[CentOS] CentOS 7 - Limiting rescue kernel imeges
In order to keep only 3 kernel images on a CentOS 7 I edited /etc/yum.conf and I put installonly_limit=3 This parameter works for standard kernel images, but does not work for rescue images: $ ls -al /boot/vmlinuz* -rwxr-xr-x 1 root root 5027376 May 13 20:46 /boot/vmlinuz-0-rescue-2554e2ffad84452bb07401bed0a61089 -rwxr-xr-x 1 root root 3084288 Jun 27 06:42 /boot/vmlinuz-0-rescue-2be43759d5354c5a84125dea5b4a02ab -rwxr-xr-x 1 root root 5029136 Mar 18 05:18 /boot/vmlinuz-0-rescue-3871136569fb49cb934a276af5e09b32 -rwxr-xr-x 1 root root 5029008 Mar 31 19:54 /boot/vmlinuz-0-rescue-ca5579e88a014362836fa90f4aa34248 -rwxr-xr-x 1 root root 5029744 Aug 6 16:31 /boot/vmlinuz-0-rescue-e2ae4db2b909488088e78ac4064661d2 -rwxr-xr-x 1 root root 5029744 Aug 6 03:15 /boot/vmlinuz-3.10.0-229.11.1.el7.x86_64 -rwxr-xr-x 1 root root 5027376 May 13 12:15 /boot/vmlinuz-3.10.0-229.4.2.el7.x86_64 -rwxr-xr-x 1 root root 5029200 Jun 24 00:15 /boot/vmlinuz-3.10.0-229.7.2.el7.x86_64 Is there a way to keep rescue images within a certain limit? Thank you in advance -- Ciao, luigi / +--[Luigi Rosa]-- \ In every revolution, there's one man with a vision. --James Kirk, "Mirror, Mirror" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [security] Thunderbird vulnerable to MITM
On Sat, 2015-08-22 at 08:05 -0700, Alice Wonder wrote: > Thunderbird has a MITM vulnerability with its otherwise rather groovy > auto-configuration feature. > https://librelamp.com/FooBird#security > > has what I think would be the easiest solution while keeping the > ability to auto-configure stuff. As for LibreSSL et al, perhaps you could mention all your concerns on Fedora ? Its the place where, it often seems, everything in Centos originates from. You will benefit from your own mailing list/web forum. Your attitude and concerns are not unique. -- Best regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Make USB bootable drive: Rufus
On Sat, 2015-08-22 at 16:58 -0400, Bill Maltby (C4B) wrote: > Had seen various folks ask about how to do this (I did mine long ago and > far away to make my Windows machine dual-bootable to Win or CentOS) and > while looking for some HD repair diagnostics, ran across this and > thought it may be useful to some folks. > > http://rufus.akeo.ie/ > > I've not yet used it, but it looks easy. Some of us are entirely Micro$oft-free by choice. Hence the exclusive use of Centos. -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [security] Thunderbird vulnerable to MITM
On 08/23/2015 07:25 AM, Always Learning wrote: On Sat, 2015-08-22 at 08:05 -0700, Alice Wonder wrote: Thunderbird has a MITM vulnerability with its otherwise rather groovy auto-configuration feature. https://librelamp.com/FooBird#security has what I think would be the easiest solution while keeping the ability to auto-configure stuff. As for LibreSSL et al, perhaps you could mention all your concerns on Fedora ? Its the place where, it often seems, everything in Centos originates from. You will benefit from your own mailing list/web forum. Your attitude and concerns are not unique. I stopped using Fedora because as soon as it was stable it was end of life and I was forced to install a new bleeding edge unstable version. I do not like bleeding edge for most things, I use mate in CentOS because GNOME 3 is not to my liking, for example, and makes me feel like I am fighting the desktop instead of using the desktop. I do not know if LibreSSL will ever be part of Fedora or CentOS because FIPS support is not one of the goals of the projects, but FIPS didn't protect anyone from the several OpenSSL vulnerabilities that led to LibreSSL so FIPS is not a concern of mine, but it is a requirement for some places so I suspect it will be difficult for it to enter the Red Hat ecosystem. RHEL packages need to build against OpenSSL to have FIPS and so Fedora packages will continue to build against OpenSSL. Politics sucks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [security] Thunderbird vulnerable to MITM
On Sun, 2015-08-23 at 07:57 -0700, Alice Wonder wrote: > I stopped using Fedora because as soon as it was stable it was end of > life and I was forced to install a new bleeding edge unstable version. I am 'conservative' too. Once something is working well I do not wish to change it unless there is a compelling conspicuous advantage. > I do not like bleeding edge for most things, I use mate in CentOS > because GNOME 3 is not to my liking, for example, and makes me feel like > I am fighting the desktop instead of using the desktop. Bleeding edge inevitable means 'bugs' and, potentially, data loss and/or paralysed systems. Fortunately I have yet to encounter any of the delights of C7 as C5 and C6 fulfil my needs. > I do not know if LibreSSL will ever be part of Fedora or CentOS because > FIPS support is not one of the goals of the projects, but FIPS didn't > protect anyone from the several OpenSSL vulnerabilities that led to > LibreSSL so FIPS is not a concern of mine, but it is a requirement for > some places so I suspect it will be difficult for it to enter the Red > Hat ecosystem. > > RHEL packages need to build against OpenSSL to have FIPS and so Fedora > packages will continue to build against OpenSSL. Politics sucks. Yes some people's version of politics is annoying. Politics ought to be about creating pragmatic solutions for the public good rather than enforcing brain-dead dogma. MariaDB is a so-called "drop-in" replacement for MySQL although I understand version 10 is not compatible. Could LibreSSL create a "drop-in" replacement version for OpenSSL ? -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [security] Thunderbird vulnerable to MITM
On 08/23/2015 10:17 AM, Always Learning wrote: Yes some people's version of politics is annoying. Politics ought to be about creating pragmatic solutions for the public good rather than enforcing brain-dead dogma. MariaDB is a so-called "drop-in" replacement for MySQL although I understand version 10 is not compatible. Could LibreSSL create a "drop-in" replacement version for OpenSSL ? No, they remain API compatible with OpenSSL 1.0.1 but they are not ABI compatible, and they do not wish to be. Anything built against OpenSSL has to be recompiled to use LibreSSL. Both libraries though can exist on the system at the same time, installed in the standard /usr prefix - so you can have both installed. /usr/bin/openssl is the only conflict - resolved by renaming the binary from LibreSSL to /usr/bin/libressl on systems with both. I don't worry that much about OpenSSL being there, it is just the public facing servers I want to use LibreSSL. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 - Limiting rescue kernel imeges
On 08/23/2015 12:23 PM, Luigi Rosa wrote: In order to keep only 3 kernel images on a CentOS 7 I edited /etc/yum.conf and I put installonly_limit=3 This parameter works for standard kernel images, but does not work for rescue images: Is there a way to keep rescue images within a certain limit? man yum.conf , search for installonlypkgs (that's on centos6, might vary in 7) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Host does not respond to nmap
Hey Y'all, I just set up a new old machine on my network. I did a net install of CentOS 6.7 on it replacing an outdated copy of Win XP. Of course I'm now in the throws of configuring the machine to be a useful member of society. [mlapier@peach ~]$ nmap -sn 192.168.15.0/24 Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-23 20:12 EDT Nmap scan report for 192.168.15.1 Host is up (0.00043s latency). Nmap scan report for 192.168.15.100 Host is up (0.00014s latency). Nmap scan report for 192.168.15.101 Host is up (0.00065s latency). Nmap scan report for 192.168.15.104 Host is up (0.00017s latency). Nmap scan report for mushroom.patch (192.168.15.105) Host is up (0.00015s latency). Nmap done: 256 IP addresses (5 hosts up) scanned in 15.30 seconds [mlapier@peach ~]$ ping -c 1 192.168.15.107 PING 192.168.15.107 (192.168.15.107) 56(84) bytes of data. 64 bytes from 192.168.15.107: icmp_seq=1 ttl=64 time=0.175 ms --- 192.168.15.107 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.175/0.175/0.175/0.000 ms [mlapier@peach ~]$ I can ssh onto 192.168.15.107 too. I spent a good part of the day trying to connect the FAHControl on my machine to the Folding@Home client on 192.168.15.107 without success. Maybe the reason why 192.168.15.107 does not appear on the nmap output has something to do with my lack of success connecting the control to the client. Maybe not. I'm not having any problem connecting to the FAH client on 192.168.15.105 from my machine. I even copied the FAH configuration file from 192.168.15.105 to 192.168.15.107 and then restarted the client. Still no joy in Mudville. I figure I should quit while I'm behind. Anyone have any suggestions? -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Host does not respond to nmap
On Sun, August 23, 2015 7:34 pm, Mark LaPierre wrote: > Hey Y'all, > > I just set up a new old machine on my network. I did a net install of > CentOS 6.7 on it replacing an outdated copy of Win XP. Of course I'm > now in the throws of configuring the machine to be a useful member of > society. > > [mlapier@peach ~]$ nmap -sn 192.168.15.0/24 > > Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-23 20:12 EDT > Nmap scan report for 192.168.15.1 > Host is up (0.00043s latency). > Nmap scan report for 192.168.15.100 > Host is up (0.00014s latency). > Nmap scan report for 192.168.15.101 > Host is up (0.00065s latency). > Nmap scan report for 192.168.15.104 > Host is up (0.00017s latency). > Nmap scan report for mushroom.patch (192.168.15.105) > Host is up (0.00015s latency). > Nmap done: 256 IP addresses (5 hosts up) scanned in 15.30 seconds > > [mlapier@peach ~]$ ping -c 1 192.168.15.107 > PING 192.168.15.107 (192.168.15.107) 56(84) bytes of data. > 64 bytes from 192.168.15.107: icmp_seq=1 ttl=64 time=0.175 ms > > --- 192.168.15.107 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.175/0.175/0.175/0.000 ms > [mlapier@peach ~]$ > > I can ssh onto 192.168.15.107 too. > > I spent a good part of the day trying to connect the FAHControl on my > machine to the Folding@Home client on 192.168.15.107 without success. > Maybe the reason why 192.168.15.107 does not appear on the nmap output > has something to do with my lack of success connecting the control to > the client. Maybe not. > > I'm not having any problem connecting to the FAH client on > 192.168.15.105 from my machine. I even copied the FAH configuration > file from 192.168.15.105 to 192.168.15.107 and then restarted the > client. Still no joy in Mudville. I figure I should quit while I'm > behind. Anyone have any suggestions? > Do you have shell on the machine in question? If yes, /sbin/ifconfig -a /sbin/route /bin/netstat -nap --inet may help. (I'm sure you turned off firewall: /etc/rc.d/init.d/iptables stop ). Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Host does not respond to nmap [SOLVED]
On 08/23/15 20:46, Valeri Galtsev wrote: > > On Sun, August 23, 2015 7:34 pm, Mark LaPierre wrote: >> Hey Y'all, >> >> I just set up a new old machine on my network. I did a net install of >> CentOS 6.7 on it replacing an outdated copy of Win XP. Of course I'm >> now in the throws of configuring the machine to be a useful member of >> society. >> >> [mlapier@peach ~]$ nmap -sn 192.168.15.0/24 >> >> Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-23 20:12 EDT >> Nmap scan report for 192.168.15.1 >> Host is up (0.00043s latency). >> Nmap scan report for 192.168.15.100 >> Host is up (0.00014s latency). >> Nmap scan report for 192.168.15.101 >> Host is up (0.00065s latency). >> Nmap scan report for 192.168.15.104 >> Host is up (0.00017s latency). >> Nmap scan report for mushroom.patch (192.168.15.105) >> Host is up (0.00015s latency). >> Nmap done: 256 IP addresses (5 hosts up) scanned in 15.30 seconds >> >> [mlapier@peach ~]$ ping -c 1 192.168.15.107 >> PING 192.168.15.107 (192.168.15.107) 56(84) bytes of data. >> 64 bytes from 192.168.15.107: icmp_seq=1 ttl=64 time=0.175 ms >> >> --- 192.168.15.107 ping statistics --- >> 1 packets transmitted, 1 received, 0% packet loss, time 0ms >> rtt min/avg/max/mdev = 0.175/0.175/0.175/0.000 ms >> [mlapier@peach ~]$ >> >> I can ssh onto 192.168.15.107 too. >> >> I spent a good part of the day trying to connect the FAHControl on my >> machine to the Folding@Home client on 192.168.15.107 without success. >> Maybe the reason why 192.168.15.107 does not appear on the nmap output >> has something to do with my lack of success connecting the control to >> the client. Maybe not. >> >> I'm not having any problem connecting to the FAH client on >> 192.168.15.105 from my machine. I even copied the FAH configuration >> file from 192.168.15.105 to 192.168.15.107 and then restarted the >> client. Still no joy in Mudville. I figure I should quit while I'm >> behind. Anyone have any suggestions? >> > > Do you have shell on the machine in question? If yes, > > /sbin/ifconfig -a > > /sbin/route > > /bin/netstat -nap --inet > > may help. (I'm sure you turned off firewall: > > /etc/rc.d/init.d/iptables stop > > ). > > Valeri > I already tried all the items on your list plus a few others with one exception. Duhh. Now I'm feeling like and idiot. "I'm sure you turned off firewall:" NOT. I guess tomorrow I've got some iptables rules to write. For now turning off iptables fixed the issue. I can connect to the FAH client and the machine appears in the nmap report. I just checked 192.168.15.105 and found that iptables is turned off there too. Thank you so much for the brain reset. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 - Limiting rescue kernel imeges
Nicolas Thierry-Mieg wrote on 24/08/2015 00:24: >> installonly_limit=3 >> >> >> This parameter works for standard kernel images, but does not work for >> rescue images: >> > >> Is there a way to keep rescue images within a certain limit? > > man yum.conf , search for installonlypkgs (that's on centos6, might vary in 7) According to man page: /* installonlypkgs List of package provides that should only ever be installed, never updated. */ This is not the case for two reasons: (1) I want to install rescue kernel image and (2) there is no rpm package for rescue kernel -- Ciao, luigi / +--[Luigi Rosa]-- \ For every action, there is an equal and opposite criticism. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new laptop: DVD or Blu-ray
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of Chris Yereaztian > Sent: den 21 augusti 2015 19:53 > To: CentOS mailing list > Subject: Re: [CentOS] new laptop: DVD or Blu-ray > > Ken, I'm sorry, I had no intention of fighting anyone. I was simply under the > impression that you might have actually referred to DVD authoring (creation > of the disc, chapters, burning etc,but I understand where you are coming > from. I completely agree that the terms interpretation completely depends > on the used context. I really did not have any intention of stirring up > something. I thought there might have been some confusion and I might be > able to help resolve the confusion. All is good now ^_^. You're all so very polite. 8-D -- //Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
