Re: [CentOS] SSH Weak Ciphers
On 2016-10-19 03:11, Leon Fauster wrote: Is there any command to find the supported list of KeyAlgos, MACs and Ciphers for the particular system (e.g. EL{5,6,7})? Similar to $ openssl ciphers -v ... The supported KexAlgorithms, Ciphers, and MACs are generally listed in the sshd_config man page. So 'man sshd_config' then look for the section of the item of interest. Erik ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] gssproxy items...
Hi, I've been working on some systems trying to get kerberized nfsv4 and kerberized web services going on 7. Kerberized nfsv4 was working with 7.0, but with the 7.1 release it stopped working, the key difference between the two setups is that gssproxy wasn't being used with 7.0, but seems to be key with 7.1. The problem I am encountering with Kerberized NFSv4 is that the directory will mount okay, and I can see it's contents as root, but I encounter Permission denied errors when trying to access it as a regular user. 'klist -ce' returns valid results as the user (including a a line for the server spn that I was trying to access), and I am able to access Kerberized NFSv4 shares hosted on EL6 servers as the same user. Kerberized web services have been a recent thing to try in order to see if they would work with gssproxy - a colleague did get Kerberized web services going on 7.1 without using gssproxy. I followed the instructions at https://fedorahosted.org/gss-proxy/wiki/Apache, but still didn't have any success until I added the cred_store line mentioned in comment 6 of https://bugzilla.redhat.com/show_bug.cgi?id=1168962 as we are running with selinux enabled. The success was short-lived for once I started adding user/group checking it would succeed about 30% of the time as the user principal was being returned as elaxdal@REALMH\x86\xf7\x12\x01\x02\x02 instead of just elaxdal@REALM. Today I tried recompiling the 0.4.1-1 source rpm from Fedora 21's updates, installed it onto a 7.1 nfsv4/web server, at which point everything started to consistently work - NFSv4 shares and web services with user/group checking. So it appears that the problem I'm encountering has been addressed. I've also tried recompiling the 0.3.1-1 and 0.3.1-4 source rpms from Fedora 20 and 21, both of which show the same problems I see with the 7.1 version of gssproxy. Some additional background information, the Kerberos server is an AD server that is maintained by another group. The system keytab uses a user account based spn on the AD server, and a computer account based keytab for the system with aliases for host and http keytabs. Any thoughts/suggestions as I'd rather stay with the distribution's version of supplied packages? Thanks, Erik ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gssproxy items...
On 06/30/2015 12:13 PM, m.r...@5-cent.us wrote: Erik Laxdal wrote: The problem I am encountering with Kerberized NFSv4 is that the directory will mount okay, and I can see it's contents as root, but I encounter Permission denied errors when trying to access it as a regular user. 'klist -ce' returns valid results as the user (including a a line for the server spn that I was trying to access), and I am able to access Kerberized NFSv4 shares hosted on EL6 servers as the same user. snip Stupid question: selinux? Not a stupid question, selinux has gotten me with other things from time to time. The server was setup with selinux set to enforcing by default, but I have tried 'setenforce 0', changing it to permissive, and finally disabled (rebooting after each of these state changes) with no change in behaviour. On the client side, I've only tried the 'setenforce 0' command. The gssproxy-0.4.1-1 package was only installed on the server and worked with selinux enabled on both the server and client sides. The client side also has no problem accessing Kerberized NFSv4 shares from EL6 systems with selinux enabled on it. Thanks, Erik ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.5 install
Make sure that you are booting and installing the system using the UEFI bios, not the legacy bios. You'll need to check your bios setup for the setting to do this if the system supports it. The legacy bios will force the MDOS labeling scheme that will limit the boot drive to a maximum of 2TB. The UEFI bios allows the system to boot from a large GPT labelled disk (with the required UEFI partition). Erik On 26/02/14 12:01 PM, Kenny Noe wrote: Hello, I'm a newbie so here's my question. I'm trying to install CentOS 6.5 on a HP Proliant 350e server. This server has 4x 1TB hard drives. I'd like to enable the hardware RAID 5 and stripe all 4 disk into one 3TB logical volume. Then install CentOS on the 3TB volume. However after I install I can't get the server to boot. I know about the MDOS vs GPT labeling issue. I've successfully installed on one (singular) 3TB disk on other servers. I have modified the partition tables, relabeling them to GPT, prior to completing the installs. However I've read that the Anaconda installer still tries to format as MDOS and after installing a Basic server I cannot get it to boot. So, what am I missing? Can I load CentOS on a hardware RAID 5 volume that is 3TB (usable) or am I stuck with what most Google searches say and load the OS on one disk and then after use software RAID to RAID 5 the remaining 3 disk into a /data directory? All help is appreciated. Thanks--Kenny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] UEFI booting
There's this document: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/ch-Boot-x86.html The important thing is that you need to install the OS with the firmware that you want to run the system with, so you'll need to re-install the system using the UEFI boot mode to boot your installation media in order to get the system going with UEFI. Erik On 05/02/14 07:49 AM, Jerry Geis wrote: Hi All, I received a Intel Nuc D34010WYK. nice and small. I installed 6.5 x86_64 on it in LEGACY boot mode on the mSATA disk. All worked except sound. In process of trying to get that working I saw posts about Need to not use LEGACY boot mode for HDMI sound to work. I am trying to find a document on how to use the UEFI boot on 6.5 Any great resource out there for that? Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] re-install package
Jerry Geis wrote: I tried to install alsa 1.0.19 on centos 5.3 64 - did not work - compile errors. I need to re-install alsa-lib and alsa-util . I dont want to do rpm -e first on those packages as dependcy is crazy. I know they were installed (rpm -qa | grep alsa tells me so) I just want to re-install ? How do I do that? Try the new reinstall option in CentOS 5.3's version of yum: yum reinstall alsa-lib alsa-util Erik ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Missing 5.3 updates?
Just wondering (I hate asking this, but in case they slipped by) if there is an ETA on some missing updates (as newer ones are appearing) including: firefox-3.0.7-1.el5 http://rhn.redhat.com/errata/RHSA-2009-0315.html thunderbird-2.0.0.21-1.el5 (the latest 5.3 RPM is 2.0.0.18 whereas the latest 5.2 RPM is 2.0.0.19) http://rhn.redhat.com/errata/RHSA-2009-0258.html NetworkManager-devel-0.7.0-4.el5_3 http://rhn.redhat.com/errata/RHSA-2009-0361.html systemtap-0.7.2-3.el5_3 http://rhn.redhat.com/errata/RHSA-2009-0373.html xulrunner-1.9.0.7-3.el5 (for firefox) http://rhn.redhat.com/errata/RHSA-2009-0397.html mod_nss-1.0.3-7.el5_3.1 http://rhn.redhat.com/errata/RHEA-2009-0403.html openswan-2.6.14-1.el5_3.2 http://rhn.redhat.com/errata/RHSA-2009-0402.html xen-3.0.3-80.el5_3.2 http://rhn.redhat.com/errata/RHBA-2009-0401.html I've checked a number of mirrors for these updates and haven't found them. Thanks, Erik ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling shutdown and suspend for normal users
Henk van Lingen wrote: Hi, [CentOS 5] What is the best way to remove the shutdown and suspend options from menu's for normal users? After googling around, I added SystemMenu=false to the greeter section in /etc/gdm/custom.conf. After that the GDM login screen still shows the options, but 'restart' indeed doesn't work anymore. However, the gnome menu's when logged in, still have the 'suspend' options, which still leads to a hanging (unwakeble) machine. BTW: I prefer editing config files instead of stupid gui's, as I have to change a lot of machines :-) To remove the reboot/shutdown options from the login screen (after setting SystemMenu=False) two small modifications are needed to: /usr/share/gdm/themes/CentOSCubes/CentOSCubes.xml The two modifications are: 1. Change line 102 from: show modes=console/ to: show type=reboot modes=console/ 2. Change line 118 from: show modes=console/ to: show type=halt modes=console/ The lines above both of these should have an item tag refering to the appropriate reboot/halt button. Then restart the gdm. The shutdown and reboot buttons should no longer appear. I use the following command: gconftool-2 --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory -s -t bool /apps/gnome-power-manager/can_suspend false to remove the suspend option from the gnome system menu. Also, deleting the symbolic links for halt, poweroff, and reboot in /usr/bin appears to remove the respective options from the menu as well as from the command line. Erik ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos