[CentOS-docs] centos guide
hello, my name is RichardKennesson I wrote a guide in LaTeX about how to get Redmine up and running with mercurial. I plan on adding Git and SVN to the guide. I would like to share it with the community so that they can critique it and test it. thanks, kennesson ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-es] Compilar el Kernel en CentOS 6.1
Hola y buen día para todos. Instalé CentOS 6.1 pero el kernel que tengo instalado no me reconoce la placa de red y en el DVD que viene con la Motherboard (M5 A78L-M lx) me dice que tengo que actualizar el KERNEL para que me reconozca todos los dispositivos. Por eso tampoco puedo hacer una actualización del sistema porque no me reconoce la placa de red (Realtek Semiconductor RTL 8168/8111 PCIe Gigabit Ethernet Adapter). Como va ser la primera vez en Compilar el KERNEL algunos de ustedes puede pasar un tutorial o manual de como compilar el kernel. Desde ya muchas gracias. Luciano ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Compilar el Kernel en CentOS 6.1
On 06/15/2012 08:11 AM, Luciano Andrés Chiarotto wrote: porque no me reconoce la placa de red (Realtek Semiconductor RTL 8168/8111 PCIe Gigabit Ethernet Adapter). sí te voy a indicar cómo: nunca se pone nada que no sea rpm en tu instalación, sino luego tendrás problemas al actualizar. no es requerido compilar el kernel, todo debe ser fácil sino no fuera linux: http://elrepo.org/tiki/kmod-r8168 prueba con elrepo, elrepo se especializa en módulos adicionales para los kernels de CentOS saludos epe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Compilar el Kernel en CentOS 6.1
Hola Ernesto. De esta página ( http://rpm.pbone.net/index.php3/stat/4/idpl/18147080/dir/redhat_el_6/com/kernel-ml-devel-3.4.2-1.el6.elrepo.x86_64.rpm.html) bajé este paquete. kernel-ml-devel-3.4.2-1.el6.elrepo.x86_64.rpm Te consulto, con la instalación de este paquete actualizo el kernel y a su vez los módulos de la placa de red ? La instalación la hago de la siguiente forma... rpm -Uvh kernel-ml-devel-3.4.2-1.el6.elrepo.x86_64.rpm y listo. Desde ya muchas gracias - epe. Saludos El 15 de junio de 2012 10:46, Ernesto Pérez Estévez cen...@ecualinux.comescribió: On 06/15/2012 08:11 AM, Luciano Andrés Chiarotto wrote: porque no me reconoce la placa de red (Realtek Semiconductor RTL 8168/8111 PCIe Gigabit Ethernet Adapter). sí te voy a indicar cómo: nunca se pone nada que no sea rpm en tu instalación, sino luego tendrás problemas al actualizar. no es requerido compilar el kernel, todo debe ser fácil sino no fuera linux: http://elrepo.org/tiki/kmod-r8168 prueba con elrepo, elrepo se especializa en módulos adicionales para los kernels de CentOS saludos epe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Compilar el Kernel en CentOS 6.1
Y si mejor intentas con CentOS 6.2, yo lo tengo instalado en una Laptop Dell Precision y va muy bien, reconoce todo el hardware excepto el lector de huellas XD Saludos, Javier. On Fri, 2012-06-15 at 10:11 -0300, Luciano Andrés Chiarotto wrote: Hola y buen día para todos. Instalé CentOS 6.1 pero el kernel que tengo instalado no me reconoce la placa de red y en el DVD que viene con la Motherboard (M5 A78L-M lx) me dice que tengo que actualizar el KERNEL para que me reconozca todos los dispositivos. Por eso tampoco puedo hacer una actualización del sistema porque no me reconoce la placa de red (Realtek Semiconductor RTL 8168/8111 PCIe Gigabit Ethernet Adapter). Como va ser la primera vez en Compilar el KERNEL algunos de ustedes puede pasar un tutorial o manual de como compilar el kernel. Desde ya muchas gracias. Luciano ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] soporte
hola saben hasta que año tiene soporte centos 5? gracias ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Compilar el Kernel en CentOS 6.1
On 06/15/2012 10:16 AM, Luciano Andrés Chiarotto wrote: Hola Ernesto. De esta página ( http://rpm.pbone.net/index.php3/stat/4/idpl/18147080/dir/redhat_el_6/com/kernel-ml-devel-3.4.2-1.el6.elrepo.x86_64.rpm.html) bajé este paquete. kernel-ml-devel-3.4.2-1.el6.elrepo.x86_64.rpm hum, mira, este es el kernel-ml uno que compiló el autor de elrepo (si mal no recuerdo) pero que no es el original de centos. Te sugeriría mas bien que pruebes instalar simplemente el repo de elrepo y entonecs instales el kmod que te indiqué, para que te mantengas con el mismo kernel de centos. Además, no dudes que en kernels más modernos que el que tengas, ya esté este driver incluído, pues el upstream siempre provee nuevos módulos durante los primeros 5 años más o menos de existencia de la versión de CentOS saludos epe Te consulto, con la instalación de este paquete actualizo el kernel y a su vez los módulos de la placa de red ? La instalación la hago de la siguiente forma... rpm -Uvh kernel-ml-devel-3.4.2-1.el6.elrepo.x86_64.rpm y listo. Desde ya muchas gracias - epe. Saludos El 15 de junio de 2012 10:46, Ernesto Pérez Estévez cen...@ecualinux.comescribió: On 06/15/2012 08:11 AM, Luciano Andrés Chiarotto wrote: porque no me reconoce la placa de red (Realtek Semiconductor RTL 8168/8111 PCIe Gigabit Ethernet Adapter). sí te voy a indicar cómo: nunca se pone nada que no sea rpm en tu instalación, sino luego tendrás problemas al actualizar. no es requerido compilar el kernel, todo debe ser fácil sino no fuera linux: http://elrepo.org/tiki/kmod-r8168 prueba con elrepo, elrepo se especializa en módulos adicionales para los kernels de CentOS saludos epe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Centos 6 - Networking: Some Queries -- GURUS HELP PL
On 06/14/12 10:51 PM, Sanjay Arora wrote: True Enough but the adsl Ip range is not in my control as you have assumed correctly. when you bridge virtual hosts to a LAN, they appear just like they are real machines plugged into the same LAN. they'll each get their own IP from the ADSL router's DHCP. why is this a problem? are you not allowed to plug in multiple systems? as I previously explained, if you create a separate subnet for your VMs, you'll need to route them, and ALL the hosts on the LAN including the ADSL internet gateway will need to know this route or they (and the internet) wont work for those VMs. alternately, you use NAT, and then your VM's aren't externally visible, but they can connect out to the internet (which will appear to your router like your host system is doing the connections) -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Networking: Some Queries -- GURUS HELP PL
On 06/14/12 10:51 PM, Sanjay Arora wrote: You still don't say what kind of access you need Basically accessing the VMs from the Internetssh, vnc, rdp, ftp so on...different needs for different vm. how will that work if you have no control over the ADSL internet router? the internet can only see the IP of the ADSL gateway, and can't connect to ANY systems behind it, unless that router has port forwarding setup. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Is there a package to monitor network traffic
On 14/06/2012 18:07, Steve Campbell wrote: We have a situation here that is a real mystery. Our MRTG on our outgoing router and a firewall server that protects our web servers is showing a spike every six hours. I can't find the server behind the firewall that is generating such an extreme amount of packets, even though I've looked through the crontabs of nearly all servers, performed ps variations, and other types of investigation. Is there any type of package I can install that will monitor traffic and report abnormal, over-threshold packets similar to what wireshark might do in a manner that would allow me to determine where these packets might be going or from where they originate? tp://lists.centos.org/mailman/listinfo/centos I used to quite like iptraf for a quick summary view of the traffic use. Don't know if there is a CentOS package for it. -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Is there a package to monitor network traffic
On 06/15/2012 06:43 AM, Giles Coochey wrote: On 14/06/2012 18:07, Steve Campbell wrote: We have a situation here that is a real mystery. Our MRTG on our outgoing router and a firewall server that protects our web servers is showing a spike every six hours. I can't find the server behind the firewall that is generating such an extreme amount of packets, even though I've looked through the crontabs of nearly all servers, performed ps variations, and other types of investigation. Is there any type of package I can install that will monitor traffic and report abnormal, over-threshold packets similar to what wireshark might do in a manner that would allow me to determine where these packets might be going or from where they originate? tp://lists.centos.org/mailman/listinfo/centos I used to quite like iptraf for a quick summary view of the traffic use. Don't know if there is a CentOS package for it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos iptraf-ng.i6861.1.1-2.el6 epel trafshow.i686 5.2.3-6.el6 epel are both pretty good. -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Networking: Some Queries -- GURUS HELP PL
On Fri, Jun 15, 2012 at 12:51 AM, Sanjay Arora sanjay.k.ar...@gmail.com wrote: You still don't say what kind of access you need Basically accessing the VMs from the Internetssh, vnc, rdp, ftp so on...different needs for different vm. You should be able to make outbound connections that originate from the VMs through NAT.Direct inbound connections over the internet are impossible without a public address. or at least port-forwarding configured on the router - which it will probably only do to its own subnet.You could tunnel access through a VPN, though. OpenVPN on your server would be able to make an outbound connection through the nat to another site and you could route the private addresses through the VPN tunnel. Without support on the router, your VPN can only connect to pre-arranged public IP addresses. If you can get a single port (preferably UDP) forwarded on the router to your server, you would be able to connect from anywhere with an openvpn client which would be able to route for that host or for a remote site. - or why you can't bridge on the 172.16.1.0 side which eliminates half of the problem. Outbound connections are easy - your LTSP clients probably already have that via NAT on the server, and they also should be using the server as their default gateway. Yes LTSP has outward NAT access...require the same inward access there too... What about the server? Do you have any existing way set up for inward connections to it?If so, you can use a VPN or ssh port-forwarding, or reverse-proxy connections where a vpn will be the most generic. However, you have to be just as careful about firewalling such connections as at the main router you are trying to bypass. It is a bad idea to do this without support from your network administrator. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Should we run Amavisd on our final delivery hosts?
We use Cyrus-imapd together with Postix to effect final delivery of email messages to our clients. The final delivery server is isolated from the internet via a firewall and only pre-authorized host addresses can connect. All user pickup and delivery email traffic is handled through separate Internet accessible hosts that may establish these connections. The Internet facing hosts have Postfix and Amavisd running configured with ClamAV and Spamassassin. Is there anything to be gained by having Amavisd, ClamAV and Spamassassin running on the IMAP delivery box in addition to the public hosts? -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 6/14/12 11:33 PM, Gustavo Lacoste wrote: Dear CentOS Community Is totally clear there's no support sendmail platform today, but I need to stop SMTP brute-force attack on sendmail. My server is attacked today, my maillog look like : 4...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=, size=3958, class=0, nrcpts=1, msgid=201206142307.q5en710u024...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:23 at6412 sendmail[24868]: q5EN7M6D024868: from= qmar...@qmarket.cl, size=2193, class=0, nrcpts=2, msgid= 20120614231448.1e99a13e...@smtp02qmarket.qmarket.cl, proto=ESMTP, daemon=MTA, relay=[200.1.174.121] Jun 14 19:07:24 at6412 sendmail[24961]: q5EN7OT4024961: from= nob...@2012.123icq.cl, size=4716, class=0, nrcpts=1, msgid= e1sfj8h-0005kv...@2012.123icq.cl, proto=ESMTP, daemon=MTA, relay= pc1.globalmac.cl [200.29.231.61] (may be forged) Jun 14 19:07:33 at6412 sendmail[25013]: q5EN7SqK025013: from= a.pfsv...@yahoo.com, size=760, class=0, nrcpts=1, msgid= 1531549-634033...@owfzdl.net, proto=SMTP, daemon=MTA, relay= h095159149119.ys.dsl.sakhalin.ru [95.159.149.119] Jun 14 19:07:37 at6412 sendmail[25065]: q5EN7bCj025065: from= en.viaimp...@gmail.com, size=4531, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=186-105-73-29.baf.movistar.cl [186.105.73.29] I need help for STOP this spamers right now. Thanks in advance to anyone who can guide me With Kind Regards, Gustavo A. Lacoste Z. Curacautín - Chile Skype: knxroot Msn Gtalk: knx.root [at] gmail.com Home page: http://www.lacosox.org Hi, there are few solutions available to do this. 1.) install configure fail2ban 2.) Using IP Tables: i don't know if it is applicable to you # Fix in Place to Kick a User For 1 Minutes After Three Errors in The SMTP Session # And Limit The Number of Connections Someone Could Make With a Simple IP Tables Rule -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set i trust this helps, there is another solution but you do not use Postfix. # How many simultaneous connections any client is allowed to make to this service. smtpd_client_connection_count_limit = 3 # The maximal number of connection attempts any client is allowed to make to this service per time unit. smtpd_client_connection_rate_limit = 10 # The maximal number of message delivery requests that any client is allowed to make to this service per time unit, regardless of whether or # not Postfix actually accepts those messages. smtpd_client_message_rate_limit = 20 # The maximal number of recipient addresses that any client is allowed to send to this service per time unit, regardless of whether or not # Postfix actually accepts those recipients. smtpd_client_recipient_rate_limit = 500 # Clients that are excluded from connection count, connection rate, or SMTP request rate restrictions. smtpd_client_event_limit_exceptions = $mynetworks Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 06/15/12 9:25 AM, Shiv. Nath wrote: 1.) install configure fail2ban each of the connections shown in the log fragment was from a different IP. how would fail2ban help? -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 6/15/12 2:03 AM, Les Mikesell wrote: On Thu, Jun 14, 2012 at 7:58 PM, Gustavo Lacostegust...@lacosox.org wrote: The problem with my server is: I use it to offer webhosting services. Some customers using Outlook are blocked because they use black listed ips (ips simply are dynamic). Give them logins/passwords and only rely if the connection is authenticated. Hi, The solution Les Mikesell offered is also good option, use sasldb function to authenticate before relay. http://postfix.state-of-mind.de/patrick.koetter/smtpauth/sasldb_configuration.html Thanks / Regards ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On Fri, Jun 15, 2012 at 11:25 AM, Shiv. Nath prabh...@digital-infotech.net wrote: I need help for STOP this spamers right now. Thanks in advance to anyone who can guide me [...] i trust this helps, there is another solution but you do not use Postfix. Sendmail is nearly infinitely configurable - and not all that complicated if you do it in sendmail.mc instead of .cf. But, the really quick fix is to drop in a couple of milters. milter-greylist is in the rpmforge repo and will tempfail everything the first time it sees a new sender (exceptions/timing configurable, of course). Most spammers don't retry, all real mail servers do, so at the expense of an occasional delivery delay you avoid most of the problem. MimeDefang is in both EPEL and rpmforge. It lets you control most sendmail operations in a small snipped of perl and allows you to run any tests you want, including rbls and spamassassin before the message is accepted at the smtp level. MimeDefang is flexible enough that you could add your own greylisting there, but it isn't included out of the box (but the author has a commercial solution that is more complete). -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
Shiv. Nath wrote: On 6/14/12 11:33 PM, Gustavo Lacoste wrote: Dear CentOS Community Is totally clear there's no support sendmail platform today, but I need to stop SMTP brute-force attack on sendmail. My server is attacked today, my maillog look like : 4...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=, size=3958, class=0, nrcpts=1, msgid=201206142307.q5en710u024...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] snip I need help for STOP this spamers right now. there are few solutions available to do this. 1.) install configure fail2ban 2.) Using IP Tables: i don't know if it is applicable to you snip I strongly encourage you to use fail2ban. Which, btw, rewrites iptables rules on the fly Speaking of which... are other folks seeing a low-level (that is, hit, try later, hit, try later, etc, over weeks, rather than trytrytrytrytrytrytry in one shot) from inetnum: 91.201.64.0 - 91.201.67.255 netname: Donekoserv descr: DonEkoService Ltd country: RU This is explicitly against PMA, which I gather, is apache-pma. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
John R Pierce wrote: On 06/15/12 9:25 AM, Shiv. Nath wrote: 1.) install configure fail2ban each of the connections shown in the log fragment was from a different IP. how would fail2ban help? Interesting - I hadn't looked that closely. You're right - if it's one attack, it's a distributed one. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Strange su behavior after installing latest CentOS updates
I did a yum update on my CentOS 6 systems yesterday for the first time in about a month and now have some automated processes failing because the PATH is not set up correctly when using su. The problem is very easy to see by comparing the output of the following two commands: # su - user -c env | grep PATH # su user -c env | grep PATH Before yesterday's update, and on any CentOS 6.2 systems without the latest (in the last month) updates and all CentOS 5.8 systems, PATH contained anything that was set in /etc/profile.d, but it appears that it does not run anything in that directory after yesterday's update. As I mentioned before, this is breaking a lot of automated process that relied on the PATH being set correctly when doing a su - user -c Is this a known issue? Is anyone else affected by it? In case it matters, I'll include the list of all the packages that were installed yesterday at the end of this message. Thanks, Alfred Installed: kernel.i686 0:2.6.32-220.17.1.el6 kernel-devel.i686 0:2.6.32-220.17.1.el6 Updated: ImageMagick.i686 0:6.5.4.7-6.el6_2 apr.i686 0:1.3.9-5.el6_2 autocorr-en.noarch 1:3.2.1-19.6.el6_2.7 bash.i686 0:4.1.2-9.el6_2 bind-libs.i686 32:9.7.3-8.P3.el6_2.3 bind-utils.i686 32:9.7.3-8.P3.el6_2.3 epel-release.noarch 0:6-7 expat.i686 0:2.0.1-11.el6_2 firefox.i686 0:10.0.5-1.el6.centos flash-plugin.i686 0:11.2.202.236-0.1.el6.rf gnome-power-manager.i686 0:2.28.3-6.el6_2 google-chrome-stable.i386 0:19.0.1084.56-140965 java-1.6.0-openjdk.i686 1:1.6.0.0-1.48.1.11.3.el6_2 java-1.6.0-openjdk-devel.i686 1:1.6.0.0-1.48.1.11.3.el6_2 java-1.6.0-openjdk-javadoc.i686 1:1.6.0.0-1.48.1.11.3.el6_2 kernel-firmware.noarch 0:2.6.32-220.17.1.el6 kernel-headers.i686 0:2.6.32-220.17.1.el6 libatasmart.i686 0:0.17-4.el6_2 libsmbclient.i686 0:3.5.10-116.el6_2 net-tools.i686 0:1.60-110.el6_2 nfs-utils.i686 1:1.2.3-15.el6_2.1 openoffice.org-brand.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-calc.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-calc-core.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-core.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-draw.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-draw-core.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-graphicfilter.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-impress.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-impress-core.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-langpack-en.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-math.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-math-core.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-opensymbol-fonts.noarch 1:3.2.1-19.6.el6_2.7 openoffice.org-pdfimport.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-presenter-screen.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-ure.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-writer.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-writer-core.i686 1:3.2.1-19.6.el6_2.7 openoffice.org-xsltfilter.i686 1:3.2.1-19.6.el6_2.7 openssl.i686 0:1.0.0-20.el6_2.5 openssl-devel.i686 0:1.0.0-20.el6_2.5 postgresql-libs.i686 0:8.4.11-1.el6_2 samba.i686 0:3.5.10-116.el6_2 samba-client.i686 0:3.5.10-116.el6_2 samba-common.i686 0:3.5.10-116.el6_2 samba-winbind-clients.i686 0:3.5.10-116.el6_2 socat.i686 0:1.7.2.1-1.el6.rf sos.noarch 0:2.2-17.el6_2.3 sudo.i686 0:1.7.4p5-9.el6_2 tcsh.i686 0:6.17-19.el6_2 tzdata.noarch 0:2012c-1.el6 tzdata-java.noarch 0:2012c-1.el6 xulrunner.i686 0:10.0.5-1.el6.centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 06/15/2012 09:33 AM, John R Pierce wrote: On 06/15/12 9:25 AM, Shiv. Nath wrote: 1.) install configure fail2ban each of the connections shown in the log fragment was from a different IP. how would fail2ban help? If you were to switch to postfix, I believe that postscreen may be able to handle this type of spambot attack. http://www.postfix.org/postscreen.8.html Unless you happen to already be a sendmail guru, my sense is that postfix is easier to configure to deal with these complex situations. Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange su behavior after installing latest CentOS updates
Hello ALfred, On Fri, 2012-06-15 at 13:14 -0400, Alfred von Campe wrote: I did a yum update on my CentOS 6 systems yesterday for the first time in about a month and now have some automated processes failing because the PATH is not set up correctly when using su. Thanks for the heads up, but you should really take issues like this upstream. There's nothing the CentOS can or at least will do as they rebuild upstream ad verbatim. Try the RHEL 6 mailing list: https://www.redhat.com/mailman/listinfo/rhelv6-list Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Puppet + Passenger SELinux issues
I recently setup my Puppetmaster server to run through Passenger via Apache
instead of on the default webrick web server. SELinux made that not work
and I've found some documentation on making rules to allow it however mine
won't load. This is the policy I found via this website,
http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/
.
module puppet_passenger 1.7;
require {
type bin_t;
type devpts_t;
type httpd_t;
type passenger_t;
type port_t;
type proc_net_t;
class process { getattr siginh setexec sigchld noatsecure transition
rlimitinh };
class unix_stream_socket { getattr accept read write };
class capability { sys_resource sys_ptrace };
class file { entrypoint open create relabelfrom relabelto getattr
setattr read write append ioctl lock rename link unlink };
class lnk_file { getattr read };
class udp_socket name_bind;
class dir { getattr setattr add_name remove_name search open read write
ioctl lock };
}
#= httpd_t ==
allow httpd_t port_t:udp_socket name_bind;
allow httpd_t proc_net_t:file { read getattr open };
allow httpd_t bin_t:file entrypoint;
allow httpd_t passenger_t:process sigchld;
allow httpd_t passenger_t:unix_stream_socket { getattr accept read write };
optional_policy(`
puppet_manage_lib(httpd_t)
puppet_search_log(httpd_t)
puppet_search_pid(httpd_t)
allow httpd_t puppet_var_lib_t:file { relabelfrom relabelto };
')
#= passenger_t ==
allow passenger_t devpts_t:dir search;
allow passenger_t httpd_t:process { siginh rlimitinh transition noatsecure
};
allow passenger_t self:capability { sys_resource sys_ptrace };
allow passenger_t self:process setexec;
ps_process_pattern(passenger_t, httpd_t)
domain_read_all_domains_state(passenger_t)
Using the SELinux Make file works but when I try to add the new policy via
semodule -i puppet_passenger.pp I get the following
# semodule -i puppet_passenger.pp
libsepol.print_missing_requirements: puppet_passenger's global requirements
were not met: type/attribute passenger_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
semodule: Failed!
The blog I got the policy from mentioned disabling the rubygem_passenger
policy, is that where passenger_t is defined? I've looked at the source of
selinux-policy and see the required type of passenger_t is working so
unsure why it doesn't work in my policy.
The policy from audit2allow generates this when using grep -e
'httpd\|passenger' but it seems like too much allowance
module passenger 1.0;
require {
type unconfined_t;
type semanage_t;
type init_t;
type system_cronjob_t;
type mysqld_t;
type syslogd_t;
type apmd_t;
type initrc_t;
type postfix_local_t;
type puppet_etc_t;
type setfiles_t;
type rpm_t;
type unlabeled_t;
type var_run_t;
type kernel_t;
type puppet_var_run_t;
type puppet_var_lib_t;
type auditd_t;
type httpd_t;
type rpm_var_lib_t;
type postfix_cleanup_t;
type postfix_master_t;
type inetd_t;
type udev_t;
type mysqld_safe_t;
type postfix_pickup_t;
type sshd_t;
type crond_t;
type getty_t;
type postfix_qmgr_t;
type ntpd_t;
class sock_file { write unlink open };
class capability { sys_resource sys_ptrace };
class process setexec;
class dir { write getattr read create search add_name };
class file { execute read create execute_no_trans write open append
};
}
#= httpd_t ==
allow httpd_t apmd_t:dir { getattr search };
allow httpd_t apmd_t:file { read open };
allow httpd_t auditd_t:dir { getattr search };
allow httpd_t auditd_t:file { read open };
allow httpd_t crond_t:dir { getattr search };
allow httpd_t crond_t:file { read open };
allow httpd_t getty_t:dir { getattr search };
allow httpd_t getty_t:file { read open };
allow httpd_t inetd_t:dir { getattr search };
allow httpd_t inetd_t:file { read open };
allow httpd_t init_t:dir { getattr search };
allow httpd_t init_t:file { read open };
allow httpd_t initrc_t:dir { getattr search };
allow httpd_t initrc_t:file { read open };
allow httpd_t kernel_t:dir { getattr search };
allow httpd_t kernel_t:file { read open };
allow httpd_t mysqld_safe_t:dir { getattr search };
allow httpd_t mysqld_safe_t:file { read open };
allow httpd_t mysqld_t:dir { getattr search };
allow httpd_t mysqld_t:file { read open };
allow httpd_t ntpd_t:dir { getattr search };
allow httpd_t ntpd_t:file { read open };
allow httpd_t postfix_cleanup_t:dir { getattr search };
allow httpd_t postfix_cleanup_t:file { read open };
allow httpd_t postfix_local_t:dir { getattr search };
allow httpd_t postfix_local_t:file { read open };
allow httpd_t
Re: [CentOS] Strange su behavior after installing latest CentOS updates
On Jun 15, 2012, at 14:52, Leonard den Ottolander wrote: Thanks for the heads up, but you should really take issues like this upstream. There's nothing the CentOS can or at least will do as they rebuild upstream ad verbatim. Try the RHEL 6 mailing list: https://www.redhat.com/mailman/listinfo/rhelv6-list Thanks, that's a good idea. Unfortunately, I don't have time to do this today. I did, however, track this down to the root cause. The user I was changing to was using tcsh as their shell (like many of our users are), and this problem got introduced with the tcsh-6.17-19.el6.2 update. Downgrading tcsh to the previous release fixes the problem. Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Resizing est4 filesystem while mounted
Greetings - I had a logical volume that was running out of space on a virtual machine. I successfully expanded the LV using lvextend, and lvdisplay shows that it has been expanded. Then I went to expand the filesystem to fill the new space (# resize2fs -p /dev/vde1) and I get the results that the filesystem is already xx blocks long, nothing to do. If I do a # df -h, I can see that the filesystem has not been extended. I could kick the users off the VM, reboot the VM using a GParted live CD and extend the filesystem that way, but I thought that it was possible to do this live and mounted? The RH docs say this is possible; the man page for resize2fs also says it is possible with ext4. What am I missing here? This is a Centos 6.2 VM with an ext4 filesystem. The logical volumes are setup on the host system which is also a Centos 6.2 system. Jeff Boyce Meridian Environmental ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resizing est4 filesystem while mounted
On Fri, Jun 15, 2012 at 12:10:09PM -0700, Jeff Boyce wrote: Greetings - I had a logical volume that was running out of space on a virtual machine. I successfully expanded the LV using lvextend, and lvdisplay shows that it has been expanded. Then I went to expand the filesystem to fill the new space (# resize2fs -p /dev/vde1) and I get the results that the filesystem is already xx blocks long, nothing to do. If I do a # df -h, I can see that the filesystem has not been extended. I could kick the users off the VM, reboot the VM using a GParted live CD and extend the filesystem that way, but I thought that it was possible to do this live and mounted? The RH docs say this is possible; the man page for resize2fs also says it is possible with ext4. What am I missing here? This is a Centos 6.2 VM with an ext4 filesystem. The logical volumes are setup on the host system which is also a Centos 6.2 system. Try resize4fs (assuming your FS is ext4). Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resizing est4 filesystem while mounted
On 06/15/2012 09:10 PM, Jeff Boyce wrote: Greetings - I had a logical volume that was running out of space on a virtual machine. I successfully expanded the LV using lvextend, and lvdisplay shows that it has been expanded. Then I went to expand the filesystem to fill the new space (# resize2fs -p /dev/vde1) and I get the results that the filesystem is already xx blocks long, nothing to do. If I do a # df -h, I can see that the filesystem has not been extended. I could kick the users off the VM, reboot the VM using a GParted live CD and extend the filesystem that way, but I thought that it was possible to do this live and mounted? The RH docs say this is possible; the man page for resize2fs also says it is possible with ext4. What am I missing here? This is a Centos 6.2 VM with an ext4 filesystem. The logical volumes are setup on the host system which is also a Centos 6.2 system. You didn't really specify your topology accurately so I assume you used lvextend on the host side. This will not be visible until you rebooted the guest. The only way to resize without taking the system offline is to use lvm in the guest. Add a new virtual disk on the host side which results in a hot-plug event in the guest (i.e. you should see the new drive added in the guest). Now create a single partition on the drive (this is important!) and use pvcreate to turn it into a physical volume. Now add the new PV to the Volume Group. Finally you can lvextend the LV in the guest and resize the filesystem. The partitioning of the new disk in the guest is important because if you use the disk directly as a PV then this PV will also be shown on the host. An alternative is to modify the LVM filters in /etc/lvm/lvm.conf on the host to specifically not scan the LV for the new disk. I find it easier to create a partition though (i.e. use /dev/vda1 instead of /dev/vda as the PV). Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Puppet + Passenger SELinux issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Can you step back and ignore this policy for now. What AVC's are you seeing when you attempt to run passenger on Centos/RHEL? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/bn9wACgkQrlYvE4MpobOyLgCglVuW+VAlZcGjLvpsu8lMIFZf zBkAnjtOt/Ckr7DpF42ipL7OE3pHGaJJ =SHO5 -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange su behavior after installing latest CentOS updates
On 06/15/2012 08:09 PM, Alfred von Campe wrote: Thanks, that's a good idea. Unfortunately, I don't have time to do this today. I did, however, track this down to the root cause. The user I was changing to was using tcsh as their shell (like many of our users are), and this problem got introduced with the tcsh-6.17-19.el6.2 update. Downgrading tcsh to the previous release fixes the problem. please file this at bugs.centos.org - so we can make sure its not an issue we introduced. thanks -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Update on spam, postfix, fail2ban, centos 6
I have been using centos 6 in a virtualized system for a few months now. Took a while to batten down the hatches with postfix, rbls, and to use fail2ban correctly. The mailserver for my website(s) are located on the http server as well..an 'all in one' server. DNS servers are separated. My two sites, and their emails addresses (1 for each) have been around for 10 and 15 years respectively. One site was a business site, one was news and politics...both were very busy at one point, thus 'on the radar' of hackers and spammers. I decided to see what I could do with my system to prevent hacks and spams in regards to email and brute force attacks on all systems except for my web apps (which are down right now and in development). Fail2ban is really good at the brute force, assuming it is just one ip and not all attempts are at once. Thus it works on script kiddies but I do not think it would work well on a dedicated hack attempt by a serious individual or group. But I am using fail2ban to auto ban ips regarding spam. As far as spam, very little gets through now. A few a day. Between blacklists, my own blacklist of commercial spammers, stringent settings of postfix the actual spam that gets through is small. But it still gets through. I was using fail2ban on attempts that numbered 3 or more that ended in 5xx replies from my server. I would block for 10 minutes. I found I was blocking about 800 ips a day on one server, half that on the other. I did notice that there were a ton of attempts that were under 3. Lots of 2's and a ton of 1's. So a couple weeks ago (not sure when I started) I decided to try blocking any 5xx reply by IP. This is a private server and just my own mail comes to it, so I am not worried too much about false positives or other effects. So what happened? The ips jumped up considerably, to 1,500 to 1,700 a day banned on one server, about 1000 on the other. What is interesting in those numbers is they are constant. Every week day I can count on about 1500 banned ips on one, 1000 on the other, give or take. What really changed was the mail servers sending mail that got through the restrictions, but were sending to non existent addresses. A majority (like 80%) were from yahoo. This was a sudden change. It was not like this before. Yahoo spammed like crazy. And they got the mailserver ip banned. 10 to 20 emails a day from yahoo mail servers, going to non existent emails. Where before it would be one or two. The yahoo mails got bigger every day until they started waning (probably due to ip banning). The mail that actually got through all of this was 50% free mail (yahoo, msn/live, some aol, etc) Yahoo being the biggest. Another thing I noticed. When I started adding domains to my 'blacklist of commercial senders', legitimate or not, I started to get yahoo mails with references inside the mails to many of the illegitimate sites that were coming from the UCE's I had blocked. It is quite interesting to watch this process. More interesting that no matter how strict or lax I make the system there will be the same number of attempted mails sent to my server. (give or take a few hundred). If I unban all the ips, which I did once, there was a one day bump up, then it leveled off to the same amount of individual attemtps (not counting the same attempt being tried again). I have 35,000 ips blocked right now and nothing changed...except yahoo spam. Spamassassin I use, but only for level 10 or more spam...it is deleted. I found all of these over the last few months to be the kind with attachments, probably viruses. - What Have I learned? I have learned a large number of attempts are from ISP's and not websites. I have learned that ISP's will not do anything at all, ever, about this. (someone trying to send 1 million mails a day might be suspicious, but they ignore it) I have learned a large majority of 'hosts' are technically challenged small business owners who have no sys admin knowledge. Those hosts spew spam bots I have learned the chinese have really taken a liking to play with my server, possibly for training purposes. My server is a hit in beijing and some other province I cannot spell. -- What can be done? Not much. If the isp's do nothing, and the technology is not available to datacenters and hosts, there is not much I can do at all. Complaining to an isp or host would take 24 hours a day of messages, 99% which would be ignored. There is a consideration for the scumbags that call themselves legitimate mailers, like vocus.com. They are in the US, as I am. I am considering going to small claims for some of these spam attempts. I cannot use the can-spam act, since they are technically not in violation. However, I could use the logs and attempts, copies of emails and phone
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 6/14/2012 8:58 PM, Gustavo Lacoste wrote: The problem with my server is: I use it to offer webhosting services. Some customers using Outlook are blocked because they use black listed ips (ips simply are dynamic). That is the same problem I am dealing with. You have to set up a dual mailserver system with outbound set to not use the blacklist used on the inbound server or you will block some of your good users who happen to land on a dirty IP address from time to time. The situation is the same with SpamAssassin or any other anti-spam system in place. Sendmail and Postfix work the same in this regard. And I'm still not certain which one I like the most, after installing Postfix on our last 4 systems. I think the logging from Sendmail is way more logical (easier to comprehend), but maybe that is just because I have been reading those logs for many years. I would still take a look at Fail2Ban. You need to be very careful with your rules, but it is extremely flexible. You only provided about 30 seconds from your mail log. Fail2ban will look over a much greater time spam and activate whatever blocks you enable or write. I have written blocks based on not passing certain spam tests, such as the Spamhaus RBL (and yes we pay for that service). But I really didn't care for our systems to run the repeated DNS lookups. The rule blocks them at the firewall and over time, the number of blocks has decreased as many spammers have just quit trying. I have rules to block spammers mining for good email addresses (some of our domains were getting 10s of thousands of attempts per day). I also use Fail2Ban for FTP, SMTP and just about every service login, with adjusted numbers of attempts and shorter or longer times based on how the rules might adversely effect one of our actual users. Higher security risk services with low volume use by users, get blocked after fewer failed attempts and for much longer times. FYI, Spamhaus is blocking around 90% of all our inbound emails as spam. That number should actually be higher, but Fail2Ban does not allow a number of messages in due to the firewall blocks, so those don't get figured in to that total. Spamhaus is perfect in blocking IP addresses that positively were used to send spam, but dynamic addresses do get caught creating some false positives. -- John Hinton 877-777-1407 ext 502 http://www.ew3d.com Comprehensive Online Solutions ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update on spam, postfix, fail2ban, centos 6
Quoting Bob Hoffman b...@bobhoffman.com: I have been using centos 6 in a virtualized system for a few months now. Took a while to batten down the hatches with postfix, rbls, and to use fail2ban correctly. Thanks for this,Bob. I'm having trouble making fail2ban work in my Centos 5.8 box. Would you be willing to share your fail2ban setup? Jails.conf would be most welcome. Dave -- If all the advertising in the world were to shut down tomorrow, would people still go on buying more soap, eating more apples, giving their children more vitamins, roughage, milk, olive oil, scooters and laxatives, learning more languages by gramophone, hearing more virtuosos by radio, re-decorating their houses, refreshing themselves with more non-alcoholic thirst-quenchers, cooking more new, appetizing dishes, affording themselves that little extra touch which means so much? Or would the whole desperate whirligig slow down, and the exhausted public relapse upon plain grub and elbow-grease? --- Dorothy L Sayers, in Murder Must Advertise ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
Thanks guys!, John you can send me a simple filter for fail2ban+SMTP? I
tried use the following filters, but this is no sufficient for my yet.
*/etc/fail2ban/filter.d/sendmail.conf*
[Definition]
failregex = \[HOST\], reject.*\.\.\. Relaying denied
(User unknown)\n* \[HOST\]
badlogin: .* \[HOST\] plaintext .* SASL
reject=550 5.7.1 Blocked, look at
http://cbl.abuseat.org/lookup.cgi\?ip=HOST
ignoreregex =
*/etc/fail2ban/filter.d/dovecot-pop3imap.conf *
[Definition]
failregex = pam.*dovecot.*(?:authentication
failure).*rhost=(?:::f{4,6}:)?(?Phost\S*)
With Kind Regards,
Gustavo A. Lacoste Z.
Curacautín - Chile
Skype: knxroot
Msn Gtalk: knx.root [at] gmail.com
Home page: http://www.lacosox.org
- -
*Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint.
Lea http://www.gnu.org/philosophy/no-word-attachments.es.html*
2012/6/15 John Hinton webmas...@ew3d.com
On 6/14/2012 8:58 PM, Gustavo Lacoste wrote:
The problem with my server is: I use it to offer webhosting services.
Some
customers using Outlook are blocked because they use black listed ips
(ips
simply are dynamic).
That is the same problem I am dealing with. You have to set up a dual
mailserver system with outbound set to not use the blacklist used on the
inbound server or you will block some of your good users who happen to
land on a dirty IP address from time to time. The situation is the same
with SpamAssassin or any other anti-spam system in place.
Sendmail and Postfix work the same in this regard. And I'm still not
certain which one I like the most, after installing Postfix on our last
4 systems. I think the logging from Sendmail is way more logical (easier
to comprehend), but maybe that is just because I have been reading those
logs for many years.
I would still take a look at Fail2Ban. You need to be very careful with
your rules, but it is extremely flexible. You only provided about 30
seconds from your mail log. Fail2ban will look over a much greater time
spam and activate whatever blocks you enable or write. I have written
blocks based on not passing certain spam tests, such as the Spamhaus RBL
(and yes we pay for that service). But I really didn't care for our
systems to run the repeated DNS lookups. The rule blocks them at the
firewall and over time, the number of blocks has decreased as many
spammers have just quit trying. I have rules to block spammers mining
for good email addresses (some of our domains were getting 10s of
thousands of attempts per day). I also use Fail2Ban for FTP, SMTP and
just about every service login, with adjusted numbers of attempts and
shorter or longer times based on how the rules might adversely effect
one of our actual users. Higher security risk services with low volume
use by users, get blocked after fewer failed attempts and for much
longer times.
FYI, Spamhaus is blocking around 90% of all our inbound emails as spam.
That number should actually be higher, but Fail2Ban does not allow a
number of messages in due to the firewall blocks, so those don't get
figured in to that total. Spamhaus is perfect in blocking IP addresses
that positively were used to send spam, but dynamic addresses do get
caught creating some false positives.
--
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resizing est4 filesystem while mounted
On Sat, Jun 16, 2012 at 4:30 AM, Dennis Jacobfeuerborn denni...@conversis.de wrote: On 06/15/2012 09:10 PM, Jeff Boyce wrote: Greetings - I had a logical volume that was running out of space on a virtual machine. I successfully expanded the LV using lvextend, and lvdisplay shows that it has been expanded. Then I went to expand the filesystem to fill the new space (# resize2fs -p /dev/vde1) and I get the results that the filesystem is already xx blocks long, nothing to do. If I do a # df -h, I can see that the filesystem has not been extended. I could kick the users off the VM, reboot the VM using a GParted live CD and extend the filesystem that way, but I thought that it was possible to do this live and mounted? The RH docs say this is possible; the man page for resize2fs also says it is possible with ext4. What am I missing here? This is a Centos 6.2 VM with an ext4 filesystem. The logical volumes are setup on the host system which is also a Centos 6.2 system. You didn't really specify your topology accurately so I assume you used lvextend on the host side. This will not be visible until you rebooted the guest. The only way to resize without taking the system offline is to use lvm in the guest. Add a new virtual disk on the host side which results in a hot-plug event in the guest (i.e. you should see the new drive added in the guest). Now create a single partition on the drive (this is important!) and use pvcreate to turn it into a physical volume. Now add the new PV to the Volume Group. Finally you can lvextend the LV in the guest and resize the filesystem. The partitioning of the new disk in the guest is important because if you use the disk directly as a PV then this PV will also be shown on the host. An alternative is to modify the LVM filters in /etc/lvm/lvm.conf on the host to specifically not scan the LV for the new disk. I find it easier to create a partition though (i.e. use /dev/vda1 instead of /dev/vda as the PV). Regards, Dennis Not sure if this link would help, I used to refer to this now and then if I needed to extend an online partition -- http://www.randombugs.com/linux/howto-extend-lvm-partition-online.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange su behavior after installing latest CentOS updates
On Jun 15, 2012, at 17:11, Karanbir Singh wrote: please file this at bugs.centos.org - so we can make sure its not an issue we introduced. Done: issue number 0005778 has been filed. Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
