Re: [CentOS] Current RHEL fragmentation landscape
On 21.07.2023 09:30, Lee Thomas Stephen wrote: Because the general rule seems to be Oh! You are an individual, we will offer you affordable/free service What! You are a business, we will offer you extremely 'unaffordable' service. this is ok, but the worse thing is: students and teachers get affordable/free service and other citizens had to pay unrealistic sums of money ... Because being a 'business' by default means you have a 'lot' of money to waste. (a) talking about money to waste is nonsense (b) think of the fact that this way residents get something affordable, which is absolutely fair; e.g. residents get 200 Mbit down/20 Mbit up unlimited for 30 dollars a month, 'business' has to pay for the same more than 100 dollars a month; ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Current RHEL fragmentation landscape
On 21.07.2023 09:30, Lee Thomas Stephen wrote: Because the general rule seems to be Oh! You are an individual, we will offer you affordable/free service What! You are a business, we will offer you extremely 'unaffordable' service. this is ok, but the worse thing is: students and teachers get affordable/free service and other citizens had to pay unrealistic sums of money ... Because being a 'business' by default means you have a 'lot' of money to waste. (a) talking about money to waste is nonsense (b) think of the fact that this way residents get something affordable, which is absolutely fair; e.g. residents get 200 Mbit down/20 Mbit up unlimited for 30 dollars a month, 'business' has to pay for the same more than 100 dollars a month; ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] RADVd and DHCPv6?
Hello, these are my settings in radvd.conf interface br0 { AdvSendAdvert on; AdvManagedFlag on; AdvOtherConfigFlag on; MinRtrAdvInterval 5; MaxRtrAdvInterval 15; route fe80::1/64 { AdvRouteLifetime infinity; AdvRoutePreference high; }; }; in general I use stateful DHCPv6 (AdvManagedFlag on), but is there a way to have some devices (Android) get their IPv6 by SLAAC? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156
is that what you expect to find? https://access.redhat.com/errata/RHSA-2021:0227 On 27.01.2021 08:38, Gionatan Danti wrote: Hi all, do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6? While CentOS 6 is now supported anymore, RedHat has it under its payedsupport agreement (see: https://access.redhat.com/security/vulnerabilities/RHSB-2021-002). So I wonder if some community-packaged patch exists... Thanks. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disk choice for workstation ?
If I were you, I'd do the 2nd ... use a larger SSD (1 TB), and keep the mirror set (raid 1) for /data Walter On 26.12.2020 21:20, Nicolas Kovacs wrote: Hi, My workstation is currently equipped with a pair of Western Digital Red 1 TB SATA disks in a software RAID 1 setup. Some stuff like working with virtual machines is a bit slow, so I'm thinking about replacing the disks by SSD. I'm hesitating between three different setups: 1) Use a relatively small SSD (120 to 240 GB) to reinstall the system on it. Keep the two SATA disks in a RAID 1 array and mount /home on it. 2) Use a larger SSD (500 GB to 1 TB), install everything (including /home) on it. Keep the two SATA disks in a RAID 1 array and mount them on /data for storage. 3) Get rid of the disks and go full SSD, with a 1 TB disk. Any advice from the hardware gurus on this list? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] HE-IPv6-Tunnel with CentOS 7
Hello, on my tunnel end I habe configured this: in /etc/sysconfig/network-scripts/ifcfg-eth0 I added this IPV6INIT=yes IPV6ADDR=lan-prefix::1 IPV6ADDR_SECONDARIES="fe80::1" IPV6_AUTOCONF=no IPV6_ROUTER=yes /etc/sysconfig/network-scripts/ifcfg-sit1 is this TYPE=SIT NAME=sit1 ONBOOT=yes DEVICE=sit1 BOOTPROTO=none IPV6INIT=yes IPV6TUNNELIPV4=ipv4-of-tunnel-at-he IPV6TUNNELIPV4LOCAL=myipv4 IPV6ADDR=tunnel-prefix::2 in /etc/sysconfig/network I added this: NETWORKING_IPV6="yes" IPV6FORWARDING="yes" IPV6_DEFAULTGW=tunnel-prefix::1 IPV6_DEFAULTDEV=sit1 everything works fine, but can someone explain this behaviour: traceroute6 www.google.com doing this on this CentOS-Box, I have tunnel-prefix::1 at the first hop as expected; doing this on another Linux (CentOS), I have the CentOS-Box at the first hop and tunnel-prefix::1 at the 2nd hop as expected, but doing this on a Windows, there I have tunnel-prefix::1 at the 2nd and the 3rd hop, why? (the same with my own 6in4-tunnel) Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Blog article: CentOS is NOT dead
On 14.12.2020 13:07, Nicolas Kovacs wrote: Hi, Here's an interesting read which makes a point for CentOS Stream: https://freedomben.medium.com/centos-is-not-dead-please-stop-saying-it-is-at-least-until-you-read-this-4b26b5c44877 tl;dr: Communication about Stream was BAD, but Stream itself might be a good thing. Here's why. 'might' doesn't mean 'is', there the "terminus techicus" 'dead' is korrekt "CentOS Stream intends to be as stable as RHEL" and where is the 10 year update support? the last update of CentOS Stream will be in the year 2024 and do you really think it is worth the work to migrate to CentOS Stream, when knowing to have this work again in less than 4 years? Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] The conclusio: CentOS is dead
Why? it is called "rolling release" and no one gave officially a statement to the question I asked, if it is meant like that of Win10 ... a beta release is not the same that many expect as a stable system, as they are used to have with CentOS; you should think of renaming CentOS to something different, because with Enterprise this CentOS Stream has nothing in common; and does Redhat really expect everone - even private people - afford a RHEL subscription¹ just to have a stable system? ¹ I would in case I only need just one RHEL subscription for ALL my private used VMs (including the ones hosted in internet as VPS) - a DNS server - a proxy server (squid) - a mail server (mail store - cyrus-imapd) - a mail server (mail router f. outgoing mails) - a mail server (mail scanner f. incoming mails with SpamAssassin and ClamAV) - a 2nd proxy server (squid, with SSL interception and Squidclamav plus ClamAV) - a web server (apache) - a jump host - a 6in4 router - desktop with graphical UI (plus Firefox and Thunderbird) is a now a SL, but they decided several time ago, not to do their own system based on RHEL, they use CentOS, that is now a little bit bad for this/SL's use case; - a VPS with OpenVPN (used with my smartphone) - a VPS with a proxy (squid, to avoid censorship due to geolocation blocking) - a VPS as the other end of 6in4 - a VPS with storage of my own files (all VPS run a bind, too) Thanks for read; Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question centos stream 8 applying updates
On 11.12.2020 19:19, Gordon Messmer wrote: On 12/10/20 2:53 PM, edward via CentOS wrote: after reading some info on centos stream is a rolling release. i'm wondering applying It's not a "rolling release" in the most commonly used sense. There just isn't a minor number for releases. CentOS Stream 8 will always be CentOS Stream 8, and never 8.1 or 8.2, etc. Just one ten-year long release. At any given point in time, a fully updated system should be backward-compatible with any applications that have run earlier in the release cycle. with CentOS Stream there are only updates till 2024(!) not 2029 as it be expected ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Update path question in connection with CentOS Stream?
Hello, when someone has installed a CentOS 7.1 in the past, and did 'yum update' regularily, his/she got a CentOS 7.8 now without any reinstallation procedure or other complications; when the same wanted to update to CentOS 8 he/she had to do a new install; what happens to CentOS Stream? when some is now installing CentOS Steam and will do 'dnf update' or 'yum update' regularily in the future, what does he/she get till the "end"? is this a rolling release like Win10 which doesn't need to be reinstalled now and in future? (the fact that hardware can break is not the question) Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Stream from bottom works, what is this?
On 09.12.2020 18:12, Johnny Hughes wrote: On 12/9/20 11:01 AM, Walter H. wrote: On 09.12.2020 15:45, Johnny Hughes wrote: On 12/9/20 8:41 AM, Walter H. wrote: p.s. can someone tell in as short as possible what this CentOS Stream is in comparison to CentOS 8? CentOS Stream is built from the currently released RHEL Source Code + 0.1 So if RHEL 8.3 is released .. Stream is the Source Code (built) that will become 8.4 in a few months. what does this mean in comparison to CentOS 8, which sources are used for this? to be concrete: I can download this ISO of CentOS 8 (1) CentOS-8.3.2011-x86_64-dvd1.iso and this ISO fo CentOS Stream (2) CentOS-Stream-8-x86_64-20201203-dvd1.iso which sources are used for (1) and which for (2)? and what does it mean of the update process be 'yum update' e.g. if one would do this with CentOS 6, there is no way; the support ended; with CentOS 8 this will haben one day (somewhat in 2029), and what is said about this of CentOS Stream? CentOS Linux 8 is the source code from released current RHEL 8 .. for now 8.3. The EOL of CentOS Linux 8 is 31 DEC 2021 when doing 'yum update' regularly this would also be EOL the end of the following year? CentOS Stream 8 is the source cdoe from what be RHEL + 0.1 .. so currently 8.3 + 0.1 = 8.4. It will EOL in 31 MAY 2024 this is much longer here, can I update this 'forever' just doing 'yum update' regularly? why I am asking this, I need to choose one option, because my CentOS 6 VMs are EOL; and I would practice this the same way I did, when my CentOS 4 became EOL, I installed CentOS 6 VM by VM - never used CentOS 5; e.g. the first one was the DNS-VM, which I used CentOS 6.2, then the outgoing Mail-server-VM, I used CentOS 6.3 and by doing 'yum update' regularly they all became finally 6.10; so which should I choose - CentOS 7: EOL in 2024 - CentOS Stream: EOL also in 2024 (CentOS 8 is no option I guess) comparing to Windows, when using Win10, there is no install needed any more, every half year function update, and the other time security/bug fix update; is doing CentOS Stream the same way? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Stream from bottom works, what is this?
On 09.12.2020 15:45, Johnny Hughes wrote: On 12/9/20 8:41 AM, Walter H. wrote: p.s. can someone tell in as short as possible what this CentOS Stream is in comparison to CentOS 8? CentOS Stream is built from the currently released RHEL Source Code + 0.1 So if RHEL 8.3 is released .. Stream is the Source Code (built) that will become 8.4 in a few months. what does this mean in comparison to CentOS 8, which sources are used for this? to be concrete: I can download this ISO of CentOS 8 (1) CentOS-8.3.2011-x86_64-dvd1.iso and this ISO fo CentOS Stream (2) CentOS-Stream-8-x86_64-20201203-dvd1.iso which sources are used for (1) and which for (2)? and what does it mean of the update process be 'yum update' e.g. if one would do this with CentOS 6, there is no way; the support ended; with CentOS 8 this will haben one day (somewhat in 2029), and what is said about this of CentOS Stream? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS Stream from bottom works, what is this?
Hello, I just tried installing a VM from the stream ISO and it worked; the only thing I would like to have changed as a default config is GRUB_CMDLINE_LINUX=" net.ifnames=0 ..." the reason, I find eth0, eth1, eth2 easier to use than cryptic names like ens33 or ens0p3 or so; Walter p.s. can someone tell in as short as possible what this CentOS Stream is in comparison to CentOS 8? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange RPM dependency observed in CentOS 7
On 08.12.2020 15:12, Jonathan Billings wrote: On Tue, Dec 08, 2020 at 02:54:03PM +0100, Walter H. wrote: Yes, then the interesting question, how can I make use of these GeoIP-features when doing these e.g. nslookup 200:470:17:55::1 nslookup 222.10.10.1 nslookup www.centos.org host www.centos.org Looking at the source, it looks like the geoip-related functions are only called in the 'named' code and the libdns library. I don't see any features in dig, host or nslookup for looking up countries based on IP. However, the GeoIP package has a 'geoiplookup' command that looks up a country from an IP. wouldn't it be a good idea to split this, so that 'bind-utils' has no dependency of neither GeoIP nor geoipupdate, like it is in CentOS 6? (on systems where the bind-utils are used, mostly no GeoIP is used - DNS vs. Web) Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange RPM dependency observed in CentOS 7
On 08.12.2020 14:44, Jonathan Billings wrote: On Tue, Dec 08, 2020 at 02:33:01PM +0100, Walter H. wrote: can someone explain, why the two packages - GeoIP - geoipupdate are needed when installing the bind-utils package? The bind-utils package requires 'libGeoIP.so.1()(64bit)', which is provided by the GeoIP package. The GeoIP package requires 'geoipupdate', which is provided by the geoipupdate package. % rpm -q --requires bind-utils|grep GeoIP libGeoIP.so.1()(64bit) % rpm -q --requires GeoIP | grep geoipupdate geoipupdate GeoIP provides a C library and a lookup tool to look up countries from an IP address. The bind-utils executables are all linked against libGeoIP.so.1, so I assume they use some functionality from that library. /usr/bin/geoipupdate is a tool to update the data files in the GeoIP package. Yes, then the interesting question, how can I make use of these GeoIP-features when doing these e.g. nslookup 200:470:17:55::1 nslookup 222.10.10.1 nslookup www.centos.org host www.centos.org Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] strange RPM dependency observed in CentOS 7
Hello, can someone explain, why the two packages - GeoIP - geoipupdate are needed when installing the bind-utils package? yum install bind-utils ... Package Arch Version Repository Size Installing: bind-utils x86_64 32:9.11.4-26.P2.el7_9.2 base 260 k Installing for dependencies: GeoIP x86_64 1.5.0-14.el7 base 1.5 M bind-libs x86_64 32:9.11.4-26.P2.el7_9.2 base 157 k bind-libs-lite x86_64 32:9.11.4-26.P2.el7_9.2 base 1.1 M bind-license noarch 32:9.11.4-26.P2.el7_9.2 base 90 k geoipupdate x86_64 2.5.0-1.el7 base 35 k Transaction Summary Install 1 Package (+5 Dependent packages) ... Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7, as a 6in4 server
On 02.12.2020 09:16, Roberto Ragusa wrote: On 12/1/20 8:39 PM, Walter H. wrote: I have a VPS at a hoster where I got 3 /64 ipv6 prefixes/subnets, that are routed; one for the VPS itself - let us call this srvprefix one for the tunnel, only ::1 (server side) and ::2 (home side) are used - let us call this tunnelprefix and one for my network at home - let us call this homeprefix now I'm just in test state, a CentOS VM is the other end of the tunnel; (when the server runs well, my CentOS ZBOX will become the other end of the tunnel) at the server the eth0 device has serverprefix::1, the sit1 device has tunnelprefix::1 the routing is set with /etc/sysconfig/network-scripts/route6-sit1 tunnelprefix::2 dev sit1 homeprefix::/64 via tunnelprefix::2 dev sit1 in sysctl.conf these are set net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.all.proxy_ndp = 1 now I have to do these ip -6 neigh add proxy homeprefix::1 dev eth0 ip -6 neigh add proxy homeprefix::### dev eth0 the question, can I do something to avoid these "ip -6 neigh ..."? if yes, what? and how? can the hoster do something? if yes, what? I may be missing something, can you specify this? but you have 3 different networks, yes, my own network at home, the network of the tunnel, and public the network where the VPS is part of; shouldn't you just configure routing instead of using proxy_ndp? without these the following is not possible, -> Destination host unreachable ping6 homeprefix::1 ping6 tunnelprefix::2 ping6 tunnelprefix::1 (the sit1 device of the server itself) Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 7, as a 6in4 server
Hello, I have a VPS at a hoster where I got 3 /64 ipv6 prefixes/subnets, that are routed; one for the VPS itself - let us call this srvprefix one for the tunnel, only ::1 (server side) and ::2 (home side) are used - let us call this tunnelprefix and one for my network at home - let us call this homeprefix now I'm just in test state, a CentOS VM is the other end of the tunnel; (when the server runs well, my CentOS ZBOX will become the other end of the tunnel) at the server the eth0 device has serverprefix::1, the sit1 device has tunnelprefix::1 the routing is set with /etc/sysconfig/network-scripts/route6-sit1 tunnelprefix::2 dev sit1 homeprefix::/64 via tunnelprefix::2 dev sit1 in sysctl.conf these are set net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.all.proxy_ndp = 1 now I have to do these ip -6 neigh add proxy homeprefix::1 dev eth0 ip -6 neigh add proxy homeprefix::### dev eth0 the question, can I do something to avoid these "ip -6 neigh ..."? if yes, what? and how? can the hoster do something? if yes, what? Thanks, Walter my ISP told me that he won't deploy IPv6 within the next 5 years; ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Physical position of swap partition on the disk
On 30.11.2020 13:55, Jonathan Billings wrote: On Nov 30, 2020, at 02:35, Nicolas Kovacs wrote: * /dev/sda1: 500 MB /boot ext2 * /dev/sda2: 55 GB / ext4 * /dev/sda3: 4 GB swap Now, SSDs don’t have the same physical characteristics, so it doesn’t matter. Also, cloud storage and virtual machines don’t even have real hardware. without hardware neither cloud storage nor virtual machines; The partitioning is handled by different code starting in el7, and this seems to be the logic built in. I feel like it was written to assume that root and swap are on LVM. When it comes to resizing file systems, it might make sense to put the root ext4 at the end of the disk, so it is actually counterproductive to put swap at the end. is there a rule that says that the order of the partitions in the partition table corresponds to the order of them itself on disk? no. keep in mind, that the order on disk can be something different then the order in the partition table; Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] named errors in /var/log/messages
Hello, can someone explain these errors Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started. Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started. Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started. is this caused by a misconfiguration at the master dns or this dns (slave)? (the master dns can only be connected by IPv6) is there a serious problem? there also can be found such entries Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from IPV6-MASTER#53: connected using IPV6-THIS#46019 Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from IPV6-MASTER#53: Transfer completed: 0 messages, 1 records, 0 bytes, 0.064 secs (0 bytes/sec) or is this just caused by #0 - I guess source port 0? these are the ip6tables entries on this dns (slave) -A INPUT -i eth0 -d IPV6-THIS -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT -A INPUT -i eth0 -d IPV6-THIS -m udp -p udp --dport 53 -j ACCEPT the master has these for each dns -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m udp -p udp --dport 53 -j ACCEPT the master DNS has this in /etc/named.conf acl dns-hosts { IPV6-SLAVE;// IPv6only: slave ... }; view "auth" { match-clients { dns-hosts; }; empty-zones-enable no; recursion no; additional-from-auth no; additional-from-cache no; also-notify { IPV6-SLAVE;// IPv6only: slave ... }; notify-source 0.0.0.0; notify-source-v6 IPV6-MASTER; transfer-source 0.0.0.0; transfer-source-v6 IPV6-MASTER; zone "#ZONE#" IN { type master; notify yes; file "named._authzone-#ZONE#"; allow-transfer { dns-hosts; }; allow-update { none; }; }; ... }; the slaves itself have this in /etc/named.conf masters masterhost { IPV6-MASTER; // IPv6only: master }; view "auth" { match-clients { any; }; empty-zones-enable no; recursion no; transfer-source 0.0.0.0; transfer-source-v6 IPV6-SLAVE; additional-from-auth no; additional-from-cache no; zone "#ZONE#" IN { type slave; masters { masterhost; }; file "slaves/named._authzone-#ZONE#"; }; ... }; I have 3 slave DNS servers, each has the same master; and such log entries are at all three slave DNS servers; each of these 3 slaves is DualStack (in the wild) and the master is IPv6only (at home) Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: DMARC / DKIM Failure Reports
On 17.09.2019 16:20, Valeri Galtsev wrote: On 2019-09-17 09:06, Miroslav Geisselreiter wrote: Hi guys, when I send e-mails to CentOS mailing list , I received DMARC / DKIM failure reports. Is it possible to solve this problem and if so how? That is why DMARC took 10 years of heated discussions, before it was actually implemented - in first place by big boys who will never hear/listen. DMARC breaks mail forwarding. Period. Breaks normal way mail lists were operating, but mail lists found work around: I maintain mail lists for the department, mailman is mail list server we use. There is setting: Replace the From: if set to "Munge from" then mail list will replace sender with mail list itself and it will appear as send by ... through mail list. DMARC enforcing folks/servers will be happy. Just my $0.02 Valeri and any S/MIME signature is broken ... indeed there exist mail lists, that conserve the S/MIME signature ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: android phone backup NOT to google cloud question
On 15.05.2019 16:21, Valeri Galtsev wrote: Dear All, My apologies for OT question. I wonder if someone of Android smartphone owners backs up their device and user/application data NOT to google cloud. no problem, host your own nextcloud and get the nextcloud app; also no need of having the contacts and/or calendar at google ... and the most important: you can select by this criteria; other things like camera, ... are less important, its a phone ... I know, Apple iDevices are a bit better data wise, and Apple has [quite] a bit better reputation, though these are still Apple devices, not yours ;-) if better means overpriced then you are right; good androids are for less then 200 usd, iPhones start at 500 usd Any advise, anybody? Thanks a lot in advance! Valeri ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] time to say good-bye to win 7 / printer is the last blocker
On 22.02.2019 07:12, Ralf Prengel wrote: Hallo, the laptop of my wife is the last Win7 system in my network. My question: I need a well supported printer (MFC) with network interface, if possible with colour printing. Ralf buy a color laserjet that can postscript, there are cheap ones; and get the printer definiton file and thats it; e.g. my HP CP1515n is such one no need to install any 3rd party at all Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data
On 15.02.2019 10:54, Phoenix, Merka wrote: Just downloading 2% of 50 TB (1 TB) would take a while over even a fast network link (measured in megabits (Mb), not megabytes (MB) like disk storage). Even on a local LAN downloading 1 TB is several hours @ 8 Mb/second on a Gigabit Ethernet link w/ no other traffic at all. Gigabit ethernet is capable of transfering 100 MBytes in a seond or 6 GBytes in a minute or less than 3 hours the whole TByte but transfering this via an internet link would be a challenge; ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data
On 15.02.2019 19:27, Warren Young wrote: Tell ’im ’e’s *dreamin’!*. my words of unrealistic wishes :-) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data
On 15.02.2019 18:10, (RS) Tyler Schroder wrote: OP - Backblaze Personal. May be like $1/extra per month than your budget. Unlimited IO and backup storage assuming you only need redundancy. https://www.backblaze.com/cloud-backup.html would you really backup into a system, that has closed connectivity? I'd prefer connecting a way I want: e.g. SFTP, SSHFS, HTTPS, ... and not it is given by closed software you don't know ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data
On 15.02.2019 09:14, Turritopsis Dohrnii Teo En Ming wrote: On Fri, Feb 15, 2019 at 4:10 PM Walter H. wrote: On 15.02.2019 06:29, Turritopsis Dohrnii Teo En Ming wrote: Hi, Could you recommend affordable and reliable cloud storage for 50 TB of data? whats your budget? and 50 TB = 50 000 GB is a big amount which isn't this cheap ... Hi Walter H, My budget is around USD$50 per year. Thank you. not realistic, even ONE HDD with just 10 TB costs more then US$ 300 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data
On 15.02.2019 06:29, Turritopsis Dohrnii Teo En Ming wrote: Hi, Could you recommend affordable and reliable cloud storage for 50 TB of data? whats your budget? and 50 TB = 50 000 GB is a big amount which isn't this cheap ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024
On 02.11.2018 21:02, Frank Cox wrote: https://www.theregister.co.uk/2018/11/02/rhel_deprecates_kde/ That's still several years in the future, of course. But it's interesting nonetheless. by reading between the lines this could mean, that RHEL 7 (CentOS 7 and other forks of RHEL) is the last one having KDE on board? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] inquiry about limitation of file system
On 03.11.2018 08:44, yf chu wrote: I have a website with millions of pages. does 'millions of pages' also mean 'millions of files on the file system'? just a hint - has nothing to do with any file system as its universal: e.g. when you have 1 files don't store them in one folder, create 100 folders with 100 files in each; there is no file system that handles millions of files in one folder or with limited resources (e.g. RAM) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Would RHEL, CentOS, and Fedora Remain Open Source/Free Software After IBM Buys Red Hat for $34 Billion?
On 31.10.2018 04:44, Turritopsis Dohrnii Teo En Ming wrote: Good morning from Singapore, This is of paramount importance. Would Red Hat Enterprise Linux (RHEL), CentOS, and Fedora remain open source/free software after IBM buys Red Hat for $34 Billion? RHEL is open source, but not for free ..., think of this; Greetings from Austria ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Future Releases (was: What are the differences between systemd and non-systemd Linux distros?)
On 18.10.2018 00:08, Johnny Hughes wrote: The bottom line .. we don't make the decision whether or not to use systemd or not. We rebuild RHEL source code. will there come a CentOS 6.11 which will be capable of TLS1.3 or HTTP/2? I'm sure there will come a CentOS 8, but when is it probable to be released? one of the most important things (for me), as I already noticed there will be quite differences between CentOS 6 and CentOS 7, not only systemd or not, also Apache 2.2 and 2.4 and many other; the config files won't be the same, will there be a migrate helper or something like this which does the config conversion to get a CentOS 7 or maybe then CentOS 8 that does exact the same things the old CentOS 6 did? Greetings Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Issue with latest update of CentOS6
Hello, after I did update all my CentOS6 boxes - VMs and router; two of them (one VM and the router) are my local DNS resolvers; and I'm using the DNSSECTLSAvalidator plugin from nic.cz: https://www.dnssec-validator.cz/ before the update this plugin worked using my resolvers, after the update I get: "Failure - bogus DNSSEC reply, DNSSEC validation not possible with current settings" of course, when telling using a custom resolver (the one of nic.cz) it works, but before mine worked, too ... Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix on centos 7
On 06.09.2018 21:15, Larry Martell wrote: When I try and send mail I see this in the maillog: Sep 6 11:59:48 postfix/sendmail[11059]: fatal: open /etc/postfix/main.cf: Permission denied But /etc/postfix/main.cf is world readable: $ ls -l /etc/postfix/main.cf -rw-r--r--. 1 root root 27176 Jun 9 2014 /etc/postfix/main.cf do a ls -alZ /etc/postfix/main.cf very probale is invalid SElinux File context is should show -rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
On 01.09.2018 20:12, Rainer Duffner wrote: Am 01.09.2018 um 18:00 schrieb Leon Fauster via CentOS: Out of curiosity - do you change also the private key every time? when renewing a certificate the private key should also be changed; other ways the renewal because of short validity period doesn't make a sense ... I’m pretty sure LE creates a new private key, too. depends on the implementation; ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
On 31.08.2018 21:31, Michael Schumacher wrote: certbot works only with ports 80 or 443? Can lego work with with IMAP ports like 143 or 993? The documentation is not very clear. in case of other then Webserver you use ACME-DNS just for a simple ACME client that is capable for ACME-DNS use acme.sh https//acme.sh/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 and RAM
On Tue, July 17, 2018 01:41, Jay Hart wrote: > > >> On 17 July 2018 at 09:24, Jay Hart wrote: >> >>> Hello, >>> >>> What would the recommended minimum amount of RAM be, to run Centos 7. >>> 16GB??? >>> >> >> >> Jay, it helps us help you when you give more information. >> >> I have CentOS 7 running happily on 4GB. My presumption - based on >> experience, extrapolation, and google - is that it will also run with >> 64TB. >> >> Anything between those numbers should be good. >> >> Cheers >> L. > > L, The use of this machine would be as a home server running as a web and > email server, two users, > light use. My current server has 4GB, but I'm thinking of getting a new > box and if I can afford > it, figured I'd get 16GB vice 8. think of a box with a SSD instead of a HDD as its a server, no need of X a box like this: https://www.zotac.com/us/product/mini_pcs/ci329-nano#spec fits your requirement ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Clamd issues on Centos 6.10
On Mon, July 16, 2018 20:04, Alexander Dalloz wrote: > Am 16.07.2018 um 19:42 schrieb Walter H.: >> On 15.07.2018 00:13, Jay Hart wrote: >>> Clamd failed to start. >>> >> try removing it (yum remove ...) reboot and then reinstall it again >> (yum install ...)? > > Seriously, this is not Windows. Seriously, then this guy is telling a story ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Clamd issues on Centos 6.10
On 15.07.2018 00:13, Jay Hart wrote: Clamd failed to start. try removign it (yum remove ...) reboot and then reinstall it again (yum install ...)? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ca-certificates-2018.2.22-65.1.el6.noarch problematic
On 04.07.2018 18:37, Alice Wonder wrote: On 07/04/2018 08:54 AM, Walter H. wrote: Hello, the RPM ca-certificates-2018.2.22-65.1.el6.noarch has a big problem ... many certificates were removed - my proxy uses this as source and isn't able to validate correct any more - most sites show this: /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root Self-signed SSL Certificate in chain: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA and many other Root certificates are missing ... Not sure why they were removed but in the past, root certificates are removed due to problems with the certificate authorities that mean their signatures no longer mean the sites are who they say there. That's the problem with PKI. When you can't trust the root, you can't sign any certificate down the chain from the root. Unfortunately DANE is not yet supported by browsers. DANE is not a solution, it is another problem ... But anyway, does the changelog indicate why the certs were removed? where can I find the changelog? It may be a good thing - protecting you from potential MITM when you otherwise would have the assumption that the site is valid because it has a cert. depends ... this https://cdn.pbrd.co/images/Hs5VL82.png is not the cause of SSL everywhere, it is the answer of SSL everywhere ... I know digicert specifically has had problems before resulting in fraudulent certificates being issued. this had been in the past ..., not relevant to present time ... Hopefully the industry can move to DANE and make blind trust a thing of the past. before DANE, DNSSEC as a requirement has to be deployed ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] ca-certificates-2018.2.22-65.1.el6.noarch problematic
Hello, the RPM ca-certificates-2018.2.22-65.1.el6.noarch has a big problem ... many certificates were removed - my proxy uses this as source and isn't able to validate correct any more - most sites show this: /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root Self-signed SSL Certificate in chain: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA and many other Root certificates are missing ... Greetings, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba issues with Win 10
On 28.06.2018 16:30, mark wrote: Hi, folks, Just ran into a problem: someone with a new laptop, running Win 10, version 1709, tried to map their home directory (served from a CentOS 6.9 box, and it fails, with Windows complaining that it no longer supports SMBv1, and if you go to their site, you can install support for that manually The server running samba can *not* be updated to 7 - we have a lot of stuff based off it, and most of our users use it, one way or another, so it's a major thing when we do finally upgrade (or, more likely, replace the server). Has anyone run into this, and if so, any workarounds on the Linux end? mark the solution is to enable SMBv1 in Win10 ... look for this in the Knowledge-Base of Microsoft https://support.microsoft.com/en-sg/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Imap daemons for CentOS 6 (other then cyrus-imapd)
On Thu, June 21, 2018 23:23, Robert Heller wrote: > At Thu, 21 Jun 2018 20:42:50 +0200 CentOS mailing list wrote: > >> >> On 21.06.2018 19:28, Robert Heller wrote: >> > Are there any imap daemons (besides cyrus-imapd). cyrus-imapd is >> appearently >> > not compatible with postfix + procmail. I need an imap daemon that >> will work >> > with a postfix + procmail system. >> > >> the problem seems to be procmail, I use postfix and cyrus-imapd with no problems; > > No actually the problem is cyrus-imapd: cyrus-imapd expects all users to use > imap (or pop3) to access their E-Mail. of course, what else do you expect? (SSL is not the problem, as I'm using cyrus-imapd with SSL) here my settings in /etc/imapd.conf tls_cert_file: /etc/pki/cyrus-imapd/tls.crt/mail-host.crt tls_key_file: /etc/pki/cyrus-imapd/tls.key/mail-host.key tls_ca_file: /etc/pki/cyrus-imapd/tls.crt/server-chain-sslca.crt tls_cipher_list: EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:3DES:!SSLv2:+SSLv3:!RC4:!MD5:!IDEA:!SEED:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP tls_prefer_server_ciphers: 1 tls_versions: tls1_0 tls1_1 tls1_2 Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Imap daemons for CentOS 6 (other then cyrus-imapd)
On Thu, June 21, 2018 23:23, Robert Heller wrote: > At Thu, 21 Jun 2018 20:42:50 +0200 CentOS mailing list > wrote: > >> >> On 21.06.2018 19:28, Robert Heller wrote: >> > Are there any imap daemons (besides cyrus-imapd). cyrus-imapd is >> appearently >> > not compatible with postfix + procmail. I need an imap daemon that >> will work >> > with a postfix + procmail system. >> > >> the problem seems to be procmail, I use postfix and cyrus-imapd with no >> problems; > > No actually the problem is cyrus-imapd: cyrus-imapd expects all users to > use > imap (or pop3) to access their E-Mail. of course, what else do you expect? (SSL is not the problem, as I'm using cyrus-imapd with SSL) Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Imap daemons for CentOS 6 (other then cyrus-imapd)
On 21.06.2018 19:28, Robert Heller wrote: Are there any imap daemons (besides cyrus-imapd). cyrus-imapd is appearently not compatible with postfix + procmail. I need an imap daemon that will work with a postfix + procmail system. the problem seems to be procmail, I use postfix and cyrus-imapd with no problems; ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] invalid mirror .host-engine.com
Hello, how can I prevent of using these mirrors? # yum clean all Loaded plugins: fastestmirror, security Cleaning repos: base extras updates Cleaning up Everything Cleaning up list of fastest mirrors # yum update Loaded plugins: fastestmirror, security Setting up Update Process Determining fastest mirrors * base: centos.den.host-engine.com * extras: centos.den.host-engine.com * updates: centos.den.host-engine.com http://centos.den.host-engine.com/6/os/x86_64/repodata/repomd.xml: [Errno 12] Timeout on http://centos.den.host-engine.com/6/os/x86_64/repodata/repomd.xml: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds') Trying other mirror. base | 3.7 kB 00:00 http://centos.den.host-engine.com/6/extras/x86_64/repodata/repomd.xml: [Errno 12] Timeout on http://centos.den.host-engine.com/6/extras/x86_64/repodata/repomd.xml: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds') Trying other mirror. extras | 3.4 kB 00:00 http://centos.den.host-engine.com/6/updates/x86_64/repodata/repomd.xml: [Errno 12] Timeout on http://centos.den.host-engine.com/6/updates/x86_64/repodata/repomd.xml: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds') Trying other mirror. is there a way of setting up a DNS ZONE where requests to this domain get somewhat like 'not exist'? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] shutdown or poweroff?
Hello, just a simple question, my router has CentOS 6 with the apcupsd running, in the log of apcupsd I see this: 2018-02-01 19:05:54 +0100 apcupsd 3.14.12 (29 March 2014) redhat startup succeeded 2018-02-04 15:52:43 +0100 Power failure. 2018-02-04 15:52:49 +0100 Running on UPS batteries. 2018-02-04 15:53:00 +0100 Reached remaining time percentage limit on batteries. 2018-02-04 15:53:00 +0100 Initiating system shutdown! 2018-02-04 15:53:00 +0100 User logins prohibited 2018-02-04 15:53:37 +0100 apcupsd exiting, signal 15 2018-02-04 15:53:37 +0100 apcupsd shutdown succeeded does this mean the shutdown was successfull? is there other log where I can verify this: because shutting down squid takes almost a minute or so ... Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2017-12376
On 26.01.2018 15:09, Johnny Hughes wrote: On 01/26/2018 05:55 AM, Walter H. wrote: Hello, are there updates for this CVE with ClamAV f. CentOS 6 in progress? The CentOS Project does not release ClamAV. What repo are you getting it from? I see that it does exist in EPEL. from EPEL repo ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CVE-2017-12376
Hello, are there updates for this CVE with ClamAV f. CentOS 6 in progress? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754
Hello, will there be updates for these CVEs for CentOS 6? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Nvidia maximum pixel clock issue in kmod-nvidia-384.98
On Thu, January 4, 2018 05:22, Phil Perry wrote: > I couldn't find any reports upstream at nvidia so am unsure if they are > aware of the issue. For reference, my GK208 [GeForce GT 730] in my test > system is unaffected by the issue and is working fine with the 384.98 > driver over DVI. keep in mind that an nVIDIA GeForce is a consumer graphics device and the NVS xxx series device is a business product similar to the nVIDIA Quadro ... (with Windows they have different video drivers ...) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS6 davfs2 shows invalid free/total storage capacity
Hello, I have a CentOS6 VM with davfs2 where I mount WebDAV Shares; one I have at a storage hoster and one I configured myself on a virtual server I rented on a hoster; why does 'df' always show the same value for capacity [root@centos6-vm ~]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda3 11249272 7074512 3596664 67% / tmpfs 3932640393264 0% /dev/shm /dev/sda1 21803979340127231 39% /boot https://webdav.hidrive.strato.com/ 2664 1332 1332 50% /mnt/hidrive https://myserver.example.com/webdav/ 2664 1332 1332 50% /mnt/webdav the capacity of the hidrive is 5 GB and of mine abount 10 GB ... several time ago I had a hoster, where the correct values where shown, so this seems that this is a server setting, but how/where, I'm just doing this on my server (CentOS with default Apache RPM): DavLockDB /var/lib/dav/DavLock Alias /webdav/ "/var/www/webdav/" AllowOverride None Options +Indexes Dav On AuthType Basic AuthName "WebDAV" AuthUserFile /var/www/passwrds Require User walter are there any settings I can do on server side or can I do something on client side, be shown correct values ... Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] semi-OT:apcupsd
On 17.11.2017 16:16, m.r...@5-cent.us wrote: I can't seem to find apcupsd for C 6. Just went to epel's website, and not visible. Anyone have a clue? mark yum list | grep apcupsd shows this: apcupsd.x86_64 3.14.12-1.el6 @epel ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strrange behavior of VirtualHosts in Apache (CentOS6)
On Mon, November 13, 2017 15:54, Joseph L. Casale wrote: > -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Walter H. > Sent: Monday, November 13, 2017 4:32 AM > To: centos@centos.org > Subject: [CentOS] Strrange behavior of VirtualHosts in Apache (CentOS6) > >> Hello, >> >> there is a short explanation about virtual hosts in Apache ... >> https://wiki.centos.org/TipsAndTricks/ApacheVhostDefault > > That page has not been updated since 2009, while it may be correct > there is no reason not to use the correct documentation, the section > of interest is short: > https://httpd.apache.org/docs/2.4/vhosts/name-based.html >> >> ServerName host.example.org >> DocumentRoot /var/www/default >> > > So this becomes your default vhost when a match is not found and explains > why the php file is invoked when the order of specificity falls through. > >> http://mail.example.org/ <-- works >> http://smtp.example.org/ <-- doen't work >> http://smtp.example.org/host.php <-- gives the HTTP_HOST (PHP-script), >> but why? >> >> http://www.example.com/ <-- works >> http://hello.example.com/ <-- doesn't work >> http://hello.example.com/host.php <-- gives the HTTP_HOST (PHP-script), >> but why? > > Do you have the correct ip address in your vhost config? yes > I would > bet if you read the log, you will see what is happening and how it differs > from > what you expect. not really, the strange thing was something different; httpd -S lists all vhosts, and at last 'Syntax OK' and exact this was the strange; I'm used to add the port number to ServerAlias and this was the mistake ... httpd -S, didn't realize this I removed the port numbers from ServerAlias entries and now it works :-) > Some more in-depth details at > https://httpd.apache.org/docs/2.4/vhosts/details.html Greetings, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Strrange behavior of VirtualHosts in Apache (CentOS6)
Hello, there is a short explanation about virtual hosts in Apache ... https://wiki.centos.org/TipsAndTricks/ApacheVhostDefault the `hostname` gives a different donmain name than what should be hosted ... e.g. `hostname` is host.example.org and the domain to be hosted is example.com, so I did this: ServerName host.example.org DocumentRoot /var/www/default # used to get let's encrypt for the mail server ServerName mail.example.org ServerAlias smtp.example.org DocumentRoot /var/www/mail ServerName www.example.com DocumentRoot /var/www/domain ServerAlias *.example.com DocumentRoot /var/www/catchall the DocumentRoot directories are empty, only in /var/www/default I have a PHP script: host.php now the strange behavior; http://mail.example.org/ <-- works http://smtp.example.org/ <-- doen't work http://smtp.example.org/host.php <-- gives the HTTP_HOST (PHP-script), but why? http://www.example.com/ <-- works http://hello.example.com/ <-- doesn't work http://hello.example.com/host.php <-- gives the HTTP_HOST (PHP-script), but why? doesn't work does mean, that access/errors are logged in logfile of wrong virtual host ... where is my mistake; Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Advice for storage location ...
Hello, I have an incoming mailserver, and there I'm implementing a mailfilter, which I did like this: http://www.postfix.org/FILTER_README.html#simple_filter there they use /var/spool/filter in this sample script the temporary file is deleted; can I keep it there for a short time (1 week)? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Bash help
On 25.10.2017 18:47, Warren Young wrote: You’re making things hard on yourself by insisting on Bash, by the way. This solution is better expressed in Perl, Python, Ruby, Lua, JavaScript…probably dozens of languages. or just awk ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS6, IP6tables, Routing, TPROXY (squid34 epel package)
Hello, how do achieve this: how must files /etc/sysconfig/network-scripts/ look like to be the same as entering the following two commands ... ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local ::/0 dev lo table 100 is there the localhost device lo correct, or does it have to be br0? e.g. a file route-br0 with 192.168.1.0/24 via 10.10.10.1 dev br0 does the routing to the segment 192.168.1.0/24 via 10.10.10.1 /etc/sysconfig/ip6tables *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -N DIVERT -A DIVERT -j MARK --set-mark 1 -A DIVERT -j ACCEPT -A PREROUTING -i br0 -p tcp -m socket -j DIVERT -A PREROUTING -i br0 -p tcp -d 2a02:1788:2fd::b2ff:5302 --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i br0 -m tcp -p tcp --dport 22 -m state --state NEW -j ACCEPT -A INPUT -i br0 -m tcp -p tcp --dport 80 -m state --state NEW -j ACCEPT -A INPUT -i br0 -m tcp -p tcp --dport 443 -m state --state NEW -j ACCEPT -A INPUT -i br0 -m tcp -p tcp --dport 3129 -m state --state NEW -j ACCEPT the goal should be, that for specific IPv6 hosts (destination), the packets are redirected through the proxy running on the router box, other destinations should be just forwarded without proxy ... LAN port = br0 (dual stack), HE tunnel port = sit1 (ipv6 only), WAN port = eth1 (ipv4 only) Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fedora bugs and EOL [was Re: CentOS users: please try and provide feedback on Fedora] Boltron
On 31.07.2017 13:15, Johnny Hughes wrote: Running external things like VMWare Workstation (or other 3rd party custom compiled apps) is exactly what enterprise distros like RHEL, CentOS, Ubuntu LTS, SUSE SLES are designed for .. running things already compiled for a long period of time while providing security updates. yes, but impossible to stay up-to-date forever, as the upgrade e.g. from CentOS 6 to CentOS 7 is not supported ... If Windows is what you are trying to run, doing that on KVM works fine and the VMs are (usually :D) able to run as is when upgrading. to other versions. the goal would have been, to have a Linux as my desktop instead of Windows one day ... my virtual machines are not just Windows, also some ancient things ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fedora bugs and EOL [was Re: CentOS users: please try and provide feedback on Fedora] Boltron
On 31.07.2017 13:23, Mark Haney wrote: Uh, I run VMWare workstation just fine on my F26 upgraded machine. No, it didn't work when I upgraded, but it's trivial to fix. http://rglinuxtech.com/?p=1939 This link gets you a running workstation in about 5 minutes. not really, with this I only get the additional network interfaces listed with 'ifconfig', nothing more ..., I removed it, and wait for a VMware Wkst. Update ... (as this is just a test box, I can do this; if it were my essential box, I would have kicked Fedora from the harddisk and used Windows again, as I do on my essential box) No, this wasn't really a Fedora issue, it's a VMWare issue. doesn't really help me, the upgrade killed my VMware Workstation ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fedora bugs and EOL [was Re: CentOS users: please try and provide feedback on Fedora] Boltron
On 30.07.2017 20:22, Johnny Hughes wrote: On 07/30/2017 09:41 AM, Walter H. wrote: On 30.07.2017 14:29, Johnny Hughes wrote: I personally have a Fedora machine that I keep updated and do some work on all the time learning/testing. I just seamlessly upgraded it from Fedora 25 to Fedora 26 using a couple of dnf commands .. awesome experience actually. because of this feature to upgrade from one release to the next, I thought to test this on my old computer; fedora itself works fine, but this upgrade from 25 to 26 broke the vmware workstaion completely ... it doesn't work any more, any hints in net which could be found don't work ... and this was the goal to have a linux running with vmware workstation instead of my old windows ... but as it seems there is no way of achiving this ... Looking at VMWare Workstation, it does not seem to run on Fedora at all. It seems to run on : Ubuntu 16.04 Red Hat Enterprise Linux 7.1 CentOS 7.1 Oracle Linux 7 openSUSE 13.2 SUSE Linux Enterprise Server 12 So, I'm not sure how it was running on Fedora 25 to get messed up by an upgrade to Fedora 26. with Fedora 25 everything worked fine, even the upgrade from VMware Wkst 12.5.6 to 12.5.7 with automatic recompilation of neccessary kernel modules without my intervention ... and the same when a kernel upgrade among other updates occured on Fedora 25, everything worked fine ... but the upgrade from F25 to F26 killed my VMware Workstation :-( even the updates which occured after this upgrade didn't help ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fedora bugs and EOL [was Re: CentOS users: please try and provide feedback on Fedora] Boltron
On 30.07.2017 14:29, Johnny Hughes wrote: I personally have a Fedora machine that I keep updated and do some work on all the time learning/testing. I just seamlessly upgraded it from Fedora 25 to Fedora 26 using a couple of dnf commands .. awesome experience actually. because of this feature to upgrade from one release to the next, I thought to test this on my old computer; fedora itself works fine, but this upgrade from 25 to 26 broke the vmware workstaion completely ... it doesn't work any more, any hints in net which could be found don't work ... and this was the goal to have a linux running with vmware workstation instead of my old windows ... but as it seems there is no way of achiving this ... Obviously looking at Fedora 26 and the new Modularity components will be helpful for anyone who will be upgrading to newer RHEL or CentOS releases in the future. in case it is just a server this is already supported by RHEL (from 6 to 7) Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where is samba?
On 23.07.2017 19:56, mad.scientist.at.la...@tutanota.com wrote: Can I ask where people are downloading samba from? I followed the instructions in the centos wiki but it's hard to tell what to do next on the German site. It was easy before but totally murky now (at least to this wetware). a link or two or clearer/more complete instructions would be greatly appreciated. Samaba comes as RPM from CentOS samba.x86_64 3.6.23-43.el6_9 @updates samba-common.x86_64 3.6.23-43.el6_9 @updates samba-winbind.x86_64 3.6.23-43.el6_9 @updates samba-winbind-clients.x86_64 3.6.23-43.el6_9 @updates (from my CentOS 6 VM which has both Samba Client and Samba Server) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow Samba
On 23.07.2017 16:48, vychytraly . wrote: Thank you very much, I will try these. There are only Centos 7 and Windows 10 machines on the network. in case this doesn't give any diagnostic, look for iperf on both sides, linux and windows, this tests the native network speed ... https://iperf.fr/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow Samba
On 23.07.2017 13:08, vychytraly . wrote: Hello friends, I have a Gigabit network with few Windows and Centos 7 machines and I noticed that when copying files via Samba from: Windows to Windows I can copy files with speed of +- 120 MBps (I think this is the max speed gigabit network can provide) which Windows and which CentOS (6, 7) you are talking about? But when copying files from: Centos to Centos I get only speeds of about 40 MBps how do you copy from CentOS to CentOS - SMB, too? Windows to Centos 40 MBps Centos to Windows 40 MBps this seems to be, that SAMBA doesn't support SMB v2 or v3 can you try the following test, to see if it is not a problem deeper ... can you get WinSCP ... https://winscp.net/eng/download.php (the Portable executables suits) and connect with this from Windows to CentOS and try a file transfer here if it has nearly the same speed as with SAMBA, the problem is deeper if it is quite faster then the problem is SAMBA Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Messages during update 'yum update' at CentOS 6 VM
Hello, at the last update (Kernel updated from 2.6.32-696.3.2.el6.x86_64 to 2.6.32-696.6.3.el6.x86_64) I got these messages Updating : ipv6calc-1.0.0-20.el6.x86_64 6/25 /var/tmp/rpm-tmp.yi7R81: line 1: /usr/sbin/ldconfig: No such file or directory warning: %post(ipv6calc-1.0.0-20.el6.x86_64) scriptlet failed, exit status 127 Non-fatal POSTIN scriptlet failure in rpm package ipv6calc-1.0.0-20.el6.x86_64 Cleanup : ipv6calc-0.99.2-17.el6.x86_64 25/25 /var/tmp/rpm-tmp.i7G3si: line 1: /usr/sbin/ldconfig: No such file or directory warning: %postun(ipv6calc-0.99.2-17.el6.x86_64) scriptlet failed, exit status 127 Non-fatal POSTUN scriptlet failure in rpm package ipv6calc after this a ipv6calc -A conv6to4 77.88.99.111 works ... what does the messages should say to me ... Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Fwd: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?]
On 30.06.2017 18:11, Yves Bellefeuille wrote: Do you know this? "For operational use, shell access is assumed, and root privileges are required." It's not much of a secret that you can mess with a system if you have root access... and in case you restart the box, this hack is gone :-) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] what is causing this problem ... (yum, fastest mirror)
Hello, what is causing the following, and can someone give the solution which is mentioned at https://access.redhat.com/articles/1320623 by the way: why are the "fastest" mirrors from other continent? [root@host sysconfig]# yum clean all Loaded plugins: fastestmirror, security Cleaning repos: base epel extras updates Cleaning up Everything Cleaning up list of fastest mirrors [root@host sysconfig]# yum clean all Loaded plugins: fastestmirror, security Cleaning repos: base epel extras updates Cleaning up Everything [root@host sysconfig]# yum update Loaded plugins: fastestmirror, security Setting up Update Process Determining fastest mirrors epel/metalink | 12 kB 00:00 * base: mirror.genesisadaptive.com * epel: mirror.us.leaseweb.net * extras: mirror.genesisadaptive.com * updates: mirror.genesisadaptive.com base | 3.7 kB 00:00 base/primary_db | 4.7 MB 00:01 epel | 4.3 kB 00:00 http://mirror.us.leaseweb.net/epel/6/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel Trying other mirror. epel | 4.3 kB 00:00 https://download-ib01.fedoraproject.org/pub/epel/6/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel Trying other mirror. epel | 4.2 kB 00:00 https://mirror.us-midwest-1.nexcess.net/epel/6/x86_64/repodata/c259ce09172fc535ff3b556ccad8d2a02f128a2da95f0c1389ce9443800e225d-primary.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found" Trying other mirror. To address this issue please refer to the below knowledge base article https://access.redhat.com/articles/1320623 If above article doesn't help to resolve this issue please open a ticket with Red Hat Support. http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/repodata/c259ce09172fc535ff3b556ccad8d2a02f128a2da95f0c1389ce9443800e225d-primary.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found" Trying other mirror. epel/primary_db | 5.9 MB 00:01 extras | 3.4 kB 00:00 extras/primary_db | 29 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 2.0 MB 00:01 No Packages marked for Update ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question Mirrors ?
On 23.06.2017 21:31, m.r...@5-cent.us wrote: Walter H. wrote: this isn't fixed ... yum update Loaded plugins: fastestmirror, security Setting up Update Process Determining fastest mirrors epel/metalink | 14 kB 00:00 * base: centos.mirror.constant.com * epel: archive.linux.duke.edu * extras: centos.mirror.constant.com * updates: centos.mirror.constant.com base | 3.7 kB 00:00 base/primary_db | 4.7 MB 00:01 epel | 4.3 kB 00:00 http://archive.linux.duke.edu/pub/epel/6/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel Trying other mirror. Hey, they've gone onto a new and different error. We were getting "not a valid .xml file. Try yum clean all, then try it. this is the result after yum clean all ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question Mirrors ?
On 23.06.2017 17:02, m.r...@5-cent.us wrote: Fabian Arrotin wrote: On 23/06/17 12:22, Günther J. Niederwimmer wrote: Hello List, in the last weeks I have many, many Errors from chron hourly on my systems :- (. Have we broken or not updated mirrors in the yum config ? Can you give details please ? As per design there are *no* mirrors declared in the yum config files for CentOS, but they use the mirrorlist feature, that has all the current lists of mirrors that are validated/tested in loop Missed the beginning of this - has this been for a while, or just in the last couple days? If so, do you have EPEL enabled? We had tons of errors, due to the error with them. Fixed by yesterday. this isn't fixed ... yum update Loaded plugins: fastestmirror, security Setting up Update Process Determining fastest mirrors epel/metalink | 14 kB 00:00 * base: centos.mirror.constant.com * epel: archive.linux.duke.edu * extras: centos.mirror.constant.com * updates: centos.mirror.constant.com base | 3.7 kB 00:00 base/primary_db | 4.7 MB 00:01 epel | 4.3 kB 00:00 http://archive.linux.duke.edu/pub/epel/6/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel Trying other mirror. epel | 4.3 kB 00:00 http://fedora-epel.mirrors.tds.net/fedora-epel/6/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel Trying other mirror. epel | 4.2 kB 00:00 epel/primary_db | 5.9 MB 00:03 extras | 3.4 kB 00:00 extras/primary_db | 29 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 2.0 MB 00:00 No Packages marked for Update ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question Mirrors ?
On 23.06.2017 12:37, Anthony K wrote: On 23/06/17 20:22, Günther J. Niederwimmer wrote: Have we broken or not updated mirrors in the yum config ? Thanks for a answer, See *Problems with EPEL* further down the list. it is not EPEL itself ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPv6 addresses order (CentOS6)
On Wed, May 31, 2017 03:55, Steven Tardy wrote: > >> On May 30, 2017, at 3:26 AM, Walter H. >> wrote: >> >> is there a way to influence the order? > > Not sure what your use of multiple IPs is. . . but I'd probably use an > interface alias instead of secondary. > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-networkscripts-interfaces-alias.html Interface Alias and IPv6only? (the referenced guide only explains IPv4, I'm talking about IPv6 only) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] IPv6 addresses order (CentOS6)
Hello, in /etc/sysconfig/network-scripts/ifcfg-eth0 I have this ... IPV6INIT=yes IPV6ADDR=prefix::5 IPV6ADDR_SECONDARIES="prefix::2 prefix::3 prefix::4" IPV6_AUTOCONF=no IPV6_DEFAULTGW=prefix::1 IPV6_DEFAULTDEV=eth0 when I enter ifconfig the IPv6 addresses are in a different order eth0 Link encap:Ethernet HWaddr ... inet addr:... Bcast:... Mask:... inet6 addr: fe80::.../64 Scope:Link inet6 addr: prefix::4/64 Scope:Global inet6 addr: prefix::3/64 Scope:Global inet6 addr: prefix::5/64 Scope:Global inet6 addr: prefix::2/64 Scope:Global is there a way to influence the order? or how can I tell e.g. ssh to use a specific IPv6 address? (as it seems ssh uses the first one listed in ifconfig and not the one defined with IPV6ADDR) Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS6 and squid34 package ...
Hello what is the essential difference between the default squid package and this squid34 package, as I have problems using this squid34 package for FTP connections; there are no shown icons, when going to e.g. ftp://ftp.adobe.com/ when I tell the browser to show the image then I get this squid generated message ... the same config /etc/squid/squid.conf works with the default squid package ... While trying to retrieve the URL: http://proxy.local:3128/squid-internal-static/icons/silk/folder.png <http://zbox-ci323.waldinet.local:3128/squid-internal-static/icons/silk/folder.png> The following error was encountered: * *Access Denied. * Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is ... Generated Thu, 25 May 2017 06:50:02 GMT by proxy.local (squid/3.4.14) has anybody the hint for me, what is wrong ..., here is the /etc/squid/squid.conf acl localnet src 192.168.1.0/24 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access deny to_localhost http_access allow localnet http_access allow localhost http_access deny all http_reply_access allow all http_port 3128 cache_dir ufs /var/spool/squid 16400 16 256 coredump_dir /var/spool/squid nonhierarchical_direct off visible_hostname proxy.local unique_hostname proxy.local forwarded_for off cache_mem 2560 MB icon_directory /usr/share/squid/icons error_directory /etc/squid/errors as_whois_server whois.ra.net logformat combined %>A %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh access_log /var/log/squid/access.log combined refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 the same host has a running apache, where host proxy.local is a password protected web, which has the folling for port 80 RewriteCond %{HTTP_HOST} ^proxy\.local(:80)?$ [NC] RewriteRule ^/(.*)$ https://proxy.local/$1 [L,R=301] for port 443 AuthName Firewall/Router AuthType Basic AuthUserFile /var/www/passwrds Require User admin /var/log/squid/access.log has this ... client - - [25/May/2017:08:50:02 +0200] "GET http://proxy.local:3128/squid-internal-static/icons/silk/folder.png HTTP/1.1" 403 1655 "ftp://ftp.adobe.com/"; "UserAgent" TCP_DENIED:HIER_NONE the apache doesn't log anything in connection with this ... has anybody the hint for me, what is causing this? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mini PCs
On 17.05.2017 11:58, Robert Moskowitz wrote: http://www.ebay.com/itm/ZOTAC-ZBOX-NANO-Plus-Mini-PC-ZBOXNANO-AD12-PLUS-2GB-320GB-with-Power-Supply-56/382042194064?_trksid=p2045573.c100033.m2042&_trkparms=aid%3D111001%26algo%3DREC.SEED%26ao%3D1%26asc%3D41376%26meid%3Deae770f22d504a9b8366eb0c02dd20d6%26pid%3D100033%26rk%3D7%26rkt%3D8%26sd%3D152356229748 I will post power and other numbers here when I get the unit. Hi looked it up, this AMD CPU has a thermal design power of 18 W Greetings, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mini PCs
On Mon, May 15, 2017 09:53, wwp wrote: > On Mon, 15 May 2017 09:22:54 +0200 "Walter H." > wrote: > >> On Sun, May 14, 2017 11:00, wwp wrote: >> > On Sat, 13 May 2017 13:08:17 +0200 "Walter H." >> > wrote: >> > >> > This might become off-topic with my reply, but I'm curious: is there >> > any specific software you're running from CentOS on your zbox in order >> > to manage the rooter features? >> SSH? > > I think I've been unclear, sorry about that! I wanted to ask if you use > something, any helper installed on this rooter box, on top of > firewalld/iptables, in order to setup and administrate the NAT/rooting > (and eventually proxy) rules? I've configured it quite simple ... /etc/sysconfig/network_scripts: ifcfg-eth0 and ifcfg-wlan0 have this: BRIDGE=br0 ifcfg-br0 is LAN (Dual-Stack) ifcfg-eth1 is WAN (IPv4only) ifcfg-sit1 is an HE IPv6 tunnel (IPv6only) /etc/hostapd/hostapd.conf has this: interface=wlan0 bridge=br0 /etc/sysconfig/ip(6)tables have at the last lines this: # Log all other -A INPUT -j LOG --log-prefix "IP(v6)[IN]: " --log-level 7 -A FORWARD -j LOG --log-prefix "IP(v6)[FWD]: " --log-level 7 -A OUTPUT -j LOG --log-prefix "IP(v6)[OUT]: " --log-level 7 there runs a cronjob every hour, which sends an email like this: dmesg |grep -e "IP(v6)\[" |timefltr.pl for DNS a BIND is configured as caching DNS, and as authoritative master for my domain ... an Apache is configured only for some status pages like output of 'ifconfig', 'df', 'free', 'ip(6)tables -L -n -v', 'uptime' I programmed some simple network diagnostic: - traceroute(6) and ping(6) to a given dns/ip-host - nslookup of a given dns-name this is only reachable from LAN side; as I have a VM that runs a squid with SSL-interception, I made a mini-CA, the root is installed on my computers, one intermediate CA is used by squid, the other intermediate CA is used for signing a SSL certificate which I use on LAN side of my zbox or on my intranet (e.g. squirrel) to reach my squirrel, the apache does proxying ... when there is the need of changing firewall rules, I manually edit the files and reload ip(6)tables ... it is somewhat very individual, I'm thinking of sending SMS messages on special situations, e.g. the WAN IP address has changed (this happens about 2-3 times in a year) that's all ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mini PCs
On Sun, May 14, 2017 11:00, wwp wrote: > On Sat, 13 May 2017 13:08:17 +0200 "Walter H." > wrote: > >> On 13.05.2017 00:29, Robert Moskowitz wrote: >> > I have been working, for the past few years, with armv7 SOCs and have >> > a number of servers working. >> > >> > Intel, etal are catching up with ARM and I have seen ones like: >> > >> > https://www.aliexpress.com/item/NEW-Mini-pc-X86-4-Lan-Qotom-Q190G4N-with-celeron-J1900-quad-core-4-usb-VGA/32785346279.html >> > >> > >> I would take something similar to this: >> https://www.zotac.com/product/mini_pcs/zbox-ci323-nano >> (for this zbox I can tell you, that it works with CentOS, as I have one >> configured as firewall/router) > > This might become off-topic with my reply, but I'm curious: is there > any specific software you're running from CentOS on your zbox in order > to manage the rooter features? SSH? > I currently use, between my xDSL box and my LAN machines, an ATX-format > box running a pretty old GNU/Linux system with a Jay's Firewall setup > but I'd like to replace it w/ a fanless small barebone like the Zotac > CI327: ... this zbox has in comparison to the CI323 a different CPU, which I don't know if this is supported by CentOS (I didn't mention, that I use CentOS 6 ...) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mini PCs
On 13.05.2017 00:29, Robert Moskowitz wrote: I have been working, for the past few years, with armv7 SOCs and have a number of servers working. Intel, etal are catching up with ARM and I have seen ones like: https://www.aliexpress.com/item/NEW-Mini-pc-X86-4-Lan-Qotom-Q190G4N-with-celeron-J1900-quad-core-4-usb-VGA/32785346279.html I would take something similar to this: https://www.zotac.com/product/mini_pcs/zbox-ci323-nano (for this zbox I can tell you, that it works with CentOS, as I have one configured as firewall/router) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] TLSv1.3 support?
Hello, will the next update of CentOS 6 (6.10) have TLSv1.3 support? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logrotate failed ... (CentOS 6.9)
On 01.05.2017 13:15, James Pearson wrote: walte...@mathemainzel.info: I get regularily such a mail Anacron job 'cron.daily' on /etc/cron.daily/logrotate: error: error running non-shared postrotate script for /var/log/clamd.clamsmtp/clamsmtpd.log of '/var/log/clamd.clamsmtp/clamsmtpd.log' The following may help: https://bugzilla.redhat.com/show_bug.cgi?id=1376815 James Pearson Hello, I found your hint several time ago, this didn't solve it ... I don't understand this -killall -HUP clamd. 2>/dev/null || : +killall -HUP clamd. > /dev/null 2>&1 || true in the patch as the file has this pkill -SIGHUP -f clamd.clamsmtp >/dev/null 2>&1 || : in comparison /etc/logrotate.d/clamav has this killall -HUP clamd >/dev/null 2>&1 || : ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] logrotate failed ... (CentOS 6.9)
I get regularily such a mail Anacron job 'cron.daily' on /etc/cron.daily/logrotate: error: error running non-shared postrotate script for /var/log/clamd.clamsmtp/clamsmtpd.log of '/var/log/clamd.clamsmtp/clamsmtpd.log ' content of /etc/logrotate.d/clamsmtp /var/log/clamd.clamsmtp/clamsmtpd.log { monthly notifempty missingok postrotate pkill -SIGHUP -f clamd.clamsmtp >/dev/null 2>&1 || : endscript } when looking at ls: total 572 drwxr-xr-x. 2 clamsmtp mail 4096 May 1 03:15 . drwxr-xr-x. 6 root root 4096 May 1 03:15 .. -rw-r-. 1 clamsmtp mail953 May 1 08:43 clamsmtpd.log -rw-r-. 1 clamsmtp mail 109806 Jan 1 10:28 clamsmtpd.log-20170101 -rw-r-. 1 clamsmtp mail 114825 Feb 1 03:42 clamsmtpd.log-20170201 -rw-r-. 1 clamsmtp mail 101356 Mar 1 03:50 clamsmtpd.log-20170301 -rw-r-. 1 clamsmtp mail 112365 Apr 1 19:51 clamsmtpd.log-20170401 -rw-r-. 1 clamsmtp mail 104204 May 1 03:15 clamsmtpd.log-20170501 this shows normal where does this error mail come from? Thanks Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs
On 26.04.2017 08:58, Nicolas Kovacs wrote: Hi, I'm currently experimenting with a public server running CentOS 7. I have half a dozen production servers all running Slackware Linux, and I intend to progressively migrate them to CentOS, for a host of reasons (support cycle, package availability, SELinux, etc.) But before doing that, I have to figure out a few things that work differently under CentOS. Apache and SSL behave quite differently under these two distributions. So far, Apache is running fine with HTTP and hosts a series of virtual hosts. I have installed Certbot and created a Let's Encrypt certificate for the server. I have a "dummy" website under /var/www/html/default/html. I installed mod_ssl and only edited the following directives in /etc/httpd/conf.d/ssl.conf. I kept the default options for everything else. --8< ... DocumentRoot "/var/www/html/default/html" ServerName sd-41893.dedibox.fr:443 ... SSLCertificateFile /etc/letsencrypt/live/sd-41893.dedibox.fr/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/sd-41893.dedibox.fr/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/sd-41893.dedibox.fr/fullchain.pem --8< After restarting Apache, the website shows up correctly. https://sd-41893.dedibox.fr/ But when I test it using Qualys SSL Labs Server Test, the results are a disappointment. with this: SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!SSLv2:+SSLv3:!3DES:!RC4:!MD5:!IDEA:!SEED:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP' SSLHonorCipherOrder on SSLStrictSNIVHostCheck on you get Grade A+ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7, firefox, and flash
On Mon, Mar 06, 2017 at 04:48:28PM -0500, m.r...@5-cent.us wrote > I posted Friday about this oddity. Now I've got more data, and what's > happening is this: if I tell noscript to enable youtube and googlevideo in > one tab, not only does it affect *all* tabs, but also affects another > browser window opened from the first browser window. > > Anyone have any clues for a workaround fix? Generally, any change you make in a profile affects all tabs/windows opened by that profile. A workaround is to have a separate profile for each website (or group of websites) that you visit a lot. I've got over 20 profiles in Pale Moon ( a Firefox fork ) which still operates similarly to Firefox. Your program launcher/menubar would need to have entries corresponding to the separate profiles e.g. firefox -new-instance -p google firefox -new-instance -p slashdot firefox -new-instance -p wordpress firefox -new-instance -p youtube etc, etc. -- Walter Dnes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lenovo M900 with CentOS 7 strangeness
On Wed, Mar 01, 2017 at 05:55:21PM +0100, SZ, Zsolt wrote > Hello, > > I would like to install CentOS 7.3 on my new Lenovo M900 machine. I am > using the official 1 DVD installer. The installation process was fine > without any error but after reboot the USB keyboard and the USB mouse did > not work. Therefore I was not able to type anything or pass the first boot > screen. Only the power button is working. > > Any idea why? I believe the installation media is using the same kernel > components as the installed machine. So why the installer is working and > the installed system is not? Did you disable UHCI (low speed) USB support during the install? USB keyboards and mice use that protocol on Intel and Via USB chipsets. There's also an OHCI (low speed) USB driver for non-x86 chipsets. -- Walter Dnes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current situation with flash plugins?
On Fri, Feb 17, 2017 at 10:13:15AM -0600, Michael Hennebry wrote > Is Adobe the only provider of flash plugins? Yes. > Is it still a gaping security hole? If not kept up-to-date, yes. Adobe changed their minds a few months ago, and now provide up-to-date Flash 24.X for linux, complete with security patches as required. Of course, "zero-day exploits" can still happen. > Do the answers depend on the browser? Most browsers nowadays have the option to set one of 3 values... 1) Never activate 2) Ask-to-Activate (like the old NoFlash plugin) 3) Always activate The settings can be different for each profile. If you often visit a site that requires flash, you can set up a separate profile for it, and select option 3. For other profiles, you can use options 1 and/or 2. -- Walter Dnes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Licence text questions
On Sun, Feb 12, 2017 at 10:43:39AM -0500, Jonathan Billings wrote > The point I was making is to make the old CentOS 6.5 environment as > a chroot. That's exactly my intention. As I said in my original message... >> * or send out a 1.3 gigabyte centos65.tar.xz and give simple >>instructions to extract the archive, copy over /etc/resolv.conf, >>bind-mount /dev and /proc, chroot into the directory, and get >>going right away. The point of my first post was to ask about licencing. Regardless of whether I'm sending out a bootable ISO, or a QEMU disk image, or a tarred up chrootable directory, I'm re-distributing Open Source code and/or binaries, which I assume requires appropriate pointers to where they can be obtained. -- Walter Dnes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Licence text questions
On Sat, Feb 11, 2017 at 08:06:49AM -0500, Jonathan Billings wrote > Wouldn't this be easier done as a mock chroot? I realize you're > not building RPMs, but you could use the chroot for building any > software, and on any arbitrary CentOS or Fedora system. 1) Not everybody runs Fedora/Redhat/CentOS 2) The builds I'm doing are targetted at distros, like Puppy linux, which use older libs with backported security fixes. Pale Moon built in a chroot or mock chroot in CentOS 6.8 and up, let alone any modern distro, does not run on "Lucid Puppy" linux. That's because it'll expect the newer libs on the target machine. This is why I have to provide the entire old CentOS 6.5 environment complete with older libs to build against. -- Walter Dnes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Wich web browser on CentOS6 ?
On Sat, Feb 11, 2017 at 11:37:09AM +0100, Patrick Bégou wrote > Yes David, I'm using a release 32 of Firefox to reach my olds C6100 > IDRAC7 interface. > The problem is for latest Firefox versions as they require libgtk-3 not > available in Centos6/RHEL6 distribution. > > Today I use a very very bad solution to reach my switch with latest > firmware version from the latest Firefox available in CentOS: I disable > https and use http > Even if it is on a private network, in a dedicated vlan behind a > firewall... I don't like this. Hello; Disclosure: I'm the person who does the Pale Moon (Firefox fork) SSE contributed build for linux. Note: this build is 32-bit only. See https://forum.palemoon.org/viewtopic.php?f=40&t=13530&start=20#p105849 I subscribe to this list because I use a CentOS 6.5 chroot to do the builds, and I have occasional questions. SSE-only machines (i.e. no SSE2 instructions) are old Pentium 3 and similar. The SSE build will work on newer machines, but may be a bit slower than the standard build, because it does not use the SSE2 instruction set. Older machines often run distros like Puppy linux which use older glibc, gtk2, etc. Puppy linux does have security fixes backported. Because Pale Moon SSE version is built in CentOS 6.5, it should work in 32-bit CentOS. You can also try the mainline version of Pale Moon if you want 64-bit. http://linux.palemoon.org/ It uses gtk2, but I don't know if it's compatible with other old libraries that CentOS 6 uses. My build goes out of its way to be compatible with older libraries. -- Walter Dnes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Licence text questions
I'm running a CentOS 6.5 chroot to build Pale Moon (a Firefox fork) for older machines running distros like Puppy linux. Before anyone asks... * Yes, even though the older machines are using "ancient" glibc, etc, they do have security patches back-ported, e.g. http://www.murga-linux.com/puppy/viewtopic.php?t=90461 "Lucid Puppy Revitalized as 5.2.8.7 - December, 2016" * I realize that CentOS 6.5 is "not safe for surfing". It starts at the commandline, and the only network activity is pulling down source code with git, and scp to send the compiled package to the host, i.e. my desktop PC. If necessary, that could be done by the host OS. It's used for building, and nothing else. Currently just Pale Moon, but other software could also be built. Other people are interested in doing the same. My choices are... * explain how to install CentOS 6.5, which options to choose, turn off boot-to-gui, and how to download and build newer gcc, yasm, and python-2.7 to duplicate my build environment, etc, etc. * or send out a 1.3 gigabyte centos65.tar.xz and give simple instructions to extract the archive, copy over /etc/resolv.conf, bind-mount /dev and /proc, chroot into the directory, and get going right away. I'm not charging money, but the 2nd choice literally involves re-distributing CentOS, and additional Open Source software. I believe that I'm required to provide at least the location from which it can be obtained. Here's a first draft of my "licences.txt". Any problems, suggestions? The tarball is a collection of various Open Source software, assembled and bundled together by Walter Dnes . It's based on a 32-bit CentOS 6.5 install. Additional components necessary for the building of Pale Moon 27 were built from source. It was originally installed in a QEMU VM (Virtual Machine), and then rsync'd to a directory on the host machine for use as a chroot environment. The tarballed directory is intended to run as a chroot environment. The various softwares remain subject to their original licences. As required by many Open Source licences, here is a list of where the original software can be obtained. * The CentOS 6.5 distro can be obtained at http://vault.centos.org/6.5/isos/i386/CentOS-6.5-i386-bin-DVD1.iso http://vault.centos.org/6.5/isos/i386/CentOS-6.5-i386-bin-DVD2.iso DVD1 is approx 3.6 gigabytes and DVD2 is approx 1 gigabyte The following additional source code was downloaded and used to build additional infrastructure required for building Pale Moon. * Python 2.7.13 can be otained at https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz * gcc 4.9.4 can be obtained at http://gcc.parentingamerica.com/releases/gcc-4.9.4/gcc-4.9.4.tar.bz2 * gcc 5.4.0 can be obtained at http://gcc.parentingamerica.com/releases/gcc-5.4.0/gcc-5.4.0.tar.bz2 * YASM 1.3.0 can be obtained at http://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz ======== -- Walter Dnes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to downgrade gtk2 libs in CentOS 6.8?
On Mon, Jan 09, 2017 at 11:24:14AM +, James Pearson wrote > One way would be to do the build on the same OS as the 'older linux' ? The 'older linux' is "Lucid Puppy Revitalized as 5.2.8.7 - December, 2016" http://www.murga-linux.com/puppy/viewtopic.php?t=90461 It's a low-memory end-user distro, targetted at really old, low-memory machines. It can do simple compiles, but it's not a development environment suitable for building Pale Moon, which is an independant Firefox fork. > However, CentOS 6.5 shipped with gtk2-2.20.1-4.el6, CentOS 6.6 and > above shipped with gtk-2.24 - see http://vault.centos.org/6.5/os/ Thanks for the pointer; I didn't know about that URL. I'll try to get 6.5 up and running as a VM. > Otherwise, use a CentOS 6.5 VM to do the build (with the usual caveats > that 6.5 is old/out-of-date/etc)? That seems the best route. As it was, even on 6.8, I had to "yum install autoconf213", and manually downloand tarballs and build from source yasm, python 2.7, and gcc 4.9.4. I'm not a programmer, but I can "./configure --with-options && make && make install". It's no more difficult than "yum install ". I realize that CentOS 6.5 is "not safe for surfing", but I'll be using it only for doing builds. The build will not be statically linking in libraries, so CentOS security holes are not a problem. Lucid Puppy has an "ancient" glibc, but has backported patches for the "Ghost" exploit, etc. Ditto for ssl and other exploits. -- Walter Dnes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] How to downgrade gtk2 libs in CentOS 6.8?
Hi all. I'm using a CentOS 6.8 VM to do volunteer builds for an open source project. I want to build Pale Moon with a gtk2 library older than 2.24, to allow people with older linuxes to run it. Short summary, if built against version gtk2-2.24 and/or higher, the binary will use a function that does not exist in gtk2-2.23 and lower. Net result is that the program dies with an "undefined symbol:" error for people with machines lower than gtk2-2.24. Yes, before you ask, they do get security fixes backported. The hits from my Google search suggested... yum downgrade gtk2 The response from yum was... Only Upgrade available on package: gtk-2.24.23-8.e16.i686 Nothing to do Are there ways around this? -- Walter Dnes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Network Attached Storage
On 03.01.2017 00:56, TE Dukes wrote: The QNAP does have a lot of features that I'd probably never use. The only issue I have is what would be the end of life support. Would that matter if it's a backup device? yes when you have to change one HDD drive and doesn't get same type or size and so there are mixed HDDs running a pseudo hardware/software RAID ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Network Attached Storage
On Tue, January 3, 2017 00:17, TE Dukes wrote: > This for home use. Thought I'd start out with 2, 4TB drives, maybe 3 so I > could implement RAID 5. I have four computers to backup. Keep in mind, this has to be backed up, too; because a RAID failure can happen ... before implementing a RAID 5 with 3 disks plus hot spare, implement a RAID 6 with 4 disks; ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6: environment variables and cronjobs ...
Hello, in /etc/cron.d/test I've this: 50 15 * * * root ( date ; echo "---" ; env ; echo "---" ; set ) >>/tmp/test.txt and I thought I would be shown environment variables which are defined in e.g. /etc/profiles.d/proxy.sh or /etc/profiles.d/proxy.csh but this isn't like this ... where do I have to define e.g. export http_proxy="http://proxy.local:3128/"; in order to have it in cron jobs? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?
On Tue, November 22, 2016 22:40, James B. Byrne wrote: > > On Sun, November 20, 2016 12:43, Walter H. wrote: > >> >> https://box.domain1.com works >> but >> https://box.domain2.com results in 'Certificate name mismatch' >> >> > > What are the contents of the certificate(s) you have configured for > tls? What AltSubject names, if any, do the certificate(s) support? > both were wildcard certificates, one for each domain ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI? Solved ...
It is solved, I don't know why but SNI works only with hosts that are declared with ServerName and not with ServerAlias so I did the following ... I made an include file that contained everything of the virtualhost except the ServerAdmin and ServerName declarations and did this: ServerAdmin webmaster@domain#.com ServerName vhost.domain#.com:443 Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl ServerAdmin webmaster@domain#.com ServerName box.domain#.com:443 Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl ServerAdmin webmaster@domain#.com ServerName calcbox.domain#.com:443 Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl ... Greetings, Walter On 20.11.2016 18:24, Walter H. wrote: Hello, is Apache 2.2 which is part of the CentOS distribution capable of SNI? I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15) just did 'yum update' in /etc/httpd/conf/httpd.conf I've the following NameVirtualHost ipaddr:443 Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf both 'vhost'-files are like this: ServerAdmin webmaster@domain#.com ServerName vhost.domain#.com:443 ServerAlias box.domain#.com:443 ServerAlias calcbox.domain#.com:443 ServerAlias proxybox.domain#.com:443 ... SSLEngine on SSLStrictSNIVHostCheck on SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt ... only https://domain1.com/... works https://domain2.com/... results in a certificate CN mismatch ... what is missing in my config.? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?
On 20.11.2016 18:33, David Nelson wrote: It doesn't appear you have a ServerName or ServerAlias for the naked domains (sans subdomain), so they're both being answered by the first VirtualHost entry? this is not the problem meant https://box.domain1.com works but https://box.domain2.com results in 'Certificate name mismatch' Thanks, Walter On Nov 20, 2016, at 9:24 AM, Walter H. wrote: Hello, is Apache 2.2 which is part of the CentOS distribution capable of SNI? I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15) just did 'yum update' in /etc/httpd/conf/httpd.conf I've the following NameVirtualHost ipaddr:443 Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf both 'vhost'-files are like this: ServerAdmin webmaster@domain#.com ServerName vhost.domain#.com:443 ServerAlias box.domain#.com:443 ServerAlias calcbox.domain#.com:443 ServerAlias proxybox.domain#.com:443 ... SSLEngine on SSLStrictSNIVHostCheck on SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt ... only https://domain1.com/... works https://domain2.com/... results in a certificate CN mismatch ... what is missing in my config.? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6, Apache 2.2.15 and SNI?
Hello, is Apache 2.2 which is part of the CentOS distribution capable of SNI? I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15) just did 'yum update' in /etc/httpd/conf/httpd.conf I've the following NameVirtualHost ipaddr:443 Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf both 'vhost'-files are like this: ServerAdmin webmaster@domain#.com ServerName vhost.domain#.com:443 ServerAlias box.domain#.com:443 ServerAlias calcbox.domain#.com:443 ServerAlias proxybox.domain#.com:443 ... SSLEngine on SSLStrictSNIVHostCheck on SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt ... only https://domain1.com/... works https://domain2.com/... results in a certificate CN mismatch ... what is missing in my config.? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SCL devtoolset-3 or 4 without eclipse?
On Fri, Nov 18, 2016 at 09:47:29AM -0800, Robert Arkiletian wrote > Is there a way to install devtoolset packages without the bloat of eclipse? > > I just want the new compiler and toolchain, not a big IDE. > > BTW devtoolset-3 dependencies are broken in yum with C6 You can do it manually as per the instructions at https://gcc.gnu.org/wiki/InstallingGCC Step 1) Download and extract the tarball for the gcc version you need. I'll use gcc-5.4.0 in this example. Substitute whichever version you actually need. # wget http://ftpmirror.gnu.org/gcc/gcc-5.4.0/gcc-5.4.0.tar.bz2 tar xjf gcc-5.4.0.tar.bz2 # Step 2) The tarball does not contain gmp, mpc, mpfr, and isl libs. To get them, and have them compiled in when you build gcc, you *MUST* run the "download_prerequisites" script from the top-level GCC source dir. It downloads and extracts the appropriate versions corresponding to the version of gcc that you've downloaded. # cd gcc-5.4.0 contrib/download_prerequisites # Step 3) Build and install gcc. The flags and enabled languages you need may differ from mine, so check the "configure" parameters for your use case. I've enabled backwards compatability, and set it to install in $HOME/gcc540 so that the entire build+install process can be done as a regular user. Note that you *MUST NOT* run ./configure from the GCC source dir. # mkdir gcc-5.4.0/gcc-build && cd gcc-5.4.0/gcc-build ../configure --prefix=$HOME/gcc540 \ --disable-multilib \ --enable-libstdcxx-threads \ --enable-libstdcxx-time \ --enable-shared \ --enable-__cxa_atexit \ --disable-libunwind-exceptions \ --disable-libada \ --with-default-libstdcxx-abi=gcc4-compatible # # Depends on how many cores your cpu has. make -j4 make install # Step 4) Your /usr/bin/gcc remains the default gcc compiler. When you want to use the gcc from $HOME/gcc540 you must *SOURCE* the following commands. Put them in a *PLAIN TEXT* file. Do *NOT* set it executable or begin it with "#!/bin/bash". Think of it as an "include file for bash". If the file is named "setgcc", then execute it like so at the start of your build script... # . setgcc # The commands in the file, to run gcc from $HOME/gcc540 would be # export GCCX_ROOT=$HOME/gcc540 export PATH=$GCCX_ROOT/bin:$PATH export MANPATH=$GCCX_ROOT/share/man:MANPATH export INFOPATH=$GCCX_ROOT/share/info:$INFOPATH export LD_LIBRARY_PATH=$GCCX_ROOT/lib64:$GCCX_ROOT/lib:$LD_LIBRARY_PATH export LD_RUN_PATH=$GCCX_ROOT/lib64:$GCCX_ROOT/lib:$LD_RUN_PATH export LIBRARY_PATH=$GCCX_ROOT/lib64:$GCCX_ROOT/lib:$LIBRARY_PATH export INCLUDE_PATH=$GCCX_ROOT/include:$INCLUDE_PATH export CPLUS_INCLUDE_PATH=$GCCX_ROOT/include:$CPLUS_INCLUDE_PATH export C_INCLUDE_PATH=$GCCX_ROOT/include:$C_INCLUDE_PATH # The above assumes a 64-bit install. If you're running a 32-bit install, change all occurences of "lib64" to "lib". -- Walter Dnes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Keyboard layout on remote, local, ... CentOS 6; strange behaviour
Hello, I did the following: in /boot/grub/menu.lst I added/replaced KEYTABLE=us-acentos in /etc/sysconfig/keyboard I have this: KEYTABLE="us-acentos" MODEL="pc105" LAYOUT="us" KEYBOARDTYPE="pc" VARIANT="intl" my host system is Windows; and for connecting to Linux terminal I use PuTTY in Windows I have configured German keyboard layout; what would someone expect, when using PuTTY to connect to the above configured CentOS 6 I thought that there I have the US intl layout; but its German; when I switch the keyboard layout in Windows to US intl. and connect to a CentOS 6, where the following is configured in /boot/grub/menu.lst KEYTABLE=de-latin1-nodeadkeys and in /etc/sysconfig/keyboard this: KEYTABLE="de-latin1-nodeadkeys" MODEL="pc105" LAYOUT="de" KEYBOARDTYPE="pc" VARIANT="nodeadkeys" here I thought I have German keyboard layout, but it isn't; it's US in short: why do I have the keyboard layout, which is configured at the host running PuTTY and not which is configured in CentOS? when I log into the Linux directly at the console, I do have the configured keyboard layout; Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos