Re: [CentOS] Wine Gecko 32-bit packages

2019-05-07 Thread Vitalino Victor 
Cool!

Thanks

Em ter, 23 de abr de 2019 às 14:32, Sandeep Khanna <
sandeep_p_kha...@yahoo.com> escreveu:

> With reference to the email thread:
> https://lists.centos.org/pipermail/centos/2017-October/166709.html
>
> Can we have the 32-bit Wine Gecko package(s) built and published to the
> repository: https://harbottle.gitlab.io/wine32/7/i386/
>
> Seems like someone has already built wine-gecko-2.47-alt2.noarch.rpm
>
> At the moment, I have to click on the 'Install' button the first time Wine
> detects missing Gecko while viewing an Application's Help.
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

2018-03-05 Thread Vitalino Victor 
The certificate should have *CA:true* set for act a CA for dynamic signing
certificates by Squid.

Most probably, Let's Encrypt will ignore this constraint in CSR.

2018-03-05 12:33 GMT-03:00 Chris Adams :

> Once upon a time, Valeri Galtsev  said:
> > https://letsencrypt.org/
> >
> > - you will have to run web server to have certificate signed by
> > them
>
> Not necessarily - we do most of our Let's Encrypt validation with DNS
> rather than HTTP.
> --
> Chris Adams 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

2018-03-05 Thread Vitalino Victor 
Starting with version 3.5 of Squid, was introduced a new feature named
"*SslBump
Peek and Splice*".

With this functionality, Squid is able to intercept HTTPS traffic
transparently (with exceptions, of course).

This manner, Squid, with spike, is able to logging HTTPS traffic and apply
directives like dstdomain on HTTPS traffic without need of a auto-signed CA.

This resource of Squid is the same functionality available on apliances
like Sonicwall, Fortigate, Checkpoint, and etc.

A example of config:

http_port 80 intercept
https_port 443 intercept
ssl-bump cert=/etc/squid3/ssl/ca/intermediate/certs/wilcard.pem
key=/etc/squid3/ssl/ca/intermediate/private/wildcard.key
generate-host-certificates=off version=4
options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
cache_log /var/log/squid3/cache.log
access_log daemon:/var/log/squid3/access.log squid
netdb_filename stdio:/var/log/squid3/netdb.state
sslcrtd_program /usr/libexec/ssl_crtd -s /var/log/squid3/ssl_db -M 4MB
sslcrtd_children 1 startup=1 idle=1
cache_effective_user proxy
cache_effective_group proxy
pinger_enable off
dns_v4_first on
acl HTTPS dstdomain "/etc/squid3/https"
acl BLOCK url_regex "(torrent)|sex(y|o)"
cache deny all
ssl_bump bump HTTPS
ssl_bump splice all
http_access deny BLOCK
http_access allow all


PS: the use of "ssl-bump" is only to satisfy de Squid parser.

Best clarifications: https://wiki.squid-cache.org/Features/SslPeekAndSplice

Att,

2018-03-05 11:34 GMT-03:00 Bill Gee :

>
> On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote:
> > Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs :
> > > Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit :
> > >> So far, I've only been able to filter HTTP.
> > >>
> > >> Do any of you do transparent HTTPS filtering ? Any suggestions,
> > >> advice, caveats, do's and don'ts ?
> > >
> > > After a week of trial and error, transparent HTTPS filtering works
> > > perfectly. I wrote a detailed blog article about it.
> > >
> > > https://blog.microlinux.fr/squid-https-centos/
> >
> > I wonder if this works with all https enabled sites? Chrome has
> > capabilities hardcoded to check google certificates. Certificate
> > Transparency, HTTP Public Key Pinning, CAA DNS are also supporting
> > the end node to identify MITM. I hope that such setup will be unpractical
> > in the near future.
> >
> > About your legal requirements; Weighing is what courts daily do. So,
> > such requirements are not asking you to destroy the integrity and
> > confidentiality >95% of users activity. Blocking Routing, DNS, IPs,
> > Ports are the way to go.
> >
> > --
> > LF
>
> Although not really related to CentOS, I do have some thoughts on this.  I
> used to work in the IT department of a public library.  One of the big
> considerations at a library is patron privacy.  We went to great lengths to
> NOT record what web sites were visited by our patrons.  We also deny
> requests
> from anyone to find out what books a patron has checked out.
>
> The library is required by law to provide web filtering, mainly because we
> have public-use computers which are used by children.  For http this is
> easy.
> Https is, as this discussion reveals, a different animal.
>
> We started to set up a filter which would run directly on our router
> (Juniper
> SRX-series) using EWF software.  It quickly became apparent that any kind
> of
> https filtering requires a MITM attack.  We were basically decrypting the
> patron's web traffic on our router, then encrypting it again with a
> different
> cert.
>
> When we realized what it would take, we had a HUGE internal discussion
> about
> how to proceed.  Yeah, the lawyers were all over it!  In the end we
> decided to
> not attempt to filter https traffic except by whatever was not encrypted.
> Basically that means web site names.
>
> Our test case was the Playboy web site.  They are available on https, but
> they
> do not automatically redirect http to https.  If you open playboy [dot] com
> with no protocol specified, it goes over http.  Our existing filter blocked
> that.  However, if you open https[colon]// playboy [dot] com, it goes
> straight
> in.  The traffic never goes over http, so the filter on the router never
> processes it.
>
> Security by obscurity ...  It was the best we could do without violating
> our
> own policies on patron privacy.
>
> --
> Bill Gee
>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] systemctl reboot -- server not accessible after reboot

2017-10-14 Thread Vitalino Victor 
Hi,

I have this problem!

Try:

# shutdown -r now

For a test, please...



2017-10-14 14:54 GMT-03:00 Mike <1100...@gmail.com>:

> Hi,
>
> Such a simple problem, but I can't figure out the cause.
> Supermicro server with a Xeon E3-1200 cpu.
> 1U entry level item.
>
> Using CentOS 7
>
> from ~$root --- systemctl reboot
>
> Server disconnects my ssh connection and never comes back up.
> Go to the server and the power is on but the server is not accessible by
> ssh.
> When I connect a monitor and keyboard --- non-responsive.  It's like
> it's in suspend mode.
>
> I push and hold the power button until the server fully powers down.
> Push power again and everything boots, goes to prompt, and all is well.
>
> When I try systemctl reboot directly on the server.
> Same problem --- does not start to login prompt.
>
> Manually power down and power up again --- works and all is well.
>
> Anyone have this problem before?
> I've checked all the BIOS options and I can't find anything misconfigured.
>
> Thanks for your help.
>
> Mike
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Announcement: 32 bit Wine repo for RHEL and CentOS 7

2017-10-08 Thread Vitalino Victor 
Thanks!

This is much useful.

Now, no compile wine 32-bit is more required hehe

https://github.com/zma/usefulscripts/blob/master/script/install-wine-i686-centos7.sh



2017-10-08 15:43 GMT-03:00 Richard Grainger :

> Hi all
>
> I've created a yum repo for 32 bit wine packages on RHEL and CentOS 7:
>
> https://harbottle.gitlab.io/wine32/7/i386/
>
> The Wine packages work on both 32 bit and 64 bit RHEL/CentOS 7. There is no
> 32 bit version of the EPEL repo, where the standard RHEL/CentOS Wine
> packages can be found, so you may find this new repo useful if you need to
> run Windows software that requires the 32 bit version of Wine.
>
> The packages are all built from the EPEL source RPMs.  I had to tweak the
> spec file for wine itself slightly, but for the dependencies it's all pure
> rebuilds.
>
> Instructions:
>
> Code:
> yum -y install https://harbottle.gitlab.io/wine32/7/i386/wine32-release.
> rpm
> yum -y install wine.i686
>
>
> Please give it a try and tell me what you think!  It probably needs more
> testing.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos