Re: [CentOS] Problem with chromium 89.0.4389.82
> -Original Message- > From: CentOS On Behalf Of H > Sent: Monday, April 5, 2021 4:59 PM > To: centos@centos.org > Subject: Re: [CentOS] Problem with chromium 89.0.4389.82 > > > One thing remains: I would also like to move my entire browsing > history from chromium to chrome but am not sure which physical files I > need to copy? There does not seem to be a function for exporting > browsing history to another browser but I would love to be corrected. > Further progress - found an extension that allows me to export history, > up to 90 days which is the maximum chrome/chromium stores, into a json > file from chromium. But, I am still searching for a way to /import/ it > into chrome. Have not found an extension for that yet, nor does there > seem to be a setting for importing history, only bookmarks. On my C7 box, Google Chrome uses the file "/home/%user%/.config/google-chrome/Default/History" for history. It's a SQLite format 3 file, try moving it into the same Chromium 'Default' folder, and see if that works. There are other files there that could be copied over as well, Bookmarks, Cookies, Preferences, etc. -- My computer isn't old. It's computationally challenged. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 Plus Kernel Update Missing?
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Akemi Yagi > Sent: Thursday, December 12, 2019 11:59 AM > To: CentOS mailing list > Subject: Re: [CentOS] CentOS 7 Plus Kernel Update Missing? > > > Along with the recent kernel update (3.10.0-1062.9.1.el7), the > CentOS 7 plus kernel was likewise updated. The plus kernel though hasn't > shown up in the mirrors yet, while the plain kernel has. Could someone > please push the release button for the plus kernel? > > > > That "someone" is Johnny Hughes. :) > > The release button pushed today. Thanks! Albert McCann -- Experience varies directly with equipment ruined. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 7 Plus Kernel Update Missing?
Along with the recent kernel update (3.10.0-1062.9.1.el7), the CentOS 7 plus kernel was likewise updated. The plus kernel though hasn't shown up in the mirrors yet, while the plain kernel has. Could someone please push the release button for the plus kernel? What I do see in the various random mirrors I've manually checked is the previous plus kernel (kernel-plus-3.10.0-1062.7.1.el7.centos.plus.rpm) shows a release date of 12-6 instead of 12-3 it had a few days ago. Thanks, and thank you for all the work and help you folks do, it's greatly appreciated by this retired old phart. Albert McCann -- My computer isn't old. It's computationally challenged. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why windows 10 can't access centos samba
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of John > Hodrien > Sent: Thursday, September 12, 2019 5:42 AM > To: CentOS mailing list > Subject: Re: [CentOS] why windows 10 can't access centos samba > > I can access centos's samba via windows 7, but fail via windows 10. > Why? > > I'm pretty sure this is because the default Samba config doesn't enable > SMB2. > > Make sure this is set in your smb.conf and I think you should be good: > > [global] > max protocol = SMB2 That should probably be SMB3 (from smb.conf man file): SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available. * SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24) * SMB3_02: Windows 8.1 SMB3 version. * SMB3_10: early Windows 10 technical preview SMB3 version. * SMB3_11: Windows 10 technical preview SMB3 version (maybe final). By default SMB3 selects the SMB3_11 variant. - I don't have Win 10 here to test with. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Happy 15th Birthday, CentOS!
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Rich Bowen > Sent: Monday, April 15, 2019 7:15 AM > To: CentOS mailing list > Subject: [CentOS] Happy 15th Birthday, CentOS! > > CentOS is 15 years old today! > > Hear the story from some of our community members at > https://blog.centos.org/2019/04/centos15-2/ Happy birthday and well done! Al McCann -- In Feb. '77, I became a wirehead. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IBM buying RedHat
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Alain péan > Sent: Sunday, October 28, 2018 5:21 PM > To: centos@centos.org > Subject: Re: [CentOS] IBM buying RedHat > > Le 28/10/2018 à 22:10, Albert McCann a écrit : > > Damn, this is bad enough to make one weep. > > Red Hat would stay as a distinct entity inside IBM. IBM has also > contributed to Free software, and especially Linux kernel. > I don't know how bad it is and the implications for CentOS... IBM screwed up with the purchase of the Weather.com properties, including Weather Underground. For more than a decade, WU benefitted from thousands of people with personal weather stations feeding local data to WU. IBM now plans to kill the existing WU weather API (which also was the Weather.com API), and gives the appearance of screwing over all those personal weather folks. While IBM now claims that they will have minimal 'free' access 'to their own data', a huge number of the PW folks have bailed and left, as IBM won't even tell them if they can even have the three-day forecast, let alone the ten-day forecast, plus the weather alerts data. The WU API will die 12-31-18, and still there is no announcement as to what and how the PW people will be allowed to access the API. this leaves a bunch of downstream users who had free API keys, which WU gave out to nonprofit users up until last April or so. It also screws over the paid API users, and looks like the costs for commercial API access will drastically increase. The IBM rep on the message forum still claims that IBM will support the PW data providers, but will not answer what exactly that will provide to those PW providers. As they've completely screwed over users providing free data, I can see them attempting to do the same to the 'free software' company where they plan to monetize the software and data the same way as the weather data. Read all the comments here from the PW providers: https://apicommunity.wunderground.com/weatherapi/topics/end-of-service-for-the-weather-underground-api Al ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IBM buying RedHat
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Larry > Martell > Sent: Sunday, October 28, 2018 4:11 PM > To: CentOS mailing list > Subject: [CentOS] IBM buying RedHat > > https://www.cnbc.com/2018/10/28/ibm-is-reportedly-nearing-deal-to- > acquire-red-hat.html Damn, this is bad enough to make one weep. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update announcement request - correction...
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Johnny Hughes > Sent: Saturday, May 26, 2018 9:39 AM > To: centos@centos.org > Subject: Re: [CentOS] Update announcement request - correction... > > >> plus-3.10.0-862.2.3.el7.centos.plus, but perf and python-perf were not > >> updated for the new kernel. Is this an oversight? perf doesn't complain > >> about mismatched versions though. > > > > "kernel-plus-3.10.0-862.3.2.el7.centos.plus" not ".2.3.". > > These are now on the master server and will propagate to > mirror.centos.org in 30 or so minutes. Then out to the external mirrors > on their rsync schedules. Thanks! Oh, and have a nice Memorial Day. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update announcement request - correction...
> Related to that, a new kernel was released to the Centosplus repo, kernel- > plus-3.10.0-862.2.3.el7.centos.plus, but perf and python-perf were not > updated for the new kernel. Is this an oversight? perf doesn't complain > about mismatched versions though. "kernel-plus-3.10.0-862.3.2.el7.centos.plus" not ".2.3.". Al McCann There's been a circus in my head since the day I was born. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Update announcement request
Hi, Can the updated files added to the Centosplus repo be sent to the announcement list please? I can't find them announced in any of the other lists. Related to that, a new kernel was released to the Centosplus repo, kernel-plus-3.10.0-862.2.3.el7.centos.plus, but perf and python-perf were not updated for the new kernel. Is this an oversight? perf doesn't complain about mismatched versions though. Thanks! Al McCann Wear a Kilt, but carry a big Bagpipe. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] place of other RH sources
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Leon Fauster > Sent: Thursday, May 17, 2018 11:57 AM > To: CentOS mailing list > Subject: [CentOS] place of other RH sources > > Out of curiosity - does someone known where the sources of other RH > products > are placed? RHEL sources are going into git.centos.org but what about e.g. > RH > OpenStack Platform packages or others products? Try here: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/7Server/en/ Albert ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: hardware: sanitizing a dead SSD?
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of m.roth@5- > cent.us > Sent: Tuesday, May 08, 2018 3:35 PM > To: CentOS > Subject: [CentOS] OT: hardware: sanitizing a dead SSD? > > Anyone have any clues about how to sanitize a dead SSD? We haven't had it > yet, but we're sure it's coming. Esp. since I'm a federal contractor, a > dead disk gets deGaussed, but what the hell do you do with a SSD? A five pound ball-peen hammer. Or if you're feeling adventurous, a few seconds in a microwave oven, but set it up outside, so as not to set off the smoke alarms. A drive grinding machine would do, but those are less fun for just a single drive. -- Experience varies directly with equipment ruined. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7 Plus Kernel
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Fabian > Arrotin > Sent: Sunday, January 28, 2018 1:21 PM > To: centos@centos.org > Subject: Re: [CentOS] C7 Plus Kernel > > Hi Albert, > > We are aware that kernel-plus isn't (yet) available, but it was worked > on today. Akemi (kernel maintainer) provided a modified/patched version > as the previous one was building for x86_64 but not for i386. > Depending on the build/test results it will be pushed soon to mirrors. > > Sorry for the delay, Thanks! It's no problem and no rush, just was curious. -- Virtual Reality? Reality already IS virtual. Albert McCann albert.mcc...@outlook.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] C7 Plus Kernel
A new kernel for Centos 7.4.1708 was released several days ago, version 3.10.0-693.17.1. Will there be a matching CentOS Plus kernel? Thanks for all the effort in providing that. Also, is there an announce list for Plus updates? -- I yam Popeye of the Borg. Prepares ta beez askimiligrated. Albert McCann albert.mcc...@outlook.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba help
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of david > Sent: Tuesday, November 14, 2017 9:11 PM > To: CentOS mailing list > Subject: [CentOS] Samba help > > Folks > > I have a Centos7 system (SOFA) and want to install a Samba share > named "STUFF" for the machines inside my home. All users in my home > have read access to the share, but only one user "me" has write > permission. The configuration below worked just fine when the Samba > system was on Centos 6, but did not work under Centos 7. The client > machine is Windows 10. I have changed all "private" information for > this message. > > The Centos 7 machine is running with SELINUX disabled, and > effectively without firewall. > > Windows network browsing finds the computer, but not the share. (it > used to find the share with Centos 6). > > The server name is SOFA > The share name is STUFF > the Workgroup name is MYGROUP > > The Linux account is "melinux" > The logon name from windows is "me" > > I have issued the command >smbpass -a me > > > > smb.conf contains: > - > > # Samba Configuration > > [global] > dns proxy = no > hosts allow= 192.168. 127. 10. localhost > hosts deny = ALL > log file = /var/log/samba/%m.log > max log size = 50 > netbios name = SOFA > printcap name = /dev/null > printing = bsd > security = user > server string = Samba %v on sofa > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > username map = /etc/samba/smbusers > winbind use default domain = no > workgroup = MYGROUP > [STUFF] > browsable = yes > case sensitive = no > comment= STUFF on sofa > create mask= 0755 > directory mask = 0755 > force user = melinux > guest ok = yes > path = /home/samba-share > write list = melinux > > -- > > smbusers contains: > -- > > melinux = me > > -- > > Where have I gone wrong? What changed from C6 to C7. Any advice > would be appreciated. > > David See if adding these under [global] helps in smb.conf: server max protocol = SMB3 client signing = required max protocol = SMB2 server signing = auto client use spnego = no client ntlmv2 auth = no client ipc max protocol = NT1 client ipc signing = auto idmap config * : backend = tdb These are what I added when upgrading from C5's Samba 3 to C7's Samba 4. Also, one of the recent Windows updates may have disabled SMBv1, here that caused the inability to 'browse' the server shares (yet mapping a share still worked). On Windows 7 to enable SMBv1 on the SMB client (workstations), run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe config mrxsmb10 start= auto I don't know if they will work on Windows 10 or not. Al ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing file in current kernel-devel package
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of m.roth@5- > cent.us > Sent: Thursday, October 05, 2017 10:58 AM > To: CentOS mailing list > Subject: Re: [CentOS] Missing file in current kernel-devel package > > Fred Smith wrote: > > On Thu, Oct 05, 2017 at 09:56:57AM -0400, m.r...@5-cent.us wrote: > >> Ok, folks, > >> > >>I've identified what my problem is, trying to install the NVidia > >> proprietary drivers: in kernel-devel-3.10.0-514.26.2.el7.x86_64, there > >> is a file > >> /usr/src/kernels/3.10.0-514.26.2.el7.x86_64/include/linux/fence.h > >> > >>It does not exist in the kernel-devel-3.10.0-693.2.2.el7.x86_64 > >> package. Is this something that got missed, or did HR drop it, or? > >> > > I'm running that kernel with Nvidia 384.90, but I get the nvidia > > driver from elrepo. where do you get yours? > > > Proprietary NVidia. Still, why is fence.h suddenly not there? While I'm running the Plus kernel, it has the same files. What I'm seeing here is that fence.h has been renamed in the 693 kernel to dma-fence.h: # locate fence.h /usr/src/kernels/3.10.0-514.26.2.el7.centos.plus.x86_64/include/linux/fence.h /usr/src/kernels/3.10.0-514.26.2.el7.centos.plus.x86_64/include/linux/seqno-fence.h /usr/src/kernels/3.10.0-514.26.2.el7.centos.plus.x86_64/include/trace/events/fence.h /usr/src/kernels/3.10.0-693.2.2.el7.centos.plus.x86_64/include/linux/dma-fence.h /usr/src/kernels/3.10.0-693.2.2.el7.centos.plus.x86_64/include/linux/seqno-fence.h /usr/src/kernels/3.10.0-693.2.2.el7.centos.plus.x86_64/include/trace/events/dma_fence.h Looks like upstream renamed it for some reason. -- Experience varies directly with equipment ruined. Albert McCann albert.mcc...@outlook.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 httpd Permission problems with Postfixadmin
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Robert > Moskowitz > Sent: Friday, February 17, 2017 1:40 PM > To: CentOS mailing list > Subject: Re: [CentOS] Centos 7 httpd Permission problems with Postfixadmin > > So it's an authorisation issue. In your .htaccess file change > > > >Order allow,deny > >Allow from all > > > > to the apache 2.4 version > > > >Require all granted > > > > See http://httpd.apache.org/docs/2.4/upgrading.html > > Not there still. In /var/www/html I created .htaccess: > > # ls -lstra > total 12 > 4 drwxr-xr-x. 4 root root 4096 Feb 6 16:06 .. > 4 drwxr-xr-x. 2 root root 4096 Feb 17 13:32 . > 4 -rw-r--r--. 1 root apache 21 Feb 17 13:32 .htaccess > > # cat .htaccess > Require all granted > > > restarted httpd, and still get the error. > > [Fri Feb 17 13:36:17.366525 2017] [authz_core:error] [pid 5844] [client > 192.168.160.12:48370] AH01630: client denied by server configuration: > /usr/share/postfixadmin Does the conf file that contains the "/usr/share/postfixadmin" alias also contain a Directory block? Something like this: Alias /postfixadmin /usr/share/postfixadmin ...stuff here... Look for the old style "Order Deny,Allow" and "Deny from All" and remove them if it does, and put the "Require all granted" there. Al McCann ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] VOIP
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of TE Dukes > Sent: Thursday, January 19, 2017 7:41 AM > To: 'CentOS mailing list' > Subject: [CentOS] [OT] VOIP > > So, I bought an OOMA. Turns out it uses a number of ports, three of which > are reserved, 53 TCP/UDP, 110 TCP and 443 TCP. These ports have already > been port forwarded from my cable modem/router to my server. > I'm thinking this isn't going to work unless I change some ports on my > server, which I'm not willing to do. > > I spent over 30 minutes with their support people last night. It appears > the ports cannot be changed on the OOMA device. Try connecting it up behind your existing router, and see if it connects and works. I used to have a Vonage device, and it did the same exact nonsense, yet it still worked fine when behind the NAT in the main router. The web server and rest of the networked devices all still remained connected to the original router. You may need to forward some UDP ports, such as these from the OOMA website, UDP 1194,UDP 3386, UDP 3480, UDP 1-3. http://support.ooma.com/home/advanced-connections-and-service-ports Whenever I needed to configure the Vonage, I had to connect a notebook to the Vonage Ethernet ports to gain access to the web server port. Al -- Come join me in the Church of Appliantology! Elron Hoover ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to edit resolv.conf
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Alice Wonder > Sent: Friday, January 13, 2017 8:59 AM > To: centos@centos.org > Subject: Re: [CentOS] Unable to edit resolv.conf > > I've tried to figure out how to get Network Manager to leave various > configuration files alone and just gave up - resorting to cron job > running as root every minute fixing them if they have been modified. ... > My home router - the caching nameserver it uses doesn't enforce DNSSEC > and crashes about once a week, requiring a restart. So I just don't use > it except for my phone and tablet, and just run unbound on my local > machines, but Network Manager keeps trying to use the nameserver > assigned by the router DHCP (which is the router) and other than a once > a minute cron job, can't figure out how to tell Network Manager to > ignore the nameserver setting. Have you tried setting PEERDNS=no in the /etc/sysconfig/network-scripts/ifcfg- script(s)? I have an ancient note here from 5.x days with the above fix. Al -- He who finds an old key does not require a new one. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to edit resolv.conf
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of TE Dukes > Sent: Friday, January 13, 2017 7:50 AM > To: 'CentOS mailing list' > Subject: [CentOS] Unable to edit resolv.conf > > I changed ISPs and need to update name servers in resolv.conf. > > I have tried nano, gedit, Webmin, system-config-network and it won't allow > me to make the changes. > > I have Network Manager turned off and when I enable it , eth0 and eth1 > have no entries. > > I enabled it, added the connections, but still no changes. You haven't done what I've done intentionally, flag /etc/resolv.conf immutable with "chattr +i /etc/resolv.conf" have you? I do this to keep Network Manager and other busybodies from making unwanted / unneeded changes. Al -- Evidence of a dissolute computer. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Microcode.service error when booting 7.3.1611
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of John Hodrien > Sent: Wednesday, January 11, 2017 8:11 AM > To: CentOS mailing list > Subject: Re: [CentOS] Microcode.service error when booting 7.3.1611 > > On Wed, 11 Jan 2017, Albert McCann wrote: > > > Anyone else seeing this, or know what the secret fix is? > > It's not secret: > > https://bugzilla.redhat.com/show_bug.cgi?id=1411232 Thanks. that wasn't showing up in Google. Al -- Abandoning my search for truth, I now search for fantasy. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Microcode.service error when booting 7.3.1611
In 7.3.1611, running kernel "3.10.0-514.2.2.el7.centos.plus.x86_64 #1 SMP Wed Dec 7 19:10:15 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux" with microcode_ctl-2.1-16.1.el7_3.x86_64, I'm seeing the following error when booting: systemd[1]: [/usr/lib/systemd/system/microcode.service:10] Trailing garbage, ignoring. systemd[1]: microcode.service lacks both ExecStart= and ExecStop= setting. Refusing. systemd[1]: Cannot add dependency job for unit microcode.service, ignoring: Unit is not loaded properly:Unit is not loaded properly: Invalid argument. Googling that last line returns a single (useless to me) RedHat URL, which requires one to log in for details. https://access.redhat.com/solutions/2851331 Anyone else seeing this, or know what the secret fix is? Could it be the use of the double quotes in this line: ExecStart=/usr/bin/bash -c "grep -l GenuineIntel /proc/cpuinfo | xargs grep -l "model.*79" > /dev/null || echo 1 > /sys/devices/system/cpu/microcode/reload" Al -- "Pieces of Nine! Pieces of Nine!" Another parroty error. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Valeri > Galtsev > Sent: Monday, January 09, 2017 12:26 PM > To: CentOS mailing list > Subject: Re: [CentOS] Firefox Issue > > One large list that cut the number of attacks was > > blocking ALL Amazon AWS services. That reduced attacks by at least half. > > Clousflare would be another one worth mentioning. They are much nastier, > BTW, IMHO: > > https://wordtothewise.com/2012/07/cloudflare-and-spamhaus/ Yeah, thanks, I added them too. -- My computer was sold to me by Mad Man Muntz. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Always > Learning > Sent: Monday, January 09, 2017 11:23 AM > To: Centos > Subject: Re: [CentOS] Firefox Issue > > On Thu, January 5, 2017 17:23, Always Learning wrote: > > > > > > > > > Cyber attacks are gradually replacing armed conflicts. > > Better fight with bits than blood. > > Agreed. One of my Apache defenses is to redirect probes/hacks to > 127.0.0.1 :-) I'm redirecting some things to www.fbi.gov as well as 127.0.0.1 here, plus using mod_geoip, ipset, and the mother of all network level blacklists in ipset. One large list that cut the number of attacks was blocking ALL Amazon AWS services. That reduced attacks by at least half. -- Cinderella works for the CIA. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recent updates for CentOS7?
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Johnny Hughes > Sent: Wednesday, November 30, 2016 7:09 PM > To: centos@centos.org > Subject: Re: [CentOS] Recent updates for CentOS7? > We have no delivery mechanism for the new plus kernel, which relies on > 7.3 (or CR) packages until we actually release the 7.3.1611 tree and > centosplus repo for that tree. > > I can build that kernel tomorrow and make it available if you really, > really meed it before the full 7.3 tree. Thanks, but there's no rush. Things work fine with the previous version just fine. -- The nine warning signs of Christmas. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recent updates for CentOS7?
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Johnny Hughes > Sent: Friday, November 25, 2016 10:13 AM > To: centos@centos.org > Subject: Re: [CentOS] Recent updates for CentOS7? > Then we will commence work on the OS tree and ISOs. Historically, this > takes 10-21 days for the full tree and ISOs .. but except for the > exceptions listed above, all the packages will be in CR. > > Thanks, > Johnny Hughes Johnny, Thank you, and all the others, for all the hard work. My family photos website wouldn't be possible without it. I have a question, what about the Plus kernel, when will that get updated? Albert McCann -- Cats don't purr, that sound is their mantra. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recent updates for CentOS7?
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Alice Wonder > Sent: Friday, November 25, 2016 6:59 AM > To: centos@centos.org > Subject: Re: [CentOS] Recent updates for CentOS7? > > On 11/25/2016 03:49 AM, Robbert Eggermont wrote: > > Hi, > > > > I noticed there have not been any new updates for CentOS 7 for four > > weeks now (at least not under > > http://mirror.centos.org/centos/7/updates/x86_64/). For Centos 6 updates > > have been released more recently (i.e. the Firefox-45.5.0 update). > > > > I was not able to find any information about this "pause". Is this > > planned, and when will new updates be released? > > Thanks! > > > > 7.3 is being worked on, hence the pause. I think they are close but I > don't speak for them. Many hundreds of 7.3 updates have been released into the CR repository, and got installed here Wednesday. -- The reward for good work is more work. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipset and blacklisting
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of tdu...@palmettoshopper.com > Sent: Wednesday, September 21, 2016 9:10 AM > To: CentOS mailing list > Subject: Re: [CentOS] ipset and blacklisting > I do a: > > ipset save blacklist, and service ipset save > > I use three scripts: > > access_log_ips.sh Thanks, I need to do this myself. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipset and blacklisting
How are you saving and reloading the ipsets over a reboot? > -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of TE Dukes > Sent: Tuesday, September 20, 2016 9:46 PM > To: 'CentOS mailing list' > Subject: [CentOS] ipset and blacklisting > > This is what ipset can do for traffic on a home server that's not wanted > on > a slow 6MB DSL connection. > > http://palmettoshopper.com/httpd_traffic.jpg > > I only use my home server for zoneminder, testing my commercial website > and > streaming movies. > > Got tired of hackers looking for files that don't exist on my home server > and non-complying robots. > > Check the drop in bandwidth. > > Setup up a redirect to the NSA webite. They can deal with the hackers. > > HTH > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .htaccess file
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of TE Dukes > Sent: Sunday, August 28, 2016 10:36 AM > My home system on a DSL line is getting worn out by bad behavior robots. > Awhile back, I created a .htaccess file that block countries by IP blocks. > Its 2MB in size. ... > So, today, I tried following the directions for apache.org website, > https://httpd.apache.org/docs/current/howto/htaccess.html to move the > .htaccess What version of CentOS are you using? For 7.x, and I think 6.x, there is a much simpler way of doing this, using mod_geoip from the Epel repository. It rejects all unwanted HTTP connections using 403 responses. Here's an example geoip.conf file, which is what I'm using: GeoIPEnable On GeoIPDBFile /usr/share/GeoIP/GeoIP.dat MemoryCache GeoIPOutput Env # Proxies SetEnvIf GEOIP_COUNTRY_CODE A1 BlockCountry #Country blocks SetEnvIf GEOIP_COUNTRY_CODE TR BlockCountry SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry #... more countries using the two char country code On C7 this file goes here /etc/httpd/conf.d/geoip.conf Make sure that /etc/httpd/conf.modules.d/10-geoip.conf loads the library file, and is not remarked out with a #. There is more info on mod_geoip here (but use the installation from Epel) though: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ I run a server for personal family purposes, and use this to block many of the places my family doesn't live... Al McCann Certe, Toto, sentio nos in Kansate non iam adesse. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] HFSPlus Question
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of Chris Murphy > Sent: Tuesday, June 07, 2016 5:01 PM > To: CentOS mailing list > Subject: Re: [CentOS] HFSPlus Question > > Fedora 24 > [root@f24m mnt]# grep HFSPLUS /boot/config-4.5.6-300.fc24.x86_64 > CONFIG_HFSPLUS_FS=m > # CONFIG_HFSPLUS_FS_POSIX_ACL is not set > > CentOS 7 > [root@localhost ~]# grep HFSPLUS /boot/config-3.10.0-123.20.1.el7.x86_64 > # CONFIG_HFSPLUS_FS is not set > > [root@localhost ~]# grep HFSPLUS /boot/config-4.6.1-1.el7.elrepo.x86_64 > CONFIG_HFSPLUS_FS=m > # CONFIG_HFSPLUS_FS_POSIX_ACL is not set > > > So it looks like it's not created in the CentOS kernels, but is in the > elrepo and Fedora kernels. Thanks for the clues from yourself and other's. I haven't had a chance to check things out yet, I'm still dealing with food poisoning I came down with after sending my question. :-( Maybe later this week. Al ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] HFSPlus Question
In CentOS 7.2.1511 does the 3.10.0-327.18.2.el7.centos.plus.x86_64 (Plus) kernel read HFSPlus iMac drives? I don't see any hfsplus modules installed anywhere, so I suspect not. My sister's 17" iMac died, and I'm trying to recover the drive. If it spins up, I'd like to copy it with dd. I see that Elrepo has kmod-hfsplus and hfsplus-tools, will these work with the Plus kernel? I still have to pull the drive from that infernal iMac case, so can't test yet. Thank you for any clues, my Google-foo isn't finding anything on the Plus kernel and HFSPlus. --- I yam Popeye of the Borg. Prepares ta beez askimiligrated. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSL CRIME
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of Markus Falb > Sent: Monday, September 24, 2012 7:07 AM > To: centos@centos.org > Subject: [CentOS] SSL CRIME > > Hi, > Some of you have heard of CRIME, probably. > > from https://bugzilla.redhat.com/show_bug.cgi?id=857051 > > Adding the following line to the /etc/sysconfig/httpd file: > > > > export OPENSSL_NO_DEFAULT_ZLIB=1 > > But there are other services but http that use ssl and are vulnerable? > What is the optimal place for setting this environment variable system > wide? > > I tried to set it in > /etc/profile.d/CRIME.sh > /etc/bashrc > without success. What about placing it in the /etc/rc.d/rc.local file? Al McCann --- My computer was sold to me by Mad Man Muntz. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] log time formats - where is this defined
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of Rob Kampen > Sent: Sunday, February 27, 2011 3:34 PM > To: CentOS mailing list > Subject: [CentOS] log time formats - where is this defined > > One of my servers is using ISO datetime formats > (2011-02-27T15:22:15.519857-05:00) in the logs > the rest use the default redhat/CentOS format (Feb 27 15:10:21). > After a couple of hours searching google I cannot find where this is > defined. > I know I changed it some months ago as an experiment but forgotten > where this was done. > the ISO format breaks logwatch - thus I need to revert. I had problems with that, here's the fix: Add to first line of /etc/rsyslog.conf: $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat Here's the Bugzilla for this problem: https://bugzilla.redhat.com/show_bug.cgi?id=583621 Al ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logwatch not working properly
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf > Of Albert McCann > Sent: Saturday, November 06, 2010 9:55 PM > To: 'CentOS mailing list' > Subject: Re: [CentOS] Logwatch not working properly > > Found it. Now that I know what to look for, here's the RedHat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=583621 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logwatch not working properly
Found it. > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf > Of Albert McCann > Sent: Saturday, November 06, 2010 12:18 PM > To: 'CentOS mailing list' > Subject: [CentOS] Logwatch not working properly > > I having a problem where Logwatch is not showing any events from the > /var/log/secure log file. The date format used by the default /etc/rsyslogd.conf may be wrong in CentOS 5.5, and I'm guessing RedHat's rsyslog-3.22.1-3. > 2010-11-06T08:59:03.684006-04:00 valhala sshd[23633]: Invalid user bob from 192.168.1.12 I renamed rsyslog.conf to rsyslog.conf.back and reinstalled rsyslog just to make sure I got a good rsyslog.conf file. What it should display as is this (for logwatch to be able to see): Nov 6 21:25:31 valhala sshd[579]: Accepted password for someone from 192.168.1.12 port 61275 ssh2 This provided the clue I needed: http://howtoforge.org/forums/showthread.php?p=242790 I have Fedora 13 running in a VMWare session, and this line from F13's rsyslog.conf, seems to do this trick: $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat Al -- Ate yerz ago i cudent evin spel injuneer. Now i ar one. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Logwatch not working properly
I having a problem where Logwatch is not showing any events from the
/var/log/secure log file. When I run
logwatch --print --range today --service sshd --detail 10 --debug 10
the end result shows this:
...
LogFiles that will be processed:
[0] = secure
[1] = messages
Made Temp Dir: /var/cache/logwatch/logwatch.sOga48bL with tempdir
export LOGWATCH_DATE_RANGE='today'
export LOGWATCH_GLOBAL_DETAIL='10'
export LOGWATCH_OUTPUT_TYPE='unformatted'
export LOGWATCH_TEMP_DIR='/var/cache/logwatch/logwatch.sOga48bL/'
export LOGWATCH_DEBUG='10'
Preprocessing LogFile: secure
/var/log/secure 2>/dev/null | /usr/bin/perl
/usr/share/logwatch/scripts/shared/expandrepeats ''| /usr/bin/perl
/usr/share/logwatch/scripts/shared/onlyhost ''| /usr/bin/perl
/usr/share/logwatch/scripts/shared/applystddate
''>/var/cache/logwatch/logwatch.sOga48bL/secure
TimeFilter: Period is day
TimeFilter: SearchDate is (Nov 6 ..:..:..)
TimeFilter: Debug SearchDate is (Nov 6 )
DEBUG: Inside ApplyStdDate...
DEBUG: Looking For: (Nov 6 ..:..:..)
Preprocessing LogFile: messages
/var/log/messages 2>/dev/null | /usr/bin/perl
/usr/share/logwatch/scripts/shared/expandrepeats ''| /usr/bin/perl
/usr/share/logwatch/scripts/shared/removeservice 'talkd'| /usr/bin/perl
/usr/share/logwatch/scripts/shared/removeservice 'telnetd'| /usr/bin/perl
/usr/share/logwatch/scripts/shared/removeservice 'inetd'| /usr/bin/perl
/usr/share/logwatch/scripts/shared/removeservice 'nfsd'| /usr/bin/perl
/usr/share/logwatch/scripts/shared/removeservice '/sbin/mingetty'|
/usr/bin/perl /usr/share/logwatch/scripts/shared/removeservice 'netscreen'|
/usr/bin/perl /usr/share/logwatch/scripts/shared/removeservice 'netscreen'|
/usr/bin/perl /usr/share/logwatch/scripts/shared/onlyhost ''| /usr/bin/perl
/usr/share/logwatch/scripts/shared/applystddate
''>/var/cache/logwatch/logwatch.sOga48bL/messages
DEBUG: Inside RemoveService...
DEBUG: Inside RemoveService...
DEBUG: Inside RemoveService...
DEBUG: Inside RemoveService...
DEBUG: Inside RemoveService...
DEBUG: Inside RemoveService...
DEBUG: Inside RemoveService: 930 Lines In, 930 Lines Out
DEBUG: Inside RemoveService: 930 Lines In, 930 Lines Out
DEBUG: Inside RemoveService: 930 Lines In, 930 Lines Out
DEBUG: Inside RemoveService: 930 Lines In, 930 Lines Out
DEBUG: Inside RemoveService: 930 Lines In, 930 Lines Out
DEBUG: Inside RemoveService...
DEBUG: Inside RemoveService: 930 Lines In, 930 Lines Out
DEBUG: Inside RemoveService: 930 Lines In, 930 Lines Out
TimeFilter: Period is day
TimeFilter: SearchDate is ( 2010-Nov-06 ..h ..m ..s )
TimeFilter: Debug SearchDate is ( 2010-Nov-06 h m s )
### Logwatch 7.3 (03/24/06)
Processing Initiated: Sat Nov 6 11:38:23 2010
Date Range Processed: today
( 2010-Nov-06 )
Period is day.
Detail Level of Output: 10
Type of Output: unformatted
Logfiles for Host: valhala..org
##
- SSHD Begin
DEBUG: Inside OnlyService for sshd
DEBUG: Inside SSHD Filter
-- SSHD End -
Looking at file /usr/share/logwatch/scripts/services/sshd there is block of
code starting at line 165:
...
if ( $Debug >= 5 ) {
print STDERR "\n\nDEBUG: Inside SSHD Filter \n\n";
$DebugCounter = 1;
}
while (defined(my $ThisLine = )) {
if ( $Debug >= 5 ) {
print STDERR "DEBUG($DebugCounter): $ThisLine";
$DebugCounter++;
}
...
>From above, this line never prints anything:
print STDERR "DEBUG($DebugCounter): $ThisLine";
while the previous print STDERR does print when $Debug >= 5.
Doing a rpm -V Logwatch shows one changed file
S.5T c /etc/logwatch/conf/logwatch.conf
as I added a " Detail = High" line to it.
I do have sshd events in /var/log/secure, here's some showing testing a
failed login using a non-existing account:
2010-11-06T08:59:03.684006-04:00 valhala sshd[23633]: Invalid user bob from
192.168.1.12
2010-11-06T08:59:03.688784-04:00 valhala sshd[23636]:
input_userauth_request: invalid user bob
2010-11-06T08:59:05.996036-04:00 valhala sshd[23633]: pam_unix(sshd:auth):
check pass; user unknown
2010-11-06T08:59:05.996313-04:00 valhala sshd[23633]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=bunny2..org
2010-11-06T08:59:07.837697-04:00 valhala sshd[23633]: Failed password for
invalid user bob from 192.168.1.12 port 57945 ssh2
2010-11-06T08:59:10.644065-04:00 valhala sshd[23633]: pam_unix(sshd:auth):
check pass; user unknown
2010-11-06T08:59:12.505509-04:00 valhala sshd[23633]: Failed password for
invalid user bob from 192.168.1.12 port 57945 ssh2
2010-11-06T08:59:14.348019-04:00 valhala sshd[23633]: pam_unix(sshd:auth):
check pass; user unknown
2010-11-06T08:59:15.759400-04:00 valhala sshd[23633]: Failed password for
invalid
Re: [CentOS] Interpreting logwatch
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of Bill Campbell > Sent: Wednesday, September 08, 2010 12:17 PM > To: centos@centos.org > Subject: Re: [CentOS] Interpreting logwatch > While fail2ban and swatch are good tools, apache mod_security is > probably better for dealing with this type of thing as it is > designed to minimize attacks on web services. > > I think it's a mistake to discount any attacks involving php as > the vast majority of the systems I have had to clean up after > cracks have been compromised through php vulnerabilities, usually > in conjunction with weak user level passwords. > > IHMO, admin tools like phpMyAdmin, webmin, and usermin should be > carefully restricted, preferably only accessible via a private > LAN, not from the public internet. This lurker is running a family pictures website, and got tired of that nonsense, so I have a bunch of entries like these in my .htaccess file: Redirect permanent /phpMyAdmin/ http://127.0.0.1/ Redirect permanent /PMA2005/ http://127.0.0.1/ ... The Perishable Press blog has other .htaccess methods to deal with such things. I also block access from all Amazon EC2 IPs, that reduced the amount of port and application scans by about half. Al -- I yam Popeye of the Borg. Prepares ta beez askimiligrated. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
