[CentOS-announce] Mailserver move
Hi subscribers, the sponsor of the machine our mailserver runs on will be physically moving the machine at around May 27th 04:00 UTC. This move will take until around May 27th 07:00 UTC (or shorter). This means that there will be no activity on the mailing lists during that time. We all hope that the machine will come up without problems again after the move. If it doesn't, service (mailing lists) might be interrupted for a few more hours. We apologize for any inconvenience this might cause you. Regards, Ralph ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-es] variso crashes en centos
Saludos lista espero que todos esten bien con la ayuda de Dios , tengo unas inquietudes que quiero aclaran con la lista , he estado viendo algunos reincios de mi servidor y en los cuales veo unos mensajes de crashes y me preocupa un poco esto. root pts/1192.168.0.2 Fri May 18 09:45 - crash (03:58) reboot system boot 2.6.18-274.12.1. Fri May 18 08:14 (5+23:19) root tty4 Tue May 15 12:56 - crash (2+19:17) root tty2 Fri May 11 12:30 - crash (6+19:44) root tty1 Fri May 11 12:29 - crash (6+19:44) root :0Fri May 11 12:25 - crash (6+19:49) root :0 que significa crash en linux o porque pone esa palabra , por lo general veo que pone la hora o down. , por cierto habra algun comando que pueda auditar que usuario ejecuto yum update o algo asi? , veo los log de yum y me dice la hora que aplico una actualizacion , pero me gustaria saber que usuario lo realizo o mejor dicho a que hora se logearon sldss -- rickygm http://gnuforever.homelinux.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] PCI/DSS compliance on CentOS
On Fri, 25 May 2012 22:52:13 +0530 Arun Khan knu...@gmail.com wrote: I have a client project to implement PCI/DSS compliance. Some advice from my practical professional knowledge... The PCI/DSS auditor has stipulated that the web server, application middleware (tomcat), the db server have to be on different systems. In addition the auditor has also stipulated that there be a NTP server, a patch server, There is always the scope to be understood. If a server has card numbers somewhere, that server in on scope. So is any other server on the same network segment. So is any firewall delimiting these network segments. Now... if you have a sufficiently large number of systems in scope, it's more practical to suppose PCI:DSS is in scope on all servers. This eases your maintenance as you won't have exceptions to deal with, or justify, but if you have very few systems in scope rather than most of the others which aren't, it'll be your decision considering the work overload. I personally still advise to follow most rules on the non scoped servers as they are in fact wise rules. The Host OS on all of the above nodes will be CentOS 6.2. Not a good practice to say 6.2. Merely applying patches as time goes on means in some time you'll be running 6.3. Say 6. :) Below is a list of things that would be necessary. 1. Digital Certificates for each host on the PCI/DSS segment 2. SELinux on each Linux host in the PCI/DSS network segment Beware that many instructions tell you to disable selinux. I found that with a little bit of work and the help of audit2why and a few more selinux commands, you can usually work around bad apps by assuming the risk of allowing what they need. A master will write his own selinux rules according to apps, though. 3. Tripwire/AIDE on each Linux host in the PCI/DSS segment I advise OSSEC, rather than those, as it's a much better Host IDS. 4. OS hardening scripts (e.g. Bastille Linux) I'm very wary of these generic ones, I usually bet on strongly reducing the packages installed and defining the security settings straight from my kickstart install scripts. 5. Firewall 6. IDS (Snort) 6. Central “syslog” server Be careful to send logs under TLS. I found that as a syslog server, rsyslog on RHEL/CentOS 5 *sucks* and gets you in trouble with ram exhaustion and crashes. I had to backport from 6 as the idiotic siem software running on that server demanded series 5 (even though it's just java *sigh*) and we ran into this issue with rsyslog, which is quite old under RHEL/CentOS. This siem server does not support TLS syslog, only plain UDP/TCP unecrypted syslog, so one has to use a syslog server to receive under TLS then forward to the localhost. However, beyond this I would appreciate any comments/feedback / suggestion if you or your organization has undergone a PCI/DSS audit and what are the gotchas that you encountered, especially with respect to CentOS/ open source stack. Use sudo extensively. If you have many servers without central password validation and too little people, it's better to have passwordless sudo restricted to admins group as identified by access via OpenSSH RSA keys than having to change your password every month on hundreds of servers. Restrict your access to root shell, and keep it's password (written by two persons, each knowing their own half) in a safe where none of you can access without paper trail. Yes, as an admin you can override that, but if you have externalized logs audited by a separate set of people, your trails may get you in trouble, so that risk is mitigated. I came across this which kind of brings out issues between the implementer and the PCI/DSS auditor. http://webmasters.stackexchange.com/questions/15098/pci-dss-compliance-for-a-vps-using-centos I see there some things that are not true, namely WRT CentOS versions. It has a lot to do with *how* you do your things, what evidences you register, whether the auditor is excessively strict and/or knows the technology and/or does a risk based assessment, how segmented is your network, and so on. Rui ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] support for Broadcom BCM4313
Le ven. 25 mai 2012 13:45:27 CEST, Akemi Yagi a écrit: On Fri, May 25, 2012 at 7:45 AM, Philippe Naudin philippe.nau...@supagro.inra.fr wrote: Le ven. 25 mai 2012 09:42:14 CEST, Phil Schaffner a écrit: Check http://elrepo.org/tiki/kmod-compat-wireless to see if it supports your hardware with the standard kernel. Phil, Earl, Thanks for pointing me to elrepo : yes, the kmod-compat-wireless page lists brcmsmac.ko. If someone else find this mail while wanting to use its bcm4313 adapter : rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm download the firmware from http://git.kernel.org/?p=linux/kernel/git/firmware/ tar xzf linux-firmware-*.tar.gz mv linux-firmware-*/brcm/ /lib/firmware/ restorecon -rv /lib/firmware depmod -a : modprobe brcmsmac ... and it works. Philippe, Thank you for the note. The kmod-compat-wireless wiki page has been updated using your lines as an example for installation. Oh. After re-reading my post, I found a couple of mistakes : - the actual URL for the firmware is http://git.kernel.org/?p=linux/kernel/git/firmware/linux-firmware.git;a=commit;h=e4379d14549cd9b29988cf3c5b74b29d2051dd09 - and the ; turned : in depmod -a ; modprobe brcmsmac Sorry for the inconvenience, and a lot of thanks for your job ! -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PCI/DSS compliance on CentOS
On Fri, 25 May 2012 13:47:12 -0400 m.r...@5-cent.us wrote: Arun Khan wrote: I have a client project to implement PCI/DSS compliance. The PCI/DSS auditor has stipulated that the web server, application middleware (tomcat), the db server have to be on different systems. In addition the auditor has also stipulated that there be a NTP server, a patch server, The Host OS on all of the above nodes will be CentOS 6.2. Below is a list of things that would be necessary. 1. Digital Certificates for each host on the PCI/DSS segment 2. SELinux on each Linux host in the PCI/DSS network segment 3. Tripwire/AIDE on each Linux host in the PCI/DSS segment 4. OS hardening scripts (e.g. Bastille Linux) 5. Firewall 6. IDS (Snort) 6. Central “syslog” server However, beyond this I would appreciate any comments/feedback / snip I had a short-term contract with a company that a) did managed security, and b) was a root CA. I *think* the auditor missed one thing: as I understand it, if the three servers aren't hardwired to each other, *all* communications must be encrypted between them. It's always a matter of risk based analysis. Were that three servers on the same network segment (logical and physical)? Do you have good and restrictive firewalls around them, and so on. It's not good security or a good audit result if you just throb all the nobs. Rui ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Third party repo differences (was: Re: Repositories in CentOS 5.8)
Dne 25.5.2012 02:00, Lamar Owen napsal(a): At the moment both EPEL and RPMforge are on a 2.6.x amavisd-new; 2.7 makes some changes in the AM.PDP protocol that can break, for instance, amavisd-milter (distinct from the much less useful amavis-milter). Neither repo has amavisd-milter, so that compatibility issue may not show up except to those who actually use amavisd-milter instead of the much less useful amavis-milter. Lamar, Repoforge/RPMforge does provide amavisd-new-milter package... DH ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] KVM and vnc together
Ran into something weird. I have my machine CentOS 6.2 running KVM guest of Windows 7. This works fine while I'm in the office... Then when I remote in using VNC to my machine - the VNC always works fine. However, when I try to access the KVM session its like the mouse has lost its brain. Anyone ran into this? I startup with this command: qemu-system-x86_64 -net nic,model=rtl8139 -net user -hda win7.img -usb -m 4192 -vga std Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum problem with glibc
Johnny Hughes wrote: Based on your errors, what I would do is this: Thanking you again for all your help. I have one last question, and then I promise to ask no more! Could the rpm --force suggestion you make possibly stop the server working? 1. You only need 1 version of glibc-common.x86_64. ... I would figure out exactly what packages I had installed for glibc and get them all on one version ... you need to be careful with glibc (and its sub packages) ... it is the most important package on your machine. How I would do this is that I would download all the RPMs for the latest version of all the packages you have installed ... for me that would be: glibc-devel-2.12-1.47.el6_2.12.x86_64.rpm glibc-headers-2.12-1.47.el6_2.12.x86_64.rpm glibc-2.12-1.47.el6_2.12.i686.rpm glibc-common-2.12-1.47.el6_2.12.x86_64.rpm glibc-2.12-1.47.el6_2.12.x86_64.rpm nscd-2.12-1.47.el6_2.12.x86_64.rpm I've downloaded all these to /tmp/glibc/ Once I had them all in the same directory, I would try a: rpm -Uvh *.rpm then I would look at the errors I get the same error as before: - [tim@alfred glibc]$ sudo rpm -Uvh *.rpm error: Failed dependencies: glibc = 2.12-1.47.el6_2.9 is needed by (installed) glibc- common-2.12-1.47.el6_2.9.x86_64 - based on those errors (if it does not install) then I would likely do: rpm -Uvh --force *.rpm that will LIKELY clean up your rpm issues for glibc ... but if you don't understand the errors, post those here. Now this is my last question: Can I be reasonably (say 90%) sure that the above command will not stop the server running? The problem is that the server is a long way away (in another country) and I won't have any way of contacting it if it stops running. I don't really need to do anything, as it seems to be running fine as it is - the update problem doesn't appear to have any deleterious effect. I can perfectly well leave it until I can deal with the issue on site, and even re-install CentOS if necessary. But I guess the problem does raise one general issue, which maybe others are puzzled by, and that is why x86_64 and i386 programs are both apparently needed? Why specifically does glibc-common-2.12-1.47.el6_2.9.x86_64 seem to require glibc-2.12-1.47.el6_2.9, according to the message above? 2. For bash, I would: rpm -e bash-4.1.2-8.el6.centos.x86_64 then I would reinstall the other bash yum reinstall bash-4.1.2-9.el6_2.x86_64 I've followed your advice for bash, and seem to have removed this problem at least. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College Dublin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] support for Broadcom BCM4313
On Sat, May 26, 2012 at 12:40 AM, Philippe Naudin philippe.nau...@supagro.inra.fr wrote: Le ven. 25 mai 2012 13:45:27 CEST, Akemi Yagi a écrit: Thank you for the note. The kmod-compat-wireless wiki page has been updated using your lines as an example for installation. Oh. After re-reading my post, I found a couple of mistakes : - the actual URL for the firmware is http://git.kernel.org/?p=linux/kernel/git/firmware/linux-firmware.git;a=commit;h=e4379d14549cd9b29988cf3c5b74b29d2051dd09 - and the ; turned : in depmod -a ; modprobe brcmsmac Sorry for the inconvenience, and a lot of thanks for your job ! I noticed both :-) The URL I chose pulls down the whole thing. I will make a change to your corrected link. Thanks again, Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum problem with glibc
On Sat, 2012-05-26 at 12:45 +0100, Timothy Murphy wrote: Now this is my last question: Can I be reasonably (say 90%) sure that the above command will not stop the server running? No you can NOT and don't ever assume that. That's a mistake thinking that. The problem is that the server is a long way away (in another country) and I won't have any way of contacting it if it stops running. Wait and schedule a downtime window for it. That's the heart and soul of linux. That's playing in the devils den if it's a production machine. It's the same in one as the NSS libs on the machine. They break then you will have to install things by hand. RPM and Yum will not work period. If the machine in question has like a Fencing Device (like a drac card ) with an IP addy that's public then maybe (that is card dependent). John signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM and vnc together
On Sat, May 26, 2012 at 4:59 PM, Jerry Geis ge...@pagestation.com wrote: I have my machine CentOS 6.2 running KVM guest of Windows 7. This works fine while I'm in the office... Then when I remote in using VNC to my machine - the VNC always works fine. However, when I try to access the KVM session its like the mouse has lost its brain. Anyone ran into this? I have not had the need to try your scenario. I startup with this command: qemu-system-x86_64 -net nic,model=rtl8139 -net user -hda win7.img -usb -m 4192 -vga std Each guest VM can have it's own vnc console (look at the kvm man page). With VNC enabled for your Win7 VM, you can access the Win7 console directly w/o having to go through your CentOS desktop. HTH, -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PCI/DSS compliance on CentOS
Thanks to all who responded to my query. Collectively, you raised my awareness PCI/DSS, related tool sets and such. I have submitted my proposal to the client and I am sure I will discover a lot more if the proposal is accepted and I begin the implementation. @ Rui Miguel Silva Seabra - appreciate your advice and suggestions. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Third party repo differences (was: Re: Repositories in CentOS 5.8)
On Saturday, May 26, 2012 05:15:41 AM David Hrbáč wrote: Dne 25.5.2012 02:00, Lamar Owen napsal(a): At the moment both EPEL and RPMforge are on a 2.6.x amavisd-new; 2.7 makes some changes in the AM.PDP protocol that can break, for instance, amavisd-milter (distinct from the much less useful amavis-milter). Neither repo has amavisd-milter, so that compatibility issue may not show up except to those who actually use amavisd-milter instead of the much less useful amavis-milter. Lamar, Repoforge/RPMforge does provide amavisd-new-milter package... DH David, I understand that you are one of the RPMforge/repoforge packagers, and I thank you for your efforts. The amavisd-new-milter package does exist for CentOS 5.8; I cannot, however, find an amavisd-new-milter package for CentOS 6 in either rpmforge or rpmforge-extras. Which is just as well, since this amavisd-new-milter is different from amavisd-milter, which is currently at version 1.5.0, the version that is compatible with amavisd-new 2.7.0 and up. It's somewhat unfortunate to have two very different things packaged with very similar names; the amavis-milter that comes with amavisd-new is much less useful than the separate amavisd-milter ( http://amavisd-milter.sourceforge.net/ ; the one packaged with amavisd-new is the one with a README at http://www.ijs.si/software/amavisd/README.milter.txt that points to the Petr Rehor rewrite at amavisd-milter.sourceforge.net). To my knowledge no repos have the amavisd-milter package available; I've built my own for six years or so. I've used both, and the amavisd-new-milter (/usr/sbin/amavis-milter) is not nearly as useful as this amavisd-milter. In fact, for at least the last three years I've not been able to get the amavis-milter that comes with amavisd-new to work at all, whereas amavisd-milter (the Petr Rehor version at sourceforge) works very well at version 1.5.0. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Third party repo differences (was: Re: Repositories in CentOS 5.8)
On Sat, May 26, 2012 at 11:33 AM, Lamar Owen lo...@pari.edu wrote: To my knowledge no repos have the amavisd-milter package available; I've built my own for six years or so. I've used both, and the amavisd-new-milter (/usr/sbin/amavis-milter) is not nearly as useful as this amavisd-milter. In fact, for at least the last three years I've not been able to get the amavis-milter that comes with amavisd-new to work at all, whereas amavisd-milter (the Petr Rehor version at sourceforge) works very well at version 1.5.0. Have you looked at MimeDefang's ability to run all of your scanners out of one milter? I've only used clamav, but it should do whatever you want with one unpacking of attachments and one hook into sendmail (and I think it works with postfix now too). -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM and vnc together
Arun Khan knura9@... writes: On Sat, May 26, 2012 at 4:59 PM, Jerry Geis geisj@... wrote: I have my machine CentOS 6.2 running KVM guest of Windows 7. SNIP Then when I remote in using VNC to my machine - the VNC always works fine. However, when I try to access the KVM session its like the mouse has lost its brain. Anyone ran into this? SNIP Each guest VM can have it's own vnc console (look at the kvm man page). With VNC enabled for your Win7 VM, you can access the Win7 console directly w/o having to go through your CentOS desktop. HTH, I've seen this behaviior with VMware and Xen also as well as KVM. One level of virtualization works fine but two levels of virtualizing the display and the mouse appears to be a bit much for the current level of the technology and it doesn't seem to matter which virtualization platform you use. The Arun's response is probably your best bet for acceptable behavior. You just need to make the network interface for the VM as visible as your desktop's. Cheers, Dave ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mysterious versioning reported by file command
On Sat, 26 May 2012 10:25:54 +0200 Reindl Harald wrote: Why does the output from file say Linux 2.6.18 when the actual kernel in use is 2.6.32? it DOES NOT, learn to read outputs - it speaks about the elfutils why should their output reflect the current kernel point version it is not their job because uname exists [frankcox@mutt ~]$ rpm -q elfutils elfutils-0.152-1.el6.x86_64 That's not version 2.6.18 either. My question is, where does that 2.6.18 come from? It's not the current kernel version, it's not the gcc version, and it's not the current elfutils version either. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Third party repo differences (was: Re: Repositories in CentOS 5.8)
On Saturday, May 26, 2012 12:47:04 PM Les Mikesell wrote: Have you looked at MimeDefang's ability to run all of your scanners out of one milter? Yes. Doing the same thing with amavisd-new on the few sendmail installs I still have running; amavisd-new runs clam (or, at one site, the sophos scanner) and spamassassin, and amavisd-milter does everything needed with one milter. Using essentially the same setup with a couple of postfix sites, but no milter in that case. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mysterious versioning reported by file command
On Sun, May 27, 2012 at 12:51 AM, Frank Cox thea...@melvilletheatre.com wrote: snip it DOES NOT, learn to read outputs - it speaks about the elfutils why should their output reflect the current kernel point version it is not their job because uname exists snip A mail is missing i guess ? [frankcox@mutt ~]$ rpm -q elfutils elfutils-0.152-1.el6.x86_64 That's not version 2.6.18 either. My question is, where does that 2.6.18 come from? It's not the current kernel version, it's not the gcc version, and it's not the current elfutils version either. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -aft ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6.2: suspending vim with ctrl-z and resuming with fg - stopped working
Hello, pardon my chaotic question, but does anybody have an idea, why can't I suspend vim-enhanced-7.2.411-1.6.el6.x86_64 with a CTRL-Z, then execute few commands at my bash prompt and then get back to the vim session again with fg? It has stopped working at my CentOS 6.2 machine (I haven't noticed exactly when) but works fine with CentOS 5.x. I'm using PuTTY to login to both. The error message I get is: afarber@www:~ fg sudo vim test.pl ~ [1]+ Stopped sudo vim test.pl (and nothing comes up) Thank you Alex ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2: suspending vim with ctrl-z and resuming with fg - stopped working
On Sat, May 26, 2012 at 1:56 PM, Alexander Farber alexander.far...@gmail.com wrote: Hello, pardon my chaotic question, but does anybody have an idea, why can't I suspend vim-enhanced-7.2.411-1.6.el6.x86_64 with a CTRL-Z, then execute few commands at my bash prompt and then get back to the vim session again with fg? It has stopped working at my CentOS 6.2 machine (I haven't noticed exactly when) but works fine with CentOS 5.x. I'm using PuTTY to login to both. The error message I get is: afarber@www:~ fg sudo vim test.pl ~ [1]+ Stopped sudo vim test.pl (and nothing comes up) Please see: http://bugs.centos.org/view.php?id=5740 Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mysterious versioning reported by file command
On Sat, 26 May 2012 21:32:52 +0200 Reindl Harald wrote: from the binary, file does only print what a file contains Ok, then where does it come from, since it's not the current kernel version and it's not the elfutils version? gcc somehow finds that number and inserts it into the binary. Where did it find it and why is that number not the same as the other stuff, notably the kernel, since it appears to be a kernel version number? Just not the current kernel version number. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Mailserver move
Hi subscribers, the sponsor of the machine our mailserver runs on will be physically moving the machine at around May 27th 04:00 UTC. This move will take until around May 27th 07:00 UTC (or shorter). This means that there will be no activity on the mailing lists during that time. We all hope that the machine will come up without problems again after the move. If it doesn't, service (mailing lists) might be interrupted for a few more hours. We apologize for any inconvenience this might cause you. Regards, Ralph ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum problem with glibc
John Stanley wrote: Now this is my last question: Can I be reasonably (say 90%) sure that the above command will not stop the server running? The command in question was: rpm -Uvh --force *.rpm where the RPMs were glibc and glibc-common. No you can NOT and don't ever assume that. That's a mistake thinking that. Aren't you exaggerating a little? There are a lot of commands I would feel perfectly safe giving remotely, eg sudo yum update which I've said a couple of times a week for the last 3 years without any disasters resulting. The trouble with the command above is that I am not sure if a change in glibc would affect a running kernel? I suspect that it would not. The problem is that the server is a long way away (in another country) and I won't have any way of contacting it if it stops running. Wait and schedule a downtime window for it. I don't know what a downtime window is in this context. I'm either in the same place as the server, or I am not. If the machine in question has like a Fencing Device (like a drac card ) with an IP addy that's public then maybe (that is card dependent). I'm not really in that kind of environment. It isn't the end of the world if the machine goes down; just a little annoying. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College Dublin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum problem with glibc
On Sun, 2012-05-27 at 01:01 +0100, Timothy Murphy wrote: John Stanley wrote: Now this is my last question: Can I be reasonably (say 90%) sure that the above command will not stop the server running? The command in question was: rpm -Uvh --force *.rpm where the RPMs were glibc and glibc-common. No you can NOT and don't ever assume that. That's a mistake thinking that. Aren't you exaggerating a little? No I'm not. Just being honest. You break glibc and then if you exit the ssh session PAM want let you back in. There are a lot of commands I would feel perfectly safe giving remotely, eg sudo yum update which I've said a couple of times a week for the last 3 years without any disasters resulting. Trust me it will bite you eventually. Nothing is fool proof. But yes there is a lot of commands I would feel safe running also but not in your situation. I'm just giving you experienced advice. The trouble with the command above is that I am not sure if a change in glibc would affect a running kernel? I suspect that it would not. The problem is that the server is a long way away (in another country) and I won't have any way of contacting it if it stops running. Wait and schedule a downtime window for it. I don't know what a downtime window is in this context. I'm either in the same place as the server, or I am not. Downtime Window: It's when you schedule a specific time to update the machine or make repairs to that it needs. It's also for time when the machine is halfway around the world and your not sure what will happen when you perform a command ie; you would have a hands on person available there also. If the machine in question has like a Fencing Device (like a drac card ) with an IP addy that's public then maybe (that is card dependent). I'm not really in that kind of environment. It isn't the end of the world if the machine goes down; just a little annoying. If it's not a needed production machine then do it but you say it's annoying if it happens and you seem worried (previous mails) so that is why I gave the stern reply to not assume anything. One thing i'm not going to tell someone in your situation is go ahead and do it. You asked a valid question and I gave a valid response to you. I really don't think any one on this list would say go and do it. You have good info to go on and what can happen. John signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mysterious versioning reported by file command
On Sat, 2012-05-26 at 17:21 -0600, Frank Cox wrote: Ok, then where does it come from, since it's not the current kernel version and it's not the elfutils version? gcc somehow finds that number and inserts it into the binary. Where did it find it and why is that number not the same as the other stuff, notably the kernel, since it appears to be a kernel version number? Just not the current kernel version number. An educated guess would be because the C and C++ ABI is backwards compatable with el5. Check it out...build the code on el5 and it should run under el6. For el5 you need the gcc44 update package. John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos