[CentOS-announce] CEBA-2012:0738 CentOS 5 gawk FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:0738 Upstream details at : http://rhn.redhat.com/errata/RHBA-2012-0738.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1b9fd31792bc4cf959a942d8e1ef9fb03e8a8cfa913cc62e92e014929729e4b8 gawk-3.1.5-16.el5.i386.rpm x86_64: 8551946d42238c5c8df44d51b82218ae66ca8a9ce9f95d1a379c8b07d61d42fa gawk-3.1.5-16.el5.x86_64.rpm Source: c863aec9045f0a9e8a629eb3df290b902d1b6cfac69098a48c2fd03f22680815 gawk-3.1.5-16.el5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2012:0737 CentOS 6 corosync Update
CentOS Errata and Bugfix Advisory 2012:0737 Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-0737.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 3120b000ba613d70bc9bb9d03c7d710a80416a4426c6a232638c9c2fdc7221a2 corosync-1.4.1-4.el6_2.3.i686.rpm 2e890b0218462dd15c17d81ea176c1704d335f1252072db10c5313c33c8e2d9b corosynclib-1.4.1-4.el6_2.3.i686.rpm 7449f7bb3884d39d31f6603d6db3267aa91b271e65bb64aae4a0a0fce6632aec corosynclib-devel-1.4.1-4.el6_2.3.i686.rpm x86_64: f236368bfe3539deee104eab3ce3d22f768dbb32a2129381034157ac916a59e5 corosync-1.4.1-4.el6_2.3.x86_64.rpm 2e890b0218462dd15c17d81ea176c1704d335f1252072db10c5313c33c8e2d9b corosynclib-1.4.1-4.el6_2.3.i686.rpm 935cef83b9f28f16180fd972d8a58a5cdedf02938136ea1880d5e91a6164ce82 corosynclib-1.4.1-4.el6_2.3.x86_64.rpm 7449f7bb3884d39d31f6603d6db3267aa91b271e65bb64aae4a0a0fce6632aec corosynclib-devel-1.4.1-4.el6_2.3.i686.rpm b05cbe8c2c2d2e1bc686d031c1ab1df918817d6c6bb1f8ab2e4d0b148ed80c50 corosynclib-devel-1.4.1-4.el6_2.3.x86_64.rpm Source: f666c63498a2b0a47474255f5bebdac27f8b19d043aeb03ee3a0dceadda61be2 corosync-1.4.1-4.el6_2.3.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2012:0739 CentOS 6 mlx4_ib Update
CentOS Errata and Enhancement Advisory 2012:0739 Upstream details at : https://rhn.redhat.com/errata/RHEA-2012-0739.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: c67537efae105b7c70f56fadaa3e34834502ab152af7a16aa3f44b383999d094 kmod-mlx4_ib-1.0.32.269-1.el6_2.i686.rpm x86_64: 1c64fd86aa78e8f610622ee0ead655d5c73d229e47b191403259ed2b40516c42 kmod-mlx4_ib-1.0.32.269-1.el6_2.x86_64.rpm Source: 777bdacc77b367a9bfb853a458cd01d968c802b41f8d4a7b79bafb135207559d mlx4_ib-1.0.32.269-1.el6_2.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2012:0739 CentOS 6 mlx4_en Update
CentOS Errata and Enhancement Advisory 2012:0739 Upstream details at : https://rhn.redhat.com/errata/RHEA-2012-0739.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 4535fe7fca08e503ad67afe4ba8371c3def9069118ac9528647cf264012f6f43 kmod-mlx4_en-2.0.32.269-1.el6_2.i686.rpm x86_64: ee92c416be5b0390a2ff481678d5d072f6038c9dfdf6e8fd1de14411cee7c0a7 kmod-mlx4_en-2.0.32.269-1.el6_2.x86_64.rpm Source: 59d88b1ff8d4c248ab04e36d40e4342f0c68756bfca1aa7ecd38140b4e1836d9 mlx4_en-2.0.32.269-1.el6_2.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2012:0740 CentOS 6 apr Update
CentOS Errata and Bugfix Advisory 2012:0740 Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-0740.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: fb234149db1d4b3ef3b6e75bbaf11d848213e4a6e0656d50364d9da8bb860d28 apr-1.3.9-5.el6_2.i686.rpm 37b9e9870317f6ba8b3752b0aa16e1eca6ea35738f5bb8369bd2b27b8ed5 apr-devel-1.3.9-5.el6_2.i686.rpm x86_64: fb234149db1d4b3ef3b6e75bbaf11d848213e4a6e0656d50364d9da8bb860d28 apr-1.3.9-5.el6_2.i686.rpm 6fa37b8f1ff2dabec810dd59e5b1de60660187755725d9de5f303fbfd8eb0366 apr-1.3.9-5.el6_2.x86_64.rpm 37b9e9870317f6ba8b3752b0aa16e1eca6ea35738f5bb8369bd2b27b8ed5 apr-devel-1.3.9-5.el6_2.i686.rpm 9df664b194f72be491a3ad6e31b7b9009a3ccc0bd916cdcbfe6928750e55078a apr-devel-1.3.9-5.el6_2.x86_64.rpm Source: 9775f276bb8e6b80a33a5bdbfa2d1619a42e9499702c5507e22268358ff01c8d apr-1.3.9-5.el6_2.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2012:0739 CentOS 6 mlx4_core Update
CentOS Errata and Enhancement Advisory 2012:0739 Upstream details at : https://rhn.redhat.com/errata/RHEA-2012-0739.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: cd17436881234bf53282fef05c00d459d58b88d804b1de21843c55270463c925 kmod-mlx4_core-1.1.32.269-1.el6_2.i686.rpm x86_64: 8727bad5734d882c761c6e3a537c478dd012b1a512dde109814a08227c7692fc kmod-mlx4_core-1.1.32.269-1.el6_2.x86_64.rpm Source: 4c58d2912a6d1531973aca3fea9a63009f187c385d797ad7d2e21648318925e7 mlx4_core-1.1.32.269-1.el6_2.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-es] Bloquear HTTPS Dansguardian
Buenas Tardes Lista, Hablar alguna manera de bloquear sitios con el dansguardian pero para el https lo he googleado pero no he encontrado. Espero que me puedan ayudar. Slds ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Bloquear HTTPS Dansguardian
On 06/14/2012 04:01 PM, Getzan Avila wrote: Buenas Tardes Lista, Hablar alguna manera de bloquear sitios con el dansguardian pero para el https lo he googleado pero no he encontrado. a ver, el dansguardian recibe las peticiones del squid. El squid recibe las peticiones de dos formas: 1- mediante redireccionamiento de los paquetes que van saliendo hacia el puerto 80 2- mediante el configurar directo en el browser la IP y puerto del equipo donde esté el squid la opción 2 es excelente pues te permite decirle al navegador que tenga que recaer en el squid para todo tipo de conexión. Sin embargo casi nadie le usa ya. la opción 1 normalmente redirecciona el puerto 80 nada más, no el 443 (https), por diversísimas razones... y aún cuando le redireccione, no creo que se vea dentro del paquete porque sería encriptado, creo. En todo caso qué quieres? Bloquear facebook? Es la petición que últimamente está de moda, puedes ver aquí para esto: http://www.ecualug.org/2012/05/23/comos/centos6_%C2%BFc%C3%B3mo_bloquear_facebook_con_iptables lo mismo puede usarse para bloquear por cualquier otra cadena. saludos epe Espero que me puedan ayudar. Slds ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Bloquear HTTPS Dansguardian
Dansguardian no filtra el puerto https tampoco squid, lo que yo hago el bloquear la ip por iptables. Recuerda que el puerto 443 viaja encriptado. Saludos Pablo -Mensaje original- De: centos-es-boun...@centos.org [mailto:centos-es-boun...@centos.org] En nombre de Getzan Avila Enviado el: jueves, 14 de junio de 2012 17:02 Para: centos-es@centos.org Asunto: [CentOS-es] Bloquear HTTPS Dansguardian Buenas Tardes Lista, Hablar alguna manera de bloquear sitios con el dansguardian pero para el https lo he googleado pero no he encontrado. Espero que me puedan ayudar. Slds ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Bloquear HTTPS Dansguardian
Si configuras OpenDNS, se puede establecer que ademas filtre por categoría de los sitios, todas las peticiones. En mi empresa (bah, donde trabajo) fue implementado y ayudo bastante -- Diego - Yo no soy paranoico! (pero que me siguen, me siguen) ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Best way to duplicate a live Centos 5 server?
On 6/14/12, Smithies, Russell russell.smith...@agresearch.co.nz wrote: How about using one of the backup tools to image the server? We use Symantec System Recovery and image all the disks. We then have the option of restoring to different hardware (physical or virtual) which works very well. There's a 60-day evaluation period. http://www.symantec.com/products/trialware.jsp?pcid=pcat_business_contpvid=1602_1 Not an option for me unfortunately, the only Windows systems on location are at best Win7 Home Premium and SSR requires a Win Server OS according to their page. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6.2 32 default kernel support pae?
A client is insisting to install CentOS 6.2 32 bit version [1] on a system with 4GB RAM. Lately, I have done 64 bit installations only; not sure if the 32 bit kernel supports pae for = 4GB RAM. If anyone knows the answer please let me know (will save me time on an installation in my setup). [1] The Client's ERP vendor has validated the application on the 32 bit platform only thus the reason for 32 bit version. Thanks, -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 32 default kernel support pae?
Am 14.06.2012 09:46, schrieb Arun Khan: A client is insisting to install CentOS 6.2 32 bit version [1] on a system with 4GB RAM. Lately, I have done 64 bit installations only; not sure if the 32 bit kernel supports pae for = 4GB RAM. If anyone knows the answer please let me know (will save me time on an installation in my setup). [1] The Client's ERP vendor has validated the application on the 32 bit platform only thus the reason for 32 bit version. Thanks, -- Arun Khan https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.0_Release_Notes/kernel.html see 12.6.1. Physical Address Extension (PAE) Not said there, but support is up to 64GB of RAM. Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 32 default kernel support pae?
On 06/14/12 12:46 AM, Arun Khan wrote: [1] The Client's ERP vendor has validated the application on the 32 bit platform only thus the reason for 32 bit version. the client should find a ERP vendor who's not stuck back in the 90s. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Two CentOS installations failed dual boot
Hello everybody, I installed Centos 6.2 on a computer with an older version of it in order to dual boot both of them. I managed to install the new OS on a physically seperated hard drive, and configured grub to make the newly installed OS the default one. Now the older OS won't boot and this error message shows: *error 13: invalid or unsupported executable format*. I attached to the email the output of *fdisk -l* and a copy of the */etc/grub.conf* configuration file. I have no experience dealing with boot/grub issues, so any help on this will be much appreciated. Regards. [root@mypc ~]# fdisk -l Disk /dev/sda: 80.0 GB, 800 bytes 255 heads, 63 sectors/track, 9726 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x0080 Device Boot Start End Blocks Id System /dev/sda1 * 1947276077056 83 Linux /dev/sda294729726 2045952 82 Linux swap / Solaris Disk /dev/sdb: 80.0 GB, 80032038912 bytes 255 heads, 63 sectors/track, 9730 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xdbdbdbdb Device Boot Start End Blocks Id System /dev/sdb1 * 1 13 104391 83 Linux /dev/sdb2 14973078051802+ 8e Linux LVM Disk /dev/mapper/VolGroup00-LogVol01: 2080 MB, 2080374784 bytes 255 heads, 63 sectors/track, 252 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x30307800 Disk /dev/mapper/VolGroup00-LogVol01 doesn't contain a valid partition table Disk /dev/mapper/VolGroup00-LogVol00: 77.8 GB, 77812727808 bytes 255 heads, 63 sectors/track, 9460 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x Disk /dev/mapper/VolGroup00-LogVol00 doesn't contain a valid partition table [root@mypc ~]# # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, eg. # root (hd1,0) # kernel /boot/vmlinuz-version ro root=/dev/sda1 # initrd /boot/initrd-[generic-]version.img #boot=/dev/sdb default=0 timeout=5 splashimage=(hd1,0)/boot/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.32-220.17.1.el6.i686) root (hd1,0) kernel /boot/vmlinuz-2.6.32-220.17.1.el6.i686 ro root=UUID=b5d4d678-1e3d-47ce-acf1-d061097b6885 rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=fr LANG=en_US.UTF-8 rd_NO_MD quiet SYSFONT=latarcyrheb-sun16 rhgb crashkernel=auto rd_LVM_LV=VolGroup00/LogVol01 rd_NO_DM initrd /boot/initramfs-2.6.32-220.17.1.el6.i686.img title CentOS IPBX (2.6.32-220.el6.i686) root (hd1,0) kernel /boot/vmlinuz-2.6.32-220.el6.i686 ro root=UUID=b5d4d678-1e3d-47ce-acf1-d061097b6885 rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=fr LANG=en_US.UTF-8 rd_NO_MD quiet SYSFONT=latarcyrheb-sun16 rhgb crashkernel=auto rd_LVM_LV=VolGroup00/LogVol01 rd_NO_DM initrd /boot/initramfs-2.6.32-220.el6.i686.img title VoisGate rootnoverify (hd0,0) chainloader +1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 32 default kernel support pae?
On Thu, Jun 14, 2012 at 1:35 PM, Alexander Dalloz ad+li...@uni-x.org wrote: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.0_Release_Notes/kernel.html see 12.6.1. Physical Address Extension (PAE) Not said there, but support is up to 64GB of RAM. Thanks very much for pointing out the Release Notes section :) -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 32 default kernel support pae?
On Thu, Jun 14, 2012 at 1:46 PM, John R Pierce pie...@hogranch.com wrote: On 06/14/12 12:46 AM, Arun Khan wrote: [1] The Client's ERP vendor has validated the application on the 32 bit platform only thus the reason for 32 bit version. the client should find a ERP vendor who's not stuck back in the 90s. Agreed, I pointed it out to client but I am not the one who selected the ERP vendor for them; sometimes one has to choose which battles to fight. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best way to duplicate a live Centos 5 server?
On Thu, Jun 14, 2012 at 2:32 AM, Emmanuel Noobadmin centos.ad...@gmail.com wrote: On 6/14/12, Smithies, Russell russell.smith...@agresearch.co.nz wrote: How about using one of the backup tools to image the server? We use Symantec System Recovery and image all the disks. We then have the option of restoring to different hardware (physical or virtual) which works very well. There's a 60-day evaluation period. http://www.symantec.com/products/trialware.jsp?pcid=pcat_business_contpvid=1602_1 Not an option for me unfortunately, the only Windows systems on location are at best Win7 Home Premium and SSR requires a Win Server OS according to their page. Clonezilla-live is good for straight image copies, but you have to shut down the source while taking the copy and it doesn't do raid. It does handle most filesystems including windows and knows enough to only copy the used blocks. ReaR will make the copy with the source running and handles most linux disk layouts. There is not much documentation at this point and there are a lot of options, but if you have an NFS share to hold the intermediate backup copy it only takes a couple of lines in a conf file to set it up. However, since it is designed for backup/restore, the default is for the restore iso to use the same IP as the source which is awkward for live cloning. You can work around that but should probably try a test system first. It is definitely worth looking at as a simple backup solution in any case. If the target hardware is different, both clonezilla and rear may require you to build a new initrd with appropriate disk drivers included. Using the VMware converter tool (free) might work. I've done it with windows, but so far it has not worked with the disk layouts on the linux systems I have tried. When it works, it works very well - and you could probably do additional conversions from the vmware image. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 88, Issue 9
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2012:0731 Moderate CentOS 5 expat Update (Johnny Hughes) 2. CESA-2012:0730 Important CentOS 5 java-1.6.0-openjdk Update (Johnny Hughes) 3. CESA-2012:0729 Critical CentOS 6 java-1.6.0-openjdk Update (Johnny Hughes) 4. CESA-2012:0731 Moderate CentOS 6 expat Update (Johnny Hughes) 5. CEBA-2012:0738 CentOS 5 gawk FASTTRACK Update (Johnny Hughes) 6. CEBA-2012:0737 CentOS 6 corosync Update (Johnny Hughes) 7. CEEA-2012:0739 CentOS 6 mlx4_ib Update (Johnny Hughes) 8. CEEA-2012:0739 CentOS 6 mlx4_en Update (Johnny Hughes) 9. CEBA-2012:0740 CentOS 6 apr Update (Johnny Hughes) 10. CEEA-2012:0739 CentOS 6 mlx4_core Update (Johnny Hughes) -- Message: 1 Date: Wed, 13 Jun 2012 17:07:10 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CESA-2012:0731 Moderate CentOS 5 expat Update To: centos-annou...@centos.org Message-ID: 20120613170710.ga31...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2012:0731 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0731.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 3cd68b239349db1f2a58ad30ef511148235cda9e7b692323d0b8606aa0f094e3 expat-1.95.8-11.el5_8.i386.rpm 1a19aae09d3fae92d7e31244abe1d12804206a3f0445a7d56c34e363d16e870a expat-devel-1.95.8-11.el5_8.i386.rpm x86_64: 3cd68b239349db1f2a58ad30ef511148235cda9e7b692323d0b8606aa0f094e3 expat-1.95.8-11.el5_8.i386.rpm 9e40d6c5cfd8288231e0a3c7a193a1601fb6a909df00a917d59cc02e596ea7dd expat-1.95.8-11.el5_8.x86_64.rpm 1a19aae09d3fae92d7e31244abe1d12804206a3f0445a7d56c34e363d16e870a expat-devel-1.95.8-11.el5_8.i386.rpm 25f29550c06e68dbdd2847421e2c1db4f8fa3a02dab12f6cdfc7b2b3ab72e2c8 expat-devel-1.95.8-11.el5_8.x86_64.rpm Source: f394a130aa92f025255ee20283d9dc9e93f73c8858bfb1a87736e211df8b65b6 expat-1.95.8-11.el5_8.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 2 Date: Wed, 13 Jun 2012 17:29:00 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CESA-2012:0730 Important CentOS 5 java-1.6.0-openjdk Update To: centos-annou...@centos.org Message-ID: 20120613172900.ga31...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2012:0730 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0730.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: f1f34d561b7a8792c87baa365b8c476dbc16149df94ea0a932e022d474097445 java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm 0cea3bb758babe5704bdf9897f07f29a96eb97c4be5ce21c618fc8d33747b04a java-1.6.0-openjdk-demo-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm 71ab34ae5c8c4d7e43a61fcfae9e10f50941cbeebc2e0fe23d82285817b21efb java-1.6.0-openjdk-devel-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm 21f4b7cbe5175549528a3dac11c505f28b7a668e9dde5ccbf17cf345cf83575b java-1.6.0-openjdk-javadoc-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm 280419ee63d45161e204fef85af031d278eb0909e9cc1bafc452b0705db7836e java-1.6.0-openjdk-src-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm x86_64: 1b0412bd15d348d4877e0fbd9cd50e82c3e6dce631bf308f6f8858de98f7b5f2 java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm b9dcd93b7fa94e31887896710a5fa359db59f4e9718560529595b54a68153434 java-1.6.0-openjdk-demo-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm 5f3e3f41f9e0f012d12d42fc238ca0c71bbebc2e50c090a104797ef9f216d723 java-1.6.0-openjdk-devel-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm 9a78d0538ab735128188ea3a6aa5664db2111d94c2e8162f1acd44875c4aaa29 java-1.6.0-openjdk-javadoc-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm f5b83eb56f378bcf7dfbb99231b715455b98c0dd6c259b4373b6c5822bece004 java-1.6.0-openjdk-src-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm Source: 49f7df8ca0562c4a706c0553ac41c4b625a2035d21ba7a730c154d3f79c95b43 java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 3 Date: Wed, 13 Jun 2012 18:29:41 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CESA-2012:0729 Critical CentOS 6 java-1.6.0-openjdk Update To:
[CentOS] CentOS 4x Download
Dear Community Friends, i badly require CentOS 4x, because one of our application only work with that version, and current server has failed. The image which is available in CentOS following sites. CD is not boot able, cannot install. http://vault.centos.org/4.9/ http://vault.centos.org/ can anyone help to guide me how can o get CD or DVD image CentOS 4x. Thanks / Regards ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT - Is there a package to monitor network traffic
We have a situation here that is a real mystery. Our MRTG on our outgoing router and a firewall server that protects our web servers is showing a spike every six hours. I can't find the server behind the firewall that is generating such an extreme amount of packets, even though I've looked through the crontabs of nearly all servers, performed ps variations, and other types of investigation. Is there any type of package I can install that will monitor traffic and report abnormal, over-threshold packets similar to what wireshark might do in a manner that would allow me to determine where these packets might be going or from where they originate? Thanks for any help. steve campbell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Is there a package to monitor network traffic
How about tcpdump? Mike On 06/14/2012 01:07 PM, Steve Campbell wrote: We have a situation here that is a real mystery. Our MRTG on our outgoing router and a firewall server that protects our web servers is showing a spike every six hours. I can't find the server behind the firewall that is generating such an extreme amount of packets, even though I've looked through the crontabs of nearly all servers, performed ps variations, and other types of investigation. Is there any type of package I can install that will monitor traffic and report abnormal, over-threshold packets similar to what wireshark might do in a manner that would allow me to determine where these packets might be going or from where they originate? Thanks for any help. steve campbell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] unfsd scalability issues
On Wed, Jun 13, 2012 at 10:11 AM, m.r...@5-cent.us wrote: Boris Epstein wrote: On Sat, Jun 2, 2012 at 2:50 PM, John R. Dennison j...@gerdesas.com wrote: On Sat, Jun 02, 2012 at 10:59:13AM -0400, Boris Epstein wrote: snip To be specific, I use UNFSD to export a MooseFS file system. MooseFS, by the way, is userland-process based too. Be that as it may, I've seen situations where a comparably configured MooseFS client get to read at, say, 40 MB/s - which is fine - but the UNFSD at the same time reads at 40K/s(!) Why would that be? I mean, some degradation I can dig but 3 orders of magnitude? What is with this? Am I doing something wrong? snip I wonder... what's the architecture of what you're getting these results? I tried opening a bug with upstream over NFS4 and 6.x, and no one ever looked at it, and they closed it. 100% repeatably: unpack a package locally, seconds. unpack it from an NFS mount onto a local drive, about 1 min. unpack it from an NFS mount onto an NFS mount, even when the target is exported FROM THE SAME MACHINE* that the process is running on: 6.5 - 7 MINUTES. * That is, [server 1] [server 2] /export/thatdir --NFS--/target/dir /s2/source /source/dir --NFS--/s2/source and cd [server 2]:/target/dir and unpack from /s2/source I suppose I'll try logging into upstream's bugzilla using our official licensed id; maybe then they'll assign someone to look at it mark Mark, Thanks, my architecture is extremely similar to yours, except that in my case the second layer, if I may say so, is MooseFS ( http://www.moosefs.org/ ), not NFS. MooseFS itself is blazing, by the way. So the diagram in my case would look something like this: /export/thatdir --NFS--/target/dir /s2/source /source/dir -- MooseFS mount (mfsmount) --/s2/source The discrepancy in the resultant performance is comparable. Thanks. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 4x Download
On 06/14/2012 12:05 PM, Shiv. Nath wrote: Dear Community Friends, i badly require CentOS 4x, because one of our application only work with that version, and current server has failed. The image which is available in CentOS following sites. CD is not boot able, cannot install. http://vault.centos.org/4.9/ http://vault.centos.org/ can anyone help to guide me how can o get CD or DVD image CentOS 4x. The CDs should be just fine as far as booting them goes. You need to burn them as an image with your burning software and boot any if the CD-1 or DVD-1 images. If your machine does not boot from CD, you can create a pen drive boot using bootdisk.img from here: http://vault.centos.org/4.9/os/x86_64/images/ (or i386 instead of x86_64) signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 4x Download
On 06/14/2012 12:05 PM, Shiv. Nath wrote: Dear Community Friends, i badly require CentOS 4x, because one of our application only work with that version, and current server has failed. The image which is available in CentOS following sites. CD is not boot able, cannot install. http://vault.centos.org/4.9/ http://vault.centos.org/ can anyone help to guide me how can o get CD or DVD image CentOS 4x. The CDs should be just fine as far as booting them goes. You need to burn them as an image with your burning software and boot any if the CD-1 or DVD-1 images. If your machine does not boot from CD, you can create a pen drive boot using bootdisk.img from here: http://vault.centos.org/4.9/os/x86_64/images/ (or i386 instead of x86_64) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Thanks Johnny. I will give a try using pen drive. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Is there a package to monitor network traffic
On Thu, Jun 14, 2012 at 12:07 PM, Steve Campbell campb...@cnpapers.com wrote: We have a situation here that is a real mystery. Our MRTG on our outgoing router and a firewall server that protects our web servers is showing a spike every six hours. I can't find the server behind the firewall that is generating such an extreme amount of packets, even though I've looked through the crontabs of nearly all servers, performed ps variations, and other types of investigation. Is there any type of package I can install that will monitor traffic and report abnormal, over-threshold packets similar to what wireshark might do in a manner that would allow me to determine where these packets might be going or from where they originate? If you can catch it while the event is happening, wireshark can help you analyze the traffic. Do a short capture, then Statistics/Converstation list/ipv4 (or endpoint/ipv4) will give you a sortable list of the bulk of the traffic. If you are monitoring the traffic on all interfaces and switch ports with SNMP (Cacti/OpenNMS etc.) you would probably see it too. OpenNMS generates nightly reports of 'top 20' interface usage although backups sometimes show up there. 'Ntop' is also good at identifying traffic and can summarize in different ways, but you have to run it on the server where the traffic is happening. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
Hi all, Just like to know which secure FTP servers are popular in use on Linux, the FTP server should provides HTTPS, FTPS and SFTP methods. Current we are with Serv-U FTP server, but it has been crashed all the time for unknown reasons -- can not find any causes in its log file at all. Although we like its interfaces, but our customers complain its reliability a lot. Finally we are tired of it and would like an alternative. If you are satisfied with your ftp server, Please feel free to share with me. :) Thanks. --David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Networking: Some Queries -- GURUS HELP PL
On Jun 13, 2012, at 2:52 AM, Sanjay Arora sanjay.k.ar...@gmail.com wrote: My machine is on LAN 192.168.1.0/24, has an IP of 192.168.1.3. This Network has GW 192.168.1.1 which is an adsl router in the office. No firewall on the router. Other LAN machines have IPs in the 192.168.1.0/24 network I'm not allowed to use those IPs. They are reserved for LAN use. Now My machine has a second card for LTSP Network (it is a LTSP Server) with IP 172.16.1.0/24 Can your VMs request IPs on this network or is it NAT'd as well? I want Virtual hosts on my machine so I have to have a different IP rangesay 192.168.2.0/24 Maybe better to use LTSP network IPs and use the 192.168 bridge interface for Internet only giving out dnsmasq IPs which are 169.X I believe? And I want routing among three as well as Internet access through the NATTED adsl router which has a dynamic IP. If you have 172.16 IPs on the VMs for the LTSP bridged network, then use dnsmasq to assign dynamic IPs for the Internet NAT'd bridge on the 192.168 network, set a default route out the Internet NAT'd bridged interfaces and you should get what you want. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Is there a package to monitor network traffic
On Jun 14, 2012, at 1:07 PM, Steve Campbell campb...@cnpapers.com wrote: We have a situation here that is a real mystery. Our MRTG on our outgoing router and a firewall server that protects our web servers is showing a spike every six hours. I can't find the server behind the firewall that is generating such an extreme amount of packets, even though I've looked through the crontabs of nearly all servers, performed ps variations, and other types of investigation. Is there any type of package I can install that will monitor traffic and report abnormal, over-threshold packets similar to what wireshark might do in a manner that would allow me to determine where these packets might be going or from where they originate? Setup a nettop server and netflow on the routing interfaces and you will find tour culprit. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Is there a package to monitor network traffic
On Jun 14, 2012, at 6:44 PM, Ross Walker rswwal...@gmail.com wrote: On Jun 14, 2012, at 1:07 PM, Steve Campbell campb...@cnpapers.com wrote: We have a situation here that is a real mystery. Our MRTG on our outgoing router and a firewall server that protects our web servers is showing a spike every six hours. I can't find the server behind the firewall that is generating such an extreme amount of packets, even though I've looked through the crontabs of nearly all servers, performed ps variations, and other types of investigation. Is there any type of package I can install that will monitor traffic and report abnormal, over-threshold packets similar to what wireshark might do in a manner that would allow me to determine where these packets might be going or from where they originate? Setup a nettop server and netflow on the routing interfaces and you will find tour culprit. Nettop - ntop -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 06/14/12 3:39 PM, Gelen James wrote: Just like to know which secure FTP servers are popular in use on Linux, the FTP server should provides HTTPS, FTPS and SFTP methods. sftp is part of SSH, not FTP. https is HTTP not FTP. ftps (FTP over SSL) is a non-standard mess and should be banned. I use vsftp for a straight FTP server, and apache for a https server, openssh for a SSH server. these are all standard CentOS components. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
Hi John, I had the same idea with you just a few years back that the ftp only servers FTP protocol. But nowadays a FTP server provides same contents over a lot of protocols at the same time: FTP/FTPS/SFTP/HTTP/HTTPS. Please check the wiki page http://en.wikipedia.org/wiki/List_of_FTP_server_software. There are so many choices but it is difficult to find one that is reliable, secure and at the same time easy to use. Thanks. --David From: John R Pierce pie...@hogranch.com To: centos@centos.org Sent: Thursday, June 14, 2012 3:59 PM Subject: Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not On 06/14/12 3:39 PM, Gelen James wrote: Just like to know which secure FTP servers are popular in use on Linux, the FTP server should provides HTTPS, FTPS and SFTP methods. sftp is part of SSH, not FTP. https is HTTP not FTP. ftps (FTP over SSL) is a non-standard mess and should be banned. I use vsftp for a straight FTP server, and apache for a https server, openssh for a SSH server. these are all standard CentOS components. -- john r pierce N 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 06/14/12 4:08 PM, Gelen James wrote: I had the same idea with you just a few years back that the ftp only servers FTP protocol. But nowadays a FTP server provides same contents over a lot of protocols at the same time: FTP/FTPS/SFTP/HTTP/HTTPS thats just silly. I suppose we should call NFS FTP too, because it serves files? the classic FTP protocol is a hangover from the 1970s and really should be sent to pasture and allowed to die a peaceful death.I generally use http for serving anonymous read only files, and sftp/scp for authenticated transfers -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On Thu, Jun 14, 2012 at 6:18 PM, John R Pierce pie...@hogranch.com wrote: thats just silly. I suppose we should call NFS FTP too, because it serves files? What do you call something like Alfresco that emulates all kinds of file/web services while imposing additional logic compared to what the OS would do? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 06/14/12 4:08 PM, Gelen James wrote: Please check the wiki pagehttp://en.wikipedia.org/wiki/List_of_FTP_server_software. There are so many choices psst? most of those are for MS Windows, which doesn't come with a decent FTP server built in. many of them are commercial. there's really only a couple on that list suitable for a linux server, headed up with vsftpd, the default ftp server in CentOS. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 6/14/2012 7:23 PM, John R Pierce wrote: On 06/14/12 4:08 PM, Gelen James wrote: Please check the wiki pagehttp://en.wikipedia.org/wiki/List_of_FTP_server_software. There are so many choices psst? most of those are for MS Windows, which doesn't come with a decent FTP server built in. many of them are commercial. there's really only a couple on that list suitable for a linux server, headed up with vsftpd, the default ftp server in CentOS. I do hear good things about ProFTP and actually have it on one of my new installs, but haven't yet messed with it. I found it odd that it didn't make the wiki list. Maybe some others can give some feedback on it? -- John Hinton 877-777-1407 ext 502 http://www.ew3d.com Comprehensive Online Solutions ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Sendmail SMTP Brute-Force Attack
Dear CentOS Community Is totally clear there's no support sendmail platform today, but I need to stop SMTP brute-force attack on sendmail. My server is attacked today, my maillog look like : 4...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=, size=3958, class=0, nrcpts=1, msgid=201206142307.q5en710u024...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:23 at6412 sendmail[24868]: q5EN7M6D024868: from= qmar...@qmarket.cl, size=2193, class=0, nrcpts=2, msgid= 20120614231448.1e99a13e...@smtp02qmarket.qmarket.cl, proto=ESMTP, daemon=MTA, relay=[200.1.174.121] Jun 14 19:07:24 at6412 sendmail[24961]: q5EN7OT4024961: from= nob...@2012.123icq.cl, size=4716, class=0, nrcpts=1, msgid= e1sfj8h-0005kv...@2012.123icq.cl, proto=ESMTP, daemon=MTA, relay= pc1.globalmac.cl [200.29.231.61] (may be forged) Jun 14 19:07:33 at6412 sendmail[25013]: q5EN7SqK025013: from= a.pfsv...@yahoo.com, size=760, class=0, nrcpts=1, msgid= 1531549-634033...@owfzdl.net, proto=SMTP, daemon=MTA, relay= h095159149119.ys.dsl.sakhalin.ru [95.159.149.119] Jun 14 19:07:37 at6412 sendmail[25065]: q5EN7bCj025065: from= en.viaimp...@gmail.com, size=4531, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=186-105-73-29.baf.movistar.cl [186.105.73.29] I need help for STOP this spamers right now. Thanks in advance to anyone who can guide me With Kind Regards, Gustavo A. Lacoste Z. Curacautín - Chile Skype: knxroot Msn Gtalk: knx.root [at] gmail.com Home page: http://www.lacosox.org - - *Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint. Lea http://www.gnu.org/philosophy/no-word-attachments.es.html* ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 06/14/12 4:22 PM, Les Mikesell wrote: What do you call something like Alfresco that emulates all kinds of file/web services while imposing additional logic compared to what the OS would do? useless hey, you asked what *I* would call it. I have no use for that sort of silliness. Maybe someone running a 'warez' server does, not me. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 06/14/12 4:33 PM, Gustavo Lacoste wrote: I need help for STOP this spamers right now. Thanks in advance to anyone who can guide me 2 of the three relay IPs listed in your log fragment are listed on spamhaus' Zen combined list, http://www.spamhaus.org/zen/ this is free for use by low volume non-commercial email servers. see the terms linked on the above URL. adding the following line to your sendmail.mc file, then rebuilding the .cf and restarting sendmail would reject all mail connections from servers listed via Spamhaus. FEATURE(dnsbl,`zen.spamhaus.org',`Message from ${client_addr} rejected - see http://www.spamhaus.org/SBL/sbl-rationale.html') dnl (note this file is in M4 syntax, and has to use 'funny' quoting, with a ` as the opening quote). -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 06/15/2012 01:28 AM, John Hinton wrote: On 6/14/2012 7:23 PM, John R Pierce wrote: On 06/14/12 4:08 PM, Gelen James wrote: Please check the wiki pagehttp://en.wikipedia.org/wiki/List_of_FTP_server_software. There are so many choices psst? most of those are for MS Windows, which doesn't come with a decent FTP server built in. many of them are commercial. there's really only a couple on that list suitable for a linux server, headed up with vsftpd, the default ftp server in CentOS. I do hear good things about ProFTP and actually have it on one of my new installs, but haven't yet messed with it. I found it odd that it didn't make the wiki list. Maybe some others can give some feedback on it? If you are running a recent distro you should go with sftp. With the Match directive you can even selectively create chroots for users and groups which should cover most use-cases. FTP is just insecure (plaintext passwords) and the secure variant FTPS makes firewall setups a pain because the fixes for FTPs protocol layering violations (the conntrack and nat modules for iptables) stop working. Don't use FTP unless you absolutely have to. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
You can use, also, fail2ban http://www.fail2ban.org/wiki/index.php/Sendmail http://www.fail2ban.org/wiki/index.php/HOWTOs Work over the filter. You can set that if 'x' connection from same IP in 'y' seconds, block in firewall -- Diego - Yo no soy paranoico! (pero que me siguen, me siguen) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
The problem with my server is: I use it to offer webhosting services. Some customers using Outlook are blocked because they use black listed ips (ips simply are dynamic). With Kind Regards, Gustavo A. Lacoste Z. Curacautín - Chile Skype: knxroot Msn Gtalk: knx.root [at] gmail.com Home page: http://www.lacosox.org - - *Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint. Lea http://www.gnu.org/philosophy/no-word-attachments.es.html* 2012/6/14 John R Pierce pie...@hogranch.com On 06/14/12 4:33 PM, Gustavo Lacoste wrote: I need help for STOP this spamers right now. Thanks in advance to anyone who can guide me 2 of the three relay IPs listed in your log fragment are listed on spamhaus' Zen combined list, http://www.spamhaus.org/zen/ this is free for use by low volume non-commercial email servers. see the terms linked on the above URL. adding the following line to your sendmail.mc file, then rebuilding the .cf and restarting sendmail would reject all mail connections from servers listed via Spamhaus. FEATURE(dnsbl,`zen.spamhaus.org',`Message from ${client_addr} rejected - see http://www.spamhaus.org/SBL/sbl-rationale.html') dnl (note this file is in M4 syntax, and has to use 'funny' quoting, with a ` as the opening quote). -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
If you have disabled open relaying then I would look at grey listing and throttling to reduce the number of spam per hour that comes in. Since your routing others emails there is no point in spam analysis cause your customers are probably doing it already. Just need to dissuade spammers from full throttling your edge severs. -Ross On Jun 14, 2012, at 8:58 PM, Gustavo Lacoste gust...@lacosox.org wrote: The problem with my server is: I use it to offer webhosting services. Some customers using Outlook are blocked because they use black listed ips (ips simply are dynamic). With Kind Regards, Gustavo A. Lacoste Z. Curacautín - Chile Skype: knxroot Msn Gtalk: knx.root [at] gmail.com Home page: http://www.lacosox.org - - *Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint. Lea http://www.gnu.org/philosophy/no-word-attachments.es.html* 2012/6/14 John R Pierce pie...@hogranch.com On 06/14/12 4:33 PM, Gustavo Lacoste wrote: I need help for STOP this spamers right now. Thanks in advance to anyone who can guide me 2 of the three relay IPs listed in your log fragment are listed on spamhaus' Zen combined list, http://www.spamhaus.org/zen/ this is free for use by low volume non-commercial email servers. see the terms linked on the above URL. adding the following line to your sendmail.mc file, then rebuilding the .cf and restarting sendmail would reject all mail connections from servers listed via Spamhaus. FEATURE(dnsbl,`zen.spamhaus.org',`Message from ${client_addr} rejected - see http://www.spamhaus.org/SBL/sbl-rationale.html') dnl (note this file is in M4 syntax, and has to use 'funny' quoting, with a ` as the opening quote). -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On Thu, Jun 14, 2012 at 7:58 PM, Gustavo Lacoste gust...@lacosox.org wrote: The problem with my server is: I use it to offer webhosting services. Some customers using Outlook are blocked because they use black listed ips (ips simply are dynamic). Give them logins/passwords and only rely if the connection is authenticated. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 06/14/12 5:58 PM, Gustavo Lacoste wrote: The problem with my server is: I use it to offer webhosting services. Some customers using Outlook are blocked because they use black listed ips (ips simply are dynamic). They should be using smtp auth over SASL, or they should be using their ISP's smarthosts for forwarding outbound mail. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On Jun 15, 2012 12:39 AM, Gelen James hahaha_...@yahoo.com wrote: Just like to know which secure FTP servers are popular in use on Linux, the FTP server should provides HTTPS, FTPS and SFTP methods. Proftpd, hands down for the (s)ftp(s) but for http you have to look somewhere else. Mikael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
Proftpd, hands down for the (s)ftp(s) but for http you have to look somewhere else. k +1 for ProFTPD. I have not used it for sftp, but I have for ftps. Make sure on ftps to use ccc - clear command channel which allows the command channel to be picked up by firewalls that need to know about the port change conversation. Also .. limit your passive ports as well. 1 for administration + 2*number of concurrent users. Use apache for https. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Networking: Some Queries -- GURUS HELP PL
On Wed, Jun 13, 2012 at 9:12 PM, Les Mikesell lesmikes...@gmail.com wrote: On Wed, Jun 13, 2012 at 1:52 AM, Sanjay Arora sanjay.k.ar...@gmail.com wrote: OK, I don't quite understand what 'reserved for LAN' use means. I'll assume it means someone else controls it and they won't cooperate if Correct. you bridge you VM's to the LAN. In most scenarios, the adsl router would give out DHCP addresses and unless you run out, bridged machines would just grab their own address and work just like a new physical machine. True Enough but the adsl Ip range is not in my control as you have assumed correctly. Now My machine has a second card for LTSP Network (it is a LTSP Server) with IP 172.16.1.0/24 I want Virtual hosts on my machine so I have to have a different IP rangesay 192.168.2.0/24 And I want routing among three as well as Internet access through the NATTED adsl router which has a dynamic IP. This is my problem. You still don't say what kind of access you need Basically accessing the VMs from the Internetssh, vnc, rdp, ftp so on...different needs for different vm. - or why you can't bridge on the 172.16.1.0 side which eliminates half of the problem. Outbound connections are easy - your LTSP clients probably already have that via NAT on the server, and they also should be using the server as their default gateway. Yes LTSP has outward NAT access...require the same inward access there too... If you don't want the VM guests on the same subnet, you can create a new guest-only subnet with the same setup as the LTSP side (server is default gateway and can route among all networks). So you only have a problem if you need to accept inbound connections from the LAN or internet. You probably don't have that now for the LTSP subnet. Do you need it for the VMs? Yes to both. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos