47.el6_2.12.x86_64
/var/log/yum.log:May 11 14:01:44 Updated: glibc-2.12-1.47.el6_2.12.i686

so I could copy them from there, and forcefully install them?

> Once I had them all in the same directory, I would try a:
> 
> rpm -Uvh *.rpm
> 
> then I would look at the errors
> 
> based on those errors (if it d

Re: [CentOS] Dedup FS on 5.8

[Alan McKay]

Whoops, sorry - looking for opinions and personal experiences


-- 
“Don't eat anything you've ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Dedup FS on 5.8

[Alan McKay]

Hey folks,

I have a 14TB disk array that I want to use for rsnapshot backups, and
am considering putting a dedup FS onto it.  I know I've got about a TB
of duplication, at least.  And it is not easy to remove manually.

Google lands me LessFS and SDFS as the prime candidates.

thanks,
-Alan

-- 
“Don't eat anything you've ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] support for Broadcom BCM4313

[Phil Schaffner]

Philippe Naudin wrote on 05/25/2012 08:39 AM:
> Hello,
>
> The support for Broadcom Corporation BCM4313 802.11b/g/n Wireless is
> native in the kernel since 2.6.37 (module brcm80211, renamed brcmsmac
> since 2.6.39).
>
> But is it backported to some kernel available for CentOS ?
>
> Thanks,
>

Check http://elrepo.org/tiki/kmod-compat-wireless to see if it supports 
your hardware with the standard kernel.

Phil


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] support for Broadcom BCM4313

[Earl Ramirez]

On 25 May 2012 08:39, Philippe Naudin wrote:

> Hello,
>
> The support for Broadcom Corporation BCM4313 802.11b/g/n Wireless is
> native in the kernel since 2.6.37 (module brcm80211, renamed brcmsmac
> since 2.6.39).
>
> But is it backported to some kernel available for CentOS ?
>
> Thanks,
>
> --
> Philippe Naudin
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Philippe,

You can try ELRepo, I believe that they have the drivers for boderdom, they
also have kernel 3.3.x, please read their note about using kernel 3.3.x. I
have tried it and I did not have any issues with it.

http://elrepo.org/tiki/kernel-ml

-- 
Kind Regards
Earl Ramirez
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] support for Broadcom BCM4313

[Philippe Naudin]

Hello,

The support for Broadcom Corporation BCM4313 802.11b/g/n Wireless is
native in the kernel since 2.6.37 (module brcm80211, renamed brcmsmac
since 2.6.39).

But is it backported to some kernel available for CentOS ?

Thanks,

-- 
Philippe Naudin
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] compiling python

[Phil Schaffner]

Rita wrote on 05/25/2012 06:29 AM:
> Hello,
>
> I would like to compile python 2.7.3 for centos and was wondering if there
> were any instructions I should follow. I would like to keep the standard
> python the way it is. I would like to compile to /opt. Any tips or ideas
> would be much appreciated.

Some advice on python 2.7 from the list archives:

http://lists.centos.org/pipermail/centos/2012-April/125174.html
http://lists.centos.org/pipermail/centos/2012-May/125808.html

Phil

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] compiling python

[John Doe]

From: Rita 

>I would like to compile python 2.7.3 for centos and was wondering if there
>were any instructions I should follow. I would like to keep the standard
>python the way it is. I would like to compile to /opt. Any tips or ideas
>would be much appreciated.


Read the file README from the python tar.gz file.
Use "--prefix".

JD

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] biggest disk partition on 5.8?

[Peter Kjellström]

On Wednesday 23 May 2012 14.23.31 Alan McKay wrote:
> Hey folks,
...
> I used 'arcconf' to create a big RAID60 out of (see below).
> 
> But then I mount it and it is way too small
> This should be about 20TB :
...
> /dev/sdb1 186G   60M  176G   1% /mnt/J4400-1
...
> Here is how I created it :
> 
> ./arcconf create 1 logicaldrive name J4400-1-RAID60 max 60 0 0 0 1 0 2
...
> Make 1 big partition :
> 
> sfdisk /dev/sdb < ,,L
> EOF

This is the problem, various filesystems issues are irrelevant. sfdisk only 
uses "the old" msdos type partition table and this does not support >2T 
devices. It is unfortunate that it lacks proper error checking and warnings...

You should do one of:

 1) don't use partitioning (mkfs directly on /dev/sdb)
 2) use LVM (pvcreate /dev/sdb ...)
 3) use a GPT type partition table (parted /dev/sdb or similar)

After this you'll have to tackle the current 16T limit for ext4 and other 
filesystem related oddities..

/Peter


signature.asc
Description: This is a digitally signed message part.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] compiling python

[Rita]

Hello,

I would like to compile python 2.7.3 for centos and was wondering if there
were any instructions I should follow. I would like to keep the standard
python the way it is. I would like to compile to /opt. Any tips or ideas
would be much appreciated.



-- 
--- Get your facts first, then you can distort them as you please.--
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openldap mmr + heartbeat hot standby

[Benjamin Hackl]

Dear Wessel,

I'd do the following.

give both servers a static non changing IP:

ldapA.yourdomain.tld, e.g. 10.0.0.1 on eth0
ldapB.yourdomain.tld, e.g. 10.0.0.2 on eth0

These two IPs will always be the same. You can access ldapA or ldapB
anytime via it's designated name.

For failover, use an alias:

ldap.yourdomain.tld, e.g. 10.0.0.3 on eth0:0 on the active node

Don't tell heartbeat of openldap and everything should be good.


Brgds


-- 
Freundliche Gruesse/Best Regards
Benjamin Hackl
IT/Administration

Media FOCUS Research Ges.m.b.H.
Maculangasse 8, 1220 Wien Austria
Tel: +43 1 258 97 01-295
b.ha...@focusmr.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing CIFS on CentOS4

[Benjamin Hackl]

Dear Jeff,

On Thu, 24 May 2012 15:16:13 -1000
Jeff Sadino  wrote:

> I have a CentOS4 install and I am trying to mount a Windows Server
> 2008 folder.  When I use this command:

You can try the sernet samba repositories.

http://www.sernet.de/en/
http://ftp.sernet.de/pub/samba/3.6/centos/4/sernet-samba.repo

There are packages for various samba versions.

Brgds


-- 
Freundliche Gruesse/Best Regards
Benjamin Hackl
IT/Administration

Media FOCUS Research Ges.m.b.H.
Maculangasse 8, 1220 Wien Austria
Tel: +43 1 258 97 01-295
b.ha...@focusmr.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos