Re: [CentOS] What about Mate Desktop on Centos 8?

[Frank Cox]

On Fri, 06 Dec 2019 20:28:06 +
Tony Molloy wrote:

> You can install MATE for CentOS 8 from the stenstorp repo
> 
> https://copr.fedorainfracloud.org/coprs/stenstorp/MATE/
> 
> 
> I've been using it for some time with no problems.

I played with that some a while back and it seemed to work fine.

Does anyone know if there are any plans to get this into EPEL?

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What about Mate Desktop on Centos 8?

[Tony Molloy]

On Fri, 2019-12-06 at 20:28 +, tony.mol...@ul.ie wrote:
> > > > 
> > > > You kindly offered a working version of Mate 1.20 - does that
> > > > offer still stand? If so, I am interested in installing it on C
> > > > 7.

Oh you were looking for mate-1.20 for CentOS 7. Sorry for the noise,
should read the e-mail before replying ;-(
-- 
Tony Molloy 
Home
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What about Mate Desktop on Centos 8?

[Tony Molloy]

On Wed, 2019-12-04 at 20:18 +0100, age...@meddatainc.com wrote:
> CAUTION: This email originated from outside of the University of
> Limerick. Do not click on links or open attachments unless you
> recognize the sender's email address and know the content is safe.
> On 11/25/2019 11:14 PM, isdtor wrote:
> > > > Enable and start httpd. Write a build script that builds the
> > > > rpms in order, transfers them to the local repo, runs
> > > > createrepo, repeat. mozo needs python 3.5 and I couldn't do
> > > > that in mock (SCLo rh-python35).
> > > > 
> > > 
> > > You kindly offered a working version of Mate 1.20 - does that
> > > offer still stand? If so, I am interested in installing it on C
> > > 7.
> > 
> >  
> > At this point, that would be a bit painful. I rebuilt the C7 vm
> > here and lost all the rpms, so I'd have to rebuild them from the
> > sources I posted online. For which I'd have to recreate the build
> > script.
> > 
> > At least those files are still online ...
> > 
> > There was a recent post to the list where someoen ported the Fedora
> > rpms, does that help you?
> > 
> 
> I see, that is indeed unfortunate. Although I have been using Linux
> for some time, I am a complete beginner to compiling etc.
> 
> Do you have notes left?
> 

You can install MATE for CentOS 8 from the stenstorp repo

https://copr.fedorainfracloud.org/coprs/stenstorp/MATE/


I've been using it for some time with no problems.

Tony

-- 
Tony Molloy 
Home
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Virtual problem

[Nataraj]

On 12/6/19 4:59 AM, Nikos Gatsis - Qbit wrote:
> Hello list.
>
> I have already install winserver 2019 on centos 7 qemu and works fine.
>
> Now I install a second image with win 2019 and It connects to internet
> but I cant ping it or connect to it.
>
> Both installations use the same br0. Is that correct?
>
> Any other suggestions?
>
> Thank you.
>
> Nikos.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


If the VM's only network connection is on a bridge on its hosts, then it
will only be reachable from the local host or other VMs that are also
connected to that bridge (assuming you have not setup routing the
network of the bridge to the rest of your LAN).  If you want to be able
to connect to the VM from other hosts on your LAN, then you probably
want to give the VM an interface on one of the LAN interfaces on your HOST.

Nataraj


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VPN connections subject to hijack attack

[Chris Adams]

Once upon a time, Stephen John Smoogen  said:
> So for ipv4 CentOS 7 and 8 may not be vulnerable out of the door (they
> set to 1 versus 0 which the announcement says is kernel default and
> sfe). However, they found ipv6 works without rp_filter so this is a
> problem.

Yeah, I didn't realize until recently that the Linux kernel only
supports uRPF-style filtering on IPv4, not IPv6.  That's not good IMHO.

There is an iptables rpfilter extension, and I believe firewalld
includes it on IPv6 by default, but firewalld isn't appropriate for all
setups.

-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VPN connections subject to hijack attack

[Stephen John Smoogen]

On Fri, 6 Dec 2019 at 04:40, Kenneth Porter  wrote:
>
> 
>

Thanks for the heads up

> This affects all VPNs and is a consequence of using "loose" reverse path
> filtering for anti-spoofing. The default CentOS setting is strict filtering
> but you may have changed this to loose for some unusual routing situations.
> Check that the value of /proc/sys/net/ipv4/conf/all/rp_filter is still set
> to 1. If it's set to 2 (loose filtering), you're vulnerable.
>

So for ipv4 CentOS 7 and 8 may not be vulnerable out of the door (they
set to 1 versus 0 which the announcement says is kernel default and
sfe). However, they found ipv6 works without rp_filter so this is a
problem. But guess what it gets worse .. every Unix and semi Unix OS
seem vulnerable.. from the email:

We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS,
iOS, and Android which allows a malicious access point, or an adjacent
user,  to determine if a connected user is using a VPN, make positive
inferences about the websites they are visiting, and determine the
correct sequence and acknowledgement numbers in use, allowing the bad
actor to inject data into the TCP stream. This provides everything that
is needed for an attacker to hijack active connections inside the VPN
tunnel.

Now if 2 is needed for anything like docker/containers/etc then people
are going to be royally screwed.


> Technical details:
>
> 
>
> According to the report, systemd changed the default to 2 in November 2018
> so many distros are vulnerable.
>
> Here's Red Hat's explanation of why you might want to use a value of 2.
> "When RHEL has multiple IPs configured, only one is reachable from a remote
> network. Or why does RHEL ignore packets when the route for outbound
> traffic differs from the route of incoming traffic?"
>
> 
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Failed to load SELinux policy- freezing

[Bill Gee]

Never mind - I figured it out.  Adding "selinux=0" to the kernel options let it 
boot.  I reinstalled the package for selinux-policy-targeted and now it boots 
normally - if the audio configuration is set right.

Now to figure out why it won't boot when the audio configuration in VirtualBox 
is set for PulseAudio.  If I set it for ALSA, then it works.  But it worked 
with PulseAudio for years, and other Linux VMs on the same host work with 
PulseAudio.

That is not a question for this group.  I will pose it on the VirtualBox 
forums.  In fact, I DID post it, two years ago, but never received any kind of 
answer.  The VM in that case was on the same host but has now gone away for 
unrelated reasons.

-- 
Bill Gee



On Thursday, December 5, 2019 1:40:28 PM CST Bill Gee wrote:
> This is annoying!  I have a CentOS7 virtual machine running on VirtualBox.  
> Short version:  At boot the system locks with a message:
> 
> "Failed to load SELinux policy, freezing."
> 
> VirtualBox thinks it is still running, and I can see it consuming a small 
> amount of CPU time.  But it never goes past this message.
> 
> The problem actually started with a problem in the sound system on this 
> virtual machine.  It would boot a ways through, then abort with no warning 
> and no message.  It just went away.  Looking at the VirtualBox log file, I 
> saw that the last line in the file was something about failing to initialize 
> a stream associated with PulseAudio.  In VirtualBox settings for the machine 
> I disabled all audio.  It then booted.
> 
> I was in the process of gathering information for a problem report at VB when 
> it started giving the message about SELinux policy.  There were several 
> aborts including one where it almost got to loading the X server and going 
> graphical.
> 
> SELinux is disabled on the computer, so I don't understand why it is even 
> trying to load a policy.
> 
> Is there a kernel parameter I can give it to stop SELinux?  Is there any 
> other way to get past this message?
> 
> 

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Virtual problem

[Nikos Gatsis - Qbit]

Hello list.

I have already install winserver 2019 on centos 7 qemu and works fine.

Now I install a second image with win 2019 and It connects to internet 
but I cant ping it or connect to it.


Both installations use the same br0. Is that correct?

Any other suggestions?

Thank you.

Nikos.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] VPN connections subject to hijack attack

[Kenneth Porter]

This affects all VPNs and is a consequence of using "loose" reverse path 
filtering for anti-spoofing. The default CentOS setting is strict filtering 
but you may have changed this to loose for some unusual routing situations. 
Check that the value of /proc/sys/net/ipv4/conf/all/rp_filter is still set 
to 1. If it's set to 2 (loose filtering), you're vulnerable.


Technical details:



According to the report, systemd changed the default to 2 in November 2018 
so many distros are vulnerable.


Here's Red Hat's explanation of why you might want to use a value of 2. 
"When RHEL has multiple IPs configured, only one is reachable from a remote 
network. Or why does RHEL ignore packets when the route for outbound 
traffic differs from the route of incoming traffic?"




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] updates to rpm/kernel-rt

[Mercado, Ronaldo (DLSLtd,RAL,LSCI)]

Hi,

I am writing because I would like to know if centos will update the kernel-rt 
package from
https://git.centos.org/rpms/kernel-rt/releases 
?

I ask because bz#1550584 https://bugzilla.redhat.com/show_bug.cgi?id=1550584 
mentions "fixed in version kernel-rt-3.10.0-1063.rt56.1023.el7"
And the latest tag in "releases" link above is for 
kernel-rt-3.10.0-1062.7.1.rt56.1030.el7 

1062 vs 1063

I would like to see if the kernel update fixes my latency problem.

Thanks.

Ronaldo


-- 
This e-mail and any attachments may contain confidential, copyright and or 
privileged material, and are for the use of the intended addressee only. If you 
are not the intended addressee or an authorised recipient of the addressee 
please notify us of receipt by returning the e-mail and do not use, copy, 
retain, distribute or disclose the information in or attached to the e-mail.
Any opinions expressed within this e-mail are those of the individual and not 
necessarily of Diamond Light Source Ltd. 
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments 
are free from viruses and we cannot accept liability for any damage which you 
may sustain as a result of software viruses which may be transmitted in or with 
the message.
Diamond Light Source Limited (company no. 4375679). Registered in England and 
Wales with its registered office at Diamond House, Harwell Science and 
Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos