Re: [CentOS] Starting stunnel on boot with CentOS7

[Kahlil Hodgson]

On my CenOS7 system with stunnel from base

stunnel-4.56-4.el7.x86_64

there's a systemd service file

/etc/systemd/system/stunnel.service

try

sudo systemctl enable stunnel.service

Hope this helps,

K
​al​
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calibre installation fails on C7

[John R Pierce]

On 12/22/2015 7:06 PM, Fred Smith wrote:

Attempting to install latest Calibre on Centos-7, getting:

2015-12-22 21:32:38 
URL:https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py  
[25887/25887] -> "-" [1]
Installing to /home/fredex/calibre-bin/calibre


prefixing this with, I have no idea what Calibre is...


What commands did you run to trigger this error?







--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calibre installation fails on C7

[Fred Smith]

On Tue, Dec 22, 2015 at 09:03:28PM -0700, Wes James wrote:
> 
> > On Dec 22, 2015, at 8:06 PM, Fred Smith  
> > wrote:
> > 
> > Attempting to install latest Calibre on Centos-7, getting:
> > 
> 
> typed in "calibre ssl install error” to google
> 
> first hit:
> 
> http://stackoverflow.com/questions/26615914/calibre-fails-to-install 
> 
> 
>  not sure if it helps (the no check cert option??)

Nope. makes no difference.

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
  "And he will be called Wonderful Counselor, Mighty God, Everlasting Father,
  Prince of Peace. Of the increase of his government there will be no end. He 
 will reign on David's throne and over his kingdom, establishing and upholding
  it with justice and righteousness from that time on and forever."
--- Isaiah 9:7 (niv) --
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calibre installation fails on C7

[Wes James]

> On Dec 22, 2015, at 8:06 PM, Fred Smith  wrote:
> 
> Attempting to install latest Calibre on Centos-7, getting:
> 

typed in "calibre ssl install error” to google

first hit:

http://stackoverflow.com/questions/26615914/calibre-fails-to-install 


 not sure if it helps (the no check cert option??)

-wes

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Calibre installation fails on C7

[Fred Smith]

Attempting to install latest Calibre on Centos-7, getting:

2015-12-22 21:32:38 
URL:https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py
 [25887/25887] -> "-" [1]
Installing to /home/fredex/calibre-bin/calibre
Downloading tarball signature securely...
Traceback (most recent call last):
  File "", line 1, in 
  File "", line 670, in main
  File "", line 655, in run_installer
  File "", line 627, in download_and_extract
  File "", line 619, in get_tarball_info
  File "", line 578, in get_https_resource_securely
  File "", line 487, in __init__
  File "/usr/lib64/python2.7/httplib.py", line 1182, in __init__
context.load_cert_chain(cert_file, key_file)
ssl.SSLError: [SSL] PEM lib (_ssl.c:2757)


Can anybody advise me what this tells me? (other than SOMETHING wrong
with some certificate...)

Thanks!

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
  "For him who is able to keep you from falling and to present you before his 
 glorious presence without fault and with great joy--to the only God our Savior
 be glory, majesty, power and authority, through Jesus Christ our Lord, before
 all ages, now and forevermore! Amen."
- Jude 1:24,25 (niv) -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Starting stunnel on boot with CentOS7

[Jonathan Billings]

On Tue, Dec 22, 2015 at 12:09:14PM -0600, Leroy Tennison wrote:
> The stunnel package doesn't come with an init script and systemctl
> doesn't list it as a service I recognize, I guess I could put it in
> /etc/rd.d/rc.local or create a script in /etc/rc.d/init.d but
> thought I'd ask before creating my own solution.  

stunnel wraps a plaintext service in an SSL session.  Why would you
expect it to have a service installed by default?  What would it wrap?

> Confidentiality Notice | This email and any included attachments may
> be privileged, confidential and/or otherwise protected from
> disclosure.  Access to this email by anyone other than the intended
> recipient is unauthorized.  If you believe you have received this
> email in error, please contact the sender immediately and delete all
> copies.  If you are not the intended recipient, you are notified
> that disclosing, copying, distributing or taking any action in
> reliance on the contents of this information is strictly
> prohibited. 

Awww there goes my plans to print out your email and hand it out
to people in the subway...

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network services start before network is up since migrating to 7.2

[m . roth]

John R Pierce wrote:
> On 12/22/2015 1:27 PM, m.r...@5-cent.us wrote:
>> I beg your pardon. What*possible*  reason is there for a server,
>> hardwired, to "announce" itself to anything, other than DHCP? Everywhere
>> I've worked, and what I know, is that servers are assigned IP addresses,
>> they don't just take whatever's offered, willy-nilly. And if they do...
>> I do*not*  want to work there. That's not only unprofessional, it's an
>> insane security risk. Suppose someone puts their laptop on the intranet,
>> and has*it*  running a DHCP server?
>
> You do know there's more to life than static IP webapp servers, right?

You mean, like dhcp-served IP addresses that are tied to MAC addresses for
compute nodes, and heavy-duty research servers? No, really?

> My development lab environment, most of my servers (75% VMs) are DHCP
> configured (using static and/or long lease time reservations), which
> makes doing PXE and such much easier.A foreign DHCP server would
> quickly be detected by the corporate IDS and cut off the network.
>
Sorry, I believe I've mentioned here, before, that we only have a
couple-three VMs... we run the o/s on bare metal, because we need every
cycle.

Though I will admit that the system that I had to power cycle this
morning, where one of my user's week-long job had toasted, top showing a
load of (I'm not making this up) 286, and no response on the console, is
an extreme case. Normal for some of these week and two week-long jobs is
30-75

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network services start before network is up since migrating to 7.2

[John R Pierce]

On 12/22/2015 1:27 PM, m.r...@5-cent.us wrote:

I beg your pardon. What*possible*  reason is there for a server,
hardwired, to "announce" itself to anything, other than DHCP? Everywhere
I've worked, and what I know, is that servers are assigned IP addresses,
they don't just take whatever's offered, willy-nilly. And if they do... I
do*not*  want to work there. That's not only unprofessional, it's an
insane security risk. Suppose someone puts their laptop on the intranet,
and has*it*  running a DHCP server?



You do know there's more to life than static IP webapp servers, right?

how about a internal media server cluster being used in a professional 
video editing environment with workstations running various sorts of 
editing software, monitors doing streaming playback and such ?   that 
world relies heavily on uPnP, BonJour, etc.


My development lab environment, most of my servers (75% VMs) are DHCP 
configured (using static and/or long lease time reservations), which 
makes doing PXE and such much easier.A foreign DHCP server would 
quickly be detected by the corporate IDS and cut off the network.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Network services start before network is up since migrating to 7.2

[Yamaban]

On Tue, 22 Dec 2015 22:27, m.roth@... wrote:

Yamaban wrote:

On Tue, 22 Dec 2015 14:29, James Hogarth wrote:

On 22 December 2015 at 10:33, Sylvain CANOINE wrote

- Mail original -

De: "Marcelo Ricardo Leitner"
À: "centos"
Envoyé: Lundi 21 Décembre 2015 21:46:10
Objet: Re: [CentOS] Network services start before network is up since

migrating to 7.2


[snip]
On Avahi: well, the job it SHOULD do is: to announce the services running
on the machine to the network. As this is done via broadcast, these
announcements should not be routed to outside, anyway.

But yes, there are many admins, who do not like this 'auto-discovery'
stuff.
To 'MS Windows' / 'Apple MacOS' like, not 'pure' or 'hardcore' enough.


I beg your pardon. What *possible* reason is there for a server,
hardwired, to "announce" itself to anything, other than DHCP? Everywhere
I've worked, and what I know, is that servers are assigned IP addresses,
they don't just take whatever's offered, willy-nilly. And if they do... I
do *not* want to work there. That's not only unprofessional, it's an
insane security risk. Suppose someone puts their laptop on the intranet,
and has *it* running a DHCP server?


Sorry, but lookup was Avahi really is before posting anything else on this:
Start-point: https://en.wikipedia.org/wiki/Avahi_%28software%29

Avahi is NOT about addresses of a box, its about services (e.g. ssh, http,
ftp) running on this box, and announceing them via answering a broadcast.

What you have done is exactly what we others are exposing here as
uninformed and and ignorant by those in charge.

Do you really want to show yourself here in that light? - Just asking.

 - Yamaban___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network services start before network is up since migrating to 7.2

[m . roth]

Yamaban wrote:
> On Tue, 22 Dec 2015 14:29, James Hogarth wrote:
>> On 22 December 2015 at 10:33, Sylvain CANOINE wrote
>>> - Mail original -
 De: "Marcelo Ricardo Leitner"
 À: "centos"
 Envoyé: Lundi 21 Décembre 2015 21:46:10
 Objet: Re: [CentOS] Network services start before network is up since
>>> migrating to 7.2
>>>
> [snip]
> On Avahi: well, the job it SHOULD do is: to announce the services running
> on the machine to the network. As this is done via broadcast, these
> announcements should not be routed to outside, anyway.
>
> But yes, there are many admins, who do not like this 'auto-discovery'
> stuff.
> To 'MS Windows' / 'Apple MacOS' like, not 'pure' or 'hardcore' enough.

I beg your pardon. What *possible* reason is there for a server,
hardwired, to "announce" itself to anything, other than DHCP? Everywhere
I've worked, and what I know, is that servers are assigned IP addresses,
they don't just take whatever's offered, willy-nilly. And if they do... I
do *not* want to work there. That's not only unprofessional, it's an
insane security risk. Suppose someone puts their laptop on the intranet,
and has *it* running a DHCP server?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Network services start before network is up since migrating to 7.2

[Yamaban]

On Tue, 22 Dec 2015 14:29, James Hogarth wrote:

On 22 December 2015 at 10:33, Sylvain CANOINE wrote

- Mail original -
De: "Marcelo Ricardo Leitner" 
À: "centos" 
Envoyé: Lundi 21 Décembre 2015 21:46:10

Objet: Re: [CentOS] Network services start before network is up since

migrating to 7.2


[snip]

Also known as "we have our policies for EL6 and we haven't paid any
attention to EL7 to see how things have changed" ... Wonder if they have
read my NM blog article yet ...

Honestly any 'security' people banning wpa_supplicant needs their heads
examined given that is used for 802.1x authentication ... which if they
care about security they should be paying attention to.

As for polkit and dbus ... well they have to be there in EL7 and systemd
relies on these mechanisms.

That said if they're having kittens about NM, polkit, dbus and
wpa_supplicant they probably hate systemd and frankly I'm surprised they
permit EL7 at all ;)

Note that by default a non administrator user cannot change system network
configuration ... bah idiots ...


You speak of this post:
 https://www.hogarthuk.com/?q=node/8
don't you?

An interesting read on the backgrounds of RHEL7 / Centos7. Thanks.

On Avahi: well, the job it SHOULD do is: to announce the services running 
on the machine to the network. As this is done via broadcast, these

announcements should not be routed to outside, anyway.

But yes, there are many admins, who do not like this 'auto-discovery' stuff.
To 'MS Windows' / 'Apple MacOS' like, not 'pure' or 'hardcore' enough.

 - Yamaban.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network services start before network is up since migrating to 7.2

[Valeri Galtsev]

On Tue, December 22, 2015 2:40 pm, John R Pierce wrote:
> On 12/22/2015 2:33 AM, Sylvain CANOINE wrote:
>> They said multiples administrator actions, and potentially human errors,
>> to set it up, may be a security risk...
>
>
> yeah, gotta get rid of those pesky humans, they always mess things
> up.And, get rid of the computers too, they've always had security
> problems.
>
> voila, problem solved!!
>

Ha-ha! I like it. But I always remember what one of my friends says: All
systems suck. And thanks to that I got my job ;-)

Valeri


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network services start before network is up since migrating to 7.2

[John R Pierce]

On 12/22/2015 5:29 AM, James Hogarth wrote:

Also known as "we have our policies for EL6 and we haven't paid any
attention to EL7 to see how things have changed" ... Wonder if they have
read my NM blog article yet ...


more likely their policies were developed in the days of RHEL <= 4, and 
have only begrudgingly been brought forward to support 6.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network services start before network is up since migrating to 7.2

[John R Pierce]

On 12/22/2015 2:33 AM, Sylvain CANOINE wrote:

They said multiples administrator actions, and potentially human errors, to set 
it up, may be a security risk...



yeah, gotta get rid of those pesky humans, they always mess things 
up.And, get rid of the computers too, they've always had security 
problems.


voila, problem solved!!

--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos7 Raspberry Pi 2 Login

[Always Learning]

On Tue, 2015-12-22 at 10:52 -0800, David Nelson wrote:

> The 'official' ARM port is new in version 7. But there's also RedSleeve
> Linux (I've never used personally) which is another EL port for ARM. And
> they have/had a version 6.

http://www.redsleeve.org/about/

Ah brilliant. Very useful. Just need to get a Pi 2 :-)

Thank you.

-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos7 Raspberry Pi 2 Login

[David Nelson]

On Tue, Dec 22, 2015 at 10:47 AM, Always Learning 
wrote:

>
> On Tue, 2015-12-22 at 10:31 -0800, david wrote:
>
> > >I'm not sure this is the right mailing list for the Centos7 port to
> > >Raspberry Pi.  On the chance that this is the right place...
>
> > UPDATE:
> > I answered my own question.
> > Login: root
> > Password: centos
> >
> > The reference article is at
> > https://wiki.centos.org/SpecialInterestGroup/AltArch/Arm32
> >
> > I should have done more research before asking the group.
>
> Thank you sincerely for making everyone, including me, aware they we can
> use C7 on a Pi 2 - just think of the electricity saving.
>
> Is it possible to run C6 on a Pi 2 ???
>


The 'official' ARM port is new in version 7. But there's also RedSleeve
Linux (I've never used personally) which is another EL port for ARM. And
they have/had a version 6.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos7 Raspberry Pi 2 Login

[Always Learning]

On Tue, 2015-12-22 at 10:31 -0800, david wrote:

> >I'm not sure this is the right mailing list for the Centos7 port to 
> >Raspberry Pi.  On the chance that this is the right place...

> UPDATE:
> I answered my own question.
> Login: root
> Password: centos
> 
> The reference article is at 
> https://wiki.centos.org/SpecialInterestGroup/AltArch/Arm32
> 
> I should have done more research before asking the group.

Thank you sincerely for making everyone, including me, aware they we can
use C7 on a Pi 2 - just think of the electricity saving.

Is it possible to run C6 on a Pi 2 ???


-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Centos7 Raspberry Pi 2 Login

[Yamaban]

On Tue, 22 Dec 2015 19:31, david wrote:

At 09:52 AM 12/22/2015, david wrote:

Folks

I'm not sure this is the right mailing list for the Centos7 port to 
Raspberry Pi.  On the chance that this is the right place...


I just booted the Centos Linux 7 for Raspbery Pi 2, but have no idea
what the built-in accounts or passwords are.

[snip]


UPDATE:
I answered my own question.
Login: root
Password: centos

The reference article is at 
https: //wiki.centos.org/SpecialInterestGroup/AltArch/Arm32


I should have done more research before asking the group.


Non the less, thanks for the info and the link, that will come
handy in the next days.

Thanks, and a nice time
 - Yamaban.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos7 Raspberry Pi 2 Login

[david]

At 09:52 AM 12/22/2015, david wrote:

Folks

I'm not sure this is the right mailing list for the Centos7 port to 
Raspberry Pi.  On the chance that this is the right place...


I just booted the Centos Linux 7 for Raspbery Pi 2, but have no idea 
what the built-in accounts or passwords are.


I've tried
  user: pi
  password: raspberry
and
  user: root
  password: password

to no avail.

Does anyone know?

Is there a HOW-TO file with helpful information?

Thanks
David

__


UPDATE:
I answered my own question.
Login: root
Password: centos

The reference article is at 
https://wiki.centos.org/SpecialInterestGroup/AltArch/Arm32


I should have done more research before asking the group.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Starting stunnel on boot with CentOS7

[Leroy Tennison]

The stunnel package doesn't come with an init script and systemctl doesn't list 
it as a service I recognize, I guess I could put it in /etc/rd.d/rc.local or 
create a script in /etc/rc.d/init.d but thought I'd ask before creating my own 
solution. 


Confidentiality Notice | This email and any included attachments may be 
privileged, confidential and/or otherwise protected from disclosure.  Access to 
this email by anyone other than the intended recipient is unauthorized.  If you 
believe you have received this email in error, please contact the sender 
immediately and delete all copies.  If you are not the intended recipient, you 
are notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos7 Raspberry Pi 2 Login

[david]

Folks

I'm not sure this is the right mailing list for the Centos7 port to 
Raspberry Pi.  On the chance that this is the right place...


I just booted the Centos Linux 7 for Raspbery Pi 2, but have no idea 
what the built-in accounts or passwords are.


I've tried
  user: pi
  password: raspberry
and
  user: root
  password: password

to no avail.

Does anyone know?

Is there a HOW-TO file with helpful information?

Thanks
David

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network services start before network is up since migrating to 7.2

[Sylvain CANOINE]

- Mail original -
> De: "Gordon Messmer" 
> À: "centos" 
> Envoyé: Vendredi 18 Décembre 2015 12:06:26
> Objet: Re: [CentOS] Network services start before network is up since 
> migrating to 7.2

>>> The network service is not blocking  the flow so it executes and systemd
>>> carries on ...
>>>
>>>  From the point of view of the system as soon as /etc/init.d/network start
>>> has been called the service is running as a state... as you can see from
>>> your logs lots of other services also start before the network interface
>>> itself is up.
>> I understand this, but why only on one of my servers ? Is the order the 
>> services
>> start only a question of latencies ?
I'm confused. I updated two more servers this afternoon, and... all is working 
well. The services start in correct order. Even after three reboots.
So only one of the (now) five updated servers doesn't start properly.

Then what is the difference ? All I see for now is the network.target unit 
seems not active on the failing server.

(failing) # systemctl list-units|grep network
network.service 
loaded active exitedLSB: Bring up/down networking
rhel-import-state.service   
loaded active exitedImport network configuration from initramfs
network-online.target   
loaded active activeNetwork is Online
(failing) # systemctl status network
● network.service - LSB: Bring up/down networking
   Loaded: loaded (/etc/rc.d/init.d/network)
   Active: active (exited) since lun. 2015-12-21 12:49:31 CET; 1 day 5h ago
 Docs: man:systemd-sysv-generator(8)

déc. 21 12:49:35 (failing) systemd[1]: Starting LSB: Bring up/down networking...
déc. 21 12:49:26 (failing) network[747]: Activation de l'interface loopback :  
[  OK  ]
déc. 21 12:49:28 (failing) network[747]: Activation de l'interface ens160 :  [  
OK  ]
déc. 21 12:49:31 (failing) network[747]: Activation de l'interface ens192 :  [  
OK  ]
déc. 21 12:49:31 (failing) systemd[1]: Started LSB: Bring up/down networking.


(correct) # systemctl list-units|grep network
network.service 
loaded active exitedLSB: Bring up/down networking
rhel-import-state.service   
loaded active exitedImport network configuration from initramfs
network-online.target   
loaded active activeNetwork is Online
network.target  
loaded active activeNetwork
(correct) # systemctl status network
● network.service - LSB: Bring up/down networking
   Loaded: loaded (/etc/rc.d/init.d/network)
   Active: active (exited) since mar. 2015-12-22 17:42:15 CET; 33min ago
 Docs: man:systemd-sysv-generator(8)
  Process: 753 ExecStart=/etc/rc.d/init.d/network start (code=exited, 
status=0/SUCCESS)

déc. 22 17:42:07 (correct) systemd[1]: Starting LSB: Bring up/down networking...
déc. 22 17:42:10 (correct) network[753]: Activation de l'interface loopback :  
[  OK  ]
déc. 22 17:42:13 (correct) NET[935]: /etc/sysconfig/network-scripts/ifup-post : 
updated /etc/resolv.conf
déc. 22 17:42:13 (correct) network[753]: Activation de l'interface ens160 :  [  
OK  ]
déc. 22 17:42:15 (correct) network[753]: Activation de l'interface ens192 :  [  
OK  ]
déc. 22 17:42:15 (correct) systemd[1]: Started LSB: Bring up/down networking.


To be continued...

Sylvain.

Pensez ENVIRONNEMENT : n'imprimer que si ncessaire

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network services start before network is up since migrating to 7.2

[m . roth]

James Hogarth wrote:
> On 22 December 2015 at 10:33, Sylvain CANOINE
>  wrote:
>> > De: "Marcelo Ricardo Leitner" 

>> In short, "you don't need it, so don't use it".
>> They said NM is more a desktop-oriented tool, already had privilege
>> escalation issues in the past (I didn't search if they're right), has
>> too many dependencies (such as wpa_supplicant and avahi, which are, of
>> course, also forbidden), needs extra mechanisms (PAM ? Polkit ?)
>> to avoid users changing its settings, needs D-bus just to work, so
>> it is too much complex just to set static IP addresses on network
>> interfaces. They said> multiples> administrator actions, and
>> potentially human errors, to set it up, may be a security risk...
>
> Also known as "we have our policies for EL6 and we haven't paid any
> attention to EL7 to see how things have changed" ... Wonder if they have
> read my NM blog article yet ...
>
> Honestly any 'security' people banning wpa_supplicant needs their heads
> examined given that is used for 802.1x authentication ... which if they
> care about security they should be paying attention to.

Really? Why?

a) All the servers I've ever dealt with (and I don't mean a large tower
under someone's desk) are racked in locked rooms and hardwired.

b)  NONE I've ever seen has any wifi, so I've never understood why avahi,
and the firewall hole for it, was installed in the "server" version by
default.

c) wpa-supplicant - again, why? If it's hardwired, and behind switches and
firewalls, why PNAC if every server is running firewalls?

mark "let's *please* NOT talk about NAC via Cisco,
and people who allegedly know and have planned
rolling it out"

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] systemd-sysctl not running on boot

[Ofer Hasson]

Hey all,

After upgrading to CentOS 7.2, non of my servers run systemd-sysctl on boot.
So far, I tried running manually /usr/lib/systemd/systemd-sysctl, it runs
smoothly and updates all the parameters.
I also ran sysctl --system, which also executes successfully.

I checked within systemd, and systemd-sysctl is wanted by the
sysinit.target which is wanted by the multi-user.target - the one I boot
into.

I can't find anything by doing journalctl | grep sysctl
Or by looking through /var/log/messages (I run rsyslog as well).

Any idea's ?

Thanks
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network services start before network is up since migrating to 7.2

[James Hogarth]

On 22 December 2015 at 10:33, Sylvain CANOINE 
wrote:

>
> - Mail original -
> > De: "Marcelo Ricardo Leitner" 
> > À: "centos" 
> > Envoyé: Lundi 21 Décembre 2015 21:46:10
> > Objet: Re: [CentOS] Network services start before network is up since
> migrating to 7.2
>
> > Agreed. Sylvain, if possible, please elaborate on their reasoning for
> > this, because it just seems like a case of "we fear what we don't know",
> > so they are recommending to stick to old habits instead.
> >
> > Or have they identified real attack vectors in NM? If yes, we would love
> > to hear that so it can be fixed.
> In short, "you don't need it, so don't use it".
> They said NM is more a desktop-oriented tool, already had privilege
> escalation issues in the past (I didn't search if they're right), has too
> many dependencies (such as wpa_supplicant and avahi, which are, of course,
> also forbidden), needs extra mechanisms (PAM ? Polkit ?) to avoid users
> changing its settings, needs D-bus just to work, so it is too much complex
> just to set static IP addresses on network interfaces. They said multiples
> administrator actions, and potentially human errors, to set it up, may be a
> security risk...
>
>
>

Also known as "we have our policies for EL6 and we haven't paid any
attention to EL7 to see how things have changed" ... Wonder if they have
read my NM blog article yet ...

Honestly any 'security' people banning wpa_supplicant needs their heads
examined given that is used for 802.1x authentication ... which if they
care about security they should be paying attention to.

As for polkit and dbus ... well they have to be there in EL7 and systemd
relies on these mechanisms.

That said if they're having kittens about NM, polkit, dbus and
wpa_supplicant they probably hate systemd and frankly I'm surprised they
permit EL7 at all ;)

Note that by default a non administrator user cannot change system network
configuration ... bah idiots ...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos-7.2 LiveKDE does not work properly

[Timothy Murphy]

CentOS-7-x86_64-LiveKDE-1511.iso installed on a USB stick
does not work properly - it takes over 6 minutes to boot.
Who can I report this to?

-- 
Timothy Murphy  
gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 130, Issue 10

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. Announcing release for NodeJS 0.10 on CentOS  Linux 7 x86_64
  SCL (Honza Horak)
   2. Announcing release for NodeJS 0.10 on CentOS  Linux 6 x86_64
  SCL (Honza Horak)
   3. Announcing release for PostgreSQL 9.2 and 9.4 on CentOS Linux
  6 x86_64 SCL (Honza Horak)
   4. Announcing release for PostgreSQL 9.2 and 9.4 on CentOS Linux
  7 x86_64 SCL (Honza Horak)
   5. Announcing release for MongoDB 2.4 and 2.6 on CentOS Linux 6
  x86_64 SCL (Honza Horak)
   6. Announcing release for MongoDB 2.4 and 2.6 on CentOS Linux 7
  x86_64 SCL (Honza Horak)
   7. Announcing release for MySQL 5.5 and 5.6 on   CentOS Linux 7
  x86_64 SCL (Honza Horak)
   8. Announcing release for MySQL 5.5 and 5.6 on   CentOS Linux 6
  x86_64 SCL (Honza Horak)
   9. Announcing release for MariaDB 5.5 and 10.0 on CentOS Linux 6
  x86_64 SCL (Honza Horak)
  10. Announcing release for MariaDB 5.5 and 10.0 on CentOS Linux 7
  x86_64 SCL (Honza Horak)


--

Message: 1
Date: Mon, 21 Dec 2015 17:02:37 +0100
From: Honza Horak 
To: centos-annou...@centos.org
Subject: [CentOS-announce] Announcing release for NodeJS 0.10 on
CentOS  Linux 7 x86_64 SCL
Message-ID: <5678229d.8010...@redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed

I am pleased to announce the immediate availability of version 0.10 of 
the NodeJS on CentOS Linux 7 x86_64, delivered via a Software Collection 
(SCL) built by the SCLo Special Interest Group 
(https://wiki.centos.org/SpecialInterestGroup/SCLo).

QuickStart
--
You can get started in three easy steps:
   $ sudo yum install centos-release-scl
   $ sudo yum install nodejs010
   $ scl enable nodejs010 bash

At this point you should be able to use NodeJS just as a normal 
application. An examples of commands run might be:
   $ node my-app.js
   $ npm install uglify-js --global
   $ uglifyjs my-app.js -o my-app.min.js

In order to view the individual components included in this
collection, including additional NodeJS modules, you can run:
   $ sudo yum list nodejs010\*

About Software Collections
--
Software Collections give you the power to build, install, and use 
multiple versions of software on the same system, without affecting 
system-wide installed packages. Each collection is delivered as a group 
of RPMs, with the grouping being done using the name of the collection 
as a prefix of all packages that are part of the software collection.

The collection nodejs010 delivers version 0.10 of the NodeJS Javascript 
interpreter, npm installer and some other modules that are also included 
in the collections as RPMs.

For more on the NodeJS, see https://nodejs.org.

The SCLo SIG in CentOS
--
The Software Collections SIG group is an open community group 
co-ordinating the development of the SCL technology, and helping curate 
a reference set of collections. In addition to the NodeJS collection 
being released here, we also build and deliver databases, web servers, 
and language stacks including multiple versions of PostgreSQL, MariaDB, 
Apache HTTP Server, Ruby, Python and others.

Software Collections SIG release was announced at 
https://lists.centos.org/pipermail/centos-announce/2015-October/021446.html

You can learn more about Software Collections concepts at: 
http://softwarecollections.org
You can find information on the SIG at 
https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto 
get involved and help with the effort.

We meet every second Wednesday at 16:00 UTC in #centos-devel (ref: 
https://www.centos.org/community/calendar), for an informal open forum 
open to anyone who might have comments, concerns or wants to get started 
with SCL's in CentOS.

Enjoy!

Honza
SCLo SIG member


--

Message: 2
Date: Mon, 21 Dec 2015 17:03:11 +0100
From: Honza Horak 
To: centos-annou...@centos.org
Subject: [CentOS-announce] Announcing release for NodeJS 0.10 on
CentOS  Linux 6 x86_64 SCL
Message-ID: <567822bf.2070...@redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed

I am pleased to announce the immediate availability of version 0.10 of 
the NodeJS on CentOS Linux 6 x86_64, delivered via a Software Collection 
(SCL) built by the SCLo Special Interest Group 
(https://wiki.centos.org/SpecialInterestGroup/SCLo).

QuickStart
--
Y

Re: [CentOS] Network services start before network is up since migrating to 7.2

[Sylvain CANOINE]

- Mail original -
> De: "Marcelo Ricardo Leitner" 
> À: "centos" 
> Envoyé: Lundi 21 Décembre 2015 21:46:10
> Objet: Re: [CentOS] Network services start before network is up since 
> migrating to 7.2

> Agreed. Sylvain, if possible, please elaborate on their reasoning for
> this, because it just seems like a case of "we fear what we don't know",
> so they are recommending to stick to old habits instead.
> 
> Or have they identified real attack vectors in NM? If yes, we would love
> to hear that so it can be fixed.
In short, "you don't need it, so don't use it".
They said NM is more a desktop-oriented tool, already had privilege escalation 
issues in the past (I didn't search if they're right), has too many 
dependencies (such as wpa_supplicant and avahi, which are, of course, also 
forbidden), needs extra mechanisms (PAM ? Polkit ?) to avoid users changing its 
settings, needs D-bus just to work, so it is too much complex just to set 
static IP addresses on network interfaces. They said multiples administrator 
actions, and potentially human errors, to set it up, may be a security risk...

Sylvain.
Pensez ENVIRONNEMENT : n'imprimer que si ncessaire

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos