Re: [CentOS-docs] SIG Documentation for buildsys.
On 08/13/2014 03:54 AM, Thomas Oulevey wrote: Hi All, I'd like to have a section on the wiki where we can put some documentation for sig users. At this time, it includes a Quickstart and the proposed workflow for cbs.centos.org. It will be common to all SIG users. Let me know howto proceed. Certainly. What's your wiki username? -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] About Translation
Hi I am a Chinese system administrator, I see there is no proper place some wiki translation, so I want to re translation of these pages, and some wiki page has no translation, I also can be translated, please give me some authority, on the other, how to apply for a personal page? Regards ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-announce] CEBA-2014:1045 CentOS 7 kdesdk FASTTRACK BugFix Update
CentOS Errata and Bugfix Advisory 2014:1045
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1045.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
8bccc9a244ce4eba1cbdfc5fa9256861f6de5dcce600915c101dfcd0c926edc1
kdesdk-4.10.5-6.el7.x86_64.rpm
10373a636202e404b109ab07355f3ab859fd62397f8f9096495bac523bc06ebc
kdesdk-cervisia-4.10.5-6.el7.x86_64.rpm
61d22e8a5069b0149bd319add2cf0c81af28826e6c072bb719fcf6fb95706a26
kdesdk-common-4.10.5-6.el7.noarch.rpm
ec08ad017dce595c70de5c7ea1f580d094b2f39d208796dd65f85d58a0df9daf
kdesdk-devel-4.10.5-6.el7.i686.rpm
1bbf55f4831d787a2c8d3ba4d379fc2e74cea615b1500d25ec7ad38c35c37f44
kdesdk-devel-4.10.5-6.el7.x86_64.rpm
d64515673fe725804a2d97685302afedc2b7e92f431d595e288bf60a433d079c
kdesdk-dolphin-plugins-4.10.5-6.el7.x86_64.rpm
a54005a66c86869c375cf4bee9a58194815c491b4f35b7ffdf51fcedc724f3ba
kdesdk-kapptemplate-4.10.5-6.el7.x86_64.rpm
6a3f30408b5765daf78afbc14421275ae460a34096d468416e89171164e73a7f
kdesdk-kapptemplate-template-4.10.5-6.el7.noarch.rpm
ae6983e79a80b2c1dd2ab4094fb03c0ff826e143479703d5e2f8c69fb4598a98
kdesdk-kcachegrind-4.10.5-6.el7.x86_64.rpm
8eba2433f32fb2c8616477465badd76bd663732f4d95f16bd0a84fbe17a8c129
kdesdk-kioslave-4.10.5-6.el7.x86_64.rpm
e8396b0709e7ea7fe0a619c96e59434f1987dd1ace9c6263ad0c1feec86f217d
kdesdk-kmtrace-4.10.5-6.el7.x86_64.rpm
84d6e2ee9c25bdcf8a9b4e7e0d204952f6d6a4f31544191ab15e1ef3a453a7e5
kdesdk-kmtrace-devel-4.10.5-6.el7.i686.rpm
cadd079a23a068ebfcd8504a372c5f313e0294a69a66e9658e6c8b4d38624733
kdesdk-kmtrace-devel-4.10.5-6.el7.x86_64.rpm
22ff3433398f25783fd0f428adcc210332aa6018dff3301271c757ad79648149
kdesdk-kmtrace-libs-4.10.5-6.el7.i686.rpm
c01d90bb5b30cf73ec4c8507fac318a21b54ab36649b9b03734557221033dffa
kdesdk-kmtrace-libs-4.10.5-6.el7.x86_64.rpm
2390a5b1af4a154d91b964daf2be8edca6080f1c703df9ba5e480c934377bc83
kdesdk-kompare-4.10.5-6.el7.x86_64.rpm
0eb109235a70eb7e2b83449651f6c4613f62684013cd54f3f6ac68bd1762681f
kdesdk-kompare-devel-4.10.5-6.el7.i686.rpm
dc6adf6ebf0a2dec4d81906ed2811a8e608d1a3f27fdf0f1ef70ac53a89004ec
kdesdk-kompare-devel-4.10.5-6.el7.x86_64.rpm
84bb48489be693ced461dece48d8246b9391f6eb6febd8a0068fc2ccd389
kdesdk-kompare-libs-4.10.5-6.el7.i686.rpm
7e1403e4de3823450e206b74371ec3d5b2142914a626fc3276310238a3f5a739
kdesdk-kompare-libs-4.10.5-6.el7.x86_64.rpm
4e5c22bd90221b0bdd68c1d36edec942def1e7fd5016de364beea52872a7779e
kdesdk-kpartloader-4.10.5-6.el7.x86_64.rpm
bed13ddbf7a5c0f3c612234fb0c105505aed96eb64cdf93137c22cd542aeb492
kdesdk-kstartperf-4.10.5-6.el7.x86_64.rpm
69bc82b0baab234b53a65b79a6d0752747d85b8a13a34a00e52b473ec688df8b
kdesdk-kuiviewer-4.10.5-6.el7.x86_64.rpm
2f91137813c4f57a7ec11859db5b9ecc045c07a42d609f49cc41ad4d6da0604a
kdesdk-lokalize-4.10.5-6.el7.x86_64.rpm
3902ef68b4d1b445313db0a1bcb17380d4480c0ed26c76062236d5d5d45b2c23
kdesdk-okteta-4.10.5-6.el7.x86_64.rpm
365f1b4123d0afad739fe10406d60e78bee1fa19081bcdd28c198f15c069
kdesdk-okteta-devel-4.10.5-6.el7.i686.rpm
4e6120852f9feaf0bc03d0dabd937798c419a26d59441c03f20a4a27a2d3b8df
kdesdk-okteta-devel-4.10.5-6.el7.x86_64.rpm
c6cc0663bf096093ed3eccbbd5a7c6998c16de3938ef7f1eccc3c30059d12f73
kdesdk-okteta-libs-4.10.5-6.el7.i686.rpm
283e46d59093fff62da86119b10c428aa2935aeb3ff6250e7d955db6433b21e8
kdesdk-okteta-libs-4.10.5-6.el7.x86_64.rpm
3a4515b889b3eff55605c98e94d7f8122c7ed1b7b6327da4a2bc03c1aec28c90
kdesdk-poxml-4.10.5-6.el7.x86_64.rpm
367fb9d022c43a0290e9945b7f63ae9e84d02b49a97521ee5bdff363215f1c0c
kdesdk-scripts-4.10.5-6.el7.noarch.rpm
28f47e44cd4e366aed24dc59694eb495cb99353e1d833945c000c39e27c4f08a
kdesdk-strigi-analyzer-4.10.5-6.el7.x86_64.rpm
15b5a589b2e172df4ba2425ecd25f5a2fe943ac2fbb0b6f6f1027f38f4f98dfd
kdesdk-thumbnailers-4.10.5-6.el7.x86_64.rpm
e5bb1f850fc9ba80d4c809f15bba02f7d379d4a41dd9875e18b3f5ad4287975b
kdesdk-umbrello-4.10.5-6.el7.x86_64.rpm
Source:
5fe46a9f0b2c53c50ae1213988e501513a568ef9182bae71ddcf71de1f92889f
kdesdk-4.10.5-6.el7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2014:1055 CentOS 7 javapackages-tools BugFix Update
CentOS Errata and Bugfix Advisory 2014:1055
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1055.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
bbe652a45405fda9613216cb98b79e03f07d535b269cee23dca1967c4625d934
javapackages-tools-3.4.1-6.el7_0.noarch.rpm
e7951fffd6c8a7f6546b49ed7337bca3e2a79c0eaf943c72f4231886334a4b4b
maven-local-3.4.1-6.el7_0.noarch.rpm
c214a8256e8ee1af007656a24d872ffd5c81ade6de156eef7d92bfa3ad17bc99
python-javapackages-3.4.1-6.el7_0.noarch.rpm
Source:
95e43e2a26ed03a5aab3d2e4f21e462b798f175a6ac9d2aa8067a9e3eafada14
javapackages-tools-3.4.1-6.el7_0.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-es] Fwd: CONFIGURACION DE IP SERVER DNS
-- Mensaje reenviado -- De: Ignacio Ordeñana ifor1...@gmail.com Fecha: 13 de agosto de 2014, 12:45 Asunto: CONFIGURACION DE IP SERVER DNS Para: centos-es@centos.org hola me gustaria saber la configuracion de las zonas con la ip publica en el servidor DNS asumiendo q esta detras de un router, se entiende que la ip publica esta configuarada en el router y esta a su vez hace nat a una ip privada q entrega en la red. esperando una pronta respuesta saludos cordiales ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Fwd: CONFIGURACION DE IP SERVER DNS
En el servidor con la IP Privada que le llegan los paquetes debes instalar y configurar el Servidor DNS (bind), configurar la zona principal y subzonas, bind tiene la opcion de configurarse resolucion para consultar internas y externas, de modo que como recomendacion utiliza ambas opciones por si quieres excluir ciertos dominios del exterior o viceversa. Un buen tutorial: http://src.mx/EDfJsCT9L OJO es importante configurarte el firewall en el mismo IP Privado para que abras o cierres los puertos para resolucion interna o externa, a como gustes. Es relevante tambien mencionar que *no forzosamente* debe tener BIND la IP Privada que recibe los paquetes, ya que si necesitas balancear la carga o si tienes varios servidores, la Maquina con IP Privada puede fungir de Firewall+Otrasopciones y cuando llegue un paquete que demande DNS o rDNS pues pasa el paquete (NAT Interno) al equipo que tienes con el DNS (bind). Saludos ! El 14 de agosto de 2014, 8:06, Ignacio Ordeñana ifor1...@gmail.com escribió: -- Mensaje reenviado -- De: Ignacio Ordeñana ifor1...@gmail.com Fecha: 13 de agosto de 2014, 12:45 Asunto: CONFIGURACION DE IP SERVER DNS Para: centos-es@centos.org hola me gustaria saber la configuracion de las zonas con la ip publica en el servidor DNS asumiendo q esta detras de un router, se entiende que la ip publica esta configuarada en el router y esta a su vez hace nat a una ip privada q entrega en la red. esperando una pronta respuesta saludos cordiales ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- M.S.I. Angel Haniel Cantu Jauregui. Celular: (011-52-1)-899-871-17-22 E-Mail: angel.ca...@sie-group.net Web: http://www.sie-group.net/ Cd. Reynosa Tamaulipas. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] software para backup en red
Saludos, Bacula va fantástico y el cliente para servidores y pc con windows lo puedes encontrar en: http://sourceforge.net/projects/bacula/files/Win32_64/ El 13 de agosto de 2014, 20:01, César C. arvega...@hotmail.com escribió: hola , ¿que me recomiendan para hacer backups a 8 PCS en red?, he visto en internet backuppc, bacula,amanda, por favor cuales han sido sus experiencias y cual sería el mejor para este caso. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] INICIO DE SESEION USUARIOS NOLOGIN CENTOS 7
hola logre solucionar con el UID para que los usuarios nologin se muestren en el incio de sesion pero ya con la configuracion del correo con postfix al realizar las pruebas al puerto 110 no me admite el password y me muestra el mensaje ERR SYS/TEMP ha ocurred error server more information in log sin mas a que referir saludos ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] INICIO DE SESEION USUARIOS NOLOGIN CENTOS 7
Postizas es puerto 25, dovecot 110 configura pop El 14-08-2014 20:10, Ignacio Ordeñana ifor1...@gmail.com escribió: hola logre solucionar con el UID para que los usuarios nologin se muestren en el incio de sesion pero ya con la configuracion del correo con postfix al realizar las pruebas al puerto 110 no me admite el password y me muestra el mensaje ERR SYS/TEMP ha ocurred error server more information in log sin mas a que referir saludos ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] ELIMINAR LISTA DE USUARIOS NOLOGIN EN INICIO DE SESION CENTOS7
quiero eliminar la lista de usuarios nologin en el inicio de sesion en centos7, sin utilizar UID saludos ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] ELIMINAR LISTA DE USUARIOS NOLOGIN EN INICIO DE SESION CENTOS7
2014-08-14 21:21 GMT-05:00 Ignacio Ordeñana ifor1...@gmail.com: quiero eliminar la lista de usuarios nologin en el inicio de sesion en centos7, sin utilizar UID saludos ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Compañero, como te veo obsesionado con el tema te doy una alternativa poco ortodoxa para que los usuarios nologin no te aparezcan en inicio de sesión de tu poderosísimo CentOS 7: Colócale un poderoso signo numeral ( # ) al inicio de la línea que describe a cada usuario nologin del archivo /etc/passwd, cierra la sesión del CentOS 7 y al volver a cargar no tendrás a tus molestos usuarios nologin en la lista de inicio de sesión. ;-) Amigo, una pregunta mas que todo por curiosidad: CentOS es una distro orientada a servidores y como tal para que tener el ambiente grafico activo? A todos mis servidores no importando de que sabor de Linux sea, o sin son Solaris, AIX, HP_UX o FreeBSD y sus derivados no les tengo el ambiente grafico activo, si necesito instalar algo que sea grafico lo hago saltando desde algún Linux para escritorio o desde un Windows utilizando esta excelente herramienta que les comparto: MobaXterm Esta herramienta trae todo lo necesario para levantar el ambiente grafico sin problemas en un servidor que este en modo consola de comandos desde una estación de trabajo Windows y sin tener que instalar un solo paquete adicional en el servidor. Espero te sirva la solución. -- Carlos Restrepo. Móvil: (57) 317 8345628 ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] CentOS 7 - Firewall always allows outgoing packets?
On 08/14/2014 01:16 AM, Timothy Murphy wrote: Jonathan Billings wrote: 'FirewallD' doesn't replace 'iptables' except in the sense of activated system services, not the core firewall functionality. FirewallD just builds and modifies iptables rules. I'm a bit surprised no-one has mentioned shorewall. I'm using it on two tiny home servers, one under CentOS-6 and the other CentOS-7. Basically, this is because I don't understand iptables, or really want to understand it. Is firewalld a reasonable alternative in CentOS-6? I often wonder if I am in a small minority of CentOS users, who are just running home servers of some kind. Most of the posters to this mailing list seem to be in charge of systems with hundreds if not thousands of users. I run 6 servers currently (4 running CentOS-5 and 2 running CentOS-6) plus a laptop and a workstation running CentOS-6. Still to take the plunge into CentOS-7. My operating space is small business situations wanting low touch, high up time and reliability. Also a high aversion to being sold expensive software that in no way out-performs FOSS for all the basic tasks a small business needs to survive. Thus you are not alone and probably not that small a minority. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On 08/14/2014 07:14 AM, Ned Slider wrote: On 13/08/14 17:32, Timothy Murphy wrote: BC wrote: I've never seen a 1-page document that said, These are the changes I made after downloading packages X, Y and Z. There is a large chasm between configuring a mail server and understanding the configuration of a mail server. Due to the many pitfalls and custom environments, it is very difficult to have a 1-page document that does much more than be an outbound MTA. Note what I asked for. If you have installed postfix + spamassassin or whatever under CentOS then presumably you downloaded certain packages and then made certain changes in config files and perhaps elsewhere. Therefore it is possible to write a short document just listing the changes you have made. It may be a waste of time in your view; but in my experience this is exactly what I want to read for my very basic home server needs. Yes, I did exactly that for CentOS 5, and you can find it on the Wiki here: http://wiki.centos.org/HowTos#head-0facb50d5796bee0bd394636c32ffa9a997a6ab5 There's a basic Postfix/Dovecot guide: http://wiki.centos.org/HowTos/postfix It lists all the config changes required in Postfix and Dovecot for a basic Postfix server (assumes networking knowledge). Then you can add in some simple spam filtering with Postfix restrictions: http://wiki.centos.org/HowTos/postfix_restrictions or greylisting: http://wiki.centos.org/HowTos/postgrey or bolt on Amavisd/SpamAssassin: http://wiki.centos.org/HowTos/Amavisd or bolt on some encryption with SASL and SSL/TLS http://wiki.centos.org/HowTos/postfix_sasl These guides were all designed to be fully functional and modular so you could pick just the bits you wanted to extend your basic Postfix installation. There will be some config differences between el5 and el6 due to the different versions of the packages used. If you can't figure out the differences just go with the docs provided on el5 - it's supported for another 3 years or so. If you get it working on el6/el7 please feel free to fork the docs for those dists. I know of at least one person running this setup on el6 with the extra packages from EPEL. This really isn't that difficult. The Postfix docs are excellent. You just need to spend a day reading (and understanding) the docs. The main confusion seems to stem from the fact that there are so many different ways to implement a solution and there is no right or wrong way to do it. But this just illustrates the ultimate flexibility of the software you are using. The methods documented above illustrate one such approach. I (and another contributor to this list) documented it for the wider community as it's the method we use. If you don't like it feel free to use another approach, but please don't complain that there isn't any documentation when we worked really hard to develop those docs for the community. I have used these docs a number of times (yes all of them) for CentOS-5 with no apparent issues - Thanks guys - much appreciated from me. I have just (8 months) set up a new CentOS-6 server using the same guides with few changes needed - I have just implemented virtual mail boxes on this for multiple domains, all working but no admin interface - i.e. need to edit config files to add users etc. Still looking into this bit to see if there is an option that is not full of security holes, thus far I would not expose the admin interfaces to the internet, i.e. only make them internally accessible. HTH ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anaconda, kickstart, lvm over raid, logvol --grow, centos7 mystery
Thanks for bugzilla link, i missed it. On 08/14/2014 01:00 AM, Maxim Shpakov wrote: Just want to mention that this behaviour is already known bug https://bugzilla.redhat.com/show_bug.cgi?id=1093144#c7 2014-07-31 12:01 GMT+03:00 Maxim Shpakov ma...@osetia.org: Hi! I can confirm this. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Thu, 2014-08-14 at 01:19 +0200, Timothy Murphy wrote: Les Mikesell wrote: On Wed, Aug 13, 2014 at 5:55 PM, Timothy Murphy In my experience email has been working without problems for as long as Unix has been running, long before system administrator exams were invented. That was back when it was safe to assume that those one or more destination wanted to receive anything that showed up on port 25. Or that you could reasonably accept the unwanted data and subsequently send it back to wherever the From: line said it came from. Which was basically never but people used to do it before they knew better. But it is still reasonably easy to say what you want to do with email, even if it is hard to implement. My statement was that the TASK of postfix is fairly easy to understand. Yes, but you want to add a turbo to the combustion engine and then the simple user interface is not enough anymore... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
If you want an easy to setup postfix instance with a web interface have a look at Zimbra http://www.zimbra.com/community/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
Les Mikesell wrote: But it is still reasonably easy to say what you want to do with email, even if it is hard to implement. No, it is next to impossible to describe what is spam and fairly difficult with viruses. And you have to categorize it before you can do something with it. That is not part of the task of postfix, which is what I was discussing. In fact, it is very easy to say what I want to do with viruses and spam. I want email to pass through clamd to catch viruses, and I want email to pass through spamassassin to catch spam. I'm happy to leave the definition of spam to spamassassin, and leave Mr Bayes to do my thinking for me. My statement was that the TASK of postfix is fairly easy to understand. Sure, as long as you don't need to make any choices... Once I have postfix, spamassassin and dovecot working together I don't want to make any choices in this area. I just want to read my email on laptop or android, and similarly for the few other users on my small system. There are enough problems in life without inventing new ones. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
Keith Keller wrote: If you believe that I have been helpful in the past, isn't the simplest explanation that it's possible I'm being helpful now? No. You were offensive. Nothing you said was of the slightest help. I give you the same answer - if you believe the TASK of postfix is difficult to understand, explain why. It is difficult to understand because two of postfix's primary tasks are to implement SMTP and deliver mail safely. Both of these tasks are themselves difficult to do well, especially SMTP, a service widely targeted by attackers which offers little in the way of authentication. Read the question again. more carefully. The TASK of postfix is fairly easy to understand, not the IMPLEMENTATION. The Prime Number Theorem is easy to state; it is hard to prove. It is not necessary to understand how the internal combustion engine works in order to drive a car; and there is no evidence that those who do know make better drivers. In this analogy, drivers == email users. If you are running an SMTP server, you're a mechanic, *not* a driver! If you don't want to understand how a car works, you shouldn't be a mechanic. Every Linux user is a system administrator. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Thu, Aug 14, 2014 at 7:27 PM, Timothy Murphy gayle...@alice.it wrote: That is not part of the task of postfix, which is what I was discussing. In fact, it is very easy to say what I want to do with viruses and spam. I want email to pass through clamd to catch viruses, and I want email to pass through spamassassin to catch spam. I'm happy to leave the definition of spam to spamassassin, and leave Mr Bayes to do my thinking for me. And therein lies the problem. Unfortunately spamassassin is not really the best way to stop spam. You need more. Spamassassin should just be a tool in the toolkit not the entire solution. It is CPU and bandwidth intensive. A large proportion of spam can and should be rejected, before the body of the email is received. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
David Beveridge wrote: I'm happy to leave the definition of spam to spamassassin, and leave Mr Bayes to do my thinking for me. And therein lies the problem. Unfortunately spamassassin is not really the best way to stop spam. You need more. Speak for yourself. Spamassasin does a pretty good job for me. Spamassassin should just be a tool in the toolkit not the entire solution. It is CPU and bandwidth intensive. I get about 300 emails a day on my small system, of which about 150 are spam, as defined by SA. I don't think this is likely to burn out my (ancient) CPU. A large proportion of spam can and should be rejected, before the body of the email is received. I'm sure if and when such a system becomes available RedHat and CentOS will implement it, and I shall take advanage of their expertise. I assume you are speaking of a system with hundreds or thousands of users. (Do such systems still exist? I thought they had died out.) I have 4 users. Our needs are very different. Incidentally, I get email from sources who filter out spam, eg my college, and they don't seem to do a much better job than SA. I'm still invited to marry beautiful ladies from Russia. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Thu, Aug 14, 2014 at 8:49 PM, Timothy Murphy gayle...@alice.it wrote: David Beveridge wrote: I'm happy to leave the definition of spam to spamassassin, and leave Mr Bayes to do my thinking for me. And therein lies the problem. Unfortunately spamassassin is not really the best way to stop spam. You need more. Speak for yourself. I do Spamassasin does a pretty good job for me. Postfix is incredibly configurable and where it's warranted, many filters can be brought to bear. If you don't need them good for you. Spamassassin should just be a tool in the toolkit not the entire solution. It is CPU and bandwidth intensive. I get about 300 emails a day on my small system, of which about 150 are spam, as defined by SA. I don't think this is likely to burn out my (ancient) CPU. Precisely why it is difficult to come up with a one-size fits all solution. A large proportion of spam can and should be rejected, before the body of the email is received. I'm sure if and when such a system becomes available RedHat and CentOS will implement it, and I shall take advanage of their expertise. such systems are available. eg policyd-weight As mentioned earlier on this thread. I assume you are speaking of a system with hundreds or thousands of users. (Do such systems still exist? I thought they had died out.) I have 4 users. Our needs are very different. Yes, my server handles email for hundreds of uses, and you're right about that, is was thousands. google uses postfix too and I'm sure they're in the millions of users. Incidentally, I get email from sources who filter out spam, eg my college, and they don't seem to do a much better job than SA. I'm still invited to marry beautiful ladies from Russia. Why would your college sysadmin be an expert at spam prevention? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 114, Issue 8
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of CentOS-announce digest...
Today's Topics:
1. CESA-2014:1053 Moderate CentOS 5 openssl Update (Johnny Hughes)
2. CESA-2014:1052 Moderate CentOS 6 openssl Update (Johnny Hughes)
3. CESA-2014:1052 Moderate CentOS 7 openssl Security Update
(Johnny Hughes)
4. CEBA-2014:1045 CentOS 7 kdesdk FASTTRACK BugFix Update
(Johnny Hughes)
5. CEBA-2014:1055 CentOS 7 javapackages-tools BugFix Update
(Johnny Hughes)
--
Message: 1
Date: Wed, 13 Aug 2014 19:52:24 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2014:1053 Moderate CentOS 5 openssl
Update
To: centos-annou...@centos.org
Message-ID: 20140813195224.ga27...@chakra.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2014:1053 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1053.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
e66f110fb31554cb34087c2109c8ecbeaf5fdab5d1aafba583eaa82bc6aa4d66
openssl-0.9.8e-27.el5_10.4.i386.rpm
e9eaa4dc13d30630203c32211ff3566dac570c93b275808376c01de04c111b07
openssl-0.9.8e-27.el5_10.4.i686.rpm
703c2ede3a12adde1f68f6d8f21d01f756ef17f271ebeb9b13c2f25a4219eb1e
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
a2bb6855c1d0e614baffaf63b661ebcd35fe9839bc87e0cc472c5d917121fb76
openssl-perl-0.9.8e-27.el5_10.4.i386.rpm
x86_64:
e9eaa4dc13d30630203c32211ff3566dac570c93b275808376c01de04c111b07
openssl-0.9.8e-27.el5_10.4.i686.rpm
8cd1d4ec4ee5dd64b2c19e3f34f870f9a98211a49103c3419e60a230f146a293
openssl-0.9.8e-27.el5_10.4.x86_64.rpm
703c2ede3a12adde1f68f6d8f21d01f756ef17f271ebeb9b13c2f25a4219eb1e
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
084868678f35a66700cf77f0cb3636551b833b666b44c3dec78a9386ab3c3870
openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm
eca3e442d631bcd7c08092caab63909357746917ac86c1fcc4ae8d858d35095c
openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm
Source:
e2a9caa34acbc9248f883f944919ae49e461f2cbf5170854f87a3df476579b37
openssl-0.9.8e-27.el5_10.4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Wed, 13 Aug 2014 20:10:43 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2014:1052 Moderate CentOS 6 openssl
Update
To: centos-annou...@centos.org
Message-ID: 20140813201043.ga40...@n04.lon1.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2014:1052 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1052.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8ef27495e88c422646b43fe7339a4bdd7af4c6c435c05df053e89e429d096305
openssl-1.0.1e-16.el6_5.15.i686.rpm
5d4e276dd49951859da2b767973704838c73fb3bd3dedc7714cc0589404478db
openssl-devel-1.0.1e-16.el6_5.15.i686.rpm
daf7b8d231dd6d127229f97c4c6d6fc05df7511695b7bb3d4fe7931dfadbaf45
openssl-perl-1.0.1e-16.el6_5.15.i686.rpm
4d3d3ac04330820b13999c3b403cbb06f66eaffe2f93e72fdab63830f417c279
openssl-static-1.0.1e-16.el6_5.15.i686.rpm
x86_64:
8ef27495e88c422646b43fe7339a4bdd7af4c6c435c05df053e89e429d096305
openssl-1.0.1e-16.el6_5.15.i686.rpm
d4b0f9ed18c8b0e6ecfb051b28d1fc622845289516cdaeeefbf4a1d2b4d35b56
openssl-1.0.1e-16.el6_5.15.x86_64.rpm
5d4e276dd49951859da2b767973704838c73fb3bd3dedc7714cc0589404478db
openssl-devel-1.0.1e-16.el6_5.15.i686.rpm
89e06875f20993af551125a888e273a2bce1c49f63106753ea60abb3e89621fd
openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm
a19e8eab1cc9b5b949987a7a9b1977d2de765906f42fa2840a77e0adf9844db5
openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm
90cd145a9bd2201d9d207fd41e09a0bd5655a91a26a998d307156d0e10210da7
openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Source:
368430d3e60f98db5ce8f1c288be26b627d2b75dfa911f46976d336be3ead96d
openssl-1.0.1e-16.el6_5.15.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 3
Date: Wed, 13 Aug 2014 20:25:33 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2014:1052 Moderate CentOS 7 openssl
SecurityUpdate
To: centos-annou...@centos.org
Message-ID: 20140813202533.ga40...@n04.lon1.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
A message to the original poster do you still need help? Adam King IT Systems Administrator Skipton Girls High School 01756 707600 www.sghs.org.uk - Original Message - From: David Beveridge d...@bevhost.com To: CentOS mailing list centos@centos.org Sent: Thursday, August 14, 2014 12:19:05 PM Subject: Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide On Thu, Aug 14, 2014 at 8:49 PM, Timothy Murphy gayle...@alice.it wrote: David Beveridge wrote: I'm happy to leave the definition of spam to spamassassin, and leave Mr Bayes to do my thinking for me. And therein lies the problem. Unfortunately spamassassin is not really the best way to stop spam. You need more. Speak for yourself. I do Spamassasin does a pretty good job for me. Postfix is incredibly configurable and where it's warranted, many filters can be brought to bear. If you don't need them good for you. Spamassassin should just be a tool in the toolkit not the entire solution. It is CPU and bandwidth intensive. I get about 300 emails a day on my small system, of which about 150 are spam, as defined by SA. I don't think this is likely to burn out my (ancient) CPU. Precisely why it is difficult to come up with a one-size fits all solution. A large proportion of spam can and should be rejected, before the body of the email is received. I'm sure if and when such a system becomes available RedHat and CentOS will implement it, and I shall take advanage of their expertise. such systems are available. eg policyd-weight As mentioned earlier on this thread. I assume you are speaking of a system with hundreds or thousands of users. (Do such systems still exist? I thought they had died out.) I have 4 users. Our needs are very different. Yes, my server handles email for hundreds of uses, and you're right about that, is was thousands. google uses postfix too and I'm sure they're in the millions of users. Incidentally, I get email from sources who filter out spam, eg my college, and they don't seem to do a much better job than SA. I'm still invited to marry beautiful ladies from Russia. Why would your college sysadmin be an expert at spam prevention? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Instaling LAMP on CentOS 7.x
Have a Centos 7 minimal openvz container I need to install a LAMP setup on. Does anyone recommend anything and have a link too it? I am guessing Mariadb is the new standard? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
Just did one myself. Don't forget PHPmyadmin I would also enable the Epel repo, for things like Filezilla, fail2ban and phpmyadmin. They are worthwhile add-ins Your link is http://www.cyberciti.biz/faq/howto-install-linux-apache-mariadb-php-lamp-stack-on-centos7-rhel7/ john On 8/14/2014 10:04 AM, Matt wrote: Have a Centos 7 minimal openvz container I need to install a LAMP setup on. Does anyone recommend anything and have a link too it? I am guessing Mariadb is the new standard? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
On Thu, August 14, 2014 9:41 am, John Plemons wrote: Just did one myself. Don't forget PHPmyadmin And beware that quite noticeable portion of attempts to hack your website aim at phpmyadmin ;-) Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
Webmin works too. There is a new release 1.700 that deals with the switch to .service webmin.com john On 8/14/2014 10:47 AM, Valeri Galtsev wrote: On Thu, August 14, 2014 9:41 am, John Plemons wrote: Just did one myself. Don't forget PHPmyadmin And beware that quite noticeable portion of attempts to hack your website aim at phpmyadmin ;-) Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux vs. logwatch and virsh
Hello everyone - I am stumped ... Does anyone have suggestions on how to proceed? Is there a way to get what I want? The environment: CentOS 7.0 with latest patches. The goal: I want logwatch to include a report on the status of kvm virtual computers. The problem: When run from anacron, SELinux denies permission for the virsh utility. Here is a portion of the logwatch output: - KVM libvirt status report Begin Date Range: yesterday /etc/logwatch/scripts/services/libvirt: line 15: /usr/bin/virsh: Permission denied -- KVM libvirt status report End - If I run-parts /etc/cron.daily from a root console, it all works. Same if I run logwatch from a root console. I set SELinux to permissive and that allows virsh to run. Therefore I know it is something to do with SELinux. The logwatch script is: #Lots of comments /usr/bin/virsh list --all I see the selinux security context of virsh is system_u:object_r:virsh_exec_t:s0 while logwatch.pl runs as system_u:object_r:logwatch_exec_t:s0 As I understand it, selinux does not permit having multiple type settings for a file. Any file can have exactly one type setting. I ran this command hoping it would add another type to the virsh program. semanage fcontext -a -t logwatch_exec_t /usr/bin/virsh semanage fcontext --list /usr/bin/virsh | grep virsh /usr/bin/virsh all files system_u:object_r:logwatch_exec_t:s0 /usr/bin/virsh regular file system_u:object_r:virsh_exec_t:s0 /usr/sbin/xl regular file system_u:object_r:virsh_exec_t:s0 /usr/sbin/xm regular file system_u:object_r:virsh_exec_t:s0 Semanage did add the new type, but that did not fix the problem. Virsh still gets permission denied when logwatch tries to run it. Thanks - Bill Gee ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
On Thu, 2014-08-14 at 09:47 -0500, Valeri Galtsev wrote: And beware that quite noticeable portion of attempts to hack your website aim at phpmyadmin ;-) One good reason to use non-standard ports and restrict access to a very tiny quantity of IP addresses. -- Regards, Paul. England, EU. Centos, Exim, Apache, Libre Office. Linux is the future. Micro$oft is the past. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
Just did one myself. Don't forget PHPmyadmin I would also enable the Epel repo, for things like Filezilla, fail2ban and phpmyadmin. They are worthwhile add-ins Your link is http://www.cyberciti.biz/faq/howto-install-linux-apache-mariadb-php-lamp-stack-on-centos7-rhel7/ john Was looking at that link. Also found this: https://www.liberiangeek.net/2014/07/install-apache2-mariadb-php5-support-centos-7/ Looks like phpmyadmin is not in the stock repositories so if I want it I need to use epel or rpmforge? On 8/14/2014 10:04 AM, Matt wrote: Have a Centos 7 minimal openvz container I need to install a LAMP setup on. Does anyone recommend anything and have a link too it? I am guessing Mariadb is the new standard? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Webalizer not available for CentOS 7?
It seems that the Webalizer WEB statistics reporting package is no longer available in CentOS 7. Rather than building from Sourceforge and writing custom configuration files for it, is there an alternative? Use the Fedora package? Another WEB analyzer? Thanks, Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Thu, August 14, 2014 4:44 am, Timothy Murphy wrote: Every Linux user is a system administrator. Wow! As a system administrator, I object. One only becomes knowledgeable in some field when one has enough knowledge to realize how much in this field he does not know. Stealing analogy from one of previous posts: you can be good driver, this does not make you a car mechanic. Going further: being great car mechanic doesn't make one an engineer capable to design new car. UNIX user is on the level of driver. Very very very advanced UNIX user approaches system administrator, - with a willingness to waste a lot of time and learn by doing that is. Luckily for me users of boxes I administer consider their science more important than fiddling with the system. Sorry I break it for you this way, I was a programmer myself long before I first put my dirty hands into the kernel code (you see, I'm still skeptical about my editing kernel code). And I was UNIX user (and a user of a bunch of other systems) before becoming UNIX sysadmin. There is the difference, trust me on that, I've been there. Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
Yes Here is a link to enable the epel repo http://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/ ( It was updated to include CentOS 7 ) If you are looking for another method for mySQL management, then webmin.com works too. Download the RPM package, ver. 1.700, it will allow you to do a great number of tasks remotely via the web. john On 8/14/2014 11:09 AM, Matt wrote: Just did one myself. Don't forget PHPmyadmin I would also enable the Epel repo, for things like Filezilla, fail2ban and phpmyadmin. They are worthwhile add-ins Your link is http://www.cyberciti.biz/faq/howto-install-linux-apache-mariadb-php-lamp-stack-on-centos7-rhel7/ john Was looking at that link. Also found this: https://www.liberiangeek.net/2014/07/install-apache2-mariadb-php5-support-centos-7/ Looks like phpmyadmin is not in the stock repositories so if I want it I need to use epel or rpmforge? On 8/14/2014 10:04 AM, Matt wrote: Have a Centos 7 minimal openvz container I need to install a LAMP setup on. Does anyone recommend anything and have a link too it? I am guessing Mariadb is the new standard? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
On Thu, 2014-08-14 at 11:26 -0400, John Plemons wrote: Here is a link to enable the epel repo http://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/ ( It was updated to include CentOS 7 ) This is probably a better link as it provides more choices, for example * EPEL 7 beta: x86_64, ppc64, sources * EPEL 6: i386, x86_64, ppc64, sources * EPEL 5: i386, x86_64, ppc, sources https://fedoraproject.org/wiki/EPEL -- Regards, Paul. England, EU. Centos, Exim, Apache, Libre Office. Linux is the future. Micro$oft is the past. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 7 as gateway - UDP performance is busted/awful?
I just replaced a dead system disk on my KVM host that was running an ancient fedora 13. Since centos 7 was available, I decided to go with it to get some long term stability. The problem is that NFS mounts inside the virtual machines don't work for spit when talking to older NFS servers that must speak UDP. Is there something about UDP traffic that requires tweaks I don't know about for centos 7 to serve as a gateway machine? I've got the ip forwarding settings and other sysctl stuff that was set in the old fedora 13 system. I've got the bridges defined that same way as the old f13 system. I've got TCP stream connections working flawlessly, it is just the UDP traffic that seems to barf. Does this strike a familiar note with anyone? When I run wireshark on the KVM host machine, I see NFS packets retransmitting a lot and I also see ICMP messages about Destination Unreachable, Fragmentation Needed. (I don't know what any of it means though :-). This is an intel motherboard with these ethernets: 04:00.0 Ethernet controller: Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) (rev 01) 04:00.1 Ethernet controller: Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) (rev 01) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
So EPEL is preferred over rpmforge now days? In past to get clamav and some other packages seemed like I had to use rpmforge. On Thu, Aug 14, 2014 at 10:38 AM, Always Learning cen...@u62.u22.net wrote: On Thu, 2014-08-14 at 11:26 -0400, John Plemons wrote: Here is a link to enable the epel repo http://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/ ( It was updated to include CentOS 7 ) This is probably a better link as it provides more choices, for example * EPEL 7 beta: x86_64, ppc64, sources * EPEL 6: i386, x86_64, ppc64, sources * EPEL 5: i386, x86_64, ppc, sources https://fedoraproject.org/wiki/EPEL -- Regards, Paul. England, EU. Centos, Exim, Apache, Libre Office. Linux is the future. Micro$oft is the past. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 as gateway - UDP performance is busted/awful?
In article 20140814120002.16440e86@tomh, Tom Horsley horsley1...@gmail.com wrote: I just replaced a dead system disk on my KVM host that was running an ancient fedora 13. Since centos 7 was available, I decided to go with it to get some long term stability. The problem is that NFS mounts inside the virtual machines don't work for spit when talking to older NFS servers that must speak UDP. Is there something about UDP traffic that requires tweaks I don't know about for centos 7 to serve as a gateway machine? I've got the ip forwarding settings and other sysctl stuff that was set in the old fedora 13 system. I've got the bridges defined that same way as the old f13 system. I've got TCP stream connections working flawlessly, it is just the UDP traffic that seems to barf. Does this strike a familiar note with anyone? When I run wireshark on the KVM host machine, I see NFS packets retransmitting a lot and I also see ICMP messages about Destination Unreachable, Fragmentation Needed. (I don't know what any of it means though :-). This means that either the host or one of the guests is trying to send packets with a larger MTU than part of the path to the destination will allow. If you look inside the ICMP packet in wireshark, it will tell you who sent it and what MTU they said was acceptable. For TCP, the protocol stack is able to adapt by reducing its MSS dynamically in response to those ICMPs and retry. I don't think UDP is able to do that. Also examine the MTU settings for your network interfaces on both the host and the guests, using ifconfig -a. Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 as gateway - UDP performance is busted/awful?
If you look inside the ICMP packet in wireshark, it will tell you who sent it and what MTU they said was acceptable. Well, I'm definitely drowning in network confusion here :-). Everyone's MTU is the default 1500, I checked all systems in the path. The wireshark display says 1516 in the Length column for the NFS packet that always shows up before the ICMP errors. If I expand the IP V4 line in the packet, it says Total Length: 1500 for that READDIRPLUS Reply which says 1516 for the capture length. It also has the Don't fragment flag set. It looks like the 16 byte extra is confusing it, but I have no idea why that is different than the IPv4 length info. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 as gateway - UDP performance is busted/awful?
On Thu, Aug 14, 2014 at 1:19 PM, Tom Horsley horsley1...@gmail.com wrote: If you look inside the ICMP packet in wireshark, it will tell you who sent it and what MTU they said was acceptable. Well, I'm definitely drowning in network confusion here :-). Everyone's MTU is the default 1500, I checked all systems in the path. The wireshark display says 1516 in the Length column for the NFS packet that always shows up before the ICMP errors. If I expand the IP V4 line in the packet, it says Total Length: 1500 for that READDIRPLUS Reply which says 1516 for the capture length. It also has the Don't fragment flag set. It looks like the 16 byte extra is confusing it, but I have no idea why that is different than the IPv4 length info. I thought NFS defaulted to writing 8192 blocks and let the network stack fragment as needed, so having DF set doesn't make much sense. Also, some firewalling schemes have issues with fragments, especially if they arrive out of order - not sure about the new stuff in C7. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 as gateway - UDP performance is busted/awful?
On Thu, 14 Aug 2014 13:35:48 -0500 Les Mikesell wrote: I thought NFS defaulted to writing 8192 blocks and let the network stack fragment as needed I think it is those fragments I'm looking at in wireshark. I just did another experiment - If I mount the same NFS filesystem on the centos 7 host, and do the same ls command, it works perfectly and the wireshark trace shows the same 1516 capture length for the NFS readdir messages. Somehow it is just the idea of forwarding the UDP packets to the virtual machine that the host objects to. The exact same size packets destined for it to use directly have no problems. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS SSH Session Logging
Have a OpenVZ Centos 7 Minimal instance running. Normally SSH sessions are logged too /var/log/secure. There is no such file. Where are they put then? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 as gateway - UDP performance is busted/awful?
On Thu, Aug 14, 2014 at 1:53 PM, Tom Horsley horsley1...@gmail.com wrote: I thought NFS defaulted to writing 8192 blocks and let the network stack fragment as needed I think it is those fragments I'm looking at in wireshark. I just did another experiment - If I mount the same NFS filesystem on the centos 7 host, and do the same ls command, it works perfectly and the wireshark trace shows the same 1516 capture length for the NFS readdir messages. Somehow it is just the idea of forwarding the UDP packets to the virtual machine that the host objects to. The exact same size packets destined for it to use directly have no problems. Seems like a horrible thing to do, but does it fix it if you mount with rsize=1500, wsize=1500 - or maybe 1484? Are you just bridging to the NIC interface? I don't see why that would need to change the packets at all. What happens if you ping with a large -s value through the bridge (host or external box to guest)? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Website
Hello John, do not miss understand... http://wiki.centos.org/Download shows only x86_64 no i386, doesn't todo anything with the mirror list... I checked it today and it's okay. Minimal ISO was pionted out to 6.5 isos... Thanks anyway... AndyBe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 as gateway - UDP performance is busted/awful?
On Thu, 14 Aug 2014 14:09:44 -0500 Les Mikesell wrote: Seems like a horrible thing to do, but does it fix it if you mount with rsize=1500, wsize=1500 - or maybe 1484? I already tried that - no change :-). Are you just bridging to the NIC interface? I don't see why that would need to change the packets at all. What happens if you ping with a large -s value through the bridge (host or external box to guest)? There are two NICs. The one with the bridge is also running a subnet with the virtual machines and one real machine on the NIC. The other NIC is connected to the wider world of our local LAN where the NFS servers reside, so the host has to operate as a gateway for the traffic from the LAN to the virtual machine subnet. I did just try the ping experiment, and on the outer NFS server, if I try to ping the virtual machine with a big size, I get the error about the packet fragmentation: dino ping -c 1 -s 1500 ubu14d04x PING ubu14d04x.ccur.kvm (192.168.118.52) from 10.134.30.46 : 1500(1528) bytes of data. From godzilla (10.134.30.124) icmp_seq=1 Frag needed and DF set (mtu = 1500) But weirdly, I don't get that from every machine I try out here on the LAN, some can ping it just fine, others get the error. Whatever I discover just makes me more confused :-). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
Just my opinion but rpmforge was great for CentOS 5 then epel was better for 6.I haven't tested 7 enough to know yet. Adam King IT Systems Administrator Skipton Girls High School 01756 707600 www.sghs.org.uk - Original Message - From: Matt matt.mailingli...@gmail.com To: CentOS mailing list centos@centos.org Sent: Thursday, 14 August, 2014 5:08:33 PM Subject: Re: [CentOS] Instaling LAMP on CentOS 7.x So EPEL is preferred over rpmforge now days? In past to get clamav and some other packages seemed like I had to use rpmforge. On Thu, Aug 14, 2014 at 10:38 AM, Always Learning cen...@u62.u22.net wrote: On Thu, 2014-08-14 at 11:26 -0400, John Plemons wrote: Here is a link to enable the epel repo http://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/ ( It was updated to include CentOS 7 ) This is probably a better link as it provides more choices, for example * EPEL 7 beta: x86_64, ppc64, sources * EPEL 6: i386, x86_64, ppc64, sources * EPEL 5: i386, x86_64, ppc, sources https://fedoraproject.org/wiki/EPEL -- Regards, Paul. England, EU. Centos, Exim, Apache, Libre Office. Linux is the future. Micro$oft is the past. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 as gateway - UDP performance is busted/awful?
On Thu, Aug 14, 2014 at 2:48 PM, Tom Horsley horsley1...@gmail.com wrote: Seems like a horrible thing to do, but does it fix it if you mount with rsize=1500, wsize=1500 - or maybe 1484? I already tried that - no change :-). It just seems very wrong for the NFS device to be sending 1516 bytes - and to set DF on the packet. What OS is it and what does it say about its own MTU? Physically, ethernet will accommodate 1518-1522 to allow VLAN tagging but you shouldn't have that without knowing about it (and your swiitch ports configured to trunk). Are you just bridging to the NIC interface? I don't see why that would need to change the packets at all. What happens if you ping with a large -s value through the bridge (host or external box to guest)? There are two NICs. The one with the bridge is also running a subnet with the virtual machines and one real machine on the NIC. The other NIC is connected to the wider world of our local LAN where the NFS servers reside, so the host has to operate as a gateway for the traffic from the LAN to the virtual machine subnet. I think dropping the packet is actually the correct thing in that scenario. It should not forward something larger than the next interface's MTU and if the DF bit is set it can't fragment there. If you have IP's to spare on the NFS subnet, you might get away with bridging there and adding a virtual NIC to the guest(s) that need access. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
On 8/14/2014 1:10 PM, Adam King wrote: Just my opinion but rpmforge was great for CentOS 5 then epel was better for 6.I haven't tested 7 enough to know yet. I used to use rpmforge/repoforge, now I use epel as my 'primary' goto repo for non-base packages. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Instaling LAMP on CentOS 7.x
Have a Centos 7 minimal openvz container I need to install a LAMP setup on. Does anyone recommend anything and have a link too it? I am guessing Mariadb is the new standard? For mysql in past I always added bind-address=127.0.0.1 to my.cnf for bit additional security. This server is dual stacked with IPv4 and IPv6, should I put something else in there? How do I tell it ::1 or 127.0.0.1? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS SSH Session Logging
Am 14.08.2014 um 21:06 schrieb Matt: Have a OpenVZ Centos 7 Minimal instance running. Normally SSH sessions are logged too /var/log/secure. There is no such file. Where are they put then? Check /etc/rsyslog.conf Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 as gateway - UDP performance is busted/awful?
Try turning off TSO: # ethtool -K eth0 tso off ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS SSH Session Logging
Fixed it. yum install rsyslog Thanks. On Thu, Aug 14, 2014 at 3:29 PM, Alexander Dalloz ad+li...@uni-x.org wrote: Am 14.08.2014 um 21:06 schrieb Matt: Have a OpenVZ Centos 7 Minimal instance running. Normally SSH sessions are logged too /var/log/secure. There is no such file. Where are they put then? Check /etc/rsyslog.conf Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS SSH Session Logging
That's not a fix. A fix is finding out where the logs are being written, not installing another package. Though, having said that, I realise that I am assuming that the minimal install contains *some* logging package, and that may possibly be incorrect. Cheers, Cliff On Fri, Aug 15, 2014 at 12:08 PM, Matt matt.mailingli...@gmail.com wrote: Fixed it. yum install rsyslog Thanks. On Thu, Aug 14, 2014 at 3:29 PM, Alexander Dalloz ad+li...@uni-x.org wrote: Am 14.08.2014 um 21:06 schrieb Matt: Have a OpenVZ Centos 7 Minimal instance running. Normally SSH sessions are logged too /var/log/secure. There is no such file. Where are they put then? Check /etc/rsyslog.conf Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS SSH Session Logging
That's not a fix. A fix is finding out where the logs are being written, not installing another package. Though, having said that, I realise that I am assuming that the minimal install contains *some* logging package, and that may possibly be incorrect. There appeared to be no logging package. This was a minimal openvz template for Centos 7 though. On Fri, Aug 15, 2014 at 12:08 PM, Matt matt.mailingli...@gmail.com wrote: Fixed it. yum install rsyslog Thanks. On Thu, Aug 14, 2014 at 3:29 PM, Alexander Dalloz ad+li...@uni-x.org wrote: Am 14.08.2014 um 21:06 schrieb Matt: Have a OpenVZ Centos 7 Minimal instance running. Normally SSH sessions are logged too /var/log/secure. There is no such file. Where are they put then? Check /etc/rsyslog.conf Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS SSH Session Logging
Fair enough I withdraw my comment as irrelevant. Cheers, Cliff On Fri, Aug 15, 2014 at 1:11 PM, Matt matt.mailingli...@gmail.com wrote: That's not a fix. A fix is finding out where the logs are being written, not installing another package. Though, having said that, I realise that I am assuming that the minimal install contains *some* logging package, and that may possibly be incorrect. There appeared to be no logging package. This was a minimal openvz template for Centos 7 though. On Fri, Aug 15, 2014 at 12:08 PM, Matt matt.mailingli...@gmail.com wrote: Fixed it. yum install rsyslog Thanks. On Thu, Aug 14, 2014 at 3:29 PM, Alexander Dalloz ad+li...@uni-x.org wrote: Am 14.08.2014 um 21:06 schrieb Matt: Have a OpenVZ Centos 7 Minimal instance running. Normally SSH sessions are logged too /var/log/secure. There is no such file. Where are they put then? Check /etc/rsyslog.conf Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
