[CentOS-announce] CEBA-2012:0700 CentOS 5 man FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:0700
Upstream details at : http://rhn.redhat.com/errata/RHBA-2012-0700.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9bdf30feaac365f5a396a59ff5cde3549cdd0c29e519116b01312b92b7fd2c91
man-1.6d-3.el5.i386.rpm
x86_64:
e7d3a3ec78e40ea6c51ae94846d1414dba53dbb105c73c6a583747f5e8b907ef
man-1.6d-3.el5.x86_64.rpm
Source:
61e840e26aa2a0dc267b500770cdea6a5f3d1aafe03929bfd09a207064f25bd0
man-1.6d-3.el5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-es] Squid no respeta ACL's
Saludos Instale Squid 3.1 en un centos 6.2 minimo, con un yum install squid este es el archivo de configuracion, acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com el problema es que no me respeta ninguna ACL, todo lo deja pasar lo e intentado con otras direcciones para ver si es problema de https pero incluso cuando pongo acl all src all http_access all deny me sigue dejando navegar sin problemas, mis reglas de iptables son: -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT el puerto 443 esta abierto por que no me estoy metiendo con https, por el momento. Saludos y espero alguien me pueda ayudar. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Squid no respeta ACL's
On 05/30/2012 12:09 PM, Daniel wrote: Saludos Instale Squid 3.1 en un centos 6.2 minimo, con un yum install squid este es el archivo de configuracion, acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com quizá leí muy rápido, pero veo la ACL definida mas no el http_access para denegar o permitir lo que machee con esa acl http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com el problema es que no me respeta ninguna ACL, todo lo deja pasar lo e intentado con otras direcciones para ver si es problema de https pero incluso cuando pongo acl all src all http_access all deny me sigue dejando navegar sin problemas, mis reglas de iptables son: -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT el puerto 443 esta abierto por que no me estoy metiendo con https, por el momento. Saludos y espero alguien me pueda ayudar. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Squid no respeta ACL's
acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept http_port deny google http_port deny youtube http_port deny youtube_2 visible_hostname proxy.lsvp Perdón no puse el archivo de configuración completo. Daniel Ortiz Gutierrez El 30/05/2012, a las 12:33, Ernesto Pérez Estévez cen...@ecualinux.com escribió: On 05/30/2012 12:09 PM, Daniel wrote: Saludos Instale Squid 3.1 en un centos 6.2 minimo, con un yum install squid este es el archivo de configuracion, acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com quizá leí muy rápido, pero veo la ACL definida mas no el http_access para denegar o permitir lo que machee con esa acl http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com el problema es que no me respeta ninguna ACL, todo lo deja pasar lo e intentado con otras direcciones para ver si es problema de https pero incluso cuando pongo acl all src all http_access all deny me sigue dejando navegar sin problemas, mis reglas de iptables son: -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT el puerto 443 esta abierto por que no me estoy metiendo con https, por el momento. Saludos y espero alguien me pueda ayudar. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Squid no respeta ACL's
On 05/30/2012 12:55 PM, Daniel wrote: acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept http_port deny google http_port deny youtube http_port deny youtube_2 visible_hostname proxy.lsvp Perdón no puse el archivo de configuración completo. ahora dudo de la posición del http_access (porque tú usas http_port aquí, parámetro que no comprendo) Daniel Ortiz Gutierrez El 30/05/2012, a las 12:33, Ernesto Pérez Estévezcen...@ecualinux.com escribió: On 05/30/2012 12:09 PM, Daniel wrote: Saludos Instale Squid 3.1 en un centos 6.2 minimo, con un yum install squid este es el archivo de configuracion, acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com quizá leí muy rápido, pero veo la ACL definida mas no el http_access para denegar o permitir lo que machee con esa acl http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com el problema es que no me respeta ninguna ACL, todo lo deja pasar lo e intentado con otras direcciones para ver si es problema de https pero incluso cuando pongo acl all src all http_access all deny me sigue dejando navegar sin problemas, mis reglas de iptables son: -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT el puerto 443 esta abierto por que no me estoy metiendo con https, por el momento. Saludos y espero alguien me pueda ayudar. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Squid no respeta ACL's
On 05/30/2012 02:15 PM, Daniel wrote: Así? Ya corregí pero aun así Deja pasar todo. acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept http_access deny google http_access deny youtube http_access deny youtube_2 visible_hostname proxy.lsvp ok, si ese es el orden, entonces no está bien, porque estás poniendo el allow localnet delante de los deny, y siempre se irán por el allow entonces saludos epe Daniel Ortiz Gutierrez El 30/05/2012, a las 13:03, Ernesto Pérez Estévezcen...@ecualinux.com escribió: On 05/30/2012 12:55 PM, Daniel wrote: acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept http_access deny google http_access deny youtube http_access deny youtube_2 visible_hostname proxy.lsvp Perdón no puse el archivo de configuración completo. ahora dudo de la posición del http_access (porque tú usas http_port aquí, parámetro que no comprendo) Daniel Ortiz Gutierrez El 30/05/2012, a las 12:33, Ernesto Pérez Estévezcen...@ecualinux.com escribió: On 05/30/2012 12:09 PM, Daniel wrote: Saludos Instale Squid 3.1 en un centos 6.2 minimo, con un yum install squid este es el archivo de configuracion, acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com quizá leí muy rápido, pero veo la ACL definida mas no el http_access para denegar o permitir lo que machee con esa acl http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com el problema es que no me respeta ninguna ACL, todo lo deja pasar lo e intentado con otras direcciones para ver si es problema de https pero incluso cuando pongo acl all src all http_access all deny me sigue dejando navegar sin problemas, mis reglas de iptables son: -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT el puerto 443 esta abierto por que no me estoy metiendo con https, por el momento. Saludos y espero alguien me pueda ayudar. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Squid no respeta ACL's
Entonces el orden de las líneas si afecta? Es como Iptables? Muchas gracias, Saludos Daniel Ortiz Gutierrez El 30/05/2012, a las 14:49, Ernesto Pérez Estévez cen...@ecualinux.com escribió: On 05/30/2012 02:15 PM, Daniel wrote: Así? Ya corregí pero aun así Deja pasar todo. acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept http_access deny google http_access deny youtube http_access deny youtube_2 visible_hostname proxy.lsvp ok, si ese es el orden, entonces no está bien, porque estás poniendo el allow localnet delante de los deny, y siempre se irán por el allow entonces saludos epe Daniel Ortiz Gutierrez El 30/05/2012, a las 13:03, Ernesto Pérez Estévezcen...@ecualinux.com escribió: On 05/30/2012 12:55 PM, Daniel wrote: acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept http_access deny google http_access deny youtube http_access deny youtube_2 visible_hostname proxy.lsvp Perdón no puse el archivo de configuración completo. ahora dudo de la posición del http_access (porque tú usas http_port aquí, parámetro que no comprendo) Daniel Ortiz Gutierrez El 30/05/2012, a las 12:33, Ernesto Pérez Estévezcen...@ecualinux.com escribió: On 05/30/2012 12:09 PM, Daniel wrote: Saludos Instale Squid 3.1 en un centos 6.2 minimo, con un yum install squid este es el archivo de configuracion, acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.1.0.0/17 acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com quizá leí muy rápido, pero veo la ACL definida mas no el http_access para denegar o permitir lo que machee con esa acl http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_port 10.1.50.252:8080 intercept acl google src 74.125.0.0/16 acl youtube srcdomain .youtube.com acl youtube_2 srcdom_regex -i \.youtube\.com el problema es que no me respeta ninguna ACL, todo lo deja pasar lo e intentado con otras direcciones para ver si es problema de https pero incluso cuando pongo acl all src all http_access all deny me sigue dejando navegar sin problemas, mis reglas de iptables son: -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT el puerto 443 esta abierto por que no me estoy metiendo con https, por el momento. Saludos y espero alguien me pueda ayudar. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Squid no respeta ACL's
On 05/30/2012 03:16 PM, Daniel wrote: Entonces el orden de las líneas si afecta? Es como Iptables? Muchas gracias, Saludos sí muchísimo, se leen por orden de arriba hacia abajo hasta que machee una de ellas.. ahi acaba el análisis, por eso al ponerle debajo del allow, se detiene todo en el allow Daniel Ortiz Gutierrez -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Disk geometry problem.
From: Rafał Radecki radecki.ra...@gmail.com Disk /dev/sdc: 120.0 GB, 120034123776 bytes 32 heads, 32 sectors/track, 228946 cylinders Units = cylinders of 1024 * 512 = 524288 bytes Disk /dev/sdd: 120.0 GB, 120034123776 bytes 255 heads, 63 sectors/track, 14593 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes As I see in fdisk's and sfdisk output there is a difference at some level in disk geometry. Could you suggest a solution? Tried sfdisk -H 32 -S 32 on /dev/sdd to match sdc? JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM with 6.2 i686 guest
On 30 May 2012 05:36, Jerry Geis ge...@pagestation.com wrote: I just installed a KVM guest, centos 6.2 i686 (6.2 x86_64 host) and the network module is loaded . The modules is/are 8139too,8139cp is what lsmod shows. Dmesg shows link up but ifconfig does not give me an address? service network restart shows OK no errors but again no address. I set the ifcfg-eth0 file to not be NM controlled, onboot yes and rebooted. Same no address. I run 5.8 images all the time and they get the address? Did I forget something? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Jerry, I believe that by default the network is down and the BOOTPROTO=dhcp is not in the /etc/sysconfig/network-scripts/ifcfg-ethx. I encountered a similar issue on a KVM guest with minimal install -- Kind Regards Earl Ramirez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM with 6.2 i686 guest
Jerry, I believe that by default the network is down and the BOOTPROTO=dhcp is not in the /etc/sysconfig/network-scripts/ifcfg-ethx. I encountered a similar issue on a KVM guest with minimal install Earl Was there something else missing also? I not added the BOOTPROTO=DHCP and same issue happening. dmesg shows link up, service network restart shows OK and ifconfig shows no address. jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] oVirt on CentOS 6
I 've experimentes a little with OVirt and CentOS. The dreyou packages works very well. My problems were the others dependencies. In the CentOS repos are older than OVirt requires. I needed to compile my own packages, Such as hbsql. I change to fedora 16 in production until CenOS repos are ready, and worked well so far. Greetings. El viernes, 18 de mayo de 2012, John Blaut escribió: Hi Are there any future plans for CentOS to build and directly provide oVirt packages compatible with CentOS 6? If not, has anyone tried the packages available at http://www.dreyou.org/ovirt/ and would these be considered fit for a CentOS-based oVirt production setup? I've heard many great things about oVirt. However I would prefer to use a CentOS-based solution in a production environment rather than Fedora. Thanks in advance. ___ CentOS mailing list CentOS@centos.org javascript:; http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 4.8 to 4.9
Hello Jesus, On Tue, 2012-05-29 at 07:59 +0200, Jesus del Valle wrote: Hi. Somebody in the Spanish CentOS mailing list is asking how to move from CentOS 4.8 to 4.9. He cannot upgrade to 5 or 6 at this moment. Is that person aware that CentOS-4 is EOL and will not receive any more (security) updates? http://lists.centos.org/pipermail/centos-announce/2012-February/018462.html Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On 05/25/2012 07:52 PM, Les Mikesell wrote: On Fri, May 25, 2012 at 7:42 PM, Max Pyziur p...@brama.com wrote: I *do* still have an FC2 box. Would anyone second this procedure: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14052forum=37post_id=47945 It might possibly work, but I can't quite imagine why anyone would want to do it at this point. Why not back up anything you might want to keep, install a nice clean Centos 6.x and put back the files you wanted? It's a test machine that replicates a production server. The production machine was setup in May 2011 when CentOS was in 5.8 and no 6.x had shown up. So, I need a text 5.x box. Even so, what's the point of an in-place upgrade compared to a fresh 5.x install?Even if it works, there will be old cruft left around that you don't need and that may cause surprises later. What Les said ... If the production box is already CentOS 5.x ... it would seem to me that you already know what needs to be done to make your items run on CentOS-5.8. If you upgrade a Fedora box to CentOS, while it can be done, it will contain many packages that are not part of CentOS. It will not be stable and it will not be a duplicate of your production box. The point is to leave configurations, partitions, and other components as close as possible to being intact. Since this is a server environment, there are about 700-800 packages, not the 3000 that sit on desktop machine. Make lists of rpms on the FC2 install, and then sdiff'ing with the list of rpms installed from the CentOS upgrade should be one way of identifying non-CentOS packages and/or duplications. Last, CentOS is built from Fedora Core 6. Usually, it makes sense to proceed sequentially. But how much difference is there from FC2 to FC6/CentOS 5.*? MP p...@brama.com Backup the old info and wipe the machine, put 5.x on it, bring in the items you need from the backup (most of which you should know how to do, since you are already using it on 5.8 in production). It is not worth the hassle of trying to remove all the Fedora Core items later on and doing an in-place upgrade ... at least not in my opinion. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 4.8 to 4.9
Is that person aware that CentOS-4 is EOL and will not receive any more (security) updates? http://lists.centos.org/pipermail/centos-announce/2012-February/018462.html Hello Leonard, Yes he is aware of EOL. Regards, Jesus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On Wed, May 30, 2012 at 10:04 AM, Max Pyziur p...@brama.com wrote: The point is to leave configurations, partitions, and other components as close as possible to being intact. Why isn't the point to match the existing CentOS box in production closely instead? Since this is a server environment, there are about 700-800 packages, not the 3000 that sit on desktop machine. If it is a server environment, you should be paying attention to the supported life of the distribution. FC2 is long, long past its 'use by' date. Make lists of rpms on the FC2 install, and then sdiff'ing with the list of rpms installed from the CentOS upgrade should be one way of identifying non-CentOS packages and/or duplications. Just get the package list from the working C5 box and feed it to kickstart or to yum after a minimal install. Last, CentOS is built from Fedora Core 6. Usually, it makes sense to proceed sequentially. No, it makes sense to upgrade things that were designed and tested as upgrades, and to re-install things that weren't. You might, with a lot of work and care, make the upgrade operational, but the result will be a one-of-a-kind beast that doesn't belong in a production environment. But how much difference is there from FC2 to FC6/CentOS 5.*? The point is that nobody knows, and there's no reason for anyone to know. You weren't supposed to run things that long on Fedora. But if you are going to let things go that long again with no maintenance, I'd recommend jumping all the way to C6 even if it is more work now, so 'yum update' will take care of it for years. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
Les Mikesell wrote: On Wed, May 30, 2012 at 10:04 AM, Max Pyziur p...@brama.com wrote: snip Since this is a server environment, there are about 700-800 packages, not the 3000 that sit on desktop machine. If it is a server environment, you should be paying attention to the supported life of the distribution. FC2 is long, long past its 'use by' date. Very much so. Almost anywhere I've ever worked, no management would *allow* a production server that was this far out of date. Further, if it were up to me, there's *no* way I'd allow fedora in a production environment. It's a development line; I'd expect management to demand either RHEL or CentOS, which are stable production-quality lines. They don't have the latestgreatestmostwonderfulness... but when that moves into these distros, they're not going to break when you look at them wrong. Just get the package list from the working C5 box and feed it to kickstart or to yum after a minimal install. Last, CentOS is built from Fedora Core 6. Usually, it makes sense to proceed sequentially. So you're going to upgrate to FC3, 4 and 5 before going to CentOS? No, it makes sense to upgrade things that were designed and tested as upgrades, and to re-install things that weren't. You might, with a lot of work and care, make the upgrade operational, but the result will be a one-of-a-kind beast that doesn't belong in a production environment. I agree. If someone handed me a mess like that, I'd be building a new production server, test it, and get that out of production as fast as I possibly could. If you, or whoever, got another job, or were hit by a car tomorrow, whoever had to pick it up would be SOL, and it'd probably crash before they figured out what had been done. It would take you as much time to document as to a) build a new, stable CentOS 5 or 6 box b) install everything required on it c) recompile anything in-house that needed to be rebuilt d) test it all, and put it into production, and I guarantee that you'd miss documenting something vital. But how much difference is there from FC2 to FC6/CentOS 5.*? A *lot*. snip mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] snmpd not working well with selinux?
Hello, I am trying to use SNMP on a CentOS 6.2 server, and am using the 'pass_persist' configuration command: pass_persist .1.3.6.1.4.1.141.1 /usr/local/sbin/snmp-iostat I have set the file context of 'snmpd_exec_t' on the snmp-iostat program. If I disable SELinux, then it all works fine (that is, I can then snmpget/snmpwalk for OIDs in the configured pass_persist OID, and values are returned). If I enable SELinux and start the snmpd daemon, as root, from the command line, then again it all works fine. However, if I enable SELinux, and startup the SNMP daemon using the 'service' command, as occurs at system boot, then I get no values returned. I get, for example: snmpwalk -v 2c -c public localhost enterprises.141.1.1.10 SNMPv2-SMI::enterprises.141.1.1.10 = No Such Instance currently exists at this OID (Yes I am using the enterprise number 141 which doesn't belong to us. I have applied for a site enterprise number, but heard nothing yet.) I really don't want to disable SELinux completely, but 'getsebool' shows no variables relating to SNMP so I am a bit stuck as to how I can get this to work. I also don't understand why it works with SELinux enabled when started from the command line, but not when started by the 'service' command. That seems very odd. Anyone any ideas about this? Thanks, John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] snmpd not working well with selinux?
On Wed, 2012-05-30 at 16:52 +0100, John Horne wrote: I am trying to use SNMP on a CentOS 6.2 server, and am using the 'pass_persist' configuration command: Sorry, I should have added that nothing appears to be logged in /var/log/audit/audit.log when snmpd fails to return any values. Nor is anything about this logged in /var/log/messages by the snmpd daemon. John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 87, Issue 17
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of CentOS-announce digest...
Today's Topics:
1. CESA-2012:0699 Moderate CentOS 6 openssl Update (Johnny Hughes)
2. CESA-2012:0699 Moderate CentOS 5 openssl Update (Johnny Hughes)
3. CESA-2012:0690 Important CentOS 5 kernel Update (Johnny Hughes)
4. CEBA-2012:0700 CentOS 5 man FASTTRACK Update (Johnny Hughes)
--
Message: 1
Date: Tue, 29 May 2012 22:40:25 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2012:0699 Moderate CentOS 6 openssl
Update
To: centos-annou...@centos.org
Message-ID: 20120529224025.ga30...@chakra.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2012:0699 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0699.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8d3ef25c0337371e0e5c67cc73b072aca51d53f31ae80f7fb9f90408b1bbab33
openssl-1.0.0-20.el6_2.5.i686.rpm
6ead8335ad780a19e2b504cb0caa21a2b75773327b24c70ed7ff23661015c90e
openssl-devel-1.0.0-20.el6_2.5.i686.rpm
73ca0a2c9df7c84ed5454597144343d7aa07dddbfeca4a18422a005537dc7e8b
openssl-perl-1.0.0-20.el6_2.5.i686.rpm
5595c0686d6e844b9159c14bcdf3cc6f47c2a607a15fcff78c29e8d5d7627453
openssl-static-1.0.0-20.el6_2.5.i686.rpm
x86_64:
8d3ef25c0337371e0e5c67cc73b072aca51d53f31ae80f7fb9f90408b1bbab33
openssl-1.0.0-20.el6_2.5.i686.rpm
ef39e30b4920358eb4a00367292b0d12da454e8a7e32074c45d31bf498b8963b
openssl-1.0.0-20.el6_2.5.x86_64.rpm
6ead8335ad780a19e2b504cb0caa21a2b75773327b24c70ed7ff23661015c90e
openssl-devel-1.0.0-20.el6_2.5.i686.rpm
f95432595a901dcc872e62555bdff29e1f23aa545cf5ccf26f913f35ae7c825f
openssl-devel-1.0.0-20.el6_2.5.x86_64.rpm
3d1da5b21dbf55685496c85521cf01f5bb5126c128d3e06b3a9605075971cb6c
openssl-perl-1.0.0-20.el6_2.5.x86_64.rpm
b9e992a2092b6ecb48de9bc768160c14f71dfe35f8fe9544fb4970c417b0d2e0
openssl-static-1.0.0-20.el6_2.5.x86_64.rpm
Source:
f827a3633c6e5d8761bbc6a54d83c7ed544930c8cb4855e6f0f94abaddc0b813
openssl-1.0.0-20.el6_2.5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Tue, 29 May 2012 22:47:32 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2012:0699 Moderate CentOS 5 openssl
Update
To: centos-annou...@centos.org
Message-ID: 20120529224732.ga30...@chakra.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2012:0699 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0699.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
1abe6f07cd98a4eb5d40b149810a120b1ecb8d4d3c84df388c73889267146670
openssl-0.9.8e-22.el5_8.4.i386.rpm
d666b483226379176f7ae2d65ead16d28cfa42dfec1027e6c09b74253a4c8437
openssl-0.9.8e-22.el5_8.4.i686.rpm
2a4d1a8cbc1b87aa35daa73baa7534b8abc9ba18350ea86833c783dedbadc994
openssl-devel-0.9.8e-22.el5_8.4.i386.rpm
691bca461d9707af512d50e038563b568f5df6d40f0c4a814736ffa2c97ede2d
openssl-perl-0.9.8e-22.el5_8.4.i386.rpm
x86_64:
d666b483226379176f7ae2d65ead16d28cfa42dfec1027e6c09b74253a4c8437
openssl-0.9.8e-22.el5_8.4.i686.rpm
a3ed8b08c6de8627f639c7702ef17a073791f9dd1d599a2b2063d2b36940c484
openssl-0.9.8e-22.el5_8.4.x86_64.rpm
2a4d1a8cbc1b87aa35daa73baa7534b8abc9ba18350ea86833c783dedbadc994
openssl-devel-0.9.8e-22.el5_8.4.i386.rpm
0106244dac4365aae1387e0c2985b3508ecb3ca47f3bcd093921568389413e35
openssl-devel-0.9.8e-22.el5_8.4.x86_64.rpm
1203880aa23f227fbc47805efd43c7f2806bb65e81a7634e85b1797410a1df82
openssl-perl-0.9.8e-22.el5_8.4.x86_64.rpm
Source:
8578ad86fbb98de85b4082f8b0e00852237186d3d83eb3dc598b88502610bba6
openssl-0.9.8e-22.el5_8.4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 3
Date: Tue, 29 May 2012 22:57:55 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2012:0690 Important CentOS 5 kernel
Update
To: centos-annou...@centos.org
Message-ID: 20120529225755.ga30...@chakra.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2012:0690 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0690.html
The following updated files have been uploaded and are
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
Les Mikesell wrote: On Wed, May 30, 2012 at 10:04 AM, Max Pyziur p...@brama.com wrote: snip Since this is a server environment, there are about 700-800 packages, not the 3000 that sit on desktop machine. If it is a server environment, you should be paying attention to the supported life of the distribution. FC2 is long, long past its 'use by' date. Very much so. Almost anywhere I've ever worked, no management would *allow* a production server that was this far out of date. Further, if it were up to me, there's *no* way I'd allow fedora in a production environment. It's a development line; I'd expect management to demand either RHEL or CentOS, which are stable production-quality lines. They don't have the latestgreatestmostwonderfulness... but when that moves into these distros, they're not going to break when you look at them wrong. To clarify, the machine is a test/development box that also acts as a router to a DSL connection that (for the most part) replicates a co-located production machine that is currently running CentOS 5.8. Until recently, energies have been dedicated to other endeavors. Currently, efforts are being made to upgrade all relevant components to appropriate recent stable releases of OS's. In no way was an FC2 machine used in a production environment, and no effort was made to create that impression. Just get the package list from the working C5 box and feed it to kickstart or to yum after a minimal install. Last, CentOS is built from Fedora Core 6. Usually, it makes sense to proceed sequentially. So you're going to upgrate to FC3, 4 and 5 before going to CentOS? Possibly. Unless someone else can attest to their own experience and knowledge that it's generally ok to move from FC2 to CentOS 5.*. That was my point in starting this thread. MP p...@brama.com No, it makes sense to upgrade things that were designed and tested as upgrades, and to re-install things that weren't. You might, with a lot of work and care, make the upgrade operational, but the result will be a one-of-a-kind beast that doesn't belong in a production environment. I agree. If someone handed me a mess like that, I'd be building a new production server, test it, and get that out of production as fast as I possibly could. If you, or whoever, got another job, or were hit by a car tomorrow, whoever had to pick it up would be SOL, and it'd probably crash before they figured out what had been done. It would take you as much time to document as to a) build a new, stable CentOS 5 or 6 box b) install everything required on it c) recompile anything in-house that needed to be rebuilt d) test it all, and put it into production, and I guarantee that you'd miss documenting something vital. But how much difference is there from FC2 to FC6/CentOS 5.*? A *lot*. snip mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] oVirt on CentOS 6
Hi Guys, On 05/30/2012 02:45 PM, Claudio Ceballos Paz wrote: I've heard many great things about oVirt. However I would prefer to use a CentOS-based solution in a production environment rather than Fedora. I'm working on getting a shared buildsys resource together to try and get a working ovirt stack on CentOS6 ( including all the components ). Help in order to get that going will be very appreciated. If you, or anyone, are interested in helping out - please join the centos-devel list and watch for info posted there. - KB -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On Wed, May 30, 2012 at 11:07 AM, Max Pyziur p...@brama.com wrote: Last, CentOS is built from Fedora Core 6. Usually, it makes sense to proceed sequentially. So you're going to upgrate to FC3, 4 and 5 before going to CentOS? Possibly. Unless someone else can attest to their own experience and knowledge that it's generally ok to move from FC2 to CentOS 5.*. That was my point in starting this thread. My experience with fedora was that a mid-rev update in FC5 included a kernel that would not run on the fairly mainstream IBM server where I was running it. So all bets are off... -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] snmpd not working well with selinux?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/30/2012 11:58 AM, John Horne wrote: On Wed, 2012-05-30 at 16:52 +0100, John Horne wrote: I am trying to use SNMP on a CentOS 6.2 server, and am using the 'pass_persist' configuration command: Sorry, I should have added that nothing appears to be logged in /var/log/audit/audit.log when snmpd fails to return any values. Nor is anything about this logged in /var/log/messages by the snmpd daemon. John. Turn off dontaudit rules #semodule -DB Then run the command #semdule -B Will turn them back on. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/GUPIACgkQrlYvE4MpobM8+gCgk6VT4CH3NMnWZ0rKyYwXXA59 dGwAoIgj1TdtvSiRpbznazfyl3NJiyz0 =dlEs -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
Max Pyziur wrote: Les Mikesell wrote: On Wed, May 30, 2012 at 10:04 AM, Max Pyziur p...@brama.com wrote: snip To clarify, the machine is a test/development box that also acts as a router to a DSL connection that (for the most part) replicates a co-located production machine that is currently running CentOS 5.8. Until recently, energies have been dedicated to other endeavors. Currently, efforts are being made to upgrade all relevant components to appropriate recent stable releases of OS's. In no way was an FC2 machine used in a production environment, and no effort was made to create that impression. Ok. That *was* the impression you gave. snip Last, CentOS is built from Fedora Core 6. Usually, it makes sense to proceed sequentially. So you're going to upgrate to FC3, 4 and 5 before going to CentOS? Possibly. Unless someone else can attest to their own experience and knowledge that it's generally ok to move from FC2 to CentOS 5.*. That was my point in starting this thread. *sigh* I was being sarcastic. Doing all that work would be silly, esp. with what would be needed to do so. Again, it would be *much* less work to build a good box of 5.8, or maybe 6.2, and load and configure that. snip mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On 05/30/12 9:07 AM, Max Pyziur wrote: Possibly. Unless someone else can attest to their own experience and knowledge that it's generally ok to move from FC2 to CentOS 5.*. That was my point in starting this thread. sure. take new system, clean install 5.latest on it, configure your services. deploy, retire/recycle old box. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
Max Pyziur wrote: Les Mikesell wrote: On Wed, May 30, 2012 at 10:04 AM, Max Pyziur p...@brama.com wrote: snip To clarify, the machine is a test/development box that also acts as a router to a DSL connection that (for the most part) replicates a co-located production machine that is currently running CentOS 5.8. Until recently, energies have been dedicated to other endeavors. Currently, efforts are being made to upgrade all relevant components to appropriate recent stable releases of OS's. In no way was an FC2 machine used in a production environment, and no effort was made to create that impression. Ok. That *was* the impression you gave. No it wasn't. That was your mistaken interpretation. snip Last, CentOS is built from Fedora Core 6. Usually, it makes sense to proceed sequentially. So you're going to upgrate to FC3, 4 and 5 before going to CentOS? Possibly. Unless someone else can attest to their own experience and knowledge that it's generally ok to move from FC2 to CentOS 5.*. That was my point in starting this thread. *sigh* I was being sarcastic. Doing all that work would be silly, esp. You should do a better job of signalling your sarcasm. with what would be needed to do so. Again, it would be *much* less work to build a good box of 5.8, or maybe 6.2, and load and configure that. I'm not interested in acquiring more hardware but rather hope to use what I have. It works satisfactorily in its current configuration; my interest is in aligning the OS of the test/backup unit with that of the production machine. snip mark Max Pyziur p...@brama.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] snmpd not working well with selinux?
On Wed, 2012-05-30 at 12:55 -0400, Daniel J Walsh wrote:
On 05/30/2012 11:58 AM, John Horne wrote:
On Wed, 2012-05-30 at 16:52 +0100, John Horne wrote:
I am trying to use SNMP on a CentOS 6.2 server, and am using the
'pass_persist' configuration command:
Sorry, I should have added that nothing appears to be logged in
/var/log/audit/audit.log when snmpd fails to return any values. Nor is
anything about this logged in /var/log/messages by the snmpd daemon.
Turn off dontaudit rules
#semodule -DB
Then run the command
#semdule -B
Will turn them back on.
Hello,
Many thanks for this. I understood that snmpd was under the control of
SELinux, but didn't know about the 'dontaudit' rules.
The 'snmp-iostat' program, which snmpd/pass_persist calls, reads data
from a temporary file. The relevant data is then output back to snmpd.
The temporary file is created via a root cronjob. (I'm not happy with
this, but at the moment haven't thought of another way to do it.) The
file is written into '/var/run/net-snmp'.
When running snmpd again (via 'service') I got the following logged in
audit.log:
=
type=AVC msg=audit(1338397396.982:718378): avc: denied { read } for
pid=3854 comm=snmp-iostat name=snmp-iostat dev=dm-0 ino=524175
scontext=unconfined_u:system_r:snmpd_t:s0
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1338397396.982:718378): arch=c03e syscall=2
success=no exit=-13 a0=938ce0 a1=0 a2=1b6 a3=31bf71dba0 items=0
ppid=27824 pid=3854 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=3870 comm=snmp-iostat
exe=/usr/bin/perl subj=unconfined_u:system_r:snmpd_t:s0 key=(null)
=
So it seems that the problem is that 'snmp-iostat' (with the snmpd_t
context) does not have read access to the temporary file in
'/var/run/net-snmp'.
If I change everything to use /tmp instead of '/var/run/net-snmp', I get
the same error logged.
If I change it again to use '/etc/snmp' as the location for the
temporary file, then it works. Since this holds the SNMP config files,
snmpd would, of course, require read access to the directory.
So, using '/etc/snmp' to hold a temporary data file works, but again I'm
not happy with that as a solution! :-)
Is there any (reasonably) secure location where snmpd will have read
access, and that I could use for holding a temporary file?
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On 05/30/12 10:26 AM, Max Pyziur wrote: I'm not interested in acquiring more hardware but rather hope to use what I have. It works satisfactorily in its current configuration; my interest is in aligning the OS of the test/backup unit with that of the production machine. then back it up, wipe it and deploy 5.latest on the old hardware, reconfigure all your required services. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] snmpd not working well with selinux?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/30/2012 01:30 PM, John Horne wrote:
On Wed, 2012-05-30 at 12:55 -0400, Daniel J Walsh wrote:
On 05/30/2012 11:58 AM, John Horne wrote:
On Wed, 2012-05-30 at 16:52 +0100, John Horne wrote:
I am trying to use SNMP on a CentOS 6.2 server, and am using the
'pass_persist' configuration command:
Sorry, I should have added that nothing appears to be logged in
/var/log/audit/audit.log when snmpd fails to return any values. Nor is
anything about this logged in /var/log/messages by the snmpd daemon.
Turn off dontaudit rules
#semodule -DB
Then run the command
#semdule -B
Will turn them back on.
Hello,
Many thanks for this. I understood that snmpd was under the control of
SELinux, but didn't know about the 'dontaudit' rules.
The 'snmp-iostat' program, which snmpd/pass_persist calls, reads data from
a temporary file. The relevant data is then output back to snmpd. The
temporary file is created via a root cronjob. (I'm not happy with this, but
at the moment haven't thought of another way to do it.) The file is written
into '/var/run/net-snmp'.
When running snmpd again (via 'service') I got the following logged in
audit.log:
= type=AVC
msg=audit(1338397396.982:718378): avc: denied { read } for pid=3854
comm=snmp-iostat name=snmp-iostat dev=dm-0 ino=524175
scontext=unconfined_u:system_r:snmpd_t:s0
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file type=SYSCALL
msg=audit(1338397396.982:718378): arch=c03e syscall=2 success=no
exit=-13 a0=938ce0 a1=0 a2=1b6 a3=31bf71dba0 items=0 ppid=27824 pid=3854
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=3870 comm=snmp-iostat exe=/usr/bin/perl
subj=unconfined_u:system_r:snmpd_t:s0 key=(null)
=
So it seems that the problem is that 'snmp-iostat' (with the snmpd_t
context) does not have read access to the temporary file in
'/var/run/net-snmp'. If I change everything to use /tmp instead of
'/var/run/net-snmp', I get the same error logged. If I change it again to
use '/etc/snmp' as the location for the temporary file, then it works.
Since this holds the SNMP config files, snmpd would, of course, require
read access to the directory.
So, using '/etc/snmp' to hold a temporary data file works, but again I'm
not happy with that as a solution! :-)
Is there any (reasonably) secure location where snmpd will have read
access, and that I could use for holding a temporary file?
John.
restorecon -R -v /var/run
I think the directory is mislabeled.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/GXcQACgkQrlYvE4MpobNPbACePhjRGc+r7kuP0vyE2rDf77eC
UNEAn0Yve5OuHUjxtN95bswzPJDz+CDT
=AlHw
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
Max Pyziur wrote: Max Pyziur wrote: Les Mikesell wrote: On Wed, May 30, 2012 at 10:04 AM, Max Pyziur p...@brama.com wrote: snip To clarify, the machine is a test/development box that also acts as a router to a DSL connection that (for the most part) replicates a co-located production machine that is currently running CentOS 5.8. Until recently, energies have been dedicated to other endeavors. Currently, efforts are being made to upgrade all relevant components to appropriate recent stable releases of OS's. In no way was an FC2 machine used in a production environment, and no effort was made to create that impression. Ok. That *was* the impression you gave. No it wasn't. That was your mistaken interpretation. I accept that wasn't what you *intended*. However, what you *wrote* left that as a reasonable interpretation. http://24.5-cent.us/egoless_documentation.doc snip Last, CentOS is built from Fedora Core 6. Usually, it makes sense to proceed sequentially. So you're going to upgrate to FC3, 4 and 5 before going to CentOS? Possibly. Unless someone else can attest to their own experience and knowledge that it's generally ok to move from FC2 to CentOS 5.*. That was my point in starting this thread. *sigh* I was being sarcastic. Doing all that work would be silly, esp. You should do a better job of signalling your sarcasm. I did not expect you to actually consider that as within reason. with what would be needed to do so. Again, it would be *much* less work to build a good box of 5.8, or maybe 6.2, and load and configure that. I'm not interested in acquiring more hardware but rather hope to use what I have. It works satisfactorily in its current configuration; my interest is in aligning the OS of the test/backup unit with that of the production machine. snip Fine. Another answer would be to add more disk, if necessary, and build 5.8 on the machine, in such a manner as to allow you to reboot into either the current or the new version. For further clarification as to what I'm suggesting, try reading my other published article: http://24.5-cent.us/upgrading_linux.doc mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
Max Pyziur wrote: Max Pyziur wrote: Les Mikesell wrote: On Wed, May 30, 2012 at 10:04 AM, Max Pyziur p...@brama.com wrote: snip To clarify, the machine is a test/development box that also acts as a router to a DSL connection that (for the most part) replicates a co-located production machine that is currently running CentOS 5.8. Until recently, energies have been dedicated to other endeavors. Currently, efforts are being made to upgrade all relevant components to appropriate recent stable releases of OS's. In no way was an FC2 machine used in a production environment, and no effort was made to create that impression. Ok. That *was* the impression you gave. No it wasn't. That was your mistaken interpretation. I accept that wasn't what you *intended*. However, what you *wrote* left that as a reasonable interpretation. Here is what I wrote: http://lists.centos.org/pipermail/centos/2012-May/126307.html ... It's a test machine that replicates a production server. ... How would you improve it in order to remedy the apparent confusion? http://24.5-cent.us/egoless_documentation.doc snip Last, CentOS is built from Fedora Core 6. Usually, it makes sense to proceed sequentially. So you're going to upgrate to FC3, 4 and 5 before going to CentOS? Possibly. Unless someone else can attest to their own experience and knowledge that it's generally ok to move from FC2 to CentOS 5.*. That was my point in starting this thread. *sigh* I was being sarcastic. Doing all that work would be silly, esp. You should do a better job of signalling your sarcasm. I did not expect you to actually consider that as within reason. with what would be needed to do so. Again, it would be *much* less work to build a good box of 5.8, or maybe 6.2, and load and configure that. I'm not interested in acquiring more hardware but rather hope to use what I have. It works satisfactorily in its current configuration; my interest is in aligning the OS of the test/backup unit with that of the production machine. snip Fine. Another answer would be to add more disk, if necessary, and build 5.8 on the machine, in such a manner as to allow you to reboot into either the current or the new version. For further clarification as to what I'm suggesting, try reading my other published article: http://24.5-cent.us/upgrading_linux.doc Thanks. I've already looked at it. I appreciate your and others' efforts at advice. I'm simply trying to use existing hardware (that's the eco-friendly approach), and trying to build my understanding of the Fedora/CentOS operational relationships. Given that it has been stated that CentOS 5.x was built from FC6, and that someone had already offered general guidance on the upgrade procedure (I shared the link in my initial request), I thought that it would be worthwhile asking the CentOS-users list to see if someone from this community had any direct experience with the upgrade. I'm not yet looking for a recommendation for a clean install. Thanks. Max Pyziur p...@brama.com mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On Wed, May 30, 2012 at 1:21 PM, Max Pyziur p...@brama.com wrote: Here is what I wrote: http://lists.centos.org/pipermail/centos/2012-May/126307.html ... It's a test machine that replicates a production server. ... How would you improve it in order to remedy the apparent confusion? But in an earlier post you said it was a 'server environment' which at least sort-of implies that it is serving something. I appreciate your and others' efforts at advice. I'm simply trying to use existing hardware (that's the eco-friendly approach), and trying to build my understanding of the Fedora/CentOS operational relationships. Fedora doesn't support/recommend in-place upgrades across major versions or at least didn't for those versions. My experience was that even within a major rev. an update could kill your system. CentOS doesn't support/recommend in-place upgrades across major versions. Given that it has been stated that CentOS 5.x was built from FC6, and that someone had already offered general guidance on the upgrade procedure (I shared the link in my initial request), I thought that it would be worthwhile asking the CentOS-users list to see if someone from this community had any direct experience with the upgrade. I'm not yet looking for a recommendation for a clean install. I have seen success stories for FC6-CentOS conversions, along with some quirky stuff you have to to to fix it up. If you google enough you might be able to do that. However, FC2 was not at all like FC6 and I doubt if you'll find anyone who has made that or even a part of the FC2-FC6 path work. It would be crazy to try that without good backups. But if you have a place for the backups, you could use it instead to install and test a system that will work. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On 5/30/2012 2:21 PM, Max Pyziur wrote: I appreciate your and others' efforts at advice. I'm simply trying to use existing hardware (that's the eco-friendly approach), and trying to build my understanding of the Fedora/CentOS operational relationships. Given that it has been stated that CentOS 5.x was built from FC6, and that someone had already offered general guidance on the upgrade procedure (I shared the link in my initial request), I thought that it would be worthwhile asking the CentOS-users list to see if someone from this community had any direct experience with the upgrade. I'm not yet looking for a recommendation for a clean install. The issue here is that upgrading between major versions (CentOS 4.x to 5.x) is not supported or recommended. And if it is not recommended to upgrade from CentOS 4 to CentOS 5, it is even less recommended to try an upgrade from Fedora Core 2 to CentOS 5. As has been mentioned before, the results of the upgrade will be a box that claims to be CentOS, but has lots of extraneous packages and files left behind from the previous Fedora install. This will result in a system that seems to run fine, but is likely to have strange problems from time to time when something tries to use one of these old files. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On 05/30/12 11:21 AM, Max Pyziur wrote: I'm not yet looking for a recommendation for a clean install. there is no other sane approach. you can upgrade the system a half dozen times through those intermediate versions, and sort out every issue that comes along, or you can build a clean new system (either on the same hardware or not) and do it all at once. this is a test/dev box for an existing EL5 production system? make a backup of the production system and restore it on the dev box, reconfigure the network, yum install any additional development packages (C compilers, etc), done, go home and have a beer. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On Wed, May 30, 2012 at 1:21 PM, Max Pyziur p...@brama.com wrote: Here is what I wrote: http://lists.centos.org/pipermail/centos/2012-May/126307.html ... It's a test machine that replicates a production server. ... How would you improve it in order to remedy the apparent confusion? But in an earlier post you said it was a 'server environment' which at least sort-of implies that it is serving something. The third post in the thread is the link that I cited above. The first post in the thread (mine) - http://lists.centos.org/pipermail/centos/2012-May/126303.html - reads as follows ...Greetings, I *do* still have an FC2 box. Would anyone second this procedure: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14052forum=37post_id=47945 Thanks. ... In the course of the discussion, I did reference that it was a backup/test machine to a co-located CentOS box that is a production server. But I clarified early in the thread that it was not production. So how would you clarify the sentence of my second (and the third) posting of the thread so that it is unequivocally clear that it is not a production machine? I appreciate your and others' efforts at advice. I'm simply trying to use existing hardware (that's the eco-friendly approach), and trying to build my understanding of the Fedora/CentOS operational relationships. Fedora doesn't support/recommend in-place upgrades across major versions or at least didn't for those versions. My experience was that even within a major rev. an update could kill your system. CentOS doesn't support/recommend in-place upgrades across major versions. That was made very clear in discussions following the introduction of CentOS 6.x. Given that it has been stated that CentOS 5.x was built from FC6, and that someone had already offered general guidance on the upgrade procedure (I shared the link in my initial request), I thought that it would be worthwhile asking the CentOS-users list to see if someone from this community had any direct experience with the upgrade. I'm not yet looking for a recommendation for a clean install. I have seen success stories for FC6-CentOS conversions, along with some quirky stuff you have to to to fix it up. If you google enough you might be able to do that. However, FC2 was not at all like FC6 and I doubt if you'll find anyone who has made that or even a part of the FC2-FC6 path work. It would be crazy to try that without good backups. But if you have a place for the backups, you could use it instead to install and test a system that will work. Thank you; this is very helpful. My hope is to upgrade; that way I don't have to change/specify partition topology, and hopefully only minimally adjust the existing configurations. I have enough experience with unraveling rpm package dependency/duplication issues, having gone through F14-F15 DVD upgrade that failed/froze (in the end I worked with the rescue portion of the DVD and unraveled duplicate/missing package issues using yum and rpm; you can find that thread on the Fedora Users list). -- Les Mikesell lesmikes...@gmail.com MP p...@brama.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On 05/30/2012 12:37 PM, John R Pierce wrote: On 05/30/12 10:26 AM, Max Pyziur wrote: I'm not interested in acquiring more hardware but rather hope to use what I have. It works satisfactorily in its current configuration; my interest is in aligning the OS of the test/backup unit with that of the production machine. then back it up, wipe it and deploy 5.latest on the old hardware, reconfigure all your required services. exactly! signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On Wed, May 30, 2012 at 1:51 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 30.05.2012 20:36, schrieb Les Mikesell: Fedora doesn't support/recommend in-place upgrades across major versions or at least didn't for those versions. My experience was that even within a major rev. an update could kill your system. then you are doing something wrong Yes, I was running it on an IBM server box that they didn't bother to test. Found out much later that the pre-update kernel worked on the firmware I had installed and the mid-rev update they pushed needed a firmware bios update to run there. am i really the only one who did some hundret successfull fedora dist-upgrades in the last 4 years with yum and no downtime longer than a normal kernel update? Probably. Lots of other things broke in same-major-rev updates until I gave up at FC6. Whether any particular machine runs or not has never been a priority for fedora. Maybe your hardware matches one of the developers. On the other hand, I had 2 4-year uptime runs with a pre-fedora RH 7.3. (had to move it once). For about 6 of those years it was very busy. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
Max Pyziur wrote: Max Pyziur wrote: Max Pyziur wrote: Les Mikesell wrote: On Wed, May 30, 2012 at 10:04 AM, Max Pyziur p...@brama.com wrote: snip I appreciate your and others' efforts at advice. I'm simply trying to use existing hardware (that's the eco-friendly approach), and trying to build my understanding of the Fedora/CentOS operational relationships. Given that it has been stated that CentOS 5.x was built from FC6, and that someone had already offered general guidance on the upgrade procedure (I shared the link in my initial request), I thought that it would be worthwhile asking the CentOS-users list to see if someone from this community had any direct experience with the upgrade. I'm not yet looking for a recommendation for a clean install. And we *all* are saying that doing other than a clean install, or a parallel install, as I suggested in the article, is a bad idea. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading FC2 to CentOS 5.* - anyone second this?
On Wed, May 30, 2012 at 1:56 PM, Max Pyziur p...@brama.com wrote: Thank you; this is very helpful. My hope is to upgrade; that way I don't have to change/specify partition topology, But that takes a couple of minutes - or you could use the saved kickstart info if FC2 saved it back then. Or install on the existing partitions. and hopefully only minimally adjust the existing configurations. And the part that matters should be in a dozen or so files in /etc. Save copies, diff/merge anything you don't understand well enough to do from scratch. Another few minutes. I have enough experience with unraveling rpm package dependency/duplication issues, having gone through F14-F15 DVD upgrade that failed/froze (in the end I worked with the rescue portion of the DVD and unraveled duplicate/missing package issues using yum and rpm; you can find that thread on the Fedora Users list). So you know that can take a long time to get right... I don't see the point of even considering it. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Request for CentOS stats
Greetings, Are there any summary CentOS numbers available? The number of subscribers to this email list, and the number of server installs? Much thanks, Max Pyziur p...@brama.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] snmpd not working well with selinux?
On Wed, 2012-05-30 at 13:49 -0400, Daniel J Walsh wrote: restorecon -R -v /var/run I think the directory is mislabeled. Hello, Made no difference I'm afraid. Both /var/run and /var/run/net-snmp were labelled as 'system_u:object_r:var_run_t:s0' before and after the restorecon. John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
Hi, On 05/30/2012 08:26 PM, Max Pyziur wrote: Greetings, Are there any summary CentOS numbers available? yes The number of subscribers to this email list, and the number of server installs? There are atleast 8 subscribers to this list, and I know of atleast 4 servers that run CentOS. beyond that - feel free to pull a number out of thin air - its just about as likely to be accurate as the numbers above. - KB -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On 5/30/2012 3:35 PM, Karanbir Singh wrote: Hi, On 05/30/2012 08:26 PM, Max Pyziur wrote: Greetings, Are there any summary CentOS numbers available? yes The number of subscribers to this email list, and the number of server installs? There are atleast 8 subscribers to this list, and I know of atleast 4 servers that run CentOS. beyond that - feel free to pull a number out of thin air - its just about as likely to be accurate as the numbers above. - KB lol ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] need assist with upstart config problem
I am trying, without success, to create an upstart config file to
automatically start and restart an ssh proxy. The command sting that
I use in the script has been checked and verified from the shell but
it fails in the upstart file.
The file contents are:
. . .
# proxy is used to authenticate smtp submissions
# so start it before the postfix service starts
start on starting postfix
# Take down proxy after postfix stops
stop on stopped postfix
# tell upstart that this script creates a daemon
# and have upstart manage PID creation
# but it is generally a bad idea to use this with a
# script / end script block, use exec() instead
# no fork in ssh
#expect fork
# restart automatically if connection fails
respawn
# for script debugging with strace
# but not available in 0.6.3 of course
#debug
# use strace -p pid -o /tmp/upstart_debug.log -Ff -s 1024 -v
# Setup script configuration variables:
# localhost means we do not expose proxy to internet
env LOCAL_HOST=localhost
# port 143 is default IMAP service port for plain text connections
env LOCAL_PORT=143
# ports less than 1024 require root privileges to establish
# this must be a passwordless login using PKI certificates
# requires one time setup of local root user ssh key and cert
# and adding this host's root user cert to authorized_keys of
# login host's root user.
env LOGIN_USER=root
# login PKI credentials for LOGIN_USER
env LOGIN_IDENT=/root/.ssh/id_rsa
# login host, may be different than remote host for port forwarding
# must resolve to an address that sshd login server listens on
env LOGIN_HOST=inet07.hamilton.harte-lyne.ca
# the remote host destination for port forwarding
env REMOTE_HOST=inet07.hamilton.harte-lyne.ca
# port that remote service listens on
env REMOTE_PORT=143
# Locate ssh binary
env SSH_BINARY=/usr/bin/ssh
# SSH options used:
### -D : dynamic app-level port forwarding - not used. ###
# -f : run in background without a terminal implies -n
# -i : identity file for pki login credentials
# -l : login user name
# -L local_host:local_port:remote_host:remote_port
#: Establishes proxy connection from local port
# port on the remote host.
# -n : stdin from /dev/null, must be used when ssh is run in bg.
# -N : Do not run a command on the remote host. Otherwise an
# error results because we are not initiating a session.
# -o ExitOnForwardFailure=yes : Wait until connection successfully
# completes before daemonizing
# -o ServerAliveInterval=15 : Keep connection alive every 15 seconds
# -q : Run quietly, do not produce local output.
# -T : disable pseudo-tty allocation
# SSH options used
env SSH_OPTIONS= -o ExitOnForwardFailure=yes
env SSH_OPTIONS=${SSH_OPTIONS} -o ServerAliveInterval=15
# SSH switches used:
env SSH_SWITCHES= -fNqT
exec ${SSH_BINARY} ${SSH_OPTIONS} ${SSH_SWITCHES} -l ${LOGIN_USER} -i
${LOGIN_IDENT} -L
${LOCAL_HOST}:${LOCAL_PORT}:${REMOTE_HOST}:${REMOTE_PORT}
${LOGIN_HOST}
# EOF
The exec is all one line.
I have tried removing -f from the switches but this makes no
difference. Whenever I start this job it immediately fails with the
following in the syslog:
. . .
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process ended,
respawning
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process (3393)
terminated with status 255
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process ended,
respawning
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process (3397)
terminated with status 255
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy respawning too fast,
stopped
Is what I am doing wrong obvious to anyone?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On 5/30/2012 3:35 PM, Karanbir Singh wrote: Hi, On 05/30/2012 08:26 PM, Max Pyziur wrote: Greetings, Are there any summary CentOS numbers available? yes The number of subscribers to this email list, and the number of server installs? There are atleast 8 subscribers to this list, and I know of atleast 4 servers that run CentOS. beyond that - feel free to pull a number out of thin air - its just about as likely to be accurate as the numbers above. - KB lol Yes, lol ... I know enough about mailman that it's a cinch for the list administrator to get the headline number of subscribers. So, johnny at centos.org, z00dax at centos.org, ralph at centos.org, herrold at centos.org should be able to tell us. No? MP p...@brama.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On Wed, 2012-05-30 at 17:00 -0400, Max Pyziur wrote: Yes, lol ... I know enough about mailman that it's a cinch for the list administrator to get the headline number of subscribers. Why would you want to know such numbers? John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
John Horne wrote: On Wed, 2012-05-30 at 17:00 -0400, Max Pyziur wrote: Yes, lol ... I know enough about mailman that it's a cinch for the list administrator to get the headline number of subscribers. Why would you want to know such numbers? Because he doesn't like the answers we've uniformly given him for his problem, and is looking for a way to tell himself we're only a small group of snot-noses, rather than the opinionated, but experienced-to-very-experienced collection of people that we are. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On 05/30/12 2:00 PM, Max Pyziur wrote: I know enough about mailman that it's a cinch for the list administrator to get the headline number of subscribers. So, johnny at centos.org, z00dax at centos.org, ralph at centos.org, herrold at centos.org should be able to tell us. No? this would have very little relation to the number of installed servers. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On 05/30/2012 10:00 PM, Max Pyziur wrote: I know enough about mailman that it's a cinch for the list administrator to get the headline number of subscribers. There are many thousands of people on the list.. The point I was trying to, badly, make is that there is no tangible manner to audit user numbers or machine numbers or anything else in-between. - KB -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
John R Pierce wrote: On 05/30/12 2:00 PM, Max Pyziur wrote: I know enough about mailman that it's a cinch for the list administrator to get the headline number of subscribers. So, johnny at centos.org, z00dax at centos.org, ralph at centos.org, herrold at centos.org should be able to tell us. No? this would have very little relation to the number of installed servers. Yup. For example, I've got between 100 and 150 servers and workstations (and one at home) all running CentOS, here at a division at a US federal government agency. mark ObDisclaimer: I speak only for myself, not for my employer, nor for the US federal gov't. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On Wed, 30 May 2012 17:21:53 -0400 m.r...@5-cent.us wrote: Because he doesn't like the answers we've uniformly given him for his problem, and is looking for a way to tell himself we're only a small group of snot-noses, rather than the opinionated, but experienced-to-very-experienced collection of people that we are. I'm also strongly opinionated and I range from almost competent to fairly competent. I'm in the process of upgrading a whole bunch of Centos 4 to Centos 5! So you can double your numbers on my behalf. Please note that Mailman can't really help, many people send their subscription to the trash directly. I know at least 3 admins with more than a dozen server between them, trash the emails instead of unsubscribing. -- Thanks http://www.911networks.com When the network has to work ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On Wed, 2012-05-30 at 17:00 -0400, Max Pyziur wrote: Yes, lol ... I know enough about mailman that it's a cinch for the list administrator to get the headline number of subscribers. Why would you want to know such numbers? I'm curious about the density of users. I manage enough email lists, one for distribution, the rest for discussion, (as well as subscribe to a diverse number of other lists) to have an idea that there is generally a small base of discussants/participants to the total number subscribed (say 10% of the subscriber is generally the upper bound of those who actively participate). MP p...@brama.com John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On 30 May 2012 22:00, Max Pyziur p...@brama.com wrote: Yes, lol ... lol on. I know enough about mailman that it's a cinch for the list administrator to get the headline number of subscribers. So, johnny at centos.org, z00dax at centos.org, ralph at centos.org, herrold at centos.org should be able to tell us. No? I trust the administrators of the centos.org mailing lists not to give out any information on my subscription(s) to anyone, even including a count of it. We run a couple of hundred or so CentOS VMs, increasing daily. Probably more, I've lost the count ages ago and no one else is counting. Why would anyone else care. It's not any of your business. -- Hakan (m1fcj) - http://www.hititgunesi.org What part of 'ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn' don't you understand? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
John Horne wrote: On Wed, 2012-05-30 at 17:00 -0400, Max Pyziur wrote: Yes, lol ... I know enough about mailman that it's a cinch for the list administrator to get the headline number of subscribers. Why would you want to know such numbers? Because he doesn't like the answers we've uniformly given him for his problem, and is looking for a way to tell himself we're only a small group of snot-noses, rather than the opinionated, but experienced-to-very-experienced collection of people that we are. You're sarcasm isn't particularly good, neither is your research, judging from your apparent inability to look through list archives to find what has or hasn't been said or discussed. And then mischaracterize an individual. I also don't see that answers here have been uniform; some, even many, have been very helpful. So, thank you to those people who have taken the time to reply and discuss the issues that I've raised. MP p...@brama.com mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] need assist with upstart config problem
On 05/30/2012 02:00 PM, James B. Byrne wrote:
I am trying, without success, to create an upstart config file to
automatically start and restart an ssh proxy. The command sting that
I use in the script has been checked and verified from the shell but
it fails in the upstart file.
The file contents are:
. . .
# proxy is used to authenticate smtp submissions
# so start it before the postfix service starts
start on starting postfix
# Take down proxy after postfix stops
stop on stopped postfix
# tell upstart that this script creates a daemon
# and have upstart manage PID creation
# but it is generally a bad idea to use this with a
# script / end script block, use exec() instead
# no fork in ssh
#expect fork
# restart automatically if connection fails
respawn
# for script debugging with strace
# but not available in 0.6.3 of course
#debug
# use strace -p pid -o /tmp/upstart_debug.log -Ff -s 1024 -v
# Setup script configuration variables:
# localhost means we do not expose proxy to internet
env LOCAL_HOST=localhost
# port 143 is default IMAP service port for plain text connections
env LOCAL_PORT=143
# ports less than 1024 require root privileges to establish
# this must be a passwordless login using PKI certificates
# requires one time setup of local root user ssh key and cert
# and adding this host's root user cert to authorized_keys of
# login host's root user.
env LOGIN_USER=root
# login PKI credentials for LOGIN_USER
env LOGIN_IDENT=/root/.ssh/id_rsa
# login host, may be different than remote host for port forwarding
# must resolve to an address that sshd login server listens on
env LOGIN_HOST=inet07.hamilton.harte-lyne.ca
# the remote host destination for port forwarding
env REMOTE_HOST=inet07.hamilton.harte-lyne.ca
# port that remote service listens on
env REMOTE_PORT=143
# Locate ssh binary
env SSH_BINARY=/usr/bin/ssh
# SSH options used:
### -D : dynamic app-level port forwarding - not used. ###
# -f : run in background without a terminal implies -n
# -i : identity file for pki login credentials
# -l : login user name
# -L local_host:local_port:remote_host:remote_port
#: Establishes proxy connection from local port
# port on the remote host.
# -n : stdin from /dev/null, must be used when ssh is run in bg.
# -N : Do not run a command on the remote host. Otherwise an
# error results because we are not initiating a session.
# -o ExitOnForwardFailure=yes : Wait until connection successfully
# completes before daemonizing
# -o ServerAliveInterval=15 : Keep connection alive every 15 seconds
# -q : Run quietly, do not produce local output.
# -T : disable pseudo-tty allocation
# SSH options used
env SSH_OPTIONS= -o ExitOnForwardFailure=yes
env SSH_OPTIONS=${SSH_OPTIONS} -o ServerAliveInterval=15
# SSH switches used:
env SSH_SWITCHES= -fNqT
exec ${SSH_BINARY} ${SSH_OPTIONS} ${SSH_SWITCHES} -l ${LOGIN_USER} -i
${LOGIN_IDENT} -L
${LOCAL_HOST}:${LOCAL_PORT}:${REMOTE_HOST}:${REMOTE_PORT}
${LOGIN_HOST}
# EOF
The exec is all one line.
I have tried removing -f from the switches but this makes no
difference. Whenever I start this job it immediately fails with the
following in the syslog:
. . .
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process ended,
respawning
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process (3393)
terminated with status 255
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process ended,
respawning
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process (3397)
terminated with status 255
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy respawning too fast,
stopped
Is what I am doing wrong obvious to anyone?
The '-f option' tells SSH to run in the background, but normally upstart
expects to wait for the process. Maybe you want '-n' instead of '-f'.
Alternatively, if you run a program in the background you could specify
'task' in the config file to tell upstart not to wait for the process
(you couldn't use respawn with that because then the process is not
managed by upstart anymore).
Nataraj
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On Wed, 30 May 2012, Max Pyziur wrote: I also don't see that answers here have been uniform; some, even many, have been very helpful. So, thank you to those people who have taken the time to reply and discuss the issues that I've raised. You haven't raised any issues. You just asked for a couple numbers. John Horne specifically asked about the issues behind your request, a question that you've so far declined to answer. There are a many possible reasons to ask about the number of CentOS installations and the scope of its user base. Since the numbers themselves are fairly impossible to produce, it might be worth your while to let the rest of us know the concerns prompting your request. It may be that there are ways to address those concerns in ways that don't involve unavailable data. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On Wed, 30 May 2012, Max Pyziur wrote: I also don't see that answers here have been uniform; some, even many, have been very helpful. So, thank you to those people who have taken the time to reply and discuss the issues that I've raised. You haven't raised any issues. You just asked for a couple numbers. You are correct. On this thread, I haven't raised any issues; I've simply asked for some headline numbers: total installed base of servers, and the total number of subscribers to this list. It's just to get a sense of size. Conversely and as an example of the type of request that I am making, Fedoraproject gives you the number of times the different spins have been downloaded; the NY Times give you a ranking of articles that have been most emailed, most viewed, and the like. I think that Fedora also tries to get a sense of its user base through a registration process. I don't know how effective or accurate that is, but it does offer some possibility to make comparisons. My request has nothing to do with identities. My request stems from the fact that I've been a Linux user since the late 1990s, starting with Redhat 5.0. I'm interested in the size of the various Linux-oriented communities. MP p...@brama.com John Horne specifically asked about the issues behind your request, a question that you've so far declined to answer. There are a many possible reasons to ask about the number of CentOS installations and the scope of its user base. Since the numbers themselves are fairly impossible to produce, it might be worth your while to let the rest of us know the concerns prompting your request. It may be that there are ways to address those concerns in ways that don't involve unavailable data. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On 5/30/2012 5:50 PM, Hakan Koseoglu wrote: I trust the administrators of the centos.org mailing lists not to give out any information on my subscription(s) to anyone, even including a count of it. Actually, I would really like them to clean up our email addresses from the archives. Those pages are copied throughout the net and a lot of sites change the 'me at mysite' to m...@mysite.com and it does add to issues and such. Never liked the mailman, majordomo, etc cause they all seem to love to do that...post emails on the web. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On 05/30/12 3:22 PM, Max Pyziur wrote: You are correct. On this thread, I haven't raised any issues; I've simply asked for some headline numbers: total installed base of servers, and the total number of subscribers to this list. It's just to get a sense of size. Conversely and as an example of the type of request that I am making, Fedoraproject gives you the number of times the different spins have been downloaded; the NY Times give you a ranking of articles that have been most emailed, most viewed, and the like. I have no idea how many 1000s of centos installs there are around the world at my employer's sites, but I can almost guarantee you its 100s of times more than the download counts. many of these installs use internal yum repositories for updates, so access counts on the public yum mirrors would be of little use either. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On 30 May 2012 23:36, Bob Hoffman wrote: On 5/30/2012 5:50 PM, Hakan Koseoglu wrote: I trust the administrators of the centos.org mailing lists not to give out any information on my subscription(s) to anyone, even including a count of it. Actually, I would really like them to clean up our email addresses from the archives. Fair comment but I see a distinction between sending a mail out and exposing myself and a site administrator distributing that information w/o my knowledge unless I sign to an agreement with that provider. Obviously so far Centos.org admins have been good on that aspect. It's not only the emails that can be read by the web users really, any email replies tend to have email addresses splattered. Gmail just did for yours (and I deleted it). Anyway, now I'm definitely off-topic (even though the topic itself appears to be rubbish). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On 05/30/2012 03:36 PM, Bob Hoffman wrote: On 5/30/2012 5:50 PM, Hakan Koseoglu wrote: I trust the administrators of the centos.org mailing lists not to give out any information on my subscription(s) to anyone, even including a count of it. Actually, I would really like them to clean up our email addresses from the archives. Those pages are copied throughout the net and a lot of sites change the 'me at mysite' to m...@mysite.com and it does add to issues and such. Never liked the mailman, majordomo, etc cause they all seem to love to do that...post emails on the web. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Very easy solution, create a unique email address to subscribe to the list, then add: whitelist envelope-to = unique-email-address client-hostname='regex:.*\.centos\.org' blacklist envelope-to = unique-email-address Of course you need to be running something on your mailserver to let you whitelist/blacklist on these different fields and then process whitelist and blacklist requests in the order specified. Using this method you get 0. spam messages from being subscribed to the list. As you've pointed out though, other list members can't easily send you private email. Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Request for CentOS stats
On 5/30/2012 6:49 PM, Nataraj wrote: On 05/30/2012 03:36 PM, Bob Hoffman wrote: On 5/30/2012 5:50 PM, Hakan Koseoglu wrote: I trust the administrators of the centos.org mailing lists not to give out any information on my subscription(s) to anyone, even including a count of it. Actually, I would really like them to clean up our email addresses from the archives. Those pages are copied throughout the net and a lot of sites change the 'me at mysite' to m...@mysite.com and it does add to issues and such. Never liked the mailman, majordomo, etc cause they all seem to love to do that...post emails on the web. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Very easy solution, create a unique email address to subscribe to the list, then add: whitelist envelope-to = unique-email-address client-hostname='regex:.*\.centos\.org' blacklist envelope-to = unique-email-address Of course you need to be running something on your mailserver to let you whitelist/blacklist on these different fields and then process whitelist and blacklist requests in the order specified. Using this method you get 0. spam messages from being subscribed to the list. As you've pointed out though, other list members can't easily send you private email. Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos lol..true, except I have a few years of the old address up there.. too late. :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum problem with glibc
Johnny Hughes wrote: Johnny Hughes suggested the command, so on that basis alone I would give it a high probability of success. If you have ALL the latest glibc/nscd files to replace all the installed RPMS in the same place, and if you upgrade them all at the same time (including any i686 ones that you have installed).. then it SHOULD work properly and not break. I would say that the probability of success is close to 100% ... IF you have the proper files in the directory when you do the force install. Thanks again for your useful advice. I'm going over to Italy in a couple of weeks now, so I'll leave it till then and do the rpm --force when I'm sitting at the server. Whenever you run extremely important commands (like yum update or rpm -Uvh --force) you need to be running these from inside a screen session. This will prevent a connectivity issue and subsequent disconnect from killing all running processes in your current shell. Yes, thanks, I'd forgotten that possibility. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College Dublin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Warning: Size of service_message struct (8376 bytes) is POSIX-guaranteed atomic write size (512 bytes).
Hi, I am running Nagios on CentOS release 5.5 (Final). Any clue about the below warning? Please let me know if any one needs any additional information. /usr/sbin/nagios -v /etc/nagios/nagios.cfg Nagios 2.12 Copyright (c) 1999-2007 Ethan Galstad (http://www.nagios.org) Last Modified: 05-19-2008 License: GPL Reading configuration data... Running pre-flight check on configuration data... *Warning: Size of service_message struct (8376 bytes) is POSIX-guaranteed atomic write size (512 bytes). Service checks results may get lost or mangled!* Checking services... Checked 341 services. Checking hosts... Checked 27 hosts. Checking host groups... Checked 13 host groups. Checking service groups... Checked 3 service groups. Checking contacts... Checked 27 contacts. Checking contact groups... Checked 10 contact groups. Checking service escalations... Checked 0 service escalations. Checking service dependencies... Checked 0 service dependencies. Checking host escalations... Checked 0 host escalations. Checking host dependencies... Checked 0 host dependencies. Checking commands... Checked 77 commands. Checking time periods... Checked 4 time periods. Checking extended host info definitions... Checked 0 extended host info definitions. Checking extended service info definitions... Checked 0 extended service info definitions. Checking for circular paths between hosts... Checking for circular host and service dependencies... Checking global event handlers... Checking obsessive compulsive processor commands... Checking misc settings... Total Warnings: 1 Total Errors: 0 Things look okay - No serious problems were detected during the pre-flight check Regards Kaushal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
