[CentOS] OpenSSL and OpenSSH on CentOS (FIPS enabled)
Hi experts, Current I am doing FIPS gap analysis for our product, can someone help to have a look my questions? Our product is server running under CentOS 6.x, and according to the upstream (RedHat) document, CentOS can be configured to FIPS mode: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html And according to the CentOS forum, if we enabled FIPS mode on CentOS, then OpenSSL will also be in FIPS mode https://www.centos.org/forums/viewtopic.php?t=9078 Questions: (1) Is that true for OpenSSL ? (2) How about OpenSSH, since we are using SSH for administration, but there is not too much document mentioning OpenSSH Vs. FIPS. But looks like REDHAT already takes care of OpenSSH: https://www.redhat.com/en/about/press-releases/red-hat-completes-fips-1402-certifications Can I assume that OpenSSH is in FIPS mode when CentOS is in FIPS mode ? Regards, Ning Liu ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] virt-manager
On 10/22/2015 4:15 PM, Nux! wrote: Try giving the VM a Spice display, instead of VNC, see if that helps. no idea how to do this, I'm a total newb with KVM. all I actually want to do is attach a USB device to my existing and running KVM, but the instructions for doing this in virtsh are confusing (anything that requires editing XML files tends to give me a headache). specifically, I want the VM 'kfat' to 'own' Bus 005 Device 004: ID 08bb:2704 Texas Instruments Audio Codec ... OK, I figured it out, I had to create a .xml file like... and pass that to virsh attach-device vmname my.xml -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] virt-manager
Try giving the VM a Spice display, instead of VNC, see if that helps. Also, on Windows try Mobaxterm SSH client, it comes with X server built-in, perhaps it behaves less crappy. HTH Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "John R Pierce" > To: "CentOS mailing list" > Sent: Friday, 23 October, 2015 00:11:15 > Subject: [CentOS] virt-manager > so... I've been tinkering with KVM again. my desktop is windows, > the linux server is remote, so I have a ssh X tunnel running, and XMing > running locally, and launch virt-manager. opens fine, shows the VM I > created some time ago. I select that VM (which is running centos 6), > and 'open', a window opens for a few seconds, then blam, virt-manager > exits before I can click on the 'details' lightbulb. > > if I run virt-manager --debug, I get the following output after clicking > on 'open'... > > 2015-10-22 16:08:36,377 (engine:471): window counter incremented to 2 > 2015-10-22 16:08:36,379 (console:1150): Starting connect process for > proto=vnc trans=None connhost=localhost connuser=None connport=None > gaddr=127.0.0.1 gport=5900 gsocket=None > 2015-10-22 16:08:36,381 (console:378): VNC connecting to localhost:5900 > 2015-10-22 16:08:37,009 (console:1061): Viewer connected > [xcb] Extra reply data still left in queue > [xcb] This is most likely caused by a broken X extension library > [xcb] Aborting, sorry about that. > python: xcb_io.c:576: _XReply: Assertion > `!xcb_xlib_extra_reply_data_left' failed. > Aborted (core dumped) > > > > > > > -- > john r pierce, recycling bits in santa cruz > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] virt-manager
so... I've been tinkering with KVM again. my desktop is windows, the linux server is remote, so I have a ssh X tunnel running, and XMing running locally, and launch virt-manager. opens fine, shows the VM I created some time ago. I select that VM (which is running centos 6), and 'open', a window opens for a few seconds, then blam, virt-manager exits before I can click on the 'details' lightbulb. if I run virt-manager --debug, I get the following output after clicking on 'open'... 2015-10-22 16:08:36,377 (engine:471): window counter incremented to 2 2015-10-22 16:08:36,379 (console:1150): Starting connect process for proto=vnc trans=None connhost=localhost connuser=None connport=None gaddr=127.0.0.1 gport=5900 gsocket=None 2015-10-22 16:08:36,381 (console:378): VNC connecting to localhost:5900 2015-10-22 16:08:37,009 (console:1061): Viewer connected [xcb] Extra reply data still left in queue [xcb] This is most likely caused by a broken X extension library [xcb] Aborting, sorry about that. python: xcb_io.c:576: _XReply: Assertion `!xcb_xlib_extra_reply_data_left' failed. Aborted (core dumped) -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7, ATI/AMD video, fonts
On Thu, October 22, 2015 4:20 pm, m.r...@5-cent.us wrote: > A newly built CentOS 7.1 system, with an ATI/AMD video card. I installed > the proprietary driver (this is a Dell, and they had their own rpm), and > after I ran aticonfig --initial, init 3, then init 5, and we have a > working video. Any particular reason to have proprietary video driver? I have Dell Optiplex-es with most generic of ATI cards; latest CentOS 7 "automagically" handles two screens (even combination of screens of different resolution) attached to this ATI card out of the box. Just curious. Valeri > > Excerpt the fonts are atrocious. All the letters seem to be missing > pixels, so it's as though there's no across, almost. > > He's running gnome. There has to be a quick fix - a link would be great. > > Thanks in advance. > >mark Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7, ATI/AMD video, fonts
On Thu, 22 Oct 2015 17:20:17 -0400 m.r...@5-cent.us wrote: > A newly built CentOS 7.1 system, with an ATI/AMD video card. I installed > the proprietary driver (this is a Dell, and they had their own rpm), and > after I ran aticonfig --initial, init 3, then init 5, and we have a > working video. How did it look BEFORE you installed the proprietary driver? -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 7, ATI/AMD video, fonts
A newly built CentOS 7.1 system, with an ATI/AMD video card. I installed the proprietary driver (this is a Dell, and they had their own rpm), and after I ran aticonfig --initial, init 3, then init 5, and we have a working video. Excerpt the fonts are atrocious. All the letters seem to be missing pixels, so it's as though there's no across, almost. He's running gnome. There has to be a quick fix - a link would be great. Thanks in advance. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On Thu, October 22, 2015 3:45 pm, Johnny Hughes wrote: > On 10/22/2015 03:40 PM, Juan Bernhard wrote: >> >> El 22/10/2015 a las 03:00 p.m., Valeri Galtsev escribió: >>> >>> On Thu, October 22, 2015 12:49 pm, Johnny Hughes wrote: On 10/22/2015 11:50 AM, Juan Bernhard wrote: > > El 22/10/2015 a las 01:40 p.m., Nux! escribió: >> Kai, >> >> It is a reality, but when you look at the RHEL target audience, it's >> not exactly hip devs deploying Docker in the cloud. >> Big corps, banks and the like have a very slow development cycle and >> long term support is absolutely crucial, software needs to run for >> years on end without glitches, without interruptions, in a very >> predictable manner etc. >> >> For the aforementioned devs I think the best answer are the software >> collections, that or just use a different distribution. It is what >> it >> is. >> >> >> Lucian > > Lucian, they also include the newer versions. The case of banks, who > need specially PHP version 5.3, are a slim 0.01% of php users, the > rest > of the mortals, like me, who needs a simple webmail like horde > running, > have problems because the rest of the world is not developing any > more > with php 5.3 compatibility in mind > > Saludos, Juan > Correct .. but that is not who RHEL, CentOS, Ubuntu (LTS), or SLES type distros are for. That is what Fedora, OpenSUSE, Ubuntu, Debian, Linux Mint and any other number of "Bleeding Edge" distros are for. If you want latest and greatest .. well, then use latest and greatest. If you want enterprise, then use CentOS. >>> >>> And incidentally these 0.01% (even if the number is true) of Enterprise >>> users pay virtually 100% of RH income (the last is what the brilliant >>> job >>> of individuals at RH is paid for from). Let's not forget they as well >>> as >>> us have families to support. >>> >>> Valeri >> >> Im not saying that they must remove this package, but they also should >> include the newer version. I use freebsd (and its not a toy distro like >> fedora), and you have several ports, php, php54, php55 and php56 to >> choose whatever you need. >> Please, dont think that I dont appreciate the RH job on this, some one >> should support a long term version, some applications needs this, but >> very few. >> Thats all. I needed to say this, this is the only thing that bother me >> of centos, and its a little thing. The solution is to add another repo, >> but is a petty that they dont include the newer version on the default >> one. Centos its a great distro, dont take this a complain... its just a >> suggestion. >> >> Saludos, Juan > > Like I said before .. software collections: > > http://bit.ly/1GXl0L0 > I would add to software collections you mention and different Linux distributions (differing in update/upgrade lifecycle scheme) also other *nix-es, FreeBSD was one someone mentioned already (I too "half-moved" servers to it), but there are many other choices of systems. Still, disregarding the part some of us dislike personally (plus often reboots necessary to install some vital updates - which all Linuxes are prone to beginning somewhere around 2.6 kernel) I would say I really admire the great job RH folks are doing - and definitely tremendous job CentOS maintainers do! Just my 0.02 Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EFI netboot to kickstart install
On 10/21/2015 07:25 PM, Grant Street wrote:
Just wondering if anyone has any experience setting up a net boot server that
can be used to kickstart EFI machines?
Yep.
In ISC dhcpd.conf, use:
next-server config.example.com;
if option architecture-type = 00:07 {
filename "shim.efi";
} else {
filename "pxelinux.0";
}
Then, in your tftp server you'll need 3 files from the shim and
grub2-efi packages. I used this script:
---
#!/bin/sh
wget
http://centos.s.uw.edu/centos/7/os/x86_64/Packages/shim-0.7-5.2.el7.centos.2.x86_64.rpm
wget
http://centos.s.uw.edu/centos/7/os/x86_64/Packages/grub2-efi-2.02-0.16.el7.centos.x86_64.rpm
mkdir tmp
rpm2cpio shim-0.7-5.2.el7.centos.2.x86_64.rpm | (cd tmp && cpio -ivd)
rpm2cpio grub2-efi-2.02-0.16.el7.centos.x86_64.rpm | (cd tmp && cpio -ivd)
cp tmp/boot/efi/EFI/centos/shim.efi ../
cp tmp/boot/efi/EFI/centos/grubx64.efi ../
cp tmp/boot/efi/EFI/centos/fonts/unicode.pf2 ../grub/fonts/
rm tmp -rf
---
Configuration files are in EFI/centos (relative to the TFTP root) rather
than pxelinux.cfg. They're named grub.cfg-01-, and use grub syntax
rather than isolinux syntax.
A simple example:
---
set timeout=600
set default=0
menuentry "localboot" {
insmod chain
set root=(hd0)
chainloader +1
}
menuentry "c7" {
linuxefi /c7/vmlinuz ks=http://config.example.com/kickstart/c7s
ksdevice=eth0 net.ifnames=0 biosdevname=0
initrdefi /c7/initrd.img
}
---
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On 10/22/2015 1:40 PM, Juan Bernhard wrote: Im not saying that they must remove this package, but they also should include the newer version. I use freebsd (and its not a toy distro like fedora), and you have several ports, php, php54, php55 and php56 to choose whatever you need. Please, dont think that I dont appreciate the RH job on this, some one should support a long term version, some applications needs this, but very few. Thats all. I needed to say this, this is the only thing that bother me of centos, and its a little thing. The solution is to add another repo, but is a petty that they dont include the newer version on the default one. Centos its a great distro, dont take this a complain... its just a suggestion. that suggestion would have to be made with RH, not CentOS, as the default CentOS package list *IS* the RHEL package list. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On 10/22/2015 03:40 PM, Juan Bernhard wrote: > > El 22/10/2015 a las 03:00 p.m., Valeri Galtsev escribió: >> >> On Thu, October 22, 2015 12:49 pm, Johnny Hughes wrote: >>> On 10/22/2015 11:50 AM, Juan Bernhard wrote: El 22/10/2015 a las 01:40 p.m., Nux! escribió: > Kai, > > It is a reality, but when you look at the RHEL target audience, it's > not exactly hip devs deploying Docker in the cloud. > Big corps, banks and the like have a very slow development cycle and > long term support is absolutely crucial, software needs to run for > years on end without glitches, without interruptions, in a very > predictable manner etc. > > For the aforementioned devs I think the best answer are the software > collections, that or just use a different distribution. It is what it > is. > > > Lucian Lucian, they also include the newer versions. The case of banks, who need specially PHP version 5.3, are a slim 0.01% of php users, the rest of the mortals, like me, who needs a simple webmail like horde running, have problems because the rest of the world is not developing any more with php 5.3 compatibility in mind Saludos, Juan >>> >>> Correct .. but that is not who RHEL, CentOS, Ubuntu (LTS), or SLES type >>> distros are for. That is what Fedora, OpenSUSE, Ubuntu, Debian, Linux >>> Mint and any other number of "Bleeding Edge" distros are for. If you >>> want latest and greatest .. well, then use latest and greatest. If you >>> want enterprise, then use CentOS. >>> >> >> And incidentally these 0.01% (even if the number is true) of Enterprise >> users pay virtually 100% of RH income (the last is what the brilliant job >> of individuals at RH is paid for from). Let's not forget they as well as >> us have families to support. >> >> Valeri > > Im not saying that they must remove this package, but they also should > include the newer version. I use freebsd (and its not a toy distro like > fedora), and you have several ports, php, php54, php55 and php56 to > choose whatever you need. > Please, dont think that I dont appreciate the RH job on this, some one > should support a long term version, some applications needs this, but > very few. > Thats all. I needed to say this, this is the only thing that bother me > of centos, and its a little thing. The solution is to add another repo, > but is a petty that they dont include the newer version on the default > one. Centos its a great distro, dont take this a complain... its just a > suggestion. > > Saludos, Juan Like I said before .. software collections: http://bit.ly/1GXl0L0 signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
El 22/10/2015 a las 03:00 p.m., Valeri Galtsev escribió: On Thu, October 22, 2015 12:49 pm, Johnny Hughes wrote: On 10/22/2015 11:50 AM, Juan Bernhard wrote: El 22/10/2015 a las 01:40 p.m., Nux! escribió: Kai, It is a reality, but when you look at the RHEL target audience, it's not exactly hip devs deploying Docker in the cloud. Big corps, banks and the like have a very slow development cycle and long term support is absolutely crucial, software needs to run for years on end without glitches, without interruptions, in a very predictable manner etc. For the aforementioned devs I think the best answer are the software collections, that or just use a different distribution. It is what it is. Lucian Lucian, they also include the newer versions. The case of banks, who need specially PHP version 5.3, are a slim 0.01% of php users, the rest of the mortals, like me, who needs a simple webmail like horde running, have problems because the rest of the world is not developing any more with php 5.3 compatibility in mind Saludos, Juan Correct .. but that is not who RHEL, CentOS, Ubuntu (LTS), or SLES type distros are for. That is what Fedora, OpenSUSE, Ubuntu, Debian, Linux Mint and any other number of "Bleeding Edge" distros are for. If you want latest and greatest .. well, then use latest and greatest. If you want enterprise, then use CentOS. And incidentally these 0.01% (even if the number is true) of Enterprise users pay virtually 100% of RH income (the last is what the brilliant job of individuals at RH is paid for from). Let's not forget they as well as us have families to support. Valeri Im not saying that they must remove this package, but they also should include the newer version. I use freebsd (and its not a toy distro like fedora), and you have several ports, php, php54, php55 and php56 to choose whatever you need. Please, dont think that I dont appreciate the RH job on this, some one should support a long term version, some applications needs this, but very few. Thats all. I needed to say this, this is the only thing that bother me of centos, and its a little thing. The solution is to add another repo, but is a petty that they dont include the newer version on the default one. Centos its a great distro, dont take this a complain... its just a suggestion. Saludos, Juan -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: "Kai Schaetzl" To: centos@centos.org Sent: Thursday, 22 October, 2015 17:33:33 Subject: Re: [CentOS] PHP version not enough for developers Nux! wrote on Thu, 22 Oct 2015 17:27:26 +0100 (BST): It's irrelevant in this case that PHP 5.3 is EOL. It will continue to be supported by Red Hat with security patches. Exactly. Nevertheless, PHP 5.6 is not "bleeding edge" as someone else said. 5.5 and 5.6 are really state of the art and often necessary to install certain software packages or for some functionality. The packages provided by RH are much too fast outdated or have other problems. It's a reality. Kai ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On Thu, Oct 22, 2015 at 01:20:02PM -0300, Juan Bernhard wrote: > If you want to change to a log term support, you should use php 5.6, this is > under active development now. > centos packagers mantainers should listen the PHP developers in this topic, > they are the ones who really knows PHP But you don't seem to understand CentOS. The packages in the main repo aren't maintained by 'centos package maintainers'. They are rebuilt from RHEL source packages. If you've got a complaint with the version, complain to Red Hat. As other have explained in this thread, you should expect considerably longer support from Red Hat (and thus CentOS) for any release of PHP than you'll get from upstream PHP. Sure, if you don't care about having a product continue working after a couple years, go ahead and build the upstream version of PHP and manually apply security updates yourself. Maybe you can pay the PHP developers to support it for you, since they really seem to know PHP. If you want to have a stable platform to deploy your web service, use an enterprise operating system like CentOS. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS7 - Serial Console and Flow Control
Huge thanks to those who chimed in. An issue of PEBKAC on my part (but I was s close!). Once I got serial over LAN functioning I took the time pre-production to figure out exactly what options are necessary. Here's a recap of what I discovered. On Thu, Oct 15, 2015 at 3:54 PM, Lamar Owen wrote: > On 10/15/2015 03:05 PM, Mike - st257 wrote: > >> Would anyone be so kind as to share their experience? >> What has worked for your BMC/SoL configurations? >> > I have a C7 server with a physical RS-232 console, but the config should > be similar. I did not have to generate I'm using COM2 (ttyS1) and leaving the physical COM1 (ttyS0) alone so it could be used with null modem or Cisco console cables. Slight difference, nothing that makes them wildly different. > a systemd service for this; systemd saw the console line and automatically > started the getty without me having to generate a .service file (as far as > I recall all I had to do was generate the proper /etc/default/grub, and > then run 'grub2-mkconfig -o /boot/grub2/grub.cfg' and it Just Worked). > > Now, I have the system set for console on both the VGA and on ttyS0, and I > am not using flow-control. Here's what I have that works (again with a > physical ttyS0): > > [root@backup670 ~]# cat /etc/default/grub > GRUB_TIMEOUT=5 > GRUB_DEFAULT=saved > GRUB_DISABLE_SUBMENU=true > GRUB_SERIAL_COMMAND="serial --unit=0 --speed=9600 --word=8 --parity=no > --stop=1" > I didn't need GRUB_SERIAL_COMMAND, but... I have "Redirection After Boot" enabled in my BIOS for the serial console, which is how I'm still able to see the GRUB prompt. And likely why I can omit the GRUB_SERIAL_COMMAND line. I also read about but did not need GRUB_TERMINAL=serial > GRUB_TERMINAL_OUTPUT="console serial" > I got away with keeping the default of: GRUB_TERMINAL_OUTPUT="console" > GRUB_CMDLINE_LINUX="rd.md.uuid=long-uuid-string crashkernel=auto > rd.lvm.lv=vg/swap > rd.lvm.lv=vg/root rd.md.uuid=another-long-uuid console=tty0 > console=ttyS0,9600 rd_NO_PLYMOUTH" > I found things functioned fine _with_ "quiet" and without rd_NO_PLYMOUTH *hangs head* My PEBKAC was on the serial device ... I had /dev/ttyS1 instead of just _ttyS1_ ... my bad. GRUB_CMDLINE_LINUX="rd.luks.uuid=luks-1ad0ae71-75fa-46cf-aa5b-70e63c51a485 rd.lvm.lv=storage0/rootfs rd.lvm.lv=storage0/swap crashkernel=auto quiet console=tty0 console=ttyS1,57600n8r" > GRUB_DISABLE_RECOVERY="true" > > > Also see: http://0pointer.de/blog/projects/serial-console.html > > There should be no need to modify any .service files; simply editing > /etc/default/grub and regenerating grub2's config should be enough; it was > in my case (I verified by looking through root's .bash_history and finding > the lines around editing /etc/default/grub and not finding any edits of any > .service files) > You are absolutely right, no need to modify service files (just like was the case with Upstart in EL6). ~]# cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="rd.luks.uuid=luks-1ad0ae71-75fa-46cf-aa5b-70e63c51a485 rd.lvm.lv=storage0/rootfs rd.lvm.lv=storage0/swap crashkernel=auto quiet console=tty0 console=ttyS1,57600n8r" GRUB_DISABLE_RECOVERY="true" -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On Thu, October 22, 2015 12:49 pm, Johnny Hughes wrote: > On 10/22/2015 11:50 AM, Juan Bernhard wrote: >> >> El 22/10/2015 a las 01:40 p.m., Nux! escribió: >>> Kai, >>> >>> It is a reality, but when you look at the RHEL target audience, it's >>> not exactly hip devs deploying Docker in the cloud. >>> Big corps, banks and the like have a very slow development cycle and >>> long term support is absolutely crucial, software needs to run for >>> years on end without glitches, without interruptions, in a very >>> predictable manner etc. >>> >>> For the aforementioned devs I think the best answer are the software >>> collections, that or just use a different distribution. It is what it >>> is. >>> >>> >>> Lucian >> >> Lucian, they also include the newer versions. The case of banks, who >> need specially PHP version 5.3, are a slim 0.01% of php users, the rest >> of the mortals, like me, who needs a simple webmail like horde running, >> have problems because the rest of the world is not developing any more >> with php 5.3 compatibility in mind >> >> Saludos, Juan >> > > Correct .. but that is not who RHEL, CentOS, Ubuntu (LTS), or SLES type > distros are for. That is what Fedora, OpenSUSE, Ubuntu, Debian, Linux > Mint and any other number of "Bleeding Edge" distros are for. If you > want latest and greatest .. well, then use latest and greatest. If you > want enterprise, then use CentOS. > And incidentally these 0.01% (even if the number is true) of Enterprise users pay virtually 100% of RH income (the last is what the brilliant job of individuals at RH is paid for from). Let's not forget they as well as us have families to support. Valeri > >>> >>> -- >>> Sent from the Delta quadrant using Borg technology! >>> >>> Nux! >>> www.nux.ro >>> >>> - Original Message - From: "Kai Schaetzl" To: centos@centos.org Sent: Thursday, 22 October, 2015 17:33:33 Subject: Re: [CentOS] PHP version not enough for developers >>> Nux! wrote on Thu, 22 Oct 2015 17:27:26 +0100 (BST): > It's irrelevant in this case that PHP 5.3 is EOL. It will continue > to be supported by Red Hat with security patches. Exactly. Nevertheless, PHP 5.6 is not "bleeding edge" as someone else said. 5.5 and 5.6 are really state of the art and often necessary to install certain software packages or for some functionality. The packages provided by RH are much too fast outdated or have other problems. It's a reality. Kai > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendations for image malware detection?
An http proxy + clamav (or more AVs)? (if for web sources) -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Kay Schenk" > To: centos@centos.org > Sent: Thursday, 22 October, 2015 18:50:41 > Subject: [CentOS] Recommendations for image malware detection? > Hello all -- > > This is not a CentOS specific question, but I have a feeling some of you > are involved in enterprise malware efforts, so here goes. > > Does anyone have recommendations for malware detection that includes > detection in image files? I'm looking for something that could be > integrated into a batch cron process as opposed to a client end download > check. > > Thanks. > > -- > -- > MzK > > “The journey of a thousand miles begins with a single step.” > --Lao Tzu > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendations for image malware detection?
Well. (clamd) clamscan should work. -- Eero 2015-10-22 20:50 GMT+03:00 Kay Schenk : > Hello all -- > > This is not a CentOS specific question, but I have a feeling some of you > are involved in enterprise malware efforts, so here goes. > > Does anyone have recommendations for malware detection that includes > detection in image files? I'm looking for something that could be > integrated into a batch cron process as opposed to a client end download > check. > > Thanks. > > -- > -- > MzK > > “The journey of a thousand miles begins with a single step.” > --Lao Tzu > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Recommendations for image malware detection?
Hello all -- This is not a CentOS specific question, but I have a feeling some of you are involved in enterprise malware efforts, so here goes. Does anyone have recommendations for malware detection that includes detection in image files? I'm looking for something that could be integrated into a batch cron process as opposed to a client end download check. Thanks. -- -- MzK “The journey of a thousand miles begins with a single step.” --Lao Tzu ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On 10/22/2015 11:50 AM, Juan Bernhard wrote: > > El 22/10/2015 a las 01:40 p.m., Nux! escribió: >> Kai, >> >> It is a reality, but when you look at the RHEL target audience, it's >> not exactly hip devs deploying Docker in the cloud. >> Big corps, banks and the like have a very slow development cycle and >> long term support is absolutely crucial, software needs to run for >> years on end without glitches, without interruptions, in a very >> predictable manner etc. >> >> For the aforementioned devs I think the best answer are the software >> collections, that or just use a different distribution. It is what it is. >> >> >> Lucian > > Lucian, they also include the newer versions. The case of banks, who > need specially PHP version 5.3, are a slim 0.01% of php users, the rest > of the mortals, like me, who needs a simple webmail like horde running, > have problems because the rest of the world is not developing any more > with php 5.3 compatibility in mind > > Saludos, Juan > Correct .. but that is not who RHEL, CentOS, Ubuntu (LTS), or SLES type distros are for. That is what Fedora, OpenSUSE, Ubuntu, Debian, Linux Mint and any other number of "Bleeding Edge" distros are for. If you want latest and greatest .. well, then use latest and greatest. If you want enterprise, then use CentOS. >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro >> >> - Original Message - >>> From: "Kai Schaetzl" >>> To: centos@centos.org >>> Sent: Thursday, 22 October, 2015 17:33:33 >>> Subject: Re: [CentOS] PHP version not enough for developers >> >>> Nux! wrote on Thu, 22 Oct 2015 17:27:26 +0100 (BST): >>> It's irrelevant in this case that PHP 5.3 is EOL. It will continue to be supported by Red Hat with security patches. >>> >>> Exactly. >>> Nevertheless, PHP 5.6 is not "bleeding edge" as someone else said. >>> 5.5 and >>> 5.6 are really state of the art and often necessary to install certain >>> software packages or for some functionality. The packages provided by RH >>> are much too fast outdated or have other problems. It's a reality. >>> >>> Kai signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On 10/22/2015 12:40 PM, Johnny Hughes wrote: > On 10/22/2015 10:31 AM, Andrew Holway wrote: >> Hi, >> >> So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16 >> however this version of PHP stopped getting security support from the PHP >> people one month ago [1]. >> >> Now, our developers want to use the new and shiny PHP because they want to >> use the latest version of Zend. They are proposing using this package [2] >> but I never heard of this repo. >> >> Other than building the packages ourselves is there a more acceptable way >> to run a later version of PHP? >> >> Thoughts? Experiences? Ramblings? >> > > I would point out that Red Hat backports items to RHEL-7 (and we > therefore backport those into CentOS-7 when we rebuild the source code). > > I would also point out that the developers who ignore RHEL then ignore > getting their code into enterprises that use RHEL. Being that those > enterprises are the people PAYING for Linux, it MIGHT be the brightest > idea for those developers to write code that they expect to be paid for > for non-enterprise distributions :) > > That said, software collections is one way to get newer development > tools and we should have more software collections, including a newer > version of php, very soon in CentOS-7. > > The collections will go here when ready: > > http://mirror.centos.org/centos/7/sclo/ > > Right now only a couple of things there. Will be more soon. Here is a very, very early version to look at: http://cbs.centos.org/repos/sclo7-php55-rh-candidate/x86_64/os/ That is not ready for production, but an idea of what will be available. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On 10/22/2015 10:31 AM, Andrew Holway wrote: > Hi, > > So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16 > however this version of PHP stopped getting security support from the PHP > people one month ago [1]. > > Now, our developers want to use the new and shiny PHP because they want to > use the latest version of Zend. They are proposing using this package [2] > but I never heard of this repo. > > Other than building the packages ourselves is there a more acceptable way > to run a later version of PHP? > > Thoughts? Experiences? Ramblings? > I would point out that Red Hat backports items to RHEL-7 (and we therefore backport those into CentOS-7 when we rebuild the source code). I would also point out that the developers who ignore RHEL then ignore getting their code into enterprises that use RHEL. Being that those enterprises are the people PAYING for Linux, it MIGHT be the brightest idea for those developers to write code that they expect to be paid for for non-enterprise distributions :) That said, software collections is one way to get newer development tools and we should have more software collections, including a newer version of php, very soon in CentOS-7. The collections will go here when ready: http://mirror.centos.org/centos/7/sclo/ Right now only a couple of things there. Will be more soon. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
El 22/10/2015 a las 01:40 p.m., Nux! escribió: Kai, It is a reality, but when you look at the RHEL target audience, it's not exactly hip devs deploying Docker in the cloud. Big corps, banks and the like have a very slow development cycle and long term support is absolutely crucial, software needs to run for years on end without glitches, without interruptions, in a very predictable manner etc. For the aforementioned devs I think the best answer are the software collections, that or just use a different distribution. It is what it is. Lucian Lucian, they also include the newer versions. The case of banks, who need specially PHP version 5.3, are a slim 0.01% of php users, the rest of the mortals, like me, who needs a simple webmail like horde running, have problems because the rest of the world is not developing any more with php 5.3 compatibility in mind Saludos, Juan -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: "Kai Schaetzl" To: centos@centos.org Sent: Thursday, 22 October, 2015 17:33:33 Subject: Re: [CentOS] PHP version not enough for developers Nux! wrote on Thu, 22 Oct 2015 17:27:26 +0100 (BST): It's irrelevant in this case that PHP 5.3 is EOL. It will continue to be supported by Red Hat with security patches. Exactly. Nevertheless, PHP 5.6 is not "bleeding edge" as someone else said. 5.5 and 5.6 are really state of the art and often necessary to install certain software packages or for some functionality. The packages provided by RH are much too fast outdated or have other problems. It's a reality. Kai ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On Thu, October 22, 2015 11:20 am, Juan Bernhard wrote: > > El 22/10/2015 a las 12:48 p.m., Valeri Galtsev escribió: >> On Thu, October 22, 2015 10:40 am, Jim Perrin wrote: >>> On 10/22/2015 10:31 AM, Andrew Holway wrote: Hi, So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16 however this version of PHP stopped getting security support from the PHP people one month ago [1]. Now, our developers want to use the new and shiny PHP because they want to use the latest version of Zend. They are proposing using this package [2] but I never heard of this repo. >> For me it sound like an example of the difference between "bleeding edge" >> and "enterprise" systems. The first is what developers most often like, the second is what humble sysadmins prefer as they have to keep something >> developed long ago running for as long as possible - and without crashed, >> daemons dying etc (== "bleeding" which always accompanies "bleeding edge" >> anything). Sorry for venting my own usual pain here... >> Valeri > > PHP 5.4 is in EOL, it get no more security updates from PHP > developers... its may be a security risk to use this in in long term. centos should change the php version more ofthen. I dont uderstand centos 6, its still using php 5.3, who got EOL a year ago... I had to switch to another repo to get this (to not get the headache by compile by hand). > If you want to change to a log term support, you should use php 5.6, this is under active development now. > centos packagers mantainers should listen the PHP developers in this topic, they are the ones who really knows PHP > http://php.net/supported-versions.php > This yet once more exemplifies the point I was trying to make. If I build new system (with new components of end point software using, say PHP), then I would pick the latest stable version of PHP. Exactly as you are point out. And I prefer to roll new box out with all latest stable everything. From this point on, once I have the box in production, I often have no luxury (when time goes by) to upgrade some components other stuff needs to run with. Like PHP that will be latest stable 3 years down the road will be several minor versions up, and some of my end components may not run with it as some internals may have changed. At this point it is exactly what I am trying to stress: either I break things that I have no newer version that works with latest version of PHP, or I can stay with older version of PHP - if at all possible. This is basically the difference between, say, Debian (and clones) style of updates/upgrades (when update bring you new version of package) and RH Enterprise Linux which keeps older version (thus preserving all internals), and [doing tremendous job of] backporting security and bug fixes implemented in new version to older version. At least this is what we loved about RHEL - not quite sure to what extent it still is true recently. The best example of really troublesome compatibility would be python and modules for it. To my python developers and users I call python a "sneaky snake". Whoever worked with python and modules written for it knows what I talk about: you always beed to match versions of modules rather rigorously the version of python itself, or things will not work. There is, however excellent "Enterprise" piece of software written in python: mailman. I really never had any trouble of any kind with mailman. This is what I figure Mark meant when he said you can write software which will work with big range of different versions of whatever it depends on - he is (was?) developer, he knows what he is talking about. Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
Kai, It is a reality, but when you look at the RHEL target audience, it's not exactly hip devs deploying Docker in the cloud. Big corps, banks and the like have a very slow development cycle and long term support is absolutely crucial, software needs to run for years on end without glitches, without interruptions, in a very predictable manner etc. For the aforementioned devs I think the best answer are the software collections, that or just use a different distribution. It is what it is. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Kai Schaetzl" > To: centos@centos.org > Sent: Thursday, 22 October, 2015 17:33:33 > Subject: Re: [CentOS] PHP version not enough for developers > Nux! wrote on Thu, 22 Oct 2015 17:27:26 +0100 (BST): > >> It's irrelevant in this case that PHP 5.3 is EOL. It will continue >> to be supported by Red Hat with security patches. > > Exactly. > Nevertheless, PHP 5.6 is not "bleeding edge" as someone else said. 5.5 and > 5.6 are really state of the art and often necessary to install certain > software packages or for some functionality. The packages provided by RH > are much too fast outdated or have other problems. It's a reality. > > Kai > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
Nux! wrote on Thu, 22 Oct 2015 17:27:26 +0100 (BST): > It's irrelevant in this case that PHP 5.3 is EOL. It will continue > to be supported by Red Hat with security patches. Exactly. Nevertheless, PHP 5.6 is not "bleeding edge" as someone else said. 5.5 and 5.6 are really state of the art and often necessary to install certain software packages or for some functionality. The packages provided by RH are much too fast outdated or have other problems. It's a reality. Kai ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
I've been using IUS in the past. They have a good way of naming their rpms, so they don't interfere with the RH rpms. But they don't support older CentOS versions still on extended support as long as I needed them. And they don't provide as much php-related rpms (f.i. pecl-stuff) as remi does. So, with newer PHP versions I had to go to remi's repo. Combined with EPEL (and rpmforge being dead, anyway) it's working quite fine here for PHP 5.5 and 5.6. He provides files for CentOS 5, 6 and 7. The only caveat is that he uses the same rpm names as with the original ones. So, you have to give this repo the same priority as the base repo has. In consequence you have to be careful what it wants to install as dependencies and exclude a package sometimes. But all in all it works very well. I've used the webtatic repo once for a special case. I don't know exactly why but I wouldn't recommend it. If IUS provides the version you need I'd go with that. Kai ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
Juan, You need to be aware how RHEL distributes software. Please read https://access.redhat.com/security/updates/backporting It's irrelevant in this case that PHP 5.3 is EOL. It will continue to be supported by Red Hat with security patches. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Juan Bernhard" > To: centos@centos.org > Sent: Thursday, 22 October, 2015 17:20:02 > Subject: Re: [CentOS] PHP version not enough for developers > El 22/10/2015 a las 12:48 p.m., Valeri Galtsev escribió: >> >> On Thu, October 22, 2015 10:40 am, Jim Perrin wrote: >>> >>> >>> On 10/22/2015 10:31 AM, Andrew Holway wrote: Hi, So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16 however this version of PHP stopped getting security support from the PHP people one month ago [1]. Now, our developers want to use the new and shiny PHP because they want to use the latest version of Zend. They are proposing using this package [2] but I never heard of this repo. >> >> For me it sound like an example of the difference between "bleeding edge" >> and "enterprise" systems. The first is what developers most often like, >> the second is what humble sysadmins prefer as they have to keep something >> developed long ago running for as long as possible - and without crashed, >> daemons dying etc (== "bleeding" which always accompanies "bleeding edge" >> anything). Sorry for venting my own usual pain here... >> >> Valeri > > PHP 5.4 is in EOL, it get no more security updates from PHP > developers... its may be a security risk to use this in in long term. > centos should change the php version more ofthen. I dont uderstand > centos 6, its still using php 5.3, who got EOL a year ago... I had to > switch to another repo to get this (to not get the headache by compile > by hand). > If you want to change to a log term support, you should use php 5.6, > this is under active development now. > centos packagers mantainers should listen the PHP developers in this > topic, they are the ones who really knows PHP > http://php.net/supported-versions.php > >> Other than building the packages ourselves is there a more acceptable way to run a later version of PHP? Thoughts? Experiences? Ramblings? >>> >>> I'm personally not a fan of the webtatic repository. This is mostly due >>> to the number of users on irc who seem to have problems with it. I would >>> recommend either the upcoming software collections packages or the IUS >>> repository packages. https://iuscommunity.org/pages/About.html >>> >>> IUS has been a very good/reliable way to get more recent versions of >>> things, and the folks responsible for it are active both on irc and in >>> the mailing lists. >>> >>> >>> -- >>> Jim Perrin >>> The CentOS Project | http://www.centos.org >>> twitter: @BitIntegrity | GPG Key: FA09AD77 >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos >>> >> >> >> >> Valeri Galtsev >> Sr System Administrator >> Department of Astronomy and Astrophysics >> Kavli Institute for Cosmological Physics >> University of Chicago >> Phone: 773-702-4247 >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
El 22/10/2015 a las 12:48 p.m., Valeri Galtsev escribió: On Thu, October 22, 2015 10:40 am, Jim Perrin wrote: On 10/22/2015 10:31 AM, Andrew Holway wrote: Hi, So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16 however this version of PHP stopped getting security support from the PHP people one month ago [1]. Now, our developers want to use the new and shiny PHP because they want to use the latest version of Zend. They are proposing using this package [2] but I never heard of this repo. For me it sound like an example of the difference between "bleeding edge" and "enterprise" systems. The first is what developers most often like, the second is what humble sysadmins prefer as they have to keep something developed long ago running for as long as possible - and without crashed, daemons dying etc (== "bleeding" which always accompanies "bleeding edge" anything). Sorry for venting my own usual pain here... Valeri PHP 5.4 is in EOL, it get no more security updates from PHP developers... its may be a security risk to use this in in long term. centos should change the php version more ofthen. I dont uderstand centos 6, its still using php 5.3, who got EOL a year ago... I had to switch to another repo to get this (to not get the headache by compile by hand). If you want to change to a log term support, you should use php 5.6, this is under active development now. centos packagers mantainers should listen the PHP developers in this topic, they are the ones who really knows PHP http://php.net/supported-versions.php Other than building the packages ourselves is there a more acceptable way to run a later version of PHP? Thoughts? Experiences? Ramblings? I'm personally not a fan of the webtatic repository. This is mostly due to the number of users on irc who seem to have problems with it. I would recommend either the upcoming software collections packages or the IUS repository packages. https://iuscommunity.org/pages/About.html IUS has been a very good/reliable way to get more recent versions of things, and the folks responsible for it are active both on irc and in the mailing lists. -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
Valeri Galtsev wrote: > On Thu, October 22, 2015 10:40 am, Jim Perrin wrote: >> On 10/22/2015 10:31 AM, Andrew Holway wrote: >>> >>> So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16 >>> however this version of PHP stopped getting security support from the >>> PHP people one month ago [1]. >>> >>> Now, our developers want to use the new and shiny PHP because they want >>> to use the latest version of Zend. They are proposing using this >>> package [2] but I never heard of this repo. > > For me it sound like an example of the difference between "bleeding edge" > and "enterprise" systems. The first is what developers most often like, > the second is what humble sysadmins prefer as they have to keep something > developed long ago running for as long as possible - and without crashed, > daemons dying etc (== "bleeding" which always accompanies "bleeding edge" > anything). Sorry for venting my own usual pain here... > Add another of that opinion. All the years that I did development, I never needed bleeding edge, and I've done a lot. On the other hand, if the spec said the current version would support something, it *better*, because, sooner or later, I'd find a need to use whatever. Bleeding edge never supports that NEWSHINY without breaking Like the team lead, now years gone, who built a project here in ruby on rails... and was constantly *terrified* when I wanted/needed to update the servers that was on, and stayed on "enterprise version whatever", without current updates Things like that are what I refer to as fragile mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On Thu, October 22, 2015 10:40 am, Jim Perrin wrote: > > > On 10/22/2015 10:31 AM, Andrew Holway wrote: >> Hi, >> >> So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16 >> however this version of PHP stopped getting security support from the >> PHP >> people one month ago [1]. >> >> Now, our developers want to use the new and shiny PHP because they want >> to >> use the latest version of Zend. They are proposing using this package >> [2] >> but I never heard of this repo. For me it sound like an example of the difference between "bleeding edge" and "enterprise" systems. The first is what developers most often like, the second is what humble sysadmins prefer as they have to keep something developed long ago running for as long as possible - and without crashed, daemons dying etc (== "bleeding" which always accompanies "bleeding edge" anything). Sorry for venting my own usual pain here... Valeri >> >> Other than building the packages ourselves is there a more acceptable >> way >> to run a later version of PHP? >> >> Thoughts? Experiences? Ramblings? > > I'm personally not a fan of the webtatic repository. This is mostly due > to the number of users on irc who seem to have problems with it. I would > recommend either the upcoming software collections packages or the IUS > repository packages. https://iuscommunity.org/pages/About.html > > IUS has been a very good/reliable way to get more recent versions of > things, and the folks responsible for it are active both on irc and in > the mailing lists. > > > -- > Jim Perrin > The CentOS Project | http://www.centos.org > twitter: @BitIntegrity | GPG Key: FA09AD77 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
On 10/22/2015 10:31 AM, Andrew Holway wrote: > Hi, > > So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16 > however this version of PHP stopped getting security support from the PHP > people one month ago [1]. > > Now, our developers want to use the new and shiny PHP because they want to > use the latest version of Zend. They are proposing using this package [2] > but I never heard of this repo. > > Other than building the packages ourselves is there a more acceptable way > to run a later version of PHP? > > Thoughts? Experiences? Ramblings? I'm personally not a fan of the webtatic repository. This is mostly due to the number of users on irc who seem to have problems with it. I would recommend either the upcoming software collections packages or the IUS repository packages. https://iuscommunity.org/pages/About.html IUS has been a very good/reliable way to get more recent versions of things, and the folks responsible for it are active both on irc and in the mailing lists. -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version not enough for developers
Have a look at http://softwarecollections.org/ IUS could also be a good choice http://dl.iuscommunity.org/pub/ius/archive/CentOS/7/x86_64/ -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Andrew Holway" > To: "centos" > Sent: Thursday, 22 October, 2015 16:31:46 > Subject: [CentOS] PHP version not enough for developers > Hi, > > So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16 > however this version of PHP stopped getting security support from the PHP > people one month ago [1]. > > Now, our developers want to use the new and shiny PHP because they want to > use the latest version of Zend. They are proposing using this package [2] > but I never heard of this repo. > > Other than building the packages ourselves is there a more acceptable way > to run a later version of PHP? > > Thoughts? Experiences? Ramblings? > > Ta, > > Andrew > > [1] - http://php.net/supported-versions.php > [2] - https://webtatic.com/packages/php56/ > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] PHP version not enough for developers
Hi, So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16 however this version of PHP stopped getting security support from the PHP people one month ago [1]. Now, our developers want to use the new and shiny PHP because they want to use the latest version of Zend. They are proposing using this package [2] but I never heard of this repo. Other than building the packages ourselves is there a more acceptable way to run a later version of PHP? Thoughts? Experiences? Ramblings? Ta, Andrew [1] - http://php.net/supported-versions.php [2] - https://webtatic.com/packages/php56/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security implications of openssl098e on CentOS 7
On Wed, 2015-10-21 at 21:20 +0200, Yamaban wrote: > TL;DR: TL;DQ? -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EFI netboot to kickstart install
On Thu, Oct 22, 2015 at 02:25:21AM +, Grant Street wrote: > Hello All > Up until now we have been using standard PXE boot to do kick start > installs of centos boxes. With recent machines however they come by > default as EFI boot. We can set them to legacy but I would like to > solve this before this option goes away. > > Just wondering if anyone has any experience setting up a net boot > server that can be used to kickstart EFI machines? In my experience, getting our HP workstations to PXE boot from the UEFI ipv4 network boot took some extra work. I have dnsmasq installed on the PXE/TFTP server. Our PXE server is not the DHCP server for the environment. The central DHCP system is configured to have our PXE server's IP as the "next-server", and the file name as "/uefi/bootx64.efi". I set up TFTP to serve out the bootx64.efi (which is just the GRUB2 EFI executable). The tricky part is that for whatever reason, our UEFI PXE boot firmware requires that the next-server that handles the TFTP requests also answer Proxy DHCP requests. I ended up having a dnsmasq configuration that looked like this: # Limit DHCP server to only handle proxy-dhcp dhcp-range=,proxy dhcp-alternate-port=4011,4011 log-dhcp dhcp-boot=pxelinux.0 dhcp-match=set:efi-x86_64,option:client-arch,7 dhcp-boot=tag:efi-x86_64,/uefi/bootx64.efi #disable DNS port=0 Then I have a /grub/grub.cfg installed at the root of my TFTP directory, which the bootx64.efi reads from once it has been downloaded and executed. I'm not certain *why* uefi requires proxy-dhcp, it might be an artifact of how our DHCP service runs or it might be a requirement for UEFI netbooting on our hardware. Also, in my experience, it doesn't actually care what my dnsmasq server says for dhcp-boot (I've tried alternate executables), because it uses the filename from the original DHCP request. But it wouldn't boot without getting an answer from the proxy-dhcp server. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 128, Issue 6
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CESA-2015:1919 Important CentOS 6 java-1.8.0-openjdk Security
Update (Johnny Hughes)
2. CESA-2015:1920 Critical CentOS 6 java-1.7.0-openjdk Security
Update (Johnny Hughes)
3. CESA-2015:1921 Important CentOS 5 java-1.7.0-openjdk Security
Update (Johnny Hughes)
4. CESA-2015:1920 Critical CentOS 7 java-1.7.0-openjdk Security
Update (Johnny Hughes)
5. CESA-2015:1919 Important CentOS 7 java-1.8.0-openjdk Security
Update (Johnny Hughes)
--
Message: 1
Date: Wed, 21 Oct 2015 23:13:49 +
From: Johnny Hughes
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2015:1919 Important CentOS 6
java-1.8.0-openjdk Security Update
Message-ID: <20151021231349.ga4...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2015:1919 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1919.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b99302119be56a5d3aa457794d7aaa38b9ee29fe8fae77fec9640faeca7cf6e2
java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.i686.rpm
4632744468cfc4cd0a0c762d60904d26dd2cd04f50ba8fce1b7e7113d0afc5d4
java-1.8.0-openjdk-debug-1.8.0.65-0.b17.el6_7.i686.rpm
d077161d31630c046f85c8262241fd83fe4c03e9ccbaf9e39840d2febd9aaae5
java-1.8.0-openjdk-demo-1.8.0.65-0.b17.el6_7.i686.rpm
18847ba867de45bfa567bfea751e55f18bb27ab17ae5ee377174930445bf01a6
java-1.8.0-openjdk-demo-debug-1.8.0.65-0.b17.el6_7.i686.rpm
ffe9a334a661c10164ae31d16f4924d25f37cca1ea6e9a36a6bf11f781cd
java-1.8.0-openjdk-devel-1.8.0.65-0.b17.el6_7.i686.rpm
3c8cc1f2f314349289461f24afb36cfe2e9052f9ca86d0076d53ea7873e55aae
java-1.8.0-openjdk-devel-debug-1.8.0.65-0.b17.el6_7.i686.rpm
06a8dc8bed67ed2c80ae641a890ed7ccc6677fbcd63515bc4132dd167a654069
java-1.8.0-openjdk-headless-1.8.0.65-0.b17.el6_7.i686.rpm
b37f50f9c57c7ebfc9c85c898c4b802f6340f9cb28c4c8a26641243cea9325e2
java-1.8.0-openjdk-headless-debug-1.8.0.65-0.b17.el6_7.i686.rpm
70197b219a776a905d1aadfb92bbe29d1fe6ea6cd789ffeb19514db449019723
java-1.8.0-openjdk-javadoc-1.8.0.65-0.b17.el6_7.noarch.rpm
f629d6d4b062d017209a0e6755c0ff6ae25728e3ab49c5e3579af4dc00af8033
java-1.8.0-openjdk-javadoc-debug-1.8.0.65-0.b17.el6_7.noarch.rpm
ee5220348f0eb86674f3d5af721c1cb51ecccb700ac433259565c6bc81871526
java-1.8.0-openjdk-src-1.8.0.65-0.b17.el6_7.i686.rpm
590bd566ac88439d3553e5b41728b4319754b72367f528e0baf047c09779e0ce
java-1.8.0-openjdk-src-debug-1.8.0.65-0.b17.el6_7.i686.rpm
x86_64:
95dd49c3f59834ec1041b57e2dd691764e01b9880a8dc9c6178975448ba90a82
java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.x86_64.rpm
d254057ee70868b9ba7fe29a4c8f4d757bced91db171ed24cc0f6ff558a0ae7c
java-1.8.0-openjdk-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm
86d2b9d7ff06663f56d750026ce7b15561c5cbf5545a48b03595343e91c4c3c5
java-1.8.0-openjdk-demo-1.8.0.65-0.b17.el6_7.x86_64.rpm
3ada20716364d358f0a8d5f783dda6c827aa9e7350f1aba591b794e19ae904ab
java-1.8.0-openjdk-demo-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm
882aa56d3e3123862a323839790f9bbb9990891ba899cb5bed966073056d8736
java-1.8.0-openjdk-devel-1.8.0.65-0.b17.el6_7.x86_64.rpm
45249f813d5b6fc8b976180f23de852ff5407c6fb67a141af17e4a97cac0dd71
java-1.8.0-openjdk-devel-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm
b72bc85f3cd9d7687e5f20f8f06d96c462d81e7535f5c790ac0b4a942461b838
java-1.8.0-openjdk-headless-1.8.0.65-0.b17.el6_7.x86_64.rpm
78338011170fc1dd3fad535da45b4b6adc4b5d5f18e2cf1081174bdc0fe31433
java-1.8.0-openjdk-headless-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm
70197b219a776a905d1aadfb92bbe29d1fe6ea6cd789ffeb19514db449019723
java-1.8.0-openjdk-javadoc-1.8.0.65-0.b17.el6_7.noarch.rpm
f629d6d4b062d017209a0e6755c0ff6ae25728e3ab49c5e3579af4dc00af8033
java-1.8.0-openjdk-javadoc-debug-1.8.0.65-0.b17.el6_7.noarch.rpm
39caf4bfd7f16327aebb3710462a388bf9eec72db80f4a6a3dadd265f4d4de63
java-1.8.0-openjdk-src-1.8.0.65-0.b17.el6_7.x86_64.rpm
f8b2b97268ab5153a597febee053485a32b6759f5da467d9a41efc2690995df0
java-1.8.0-openjdk-src-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm
Source:
b32e71cdd92dcd427b30f6a34bba062cde7b06e915db2fddab39bf742ee43c0e
java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS
--
Message: 2
Date: Wed, 21 Oct 2015 23:14:
Re: [CentOS] EFI netboot to kickstart install
On 22/10/2015 03:25, Grant Street wrote: Hello All Up until now we have been using standard PXE boot to do kick start installs of centos boxes. With recent machines however they come by default as EFI boot. We can set them to legacy but I would like to solve this before this option goes away. Just wondering if anyone has any experience setting up a net boot server that can be used to kickstart EFI machines? Thanks Grant Hi Grant, As a guess it is due to the partition scheme you are using in your kickstart (this was the issue for me at least) Try something like part /boot --fstype="xfs" --fsoptions="nodev,noexec,nosuid" --size=500 --ondisk=sda part /boot/efi --fstype="efi" --size=200 --ondisk=sda Along with your other mount points etc. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos User Privileges.
On Thu, 22 Oct 2015, John R Pierce wrote: and its totally inappropriate for a shared server. Which is why you wouldn't configure it for a shared server. I don't understand the problem though, as the defaults *don't* allow this do they? /usr/share/polkit-1/actions/org.freedesktop.login1.policy: Power off the system Authentication is required for powering off the system. auth_admin_keep auth_admin_keep yes Reboot the system Authentication is required for rebooting the system. auth_admin_keep auth_admin_keep yes jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos User Privileges.
On 10/22/2015 2:20 AM, John Hodrien wrote: On Thu, 22 Oct 2015, Alessandro Baggi wrote: Hi J, thank you for the suggestion. Why team make this possible? What is the purpose? It's a nice flexible setup for a workstation situation. I can have CentOS installed on a workstation, and allow users to reboot it as long as there's noone else logged in. Works for me. and its totally inappropriate for a shared server. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos User Privileges.
On Thu, 22 Oct 2015, Alessandro Baggi wrote: Hi J, thank you for the suggestion. Why team make this possible? What is the purpose? It's a nice flexible setup for a workstation situation. I can have CentOS installed on a workstation, and allow users to reboot it as long as there's noone else logged in. Works for me. jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos User Privileges.
Il 22/10/2015 10:49, John Hodrien ha scritto: On Thu, 22 Oct 2015, Alessandro Baggi wrote: Hi list, I've installed C 7.1.1503 and I've noticed that simple user can run from bash shutdown -h now/reboot without getting special permission (sudo, su). The machine is a VM without GUI (tested also on physical machine). From reddit I've got a suggestion: removing/comment out "-session optional pam_systemd.so" in /etc/pam.d/system-auth the problem is solved. This is a bug? No, that's the wrong way to solve it. If not, why use this policy? There are security implication? Permissions here are handled by policykit AFAIK. /usr/share/polkit-1/actions/org.freedesktop.login1.policy likely to be of particular interest? jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Hi J, thank you for the suggestion. Why team make this possible? What is the purpose? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos User Privileges.
On Thu, 22 Oct 2015, Alessandro Baggi wrote: Hi list, I've installed C 7.1.1503 and I've noticed that simple user can run from bash shutdown -h now/reboot without getting special permission (sudo, su). The machine is a VM without GUI (tested also on physical machine). From reddit I've got a suggestion: removing/comment out "-session optional pam_systemd.so" in /etc/pam.d/system-auth the problem is solved. This is a bug? No, that's the wrong way to solve it. If not, why use this policy? There are security implication? Permissions here are handled by policykit AFAIK. /usr/share/polkit-1/actions/org.freedesktop.login1.policy likely to be of particular interest? jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos User Privileges.
Hi list, I've installed C 7.1.1503 and I've noticed that simple user can run from bash shutdown -h now/reboot without getting special permission (sudo, su). The machine is a VM without GUI (tested also on physical machine). From reddit I've got a suggestion: removing/comment out "-session optional pam_systemd.so" in /etc/pam.d/system-auth the problem is solved. This is a bug? If not, why use this policy? There are security implication? Thanks in advance. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
