Re: [CentOS] Openswan or Ipsec-tools?
I have this problem with my IPSec implementation, whatever I change :O [root@Carmen ~]# /etc/init.d/ipsec start failed to start openswan IKE daemon - the following error occured: addconn: /builddir/build/BUILD/openswan-2.6.32/lib/libipsecconf/confread.c:255: load_setup: Assertion `kw->keyword.keydef->validity & kv_config' failed. El 14/05/12 18:14, Sergio Belkin escribió: > 2012/5/14 Shaun >> I didn't think ipsec-tools were in CentOS 6? >> >> Just openswan. > Is there any reason for ipsec-tools is not in CentOS? > > Thanks in advance! -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos security
I remember I sent weeks ago next email to other guy with same doubts: Hello, just if it helps, please find below these lines the steps I have used to analyze several suspicious machines in some customers, to check if they have been compromised or not: * Chrootkit && rkhunter -> To search for known trojans and common linux malware. * unhide (http://www.unhide-forensics.info/) -> to check for hidden processes and tcp sockets * rpm -Va -> To check binary integrity against installed rpms * If netstat binary looks to be sane, check listening sockets * If ps binary looks to be sane, check shown running processes * Check console connections with "last" and "lastb" commands * Tcpdump on network interfaces avoiding traffic for known running services (80, 25, 21, etc... depending on the role of the machine) to check for the weird traffic * grep -i segfault /var/log/* -> to check for buffer overflows in logs * grep -i auth /var/log/* |grep -i failed -> to check authentication failed tries. * lsmod -> to check loaded kernel modules (it is ver difficult to find out something wrong here, but just to be sure nothing weird appears). * lsof -> to check opened current files * Check xinetd -> to find out if someone has added some new "service" * have a look to /tmp, /opt, /usr/bin, /usr/local/bin, /usr/sbin and .bash_history... * check /etc/passwd and verify created users are licit to be there. * check crontab for every user to avoid any process to be programmed Hope the checklist helps... Regards, El 19/02/12 03:18, Al escribió: > On Feb 18, 2012, at 9:07 PM, Donkey Hottie wrote: > >> 19.2.2012 3:38, Al kirjoitti: >>> Any suggestions on what to run on a centos box to verify that the >>> server isn't compromised or being sniffed? Thanks! >> rkhunter comes to my mind. > Thanks for the suggestion, any others? > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] A Hardware Observation (and Thank You To John Pierce)
If you have changed all the devices at once (switch and network cards) you are not able to know if the improvement has caused by the switch or by the NICs. Anyway, congrats for your new network :D El 30/01/12 04:01, Jason T. Slack-Moehrle escribió: > A few days ago, John Pierce made a comment about Intel network cards and that > they are more reliable and a better overall card than most. (This is not > exactly what he said, but rather I am paraphrasing) My small cluster of > servers all had generic PCI nics in them (I was not using any onboard NICS). > > Today, I replaced the NICS with Intel Pro 1000 PCI-E NICS and replaces our > small 5 port TP-Link GB switch with a nice 8 port Cisco GB switch and what a > world of difference. The network is zippier for sure. Copying large files > between machines using 'scp' is faster, our websites come up better (testing > from my wife's work) too. > > I know some have joked about the PB conversation in terms of not realizing > the amount of electricity and space it will take, but I really do read and > pay attention and try not to ask totally stupid questions. > > John Pierce, thank you! > > -Jason > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dedicated Firewall/Router
CentOS Linux + Fwbuilder FTW! El 17/01/12 14:38, Steve Thompson escribió: > On Mon, 16 Jan 2012, Jason T. Slack-Moehrle wrote: > >> I want to build a dedicated firewall/router as I am launching a NPO and >> I can host this in my garage. (Comcast offered me a 100 x 20 circuit for >> $99/mo with 5 statics) > I use two Dell R310's in a master/backup setup with shorewall and > keepalived. > > -s > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] an actual hacked machine, in a preserved state
Hello, just if it helps, please find below these lines the steps I have used to analyze several suspicious machines in some customers, to check if they have been compromised or not: * Chrootkit && rkhunter -> To search for known trojans and common linux malware. * unhide (http://www.unhide-forensics.info/) -> to check for hidden processes and tcp sockets * rpm -Va -> To check binary integrity against installed rpms * If netstat binary looks to be sane, check listening sockets * If ps binary looks to be sane, check shown running processes * Check console connections with "last" and "lastb" commands * Tcpdump on network interfaces avoiding traffic for known running services (80, 25, 21, etc... depending on the role of the machine) to check for the weird traffic * grep -i segfault /var/log/* -> to check for buffer overflows in logs * grep -i auth /var/log/* |grep -i failed -> to check authentication failed tries. * lsmod -> to check loaded kernel modules (it is ver difficult to find out something wrong here, but just to be sure nothing weird appears). * lsof -> to check opened current files * Check xinetd -> to find out if someone has added some new "service" * have a look to /tmp, /opt, /usr/bin, /usr/local/bin, /usr/sbin and .bash_history... * check /etc/passwd and verify created users are licit to be there. * check crontab for every user to avoid any process to be programmed Hope the checklist helps... Regards, El 02/01/12 09:04, Craig White escribió: > On Sun, 2012-01-01 at 14:23 -0800, Bennett Haselton wrote: >> (Sorry, third time -- last one, promise, just giving it a subject line!) >> >> OK, a second machine hosted at the same hosting company has also apparently >> been hacked. Since 2 of out of 3 machines hosted at that company have now >> been hacked, but this hasn't happened to any of the other 37 dedicated >> servers that I've got hosted at other hosting companies (also CentOS, same >> version or almost), this makes me wonder if there's a security breach at >> this company, like if they store customers' passwords in a place that's >> been hacked. (Of course it could also be that whatever attacker found an >> exploit, was just scanning that company's address space for hackable >> machines, and didn't happen to scan the address space of the other hosting >> companies.) >> >> So, following people's suggestions, the machine is disconnected and hooked >> up to a KVM so I can still examine the files. I've found this file: >> -rw-r--r-- 1 root root 1358 Oct 21 17:40 /home/file.pl >> which appears to be a copy of this exploit script: >> http://archive.cert.uni-stuttgart.de/bugtraq/2006/11/msg00302.html >> Note the last-mod date of October 21. >> >> No other files on the system were last modified on October 21st. However >> there was a security advisory dated October 20th which affected httpd: >> http://mailinglist-archive.com/centos-announce/2011-10/00035-CentOSannounce+CESA20111392+Moderate+CentOS+5+i386+httpd+Update >> https://rhn.redhat.com/errata/RHSA-2011-1392.html >> >> and a large number of files on the machine, including lots of files in */ >> usr/lib64/httpd/modules/* and */lib/modules/2.6.18-274.7.1.el5/kernel/* , >> have a last-mod date of October 20th. So I assume that these are files >> which were updated automatically by yum as a result of the patch that goes >> with this advisory -- does that sound right? >> >> So a couple of questions that I could use some help with: >> >> 1) The last patch affecting httpd was released on October 20th, and the >> earliest evidence I can find of the machine being hacked is a file dated >> October 21st. This could be just a coincidence, but could it also suggest >> that the patch on October 20th introduced a new exploit, which the attacker >> then used to get in on October 21st? >> (Another possibility: I think that when yum installs updates, it >> doesn't actually restart httpd. So maybe even after the patch was >> installed, my old httpd instance kept running and was still vulnerable? As >> for why it got hacked the very next day, maybe the attacker looked at the >> newly released patch and reverse-engineered it to figure out where the >> vulnerabilities were, that the patch fixed?) >> >> 2) Since the */var/log/httpd/* and /var/log/secure* logs only go back 4-5 >> weeks by default, it looks like any log entries related to how the attacker >> would have gotten in on or before October 21st, are gone. (The secure* >> logs do show multiple successful logins as "root" within the last 4 weeks, >> mostly from IP addresses in Asia, but that's to be expected once the >> machine was compromised -- it doesn't help track down how they originally >> got in.) Anywhere else that the logs would contain useful data? > > the particular issue which was patched by this httpd (apache) update was > to fix a problem with reverse proxy so the first question is did this > server actually have a reverse proxy configured? > > My next thought is that
Re: [CentOS] openvpn + bridge utils in CentOS 6
Hello, I did not have read this issue before, but I have seen this problem also. Whenever I restart the bridge (with tap0 interfaces also) I have to make a first ping to the physical interface related to the tap0 module. I also ping another machine on the same physical network. After that, I am able to reach the bridged one. Extrange behaviour but this works for me in this way now. I look forward RedHat fixed this bug soon. El 07/11/11 06:39, 唐建伟 escribió: > thank you very much for your follow up. wish to get good news from you soon. > > On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаилwrote: > >> >> 28.09.2011, 04:58, "唐建伟": >> Hello, I didn't find what to answer to you mounth ago. But now I also have >> an installation of centos 6 (at past I used centos 5.7) , and I have the >> same problems as you. First of all, did you find any solutions? >> >> I only found that the problem is in br0 device. I can't guess why but it >> not recive ARP REPLY packets. >> >> tcpdump on all devices (tap0, eth1, br0) give me the same: >> >> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >> length 28 >> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >> length 28 >> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >> length 28 >> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my >> local hosts// >> >> and no APR REPLY. >> >> Intresting that on other hand I have the same configs files on Centos 5.7. >> and everything work perfectly. >> >> >>> no, i removed the commands you mentioned, but it still doesn't work. >>> >>> Best Regards >>> Tang Jianwei >>> >>> On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил>> wrote: >>> I can't remember a reason, but at one moment I stop to use "openvpn --mktun --dev [dev name]" command. May be it's becouse openvpn create >> tap0 by it self. So try to comment this lines: for t in $tap; do openvpn --mktun --dev $t done then restart a network, after then start openvpn and after it start >> bridge script > openvpn configure file > > *port 1194 > proto udp > dev tap0 > ca ca.crt > cert VPN_Server.crt > key VPN_Server.key # This file should be kept secret > dh dh1024.pem > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 >> 192.168.119.225 > keepalive 10 120 > comp-lzo > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > log-append /var/log/openvpn.log > verb 3 > mute 20 > * > > the script for bring up the bridge > *# Define Bridge Interface > br="br0" > > # Define list of TAP interfaces to be bridged, > # for example tap="tap0 tap1 tap2". > tap="tap0" > > # Define physical ethernet interface to be bridged > # with TAP interface(s) above. > eth="eth1" > eth_ip="192.168.119.1" > eth_netmask="255.255.255.0" > eth_broadcast="192.168.119.255" > > for t in $tap; do > openvpn --mktun --dev $t > done > > brctl addbr $br > brctl addif $br $eth > > for t in $tap; do > brctl addif $br $t > done > > for t in $tap; do > ifconfig $t 0.0.0.0 promisc up > done > > ifconfig $eth 0.0.0.0 promisc up > > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* > > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил< >> mikxal...@yandex.ru > wrote: >>Hm... It's very hard to guess without config files. Can you post >> your >>server and client openvpn configs... and also can your show a br0 creation >>commands? >> >>27.09.2011, 12:01, "唐建伟": >>>Hi >>> >>>no, i don't think so. anyway, i can and only can the vpn server >> from the >>>remote hosts. >>> >>>Best Regards >>>Tang Jianwei >>> >>>On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил< mikxal...@yandex.ru >>> wrote: So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's >>tap0 device. 27.09.2011, 11:06, "唐建伟": > Hi > > the routing table in the remote hosts are OK. "tcpdump -n -i [device name]" > cannot capture any packages from remote. no mater br0 nor tap0. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил< >>mikxal...@yandex.ru >wrote: >> 27.09.2011, 09:52, "唐建伟": >>> Hi all, >>> >>> I just intalled openvpn + bridg
Re: [CentOS] Centos Firewall - router with virtual IP
El 03/11/11 11:16, News escribió: > Il 03/11/2011 3.34, Fajar Priyanto ha scritto: >> Hi all, >> I haven't found anything in Google about this. >> >> I'm creating a firewall router with Centos with few virtual IP using >> iptables. >> >> May I ask for your experience? >> Is there any pitfall or bad side of using virtual IP for this purpose? >> I'm using few virtual IP to accommodate few subnets that go through >> this firewall/router. >> >> Thank you. >> Fajar. >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > I use shorewall for this > http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html > > Amedeo > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > I use Firewall Builder http://www.fwbuilder.org to manage the ruleset and I am very happy with it. For spanish list subscribers, here you have a post I have written for my blog: http://www.securitybydefault.com/2011/09/firewall-builder-la-gui-para-tu.html -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VirtualBox on CentOS 6.0?
I had problems with VBox 4 in my CentOS6, so I had to install VirtualBox-3.2-3.2.12_68302_rhel6-1.x86_64 and I am very very happy with it. VMware Server meant a lot of problems with new kernels and the patch any-any... so I think Virtualbox does the trick. El 02/11/11 09:04, Roy Trubshaw escribió: > A few things: > > - It didn't/doesn't play well with other virtual machine libraries. > - Don't forget to install the vbox extensions if you want/need to use USB 2.0 > - Don't forget to install DKMS before pretty much anything else. > > - It _is_ worth the hassle of adding the vbox guest additions to support > seamless mouse and keyboard integration > - ... not to mention resizing the machine window > - Here's a relatively complete description on turning VirtualBox into a > service under Redhat/Centos/Fedora > (http://www.kernelhardware.org/virtualbox-auto-start-vm-centos-fedora-redhat/). > Though I'd replace vboxmanage with vboxheadless. [Can't be bothered to > remember if either of the two apps are camelcase or not - check.] > - Dismount the guestadditions ISO / O/S installation ISO / any other > non-essential ISO _*before*_ you take a snapshot. 8-) > - If you want the guest system to be a server you need bridged networking (it > works pretty well 'out of the box' actually). > - RTFM (really) > > It was the first VM I used (mainly because it works on hardware the doesn't > support hardware virtualisation) and the only real problems I have had have > been 64bit guests on 64bit hosts (both windows and unices). > > YMMV > > Toodles, > Roy > > > > > From: David McGuffey > To: CentOS mailing list > Sent: Wednesday, 2 November 2011, 1:27 > Subject: [CentOS] VirtualBox on CentOS 6.0? > > I have an older quad-core AMD processor that supports hardware > virtualization on a motherboard that does not support it in the bios. > > Eventually I'll swap the mobo out on this box for one that will support > hardware virtualization and use qemu-kvm. I prefer kvm because of > SELinux and sVirt that protects the host from VM breakout should a VM > become hostile. > > In the meantime, I want to start work on a web project and want to use > this idle machine and CentOS 6.0 in a VM. What I prototype and learn > will eventually be moved to the production machine using kvm and sVirt. > > So...I downloaded and installed Virtualbox 4.x but haven't yet had the > time to check it out. > > Any tips/tricks concerning it? > > > Dave > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6: ssh X-forwarding does not work
oop my fail! I have mistyped one character :( [root@Carmen tmp]# rpm -qa| grep -i xorg-x11-xauth xorg-x11-xauth-1.0.2-7.1.el6.x86_64 [root@Carmen tmp]# rpm -qa|grep -i xorg-x11-auth [root@Carmen tmp]# So, yes,.. I have that packet installed! Sorry for the misunderstood. Just the lack of one "x" started the flame. El 29/10/11 00:56, Lorenzo Martínez Rodríguez escribió: > El 28/10/11 10:30, John Hodrien escribió: >> On Fri, 28 Oct 2011, Steve Brooks wrote: >> >>> I have a few "sl6.1" worstations that do not have "xorg-x11-xauth" >>> installed and it does *not* seem to appear in the repos. Yet >>> X11-Forwarding works fine. >> It's in the base repos for SL, so it definitely should be appearing. Without >> a functioning xauth, I've never seen functional X forwarding. >> >> I would be interested to know what ssh -Yv that-host-without-xauth shows. >> Without xauth I get: >> >> debug1: Remote: No xauth program; cannot forward with spoofing. > I execute next command and, without xorg-x11-xauth packet installed, it > works perfectly. > > ssh -X -C -c blowfish-cbc,arcfour -Y -l root 192.168.52.133 > > >> jh >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> >> > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6: ssh X-forwarding does not work
El 28/10/11 10:30, John Hodrien escribió: > On Fri, 28 Oct 2011, Steve Brooks wrote: > >> I have a few "sl6.1" worstations that do not have "xorg-x11-xauth" >> installed and it does *not* seem to appear in the repos. Yet >> X11-Forwarding works fine. > It's in the base repos for SL, so it definitely should be appearing. Without > a functioning xauth, I've never seen functional X forwarding. > > I would be interested to know what ssh -Yv that-host-without-xauth shows. > Without xauth I get: > > debug1: Remote: No xauth program; cannot forward with spoofing. I execute next command and, without xorg-x11-xauth packet installed, it works perfectly. ssh -X -C -c blowfish-cbc,arcfour -Y -l root 192.168.52.133 > jh > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6: ssh X-forwarding does not work
Hi, I have a working configuration with CentOS 6. Can you try to set next lines in /etc/ssh/sshd_config and restart SSH server please? #X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 X11UseLocalhost yes In fact I do not have xorg-x11-auth rpm installed: [root@Carmen ~]# rpm -qa|grep -i xorg-x11-auth [root@Carmen ~]# and it works... Give it a try and let us know. Regards, El 26/10/11 11:56, Rainer Traut escribió: > Hi all, > > I have C6 i386 with cr repo enabled; > > problem is, I can't get x-forwarding to work, xorg-x11-auth rpm is > installed, have checked sshd config for > > #X11Forwarding no > X11Forwarding yes > #X11DisplayOffset 10 > > Here is a verbose ssh logon, I can't see any difference to a working server: > > debug1: Authentication succeeded (password). > debug1: channel 0: new [client-session] > debug3: ssh_session2_open: channel_new: 0 > debug2: channel 0: send open > debug1: Entering interactive session. > debug2: callback start > debug2: x11_get_proto: /usr/bin/xauth list unix:10.0 2>/dev/null > debug1: Requesting X11 forwarding with authentication spoofing. > debug2: channel 0: request x11-req confirm 0 > debug2: client_session2_setup: id 0 > debug2: channel 0: request pty-req confirm 0 > > and netstat does not show the open ports in the 60xx range: > > # netstat -antp|grep 60 > tcp0 0 192.168.200.31:22 192.168.200.30:58604 > VERBUNDEN 2537/sshd: xxx [ > > Display var is not set...: > > [root@tr-centos ~]# env|grep -i DISPLAY > [root@tr-centos ~]# > > Any obvious mistake? > > Thx > Rainer > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Netapp like snapshots using Centos 5/6 direct attached storage
Hello, is mandatory for you to use Linux? I am using FreeNAS to share ZFS volumes via NFS and CIFS and it works really great! Regards, El 23/10/11 20:33, Ray Van Dolson escribió: > On Sun, Oct 23, 2011 at 09:56:52AM -0400, Scott McKenzie wrote: >> Hello, >> >> I'm researching the best method of providing about 20 users in a >> production environment the same functionality as they would have on a >> Netapp NFS share. The O/S I will be using is CentOS 5 or 6 (max flex >> on which one) and the hardware is a disk array directly (12 SAS disks >> 7TB un-configured brand new) attached to a HP 580 G 7. >> >> I've done some reading on ZFS on Linux ,fuse-ZFS, BRTFS ,rsnapshot, >> snapFS. >> >> Any one have some advice or experiences to share? >> >> Thanks, >> spuds > ZFS will be the best, but FUSE ZFS is going to be slower and native ZFS > on Linux is still pretty young. > > If you're tied to Linux and your users need absolute stability, I'd go > with tried and true LVM. If they can be a little more tolerant to > churn / downtime / adventure, the other options you mentioned could > become doable. > > If you're _not_ tied to Linux, take a look at Nexenta Community Edition > or Illumos / Solaris Express. > > Not familiar with your array, but if it does hardware based snapshots, > might be an option as well. > > Ray > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's up with the mailing list?
Hi Patrick, It is detected and working now if I use kernel 2.6.32-71.29.1.el6.x86_64. The problem comes if Update to kernel 2.6.32-131.17.1.el6 from *cr* repository. I will try to send the bug to the link you sent. Thanks a lot, El 16/10/11 16:39, Patrick Lists escribió: > On 10/16/2011 03:57 PM, Lorenzo Martínez Rodríguez wrote: > [snip] >>> If you need it for a printer then why not get a usb<->parallel cable: >>> http://www.lindy.co.uk/usb-to-parallel-printer-port-adapter-cable-15m/42882.html >>> >>> Maybe this is the difference >> Following your link I only see "Compatible with Windows >> ME/2000/XP/Vista/7" Are you sure it will work with CentOS 6? I don't use >> it for print anything, but just to switch on my own home alarm as I >> wrote here: >> http://www.securitybydefault.com/2011/04/trasteando-con-una-alarma-de-securitas.html >> Sorry, it is in spanish, that's my language :) Give it a try with some >> online translation service. > Nope I don't know if it will work with CentOS 6. I looked at your page. > I don't speak Spanish but got the idea. Pretty neat. > > [snip] >> If you don't expect anything from somebody, and you receive anything,... >> it would be very pleasant. Since I belong to this list, the only topic >> with 0 answers was my question. Is it so difficult? > Well now at least you got 2 :) > > Have you tried getting the latest Fedora 15 live cd (or maybe even the > latest Fedora 16 beta/TC live cd) and boot that on your server and see > if your card is recognized? That should give you some more info. Then > file a bug at the CentOS website or maybe directly on the Red Hat > bugzilla: https://bugzilla.redhat.com > > If your card is not recognized in the latest CentOS CR kernel and in F15 > (or F16) then you could file the bug twice (under RHEL6 and F15/F16). > Hopefully that should get the kernel devs attention. > > If you can find such a usb<->parallel cable at a local computer store > perhaps you could try it and return it if it does not work? > > Regards, > Patrick > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's up with the mailing list?
El 16/10/11 21:08, John R Pierce escribió: > On 10/16/11 6:57 AM, Lorenzo Martínez Rodríguez wrote: >> Following your link I only see "Compatible with Windows >> ME/2000/XP/Vista/7" Are you sure it will work with CentOS 6? I don't use >> it for print anything, but just to switch on my own home alarm as I >> wrote here: >> http://www.securitybydefault.com/2011/04/trasteando-con-una-alarma-de-securitas.html >> Sorry, it is in spanish, that's my language :) Give it a try with some >> online translation service. > that style of programming, poking bits at a physical IO device at an > assumed port address will not work on anything but a legacy mainboard > LPT1 port. any PCI or PCI-E port will be at a dynamic address which > you'd have to find via the plug and play device registry, or groping > your way through the output of lspci, which it appears you've been > doing.. a USB port requires a complex sequence of commands to be sent to > the USB controller to send data to the port. > > my guess is, the newer kernels have dropped support entirely for > ieee1284 devices. > Hi John, Trust me, with kernel 2.6.32-71.29.1.el6.x86_64 it works like a charm. It is true I had to detect by myself the IO port the BIOS assign to the card and that's all. As I don't have to change daily the card to a different slot, everything works if I load the driver parport_pc with parameter io=0x2018. I was able to do this because if I type lspci, the operating system detects the card. The problem comes when I start with kernel 2.6.32-131.17.1.el6. Then lspci does not not show the card in the right way. Instead a message with the text "!!! Unknown header type 7f" appears in the section of that card. :( -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's up with the mailing list?
El 16/10/11 14:37, Patrick Lists escribió: > On 10/16/2011 10:39 AM, Lorenzo Martínez Rodríguez wrote: >> I had no trouble with panics booting new CR kernel either, but detecting >> my PCI-e parallel port >> http://www.spinics.net/lists/centos/msg119673.html. The worst is nobody >> has given even any clue related to it. > I have not seen a parallel port in years or a device needing a parallel > port. I did not even know a PCI-e parallel card existed. Perhaps people > just don't know what the problem is or can be bothered with technology > from the eighties. > > If you need it for a printer then why not get a usb<->parallel cable: > http://www.lindy.co.uk/usb-to-parallel-printer-port-adapter-cable-15m/42882.html > > Maybe this is the difference Following your link I only see "Compatible with Windows ME/2000/XP/Vista/7" Are you sure it will work with CentOS 6? I don't use it for print anything, but just to switch on my own home alarm as I wrote here: http://www.securitybydefault.com/2011/04/trasteando-con-una-alarma-de-securitas.html Sorry, it is in spanish, that's my language :) Give it a try with some online translation service. >> between RHEL and CentOS. If I was a RHEL licensed user, RedHat support >> staff at least would answer saying anything. > If everybody who does *not* know the answer to a question would answer > "saying anything" as you suggested then this mailing list would generate > a gazillion messages per day and become completely useless because of > the gazillion "I don't know" answers. If you don't expect anything from somebody, and you receive anything,... it would be very pleasant. Since I belong to this list, the only topic with 0 answers was my question. Is it so difficult? > If that parallel card is so important to you then why don't you buy a > Red Hat subscription? At the end of the day you get what you pay for... Don't think I have thought it before! Regards, > > Regards, > Patrick > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's up with the mailing list?
I had no trouble with panics booting new CR kernel either, but detecting my PCI-e parallel port http://www.spinics.net/lists/centos/msg119673.html. The worst is nobody has given even any clue related to it. Maybe this is the difference between RHEL and CentOS. If I was a RHEL licensed user, RedHat support staff at least would answer saying anything. El 16/10/11 03:45, Jim Wildman escribió: > Particularly important to file bugs against CR releases since > CR users are functioning as pseudo QA people.. > > On Sat, 15 Oct 2011, Digimer wrote: > >> On 10/15/2011 08:58 PM, TE Dukes wrote: >>> Are we running CentOS or what? >>> >>> That new kernel in cr repository won't boot!! I get kernel panic. This is >>> getting out of hand. Know you are smarter than me when it come to this >>> stuff, but please.. >> I have no trouble booting it. >> >> If you've run into a problem, the most effective thing to do is file a >> bug. If you can do some digging into the cause, discussing your finding >> here (and attaching relevant bits to the bug) will also help. >> >> > -- > Jim Wildman, CISSP, RHCE j...@rossberry.com http://www.rossberry.net > "Society in every state is a blessing, but Government, even in its best > state, is a necessary evil; in its worst state, an intolerable one." > Thomas Paine > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with Intel Ethernet and module e1000e
El 04/10/11 22:18, Dennis Jacobfeuerborn escribió: > On 10/04/2011 03:54 PM, Volker Poplawski wrote: >> On 26.09.2011 14:40, John Doe wrote: >>> From: Volker Poplawski >>> I'm facing a serious problem with the e100e kernel module for Intel 82574L gigabit nics on Centos 6. >>> I had pbms with my Intel 1000e too. >>> Installed elrepo's kmod-e1000e and so far so good... >>> >>> http://elrepo.org/tiki/kmod-e1000e >> Follow up: >> >> Also installed elrepo's e1000e from above url. >> >> No problems so far. > Activating the CR repo and*updating the kernel might also fix any issues* > with the e1000e driver (that did the trick for me). Or create new ones, as happened to me > > Regards, > Dennis > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] PCI-E not supported in kernel 2.6.32-131.12.1.el6
Hello, I own a PCI-Express parallel card installed on my server Fujitsu TX100 S2. I am running CentOS 6 x64. In Kernel version 2.6.32-71.29.1.el6.x86_64, it was correctly detected as: [root@Carmen ~]# lspci -vvv -s 05:00.2 05:00.2 Parallel controller: NetMos Technology Device 9912 (prog-if 03 [IEEE1284]) Subsystem: Device a000:2000 Physical Slot: 4 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr+ Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Shell script - ping
Bill Campbell escribió: On Mon, Jul 28, 2008, Gopinath Achari wrote: hi, how to write a scripts which launches 10 pings to different destinations at execution of single shell scripts please help me any ideas If your goal is to test connectivity, you might look at the perl Net::Ping module. ``perldoc Net::Ping'' has several examples of checking one or more systems to see if they are alive. BTW: Anybody know of a python equivalent to this? Bill Hello, I have done something before with nmap -sP time ago. Later you can grep the response to know whether an IP address is alive or not. Hope it helps, -- Lorenzo Martínez Rodríguez Consultor de seguridad informática ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Load Average ~0.40 when idle
William Warren escribió: post it on the centos bug tracker to start..:) listmail wrote: On Sat, 19 Jul 2008 21:56:45 -0700, John R Pierce wrote Stephen John Smoogen wrote: On Sat, Jul 19, 2008 at 2:48 PM, listmail <[EMAIL PROTECTED]> wrote: I am running CentOS 5 on a dual-dual-core Intel machine, and I am seeing a load average of between 0.35 and 0.50 while the machine is idle, i.e. no processes appear to be running. Download the livecd and boot using it. See if the load average still occurs. Check to see if you have any traffic occuring on the network from the system. [I had a box that was kernel trojaned that had a load average all the time when it was on the wire and did not when it didn't. The kernel trojan was looking for a particular bit of traffic that would open up its backdoor to.] its been ages since i've had to do this, but in years past, rkhunter was really good at finding rootkits like this. worst case, you put it on alive CD and run it from there. OK, I downloaded the CentOS 5.2 Live CD and booted from it. To eliminate load from the GUI, I forced the system into runlevel 3 and ran top. I see the same problem; the load average sits at about 0.40 continuously. This is with the ethernet drivers running, and it does not matter if the network cables are plugged in or not. In my mind, that pretty much eliminates the possibility of a rootkit, unless one was delivered with the Live CD. :-) So it looks like this is a bug in either the Intel GLAN driver, or some other kernel timing issue. If anyone can suggest where this bug should be reported and is likely to be addressed, please let me know. I don't know myself who would be the correct party to notify. Thanks to everyone who responded and helped me track this one down. I'm not sure if should roll back to CentOS 5.0, or just try to live with this bug until the maintainers address it, but at least I have some idea of what's wrong. Thanks, --Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hello, to try to find out if you have hidden processes I suggest you to try this: http://www.security-projects.com/?Unhide I have cronned it every night in my server. It works really good. rkhunter is very good tool too. Try both and let us know. Another issue: What is the proposal of the machine? is it a web server? mail server? dns server? Check that /etc/resolv.conf has the right information and check the routes to get access to different nerworks too. If machine processor is idle, but the machine load is high, it could be because the processes queue is very big, but the machine processors could not be so overloaded. Regards, -- Lorenzo Martínez Rodríguez Consultor de seguridad informática ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help, PHP/Mysql connections are so slow.
HP/Mysql connections are so slow. To: "CentOS mailing list" Date: Monday, June 9, 2008, 10:42 AM communicate with MySQL5. On this server, PHP/Mysql connections are dead slow and unresponsive. It takes sometimes up to a minute to list tables in phpmyadmin for example. Have you tried other protocols? Is it really only http transfers that are slow? Have you tried pinging 100 times and see if you get dropped packets? Are there any errors from the netcards showing up in log files? BR Bent ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Lorenzo Martínez Rodríguez Consultor de seguridad informática ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpmforge problem
Hello, I have suffered the same problem you describe with clam updates. Finally it worked the upgrade from 0.92.XXX to 0.93. [EMAIL PROTECTED] ~]# rpm -qa|grep -i clam clamav-db-0.93-2.el4.rf.i386 clamd-0.93-2.el4.rf.i386 clamav-0.93-2.el4.rf.i386 The problem I had was that at starting the clamd the daemon it crashed claiming something about the database format was incorrect. As you can imagine I have uninstalled clam*; saved the configuration files; updatedb; locate -i clam; yum install clamav-db clamd clamav; re-tunned the conf files, rights, etc...; fresclam; and it is working again. Hope it helps. Regards, P.S.: Yes, I do love top-posting if it helps (before some taliban says something to me, the list is to help people. I hope not to be unpolite) John escribió: On Mon, 2008-04-21 at 14:47 +0100, Anne Wilson wrote: On Monday 21 April 2008 14:38, John wrote: On Mon, 2008-04-21 at 14:33 +0100, Anne Wilson wrote: For several days now I've been trying to update clamav from rpmforge without success. Does anyone know what's likely to be the problem? Anne Did you try to manually download it? Several peeps seem to be having a problem with. Don't Laugh I stick with what works! Has latest definitions. rpm -qa | grep clam clamav-db-0.91.2-1.el5.rf clamd-0.91.2-1.el5.rf clamav-0.91.2-1.el5.rf clamtk-3.08-1.el5.rf I have clamav-0.92.1-1.el5.rf clamtk-3.08-1.el5.rf clamav-devel-0.92.1-1.el5.rf clamd-0.92.1-1.el5.rf fuse-clamfs-0.9.1-1.el5.rf clamav-db-0.92.1-1.el5.rf clamav-milter-0.92.1-1.el5.rf yum tells me that an update is ready, but fails due to dependency on libclamav.so.3 I'll try to see if I can find it manually. Anne yum update clamav Loading "installonlyn" plugin Loading "fastestmirror" plugin Setting up Update Process Setting up repositories extras100% |=| 1.1 kB 00:00 rpmforge 100% |=| 1.1 kB 00:04 base 100% |=| 1.1 kB 00:00 updates 100% |=| 951 B 00:00 c5-testing100% |=| 951 B 00:00 centosplus100% |=| 951 B 00:00 addons100% |=| 951 B 00:00 Loading mirror speeds from cached hostfile Reading repository metadata in from local files Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for clamav to pack into transaction set. clamav-0.93-2.el5.rf.i386 100% |=| 17 kB 00:11 ---> Package clamav.i386 0:0.93-2.el5.rf set to be updated --> Running transaction check --> Processing Dependency: libclamav.so.2 for package: clamd --> Processing Dependency: clamav = 0.91.2-1.el5.rf for package: clamd --> Restarting Dependency Resolution with new changes. --> Populating transaction set with selected packages. Please wait. ---> Downloading header for clamd to pack into transaction set. clamd-0.93-2.el5.rf.i386. 100% |=| 6.2 kB 00:03 ---> Package clamd.i386 0:0.93-2.el5.rf set to be updated --> Running transaction check Dependencies Resolved = Package Arch Version Repository Size = Updating: clamav i386 0.93-2.el5.rfrpmforge 1.4 M Updating for dependencies: clamd i386 0.93-2.el5.rfrpmforge 86 k Transaction Summary = Install 0 Package(s) Update 2 Package(s) Remove 0 Package(s) Total download size: 1.4 M Is this ok [y/N]: y I have no prob doing it. Maybe try updating your fuse filesystem first then you fuse clamfs. Also im not running clamav milter. Ralph made me do this! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Lorenzo Martínez Rodríguez Consultor de seguridad informática ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum error "AttributeError: LOCATION_BASE" after 4.5 -> 4.6 upgrade
Joe Klemmer escribió: On Tue, 25 Dec 2007, Johnny Hughes wrote: Where ever you got it from, that is what broke your system. It came from the atrpms repo. I downgraded and all is fine. Thank you and to Lorenzo Martínez Rodríguez for pointing me in the right direction. You are welcome Joe, happy to give you a helply hand. This is the main aim of the list. Regards, -- Boring Home Page - http://www.webtrek.com/joe See my blog, sumo game ranks and other interesting junk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Lorenzo Martínez Rodríguez Consultor de seguridad informática ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum error "AttributeError: LOCATION_BASE" after 4.5 -> 4.6 upgrade
Joe Klemmer escribió: > > Hello all, > > I am having a problem running yum after doing the 4.6 upgrade. I > did a live update through yum and no problems were encountered. > However, now when I try to run yum (with any commands/options) I get > this error right after loading/reading the repo's - > > eading repository metadata in from local files > Traceback (most recent call last): > File "/usr/bin/yum", line 29, in ? > yummain.main(sys.argv[1:]) > File "/usr/share/yum-cli/yummain.py", line 102, in main > result, resultmsgs = do() > File "/usr/share/yum-cli/cli.py", line 489, in doCommands > ypl = self.returnPkgLists() > File "/usr/share/yum-cli/cli.py", line 1085, in returnPkgLists > ypl = self.doPackageLists(pkgnarrow=pkgnarrow) > File "__init__.py", line 993, in doPackageLists > File "packageSack.py", line 148, in searchNevra > File "packageSack.py", line 236, in _computeAggregateListResult > File "sqlitesack.py", line 514, in searchNevra > File "sqlitesack.py", line 403, in db2class > File > "/var/tmp/python-sqlite-root//usr/lib/python2.3/site-packages/sqlite/main.py", > line 97, in __getattr__ > AttributeError: LOCATION_BASE > > Running "yum clean all" seems to work but the error does not go away. > > I know less than nothing about python so that doesn't help. I > also did a search through the list archives and on Google but couldn't > come up with anything (OC, I may not have been asking the right > questions). The server has a bad optical drive so I can't boot into > the rescue CD (yet, I've got a replacement coming). Whenever it gets > here I'll be updating to 5.1 but in the mean time there's some > security fixes that have come down the pipe which I can't update to > due to yum being petulant. > > If anyone can shed some light on this or point me in the right > direction to get this fixed it would be greatly appreciated. > > Thank you, > Joe > Hello Joe, I had exactly the same problem. I guess that the problem is the yum version upgraded. To solve it I searched for an older yum version. I found this one: yum-2.4.3-4.el4.centos.noarch. And at least it works. Hope it helps -- Lorenzo Martínez Rodríguez Consultor de seguridad informática ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
