Re: [CentOS] How to access one machine behind iptables, on different subnet?
On Friday 29 October 2010 04:22:52 Rudi Ahlers wrote: > How do I give full access to all ports on this IP, instead of forwarding > every port? Sure. That's called One-to-One NAT. You'll do something like this: iptables -t nat -I PREROUTING -d 192.168.1.20 -j DNAT --to-destination $GREEN ...where $GREEN is one ip on your 192.168.2.x network. Then make sure you have the proper "allow" rules on the INPUT chain for your LAN ip ($GREEN). The above was for ingress traffic. Now, for egress traffic (for this internal LAN ip) you'll need to perform NAT as well: iptables -t nat -A POSTROUTING -s $GREEN -j SNAT --to-source 192.168.1.20 Check out: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hwclock problem
On Thursday 11 November 2010 20:41:45 Jobst Schmalenbach wrote: > Now I had to reboot a couple of them two days ago and to my surprise > all had problems with the time upon booting. Hi, Are you 100% sure that your timezone file (/etc/localtime) corresponds to the one Australia/Melbourne? Try this: diff /etc/localtime /usr/share/zoneinfo/Australia/Melbourne Besides that, try to see if there's any script within /etc that tries to set the TZ variable somewhere as it seems it is trying to set your system time to flat UTC. If I understand correctly, your hardware clock indeed is storing "localtime" as seen on the output when you are booting... but as soon as ntpd kicks in, it sets the system time to UTC (which is 11 hours behind your localtime). Right? HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hwclock problem
On Thursday 11 November 2010 20:41:45 Jobst Schmalenbach wrote: > Nov 10 08:08:52 XX ntpdate[2464]: step time server 192.168.1.1 offset > -39599.950905 sec Also, try to disable ntpdate with "chkconfig ntpdate off" and reboot the machine and see if that solves the problem. If it does, then you can concentrate on ntpdate... -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Does "yum update tzdata" update /etc/localtime?
On Monday 15 November 2010 00:13:53 Jobst Schmalenbach wrote: > Does "yum update tzdata" update /etc/localtime or does this need > to be done manually? No, it doesn't. It is created by Anaconda during install. > [this is part of the hwclock problem, a guy from sage-au has given me a > hint] I mentioned this file on your other thread last night but afterwards I thought you had it right since the output for your date commands contained "EST" which is correct for your timezone. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos podcast on FLOSS weekly
On Thursday 18 November 2010 12:18:16 Les Mikesell wrote: > check out this week's (142) video podcast at http://twit.tv/floss Hey thanks for the tip. I just finished watching it (very interesting interview). -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] best way to start and shutdown programs in CentOS?
On Sunday 21 November 2010 20:19:59 Kill Script wrote: > I have a Java program that I want to start up with every boot, but I'm > unsure how to do it. Put the call to your script on this file: /etc/rc.d/rc.local HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] best way to start and shutdown programs in CentOS?
On Monday 22 November 2010 10:36:31 Brian Mathis wrote: > It may be tempting to use the rc.local, but that's the quick and dirty > way and not good for the long-term sustainability and management of a > system. There's no way to individually control any service running > from there, and no way to stop it on shutdown. I totally agree. My suggestion was based on the assumption that the OP didn't have much system-administration experience and using rc.local was definitely the easiest way out. I should have warned him of the alternate correct method though...Fortunately he has been nicely informed by others. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux - way of the future or good idea but !!!
On Sunday 28 November 2010 13:31:28 Benjamin Franz wrote: > Worse - it doesn't always log what it is doing in a way that you can figure > out. Occasionally not at all. SELinux does have some rate-limiting capabilities built-in to avoid a flood of identical messages...so the "triggering-event to log ratio" is not 1 to 1. I understand this may be confusing for troubleshooting purposes but you need to be aware of this. > Once because an update to SELinux changed the labeling on an existing > directory tree - blowing away my own applied labeling with no warning When you apply custom labels to files many people forget that if there's a relabel involved (via /.autorelabel or manual filesystem relabel) all your custom labels are gone UNLESS you update your local policy contexts by doing: semanage fcontext -a -t new_type_here 'regex_here' > I've had several instances of SELinux breaking a previously stable > system after an update to SELinux or its policies. On about the same > number of machines. The most recent within the last year. All our CentOS 5 servers have been running smooth with SELinux enabled. I can't tell from previous versions since I always disabled it (I was intimidated by it until I decided to take SOME TIME to read about it and UNDERSTAND it). Once you grasp the essentials isn't that of a big issue really. If you are running the packages that come with your distro and you leave the stuff in their respective places (/var/www/html etc), you shouldn't be doing much tweaking. In a nutshell, for me, when I suspect there is something related to SELinux involved I proceed as follows: 1) I'll check the logs to see if there's any AVC message. If there is... 2) I'll check if this is related to a mislabeled file. If it is, I'll fix the label. If the file in question is on a standard place...a simple restorecon should work but if the file is in another place (non-standard location) I'll need to register that as a local customization to the file contexts (with semanage fcontext...) 3) If the label is correct for the file I'll check if there's a boolean to control (allow/deny) this action (example: there are booleans to allow ftp server to serve from home directories or not etc...) 4) If there is no boolean and I'm 100% the access is needed...I'll create a local custom-policy with audit2allow. That's basically it. On the other hand, there are situations like, for example, our RHEL servers running Oracle databases. There's no way to run SELinux as Oracle won't support it. I heard they're working on it and in future versions they might support it (or maybe their current one I'm not sure). In other cases where we use Symantec Netbackup (the client installed on all servers) we just needed to change some labels on some specific libraries and that was all. Luckily this was well documented and there were some KB articles about this. There has been a lot of progress with SELinux lately. I think you should reconsider your position and perhaps give it a try on the upcoming CentOS 6 where the targeted policy is much matured. Best regards, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM change disk
On Saturday 04 December 2010 02:47:15 muhammad panji wrote: > The problem is that I have no SATA port left so that I can't move PE to the > new disk. I don't see how you can solve your problem with the current setup (you need to free up space and put it somewhere but you don't have any more disks to add to the volume group as you don't have any more SATA ports left...). Two possible workarounds: Free up 500GB of space by: 1- temporarily moving the data to an external USB drive or 2- move the data to another host (thru the network) Then you can use "pvmove" to remove the 500GB drive and put the 2TB one. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Stripping silent periods from MP3s
On Sunday 12 December 2010 17:02:27 Keith Roberts wrote: > I need to remove (or shorten to 5 seconds) any silent > sections throughout the Mp3 file - not just the beginning or > the end. I usually do this in Audacity (graphical app) and the feature is called "Truncate Silence". I'm not sure if you need to do this in a console app. Also, Audacity will uncompress your mp3 file to perform the edit which then you can export back to mp3 (transcode). I don't know of any app that will trim silence on MP3s in a lossless way. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] BIND and latest update (max open files WARNING)
Hi all, After the latest security update for bind (which came out last night), now there's a new message on syslog, (facility: daemon, severity: warning) every time you restart named: max open files (1024) is smaller than max sockets (4096) After googling for a while the solution seems to be to add this to /etc/security/limits.conf: namedsoftnofile4096 ...and mofity /etc/named.conf in order to add, under the options section: files 4096; That seems to work. Of course, you may raise the 4096 but I guess that's the default in BIND and I was good with that. I'm not sure why this happend. Maybe before the update bind had a value of 1024 for max.sockets and now it was raised to 4096. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT how to prevent oversubscription of a disk
On Thursday, December 30, 2010 09:53:25 pm Dave wrote: > I want to add up the quotas I've assigned on a particular partition > and see if the total is bigger than the disk. It's possible to do this > (awkwardly) using repquota or quota. Is there no more accurate/elegant > way? I don't think so. I haven't seen any switch on any of the usual commands (repquota etc) to get this. I guess you'll have to do some scripting to add up the "used" values in order to compare them with your partition size. If you find/create the elegant way, please share... Happy New Year! Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to convert 7 cd iso images into one dvd image?
On 01/14/2011 09:29 PM, Kenneth Wolcott wrote: > I suppose I could install from the cd iso images, but it is a pain to > virtually eject and remount cd iso images during the install :-( There is a trick where you can perform an installation with just the first CD (and you won't be asked for further CDs) if you do this: 1) do a text-based installation (on the prompt right after booting type: linux text ) 2) when it comes to package selection, uncheck all groups but then click on customize packages (to get into package details)..and uncheck all of them. The previous steps are from my head (specially #2) but just pay attention to the software and what I said and you'll be fine. You'll get an installation of about 600 to 700 MB and then you can use "yum" to install whatever you need to install. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with timezone configuration
On 02/20/2011 07:41 PM, John Nash wrote: > Am I missing something important ? Is your /usr a separate partition? If so try to copy /usr/share/zoneinfo/Europe/Paris to /etc/localtime (instead of it being a symbolic link). See if that works. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Finding wich files a writen to
On 05/04/2011 12:17 PM, Nicolas Ross wrote: > iotop can points me to wich process, but that doesn't points me to what > files are the culprits... A rough way would be to change to the top-level directory where you suspect the files are being written and perform: find . -type f -mmin -1 (that would search for all files modified within the last minute) A more elegant way would be: lsof -p PID (where PID is the process ID...of the process iotop showed you) HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] would any of you recommend a ticketing system?
On 07/19/2011 07:32 AM, Kevin Thorpe wrote: > would any of you recommend a ticketing system? Redmine: http://www.redmine.org/ You can give it a try by using any of the the Bitnami virtual-machine images: http://bitnami.org/stack/redmine HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Partitionning for future.
On Sunday 28 June 2009 11:38:48 am David Goldsmith wrote: > resize2fs /dev/VolGroup00/LogVol03 Does it performs the resizing while the filesystem is mounted? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Partitionning for future.
On Sunday 28 June 2009 11:52:36 am David Goldsmith wrote: > Resizing to make an ext2/ext3 filesystem larger can be done while the > filesystem is mounted. Resizing to shrink a filesystem requires the > filesystem to not be mounted. Thanks for the tip and for the nice demonstration David. All the best, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] syslog to remote server
On Thursday 06 August 2009 10:58:05 pm hce wrote: > The messages from local0 worked fine, all sent to the remote log > server. But all messages from local1 were still displayed in > /var/log/messages despite it has been set to local1.none. How do you determine which messages come from which facility by looking at the log? As far I as I know , in the actual log message, there's no indication of the facility generating it...there may be the ip from where it's coming..the daemon generating it but the actual facility I don't remember. If I were you I would go to the destination syslog server first and perform this test: logger -p local1.info "testing proper routing on destination server" and then check where the message goes (check your syslog.conf there on the destination server). Once you know local1 is properly routed (on the destination server), then you should go to the original (source) server where I recommend you comment out the whole line pointing to /var/log/messages and concentrate on the local1 line first. Don't forget to reload the configuration (service syslog reload) and then try this: logger -p local1.info "message comign from source server" and then check the proper log on the destination server... There are some startup switches for syslog (to allow it to receive remote messages) but I rule out that because you mentioned it is already working for the local0 facility... HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux Relabeling
Hello everyone, If create a folder called "whatever" under /var, the context is: root:object_r:var_t /var/whatever/ That's expected as it is under /var. If I then change its type: chcont -t httpd_sys_content_t /var/whatever The context looks like: root:object_r:httpd_sys_content_t /var/whatever/ My question is...Shouldn't a relabeling of the filesystem change the type of this directory back to var_t? I just performed a relabel (/.autorelabel) and the directory stayed with httpd_sys_content_t. I thought that the only way this could happen was if I used "semanage fcontext -a " so that a new line would be appended in: /etc/selinux//etc/selinux/targeted/contexts/files/file_contexts.local. Not only that, If I perform "matchpathcon /var/whatever" I still get var_t as its default type. Then again, why it kept the httpd_sys_content_t after the relabel? Thansk in advance, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux Relabeling
On Wednesday 09 September 2009 08:08:27 am Jorge Fábregas wrote: > If I perform "matchpathcon /var/whatever" I still get var_t as > its default type. Then again, why it kept the httpd_sys_content_t after the > relabel? I did the same test on Fedora 10 (which of course is way newer than Centos) and it behaves different (the way I had in mind): after a relabel thru ./autorelabel, all the files & directories I create under /var return to var_t (if there's no override in file_contexts.local). In CentOS 5.3, If I manually change from var_t to something else, when I relabel the filesystem, the file keeps the type I specified (and not the default it should have based on its location). Please if anyone knows why this happens i'd be glad to know. Thanks, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux Relabeling
On Saturday 12 September 2009 03:31:25 pm A. Kirillov wrote: > Read this thread: > https://www.redhat.com/archives/fedora-selinux-list/2009-July/msg00141.html Arrgh Sasha right on!!! Thanks so much! I had no idea about "Customizable Types" and indeed httpd_sys_content_t is one of them!! I've been trying to figure this out for a couple of days and now the search is over! Thanks a milion! All the best, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "Point Releases" Question
On Monday 14 September 2009 10:59:58 am Ralph Angenendt wrote: > The release notes will have a section if/which packages have been > removed or are new to the release (or have been updated). Thanks for clarifying Ralph. All clear now. All the best, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] "Point Releases" Question
Hello everyone, Let say 5.4 goes out today; If I fully update (today) my 5.2 system...will it be equivalent to 5.4 (all RPM packages with same version/release number?)? Or is it possible for the new point release to include NEW packages that weren't on the base relase (in this case CentOS 5)? Thanks, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Running SSH on a different port (with SELinux)
Hello everyone, Now after the recent discussion on running SSH on a different port, I decided to start a new thread but with SELinux involved. Assuming that you have SELinux enabled, and that you changed the default port for SSHD, let say for 1234, when I restart SSHD I don't get any AVC denials. This is the output of: semanage -l port | grep ssh ssh_port_t tcp 22 I thought (based on previous SELinux readings) that in order to allow SSHD on a non-default port you needed to: semanage port -a -t ssh_port_t -p tcp 1234 That was the theory I read :) Now in practice it seems it is not implemented yet, or at least by the time RHEL5 came out. Does anyone knows? All the best, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running SSH on a different port (with SELinux)
On Sunday 25 October 2009 03:06:58 pm Ned Slider wrote: > The SSH daemon runs as an unconfined service in SELinux (at least on > RHEL4 and 5), so SELinux has no effect on SSH. Same as a bash shell runs > unconfined. Thanks Ned! That's it. I missed the following check: # ps -eZ | grep sshd root:system_r:unconfined_t:SystemLow-SystemHigh 6161 ? 00:00:00 sshd It cleary shows "unconfined_t" for sshd. Thanks again! All the best, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Default ACL question (EXECUTE BIT)
Hello everyone, I'm doing some tests with ACL's and even though I can create a "default" ACL for a directory (that includes "rwx" for the default owner), when I finally create a file wihin that directory the execute bit is chopped off: [...@machine ~]$ mkdir mydir [...@machine ~]$ setfacl -d -m u::rwx,g::-,o::- mydir/ [...@machine ~]$ cd mydir [...@machine mydir]$ touch testFile.txt [...@machine mydir]$ ls -l testFile.txt -rw--- 1 joe joe 0 Oct 29 21:14 testFile.txt I don't think umask is involved here. As far as I know umask isn't involved when dealing with default ACL's. Anyhow, I'm pretty sure this is by design (security-wise). Is there any way to override this behaviour? Thanks, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Default ACL question (EXECUTE BIT)
On Thursday 29 October 2009 10:32:30 pm nate wrote: > It's been eons since I played with acls, but I thought you can > only view acls via getfacl(or other similar commands) ls -l doesn't > do anything to show acls, only unix-style permissions. Hello nate, Yes, I use getfacl to see the ACLs but in this case I used a "default ACL" that sets "regular permissions" on new files and thus any new file won't have actually an ACL. In my case, the new file looks like: -rw--- 1 joe joe 0 Oct 29 21:14 testFile.txt If It had any ACL on it... a plus sign would appear at the end of the permission bits, like this: -rw---+ 1 joe joe 0 Oct 29 21:14 testFile.txt Best regards, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sort logfiles at rotation time
On Monday 09 November 2009 10:00:32 am Stephen Nelson-Smith wrote: > I want to be certain that my apache and varnish logfiles are in strict > date order when rotated. I'd like to run a sort command against them > before they're compressed. I use the dateext option in my logrotate configuration file so that rotated files have the date appended to the filename. I also compress them so they end up like: whatever-site-access.log.20090930.gz whatever-site-access.log.20091031.gz whatever-site-error.log.20090930.gz whatever-site-error.log.20091031.gz Well...these are sorted (within the same type of file: access... error). If you want them strictly sorted by date you'll need to investigate. I'm not sure if logrotate provides any facility in order to manipulate the "current" file being rotated so maybe you'll have to do this via a shells cript & cron (after logs are rotated). HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [story] Thank goodness for links and caching DNS
On Thursday 14 January 2010 12:52:15 Michael A. Peters wrote: > This is the second time in the last 6 months that all three of my ISP's > nameservers have gone down, You can also use Google's free Caching Nameservers (a recent offering) with some easy-to-remember ip's; 8.8.8.8 and 8.8.4.4 They come handy in situations like these. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] quotacheck question
On Friday 15 January 2010 07:06:58 Aggelis Aggelis wrote: > wonder what are the comments of centos community on hte subject Hi, You just need to run quotacheck the first time you're going to use a filesystem for quotas (so that it can create its database on the filesystem). For example, if you're going to create quotas for users in /home: quotacheck -cu /home If it's for groups then: quotacheck -cg /home Regarding boot time, the quotacheck command is run by /etc/rc.d/rc.sysinit (which runs everytime the system starts) so no need to worry. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] autofs with nfs plus local directories
On Monday 25 January 2010 19:35:07 Carlos Santana wrote: > Now I need to create a local user account and have its home dir > also on local system If it's a local user you want (with its fils on local system) why are you using the autofs facility? Isn't it just a matter of creating the user locally and make sure it resides in the local system's /etc/passwd file? Did you check /etc/nsswitch.conf to find out the order the databases are searched? What do you get when you do: getent passwd | grep test1 HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cron jobs not running
On 07/30/2011 11:07 PM, Tim Dunphy wrote: > 03***/bin/alldb > /home/bluethundr/backupdb/alldb-$(date > +%Y%m%d%H%S).sql I think the date paremters (percent etc) is causing you problems here. Try it simple first: * * * * */bin/alldb > /home/bluethundr/backupdb/alldb-today.sql Did it work? -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 6.0 Media problems
On 08/28/2011 09:06 PM, ken wrote: > When I downloaded the iso for 6.0 install, K3b said the iso wouldn't fit > on the blank DVD. Hi, >From the 6.0 Release Notes here: "The i386 DVD is just a bit too large to fit on normal single layer DVD+R media. It can be burnt successfully on DVD-R or dual-layer media." HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH in and my terminal keystrokes are weird.......
On 09/25/2011 02:05 PM, Todd wrote: > I upgraded to OS X 10.7 on my laptop and when I try to ssh into my servers > and do edits it seems my backspace is now weird This is something you need to fix on the terminal emulator you're using. Apparently the backspace code your terminal is sending now is not the correct one. Try to find any option regarding backspace (or type of terminal) in your terminal emulator. Meanwhile, while you fix this, you can connect to the server and execute: stty erase ...to get proper backspace. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hacking Issue
On 09/26/2011 07:02 AM, Jennifer Botten wrote: > -A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP This needs to be: -A OUTPUT -i eth0 -d 209.61.231.42 -p udp -j DROP ...if you want to drop packets initiated from your system to that ip...which doesn't make any sense if you're dropping all the incoming connection from that ip. On why are you still getting packets from that ip... perhaps there's also TCP traffic? If you want to completely drop packets from that ip simply remove the protocol argument like this: -A INPUT -i eth0 -s 209.61.231.42 -j DROP HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hacking Issue
On 09/26/2011 07:45 AM, Jennifer Botten wrote: > I am blocking UDP and TCP from that IP. I also have an OUTPUT rule however > mine has the -o eth0 as the -i eth0 does not work. Yes, I had it wrong. For the OUTPUT chain you use the -o ethX. Perhaps you have an ALLOW rule for udp or some other criteria BEFORE the actual DROP? How do you determine that it is not working? Also, please follow the common rules when posting :) 1) don't use html 2) quote properly (look at how I am replying) Regards, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Chroot in CentOS 5.* ?
On 10/07/2011 05:42 AM, przemol...@poczta.fm wrote: > How about chrooted sftp in centos 5.* ? > If I cannot - do I have to use centos 6.* ? The stock SSH package in the CentOS 5 series doesn't have the chroot functionality. The one in CentOS 6 does. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Silly logrotate question
On 10/19/2011 05:14 AM, John Kennedy wrote: > How can I satisfy both the need to remove yesterday's log file while keeping > the current day? Hi, I perfectly understand your problem. "copytruncate" is not your friend here so, taking "copytruncate" out of the picture, I really don't see a quick fix as logrotate doesn't provide a facility to work on files OLDER than X days. If there was such an option, you could tell it to rotate all the *.log files from the previous day (move them & compress, not copy them) without affecting your current day log. Possible workarounds: 1) Modify your app if you can so that it stops creating new files daily. Something like app.log. Use the "copytruncate" & "dateext" (along with your other options) in the logrotate configuration so that every day the file is COPIED & COMPRESSED to app.log.2019.gz. That way your file is truncated everyday and you'll have nicely compressed historical archives (with the date appended) which you can keep for X days depending on your "rotate X" value. 2) get creative with the "prerotate" and "postrate" options of logrotate. 3) if your app is smart enough to create a log daily perhaps you could tell it to compress the previous file and get rid of logrotate for that. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] New Tutorial - RHCS + DRBD + KVM; 2-Node HA on EL6
On 01/03/2012 10:29 AM, Digimer wrote: > Hi all, > > I'm happy to announce a new tutorial! > > https://alteeve.com/w/2-Node_Red_Hat_KVM_Cluster_Tutorial Hello Digimer, Thanks for sharing this. I might try it in a couple of months as I'm not ready yet (need to grasp some concepts/technologies first). I also haven't used KVM but I have some experience with VMware (vSphere Clusters). For vSphere clusters you need a shared storage system: ideally (in preference order) you'll be using a FC SAN, iSCSI SAN or a NAS (serving NFS). I'm interested in the DRBD part here. Did you use it because you didn't have access to a shared storage system? or is it a requirement for a particular functionality you wanted? Have you done it before with a shared system? Any considerable performance difference (DRBD vs shared-storage)? Thanks! Best regards, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] swap labeling annoyance
On 01/05/2012 06:14 PM, m.r...@5-cent.us wrote: > mkswap -L SWAP-sda3 /dev/sda3 Hi, I didn't know you could create a label within the mkswap command. I always used "e2label" as in: e2label /dev/sda2 myswap Try it with e2label just in case. Also, are you able to activate the swap using just the block device as reference? -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Advice sought: Virtual Win7 on Centos 6.2
On 01/07/2012 06:05 AM, Lucian wrote: > +1 for KVM/virt-manager/virtio. I need to look further into Spice, but > now I use rdesktop which gives me file sharing and sound. I'm wondering about the difference between using rdesktop or spice to connect to a VM on your local machine (UI responsiveness, copy/paste functionality etc). p.d. I haven't used KVM yet on my machine as I don't have the virt extensions on my CPU but I'm looking forward to it once I replace my box. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LUKS full disk Encryption question
On 01/07/2012 06:40 PM, Ljubomir Ljubojevic wrote: > What will be the performance impact on my Celeron 1.73 GHz CPU and/or > hdd speed? To further add to what has been said, check if your particular CPU supports the AES-NI instruction set which should provide some performance boost: http://en.wikipedia.org/wiki/AES_instruction_set Of course, that is, if you choose to use the AES cipher (the default). HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CPU Usage when idle
Hello guys, Did anyone noticed how green CentOS 6 is compared to the previous release? I've been running a couple of "CentOS 6" VMs (on our vSphere environment) for the last couple of weeks and noticed a BIG difference when it comes to CPU usage when the VM is completely idle. I would like to share what I've seen in our environment: PfSense 2.0 (FreeBSD) VM: 40 Mhz CentOS 5.7 VM: 60 Mhz CentOS 6.2 VM: 5 Mhz This is really wonderful. They did a great job with RHEL6 and I'm curious what was changed in order to accomplish this. Regards, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos and Oracle
On Monday 22 September 2008 05:23:51 am Szemerédy Gábor wrote: > We need to develop and use Oracle Forms applications. Do we need to > install 10g Developer Suite also or are the forms contained in the > application server? Yes, you need to install the Developer Suite in order to use Forms Builder, Report Builder etc... > If we need the Developer Suite also , please tell us where from to > download it. http://www.oracle.com/technology/software/index.html HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple audio recording app?
On Sunday 26 October 2008 09:21:17 am Niki Kovacs wrote: > I've just been looking for a simple audio recording app You can use arecord (comes with the alsa-utils package) which is a command-line tool or if you want a GUI one you can try Audacity. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS caching is not working on CentOS
On 02/08/2013 03:09 PM, Ed Morrison wrote: > The services start fine but when telling to perform a dig using itself > as the resolver the queries fail Check the following line in /etc/named.conf and make sure you have both ip addresses: listen-on port 53 { 127.0.0.1; 192.168.1.6; }; Also, if you're using views, check the "match-clients" directive to see if you're filtering out traffic coming from localhost. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS caching is not working on CentOS
On 02/09/2013 07:01 PM, Jorge Fábregas wrote: > Check the following line in /etc/named.conf and make sure you have both > ip addresses: I'm sorry. I thought you were running BIND. I'm on that list too...got to pay more attention next time! Anyway, check the bind (no pun intended!) address doing "netstat -nulp" and verify the line containing UDP/53. Check if it's only listening on 192.168.1.6. If so, there you have it. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS forwarding vs recursion
On 03/28/2013 02:05 PM, John R Pierce wrote: > is it as simple as adding allow-recursion{} with the appropriate private > subnets and localhost to named.conf ? Yes. That's basically it. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How often is kernel "touching" swap partition?
On 07/23/2013 01:22 PM, Martin Šťastný wrote: > how often is kernel touching swap space There's a kernel tunable called "swappiness" [1] to control that. You can add an entry in /etc/sysctl.conf like this: vm.swappiness=0 ...and the kernel will avoid, as much as it can, to use swap. HTH, Jorge [1]: http://en.wikipedia.org/wiki/Swappiness ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos media repo
On 07/31/2013 12:48 PM, Patrick wrote: > Is there a way to do this? Change enable=1 to 0 here: /etc/yum.repos.d/CentOS-Media.repo HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Connecting ethX devices directly to a KVM/QEMU guest OS (no bridging)
On 01/18/2012 05:49 PM, Tait Clarridge wrote: > Create the 8 bridges that you need and go from there, you should be able > to assign them in Virtual Machine Manager to the VMs. Hello Tait, I'm learning about ethernet bridges and how it is applied to virtual networking. It seems that, in the past, after you created the virtual bridge (br0, br1 etc) you had to create the taps with tunctl and THEN you assigned those taps to your VMs. And now it appears that virt-manager doesn't need these taps and you can simply point the VM to the proper bridge. My question is: are the taps being used behind the scenes (is it something libvirt does for us) or are the tap interfaces obsolete now? Thanks, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Virtual appliance - initial setup
On 08/03/2012 04:22 AM, Deyan Stoykov wrote: > Is anyone aware of an existing solution for post-deployment > configuration (hostname, network settings and root password > as a minimum) other than editing config files by hand Try sys-unconfig (I think it comes by default on the system). I never used it but might be what you're looking for. man sys-unconfig HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] block port forwarding?
On Thursday 25 February 2010 07:36:50 Roland RoLaNd wrote: > lately i've noticed that lots of traffic being produced by the servers .. > is there a way to know whose using port forwarding to my server so they > access the internet ? I don't know why you use the term "port forwarding". If I understand you correctly., and having said that ip forwarding isn't turned on, you suspect someone is using your 2 servers to gain access to the internet"? The only thing I can think of...they might be using your servers as a SOCKS proxy. For this , there needs to be some way to connect to these serves (SSH? etc...). Log in to these servers and do a "netstat -ntap" so you can see the established connections and track what programs are responsible for these. If anyone is connected to your machines (from the local network) you'll see it there too. Of course, I'm assuming your machines were not tampered with (that is, all the binaries are intact :) Best regards, Jorge p.d. you can try wireshark (network sniffer)... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] block port forwarding?
On Thursday 25 February 2010 08:18:13 Eero Volotinen wrote: > > cat /proc/sys/net/ipv4/ip_forward > > 0 > > So, problem solved? Hmm I think he meant to show the current status of ip forwarding on his box. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] log rotation not working
On Sunday 14 March 2010 20:38:23 David Mehler wrote: > Thanks for your reply. Crontabs package is indeed installed. Various things: 1- Check that indeed crond is running (ps -ef | grep cron) 2- Check that the logrotate script is indeed in the /etc/cron.daily|hourly| weekly directories... 3- the best one: run it manually by doing: logrotate -d -f /etc/logrotate.conf ..and see for yourself why isn't running. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux restorecon does not work
On Tuesday 06 April 2010 03:24:49 James Corteciano wrote: > Instead, you can generate a local policy module to allow this access Hello James, This doesn't seem like an incorrect labeling issue. Files under /etc, most of them, will have the etc_t as type. Apparently the current policy doesn't allow the action "seattr" from a process with a domain of "postgresql_t" to a file of type "etc_t". You need to do what the output tells you (what I'm quoting). Try this: http://tinyurl.com/yd24kfw ...with somethign like "grep postgres /var/log/audit/audit.log ...the rest of command." HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is every CentOS release supported for 7 years?
On Saturday 22 May 2010 16:36:18 Robert Heller wrote: > Base Ubuntu 'version' numbers are just the year.month of the > release: Ubuntu 10.4 is just the base release of April of 2010 I didn't know that one! Interesting. Thanks Robert. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setting up a printer without having one
On Tuesday 01 June 2010 13:07:35 Marko Vojinovic wrote: > So how does one configure a to-be-used-in-the-future printer, without > actually having one plugged in? Just run system-config-printer and follow the new printer wizard. You basically need to know the manufacturer and model. With that you can select the proper PPD file. The other thing you need to know is HOW the printer is going to be connected to the machine. In other words, its backend (CUPS-wise). If you get this right (correct PPD and correct backend) you're all done. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Physical-to-Virtual (VMware) & SELinux
Hello guys, I have a couple of servers that I'm about to virtualize to our VMware Vsphere ecosystem. For Linux servers I read that one needs to use the stand-alone converter (which is a live-cd that you boot from it and then you point it to your destination ESX). I would like to know from folks that have already done so...what was your experience like? Did everything went smooth? Any caveats? I'm worried about the filesystem extended attributes (SELinux). Will it survive the migration? Or will I need to relabel the whole filesystem again? Thanks, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Stop auditd logging all commands
Hello everyone, I have this box where auditd is logging every command typed on the system onto: /var/log/audit/audit.log Every line looks like: type=USER_TTY msg=audit msg=audit(124433 msg="command here" ... The strange thing is that I have other similar boxes and I don't see this behavior. I don't see any option in /etc/audit/* or any PAM module triggering it. Is there a way to stop this? I don't want to stop the service since "setroubleshoot" needs it. Any ideas? Thanks! Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to properly change the timezone
On Wednesday 07 July 2010 21:32:45 Phil Manuel wrote: > /usr/bin/system-config-time > > (from the system-config-date RPM package) > > It will work in text mode. > > (Essentially /etc/sysconfig/clock is the config file that also needs > updating) Is /etc/sysconfig/clock really essential? I just have /etc/localtime pointing to the right timezone and never had any problem. I don't even have /etc/sysconfig/clock on my servers. I was about to install the system-config-date (package that provides system- config-time) in order to see if indeed it creates /etc/sysconfig/clock but yum tells me I need 48 more packages to satisfy dependencies. I said no obviously Best regards, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Stress Test
On Thursday 22 July 2010 13:30:49 Joseph L. Casale wrote: > I have an HP Server w/ a Smart Array controller I need to test. Also, don't forget to use the hpacucli tool (in order to get every detail on the controller and disks. I recently discovered it and it's nice since you can create scripts based on its output to alert you when a drive fails etc... Best regards, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] force b/w printing
On Wednesday 04 August 2010 02:18:55 Janez Kosmrlj wrote: > but the user can still change back to color mode, if he wants to in the > print dialog. I want that they don't even have the option to print in color Have you tried modifying the PPD file to remove the color option? I mean, I would copy the original PPD file to a file named "whatever-NOCOLOR.ppd". Then I would create the second printer and assign this PPD file to it. I've never done it before but I think it should work as all the printer options the user is presented come from the PPD file. Let us know if that works. Regards, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Set default file/dir permissions?
On Thursday 26 August 2010 10:35:08 Tim Nelson wrote: > I've looked at and tested umask but it only seems to allow/disallow > specific permissions, not force permissions. Am I missing something? How > can I force all files/dirs created under a specific directory to have the > permissions (and ownership if possible) that I specify? Hi, You need to jump into ACLs. You'll do something like: http://tinyurl.com/257k9qy If you don't want to deal with ACLs and your requirements aren't too specific you could set the SGID, bit (Set Group ID) so that every file created under the directory will be owned by the group owner of that directory: chown myGroup /var/appdata chmod g+s /var/adppdata HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Set default file/dir permissions?
On Thursday 26 August 2010 11:56:41 Tim Nelson wrote: > ACL's do indeed look like the method I'd prefer. Are ACL's part of the > filesystem (dependent on ext{2,3,4} etc?) or are they part of the > file/inode? My primary reason for asking is I'd like to know if when > backing up this data, will the ACL's be included in the backup or will > they be lost? Yes, they are part of the filesystem's extended attributes and you are right: you need to make sure the tools you use to backup/restore are "aware" of these extended attributes. AFAIK, the "tar" command on CentOS 5 is not aware of these and you need to use one called "star". Check that one. http://tinyurl.com/2wjytjx You could still use your backup program or the regular tar command along with "getfacl -R" to create a text dump of all the permissions (so that you can easily reapply them when you untar/restore on the destination filesystem). HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Set default file/dir permissions?
On Thursday 26 August 2010 12:17:05 Jorge Fábregas wrote: > AFAIK, the "tar" command on CentOS 5 is not aware of these and you need to > use one called "star" Check your CentOS release level. I just checked now and on 5.5 the tar command (man tar) shows some options for acl and selinux (you need to be explicit about these in order to get these attributes). -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS7: vncserver - desktop resolution
On 07/09/2014 08:24 AM, Martin Moravcik wrote: > Please, let me know, if you have any idea. Hi, You need to copy the file from /lib/systemd/system/vncserver@.service to /etc/systemd/system/ as per the instructions in the vncserver@.service file (the 4 points under "Quick HowTo" at the beginning). I copied mine to /etc/systemd/system/vncserver@\:1.service and it works (I get the geometry specified there). I'm in Fedora 20 (haven't tested this on CentOS/RHEL 7) but it should be the same. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS7: vncserver - desktop resolution
On 07/11/2014 09:13 AM, Martin Moravcik wrote: > As I said before, in CentOS6 the desktop resolution corresponds with the > parameter -geometry in /etc/sysconfig/vncservers file. And I would like > to behave my centos7 the same way. I see. The only time I had trouble with the display geometry I fixed it with the RANDR extension. You might want to try that. Like this: ...-geometry 1400x800 -nolisten tcp -localhost -extension RANDR -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS7: vncserver - desktop resolution
On 07/15/2014 10:30 AM, Martin Moravcik wrote: > Any other ideas/hints? ... thanks in advance There's a tigervnc-users mailing list. The VNC experts are supposed to be there :) -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat CEO: Go Ahead, Copy Our Software
On 08/16/2013 10:53 AM, Johnny Hughes wrote: > SUSE does not release their enterprise sources and there > is no SLES clone because of it. I can't believe I never thought about it (to wonder why there wasn't any SLES clone)... Shouldn't they release the source for the GPL packages? I thought there was no way around it (and therefore that's why Red Hat had to do it). -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dd ?
On 12/29/2013 07:08 AM, hadi motamedi wrote: > how can I install clonezilla on my centos machine to try cloning my > disk? Hi, You don't have to install it. Clonezilla it's a Live CD: you boot from it, do your thing and you're done. It's way better than using dd because it's filesystem-aware and will only copy the used bits. Regards, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS Bug Tracker - Merge with Upstream?
Hi, Is the CentOS Bug Tracker going to be replaced by the upstream one (bugzilla.redhat.com)? I think it would make sense to have just one place to report bugs against RHEL, Fedora & CentOS. Regards, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there any benefit to using NetworkManager on a server with a static IP?
On 03/25/2014 11:35 PM, Christopher Jacoby wrote: > Does anyone here actually use NetworkManager on anything but a laptop or > desktop? I can't seem to figure out a reason to use it on a server. Hi, I asked a similar question on the NetworkManager list a while ago: https://mail.gnome.org/archives/networkmanager-list/2014-January/msg00061.html There's a reply from one of the developers. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] HDD Problem....
On 04/05/2014 02:41 PM, Eddie O'Connor wrote: > Any help or advice would be greatly appreciated. Try to get some SMART data out of it if you can: # yum install smartmontools # smartctl -a /dev/sdX -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos