Re: [CentOS] CentOS Stream from bottom works, what is this?

[Barry Brimer]

On Wed, 9 Dec 2020, Johnny Hughes wrote:


On 12/9/20 8:54 AM, Bernstein, Noam CIV USN NRL (6393) Washington DC
(USA) via CentOS wrote:

On Dec 9, 2020, at 9:45 AM, Johnny Hughes 
mailto:joh...@centos.org>> wrote:

CentOS Stream is built from the currently released RHEL Source Code + 0.1

So if RHEL 8.3 is released .. Stream is the Source Code (built) that
will become 8.4 in a few months.

If this statement is exactly correct, then I think a lot of the issues in this 
thread may be easy to address.  However, the question is whether it is really
"That will become"
or actually
"That might become, if it turns out to be stable enough,"

I.e., to me the critical question is how often (in practice) will updates that 
have problems, and will not actually make it into RHEL, end up in CentOS 
Stream.  Presumably all such updates will be superseded in Stream by corrected 
ones, before they're in RHEL.

In fact, would it be possible, to list the final versions of each package's 
update at the moment of the RHEL release, and only do the CentOS Stream update 
based on that list?



There is one source for the source code that will be used.  While in
stream it will iterative (the push a bunch of changes today .. the build
those change today).  Those go through a CI process and get released
into stream.

When it comes time to build rhel 8.4 it will come from the same source code.


If a bug were to make it into CentOS Stream, and identified before RHEL 
8.4 was released, would an updated/fixed package be produced and placed into 
CentOS Stream?


If a bug were to make it past CentOS Stream and into RHEL 8.4 and the bug 
is then identified and fixed after the release of RHEL 8.4 would an 
updated/fixed package be produced and placed into CentOS Stream in the 
same timeframe or only if/when updated packages and their dependencies 
were made/released into CentOS Stream for updated features for RHEL 8.5?


If the same happened in the previous question but was in a package or set 
of packages that was being rebased in 8.5 would it work the same way?


Thanks,
Barry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/

[Barry Brimer]

On Wed, 9 Dec 2020, Louis Lagendijk wrote:


On Wed, 2020-12-09 at 15:13 +, Phil Perry wrote:


If
you are able to retain kernel ABI compatibility between RHEL8 and
Stream
kernels, then we (and other OEMs) will be able to continue to
support
Stream users, otherwise Stream users will have to look to
alternative
solutions.

Phil


Maybe offering 2 kernels in stream may solve your problem? A "latest
point release" and a "rolling version"? I realize that this may cause
issues with packages that really need the new kernel features


Perhaps using the Red Hat compatible kernel (if that's what it's still 
called, I haven't followed any recent naming changes) from Oracle Linux 
could be considered? Not that this isn't messy, but might provide what's 
missing?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Barry Brimer]

I just installed this on a previously fully updated CentOS Linux 6 (x86_64) VM. 
The package installed fine, the sudo functionality still works but according to 
the test described in the qualys advisory of running "sudoedit -s /” (without 
quotes) this system is still vulnerable.

My CentOS Linux 7 (x86_64), CentOS Linux 8 (x86_64), and CentOS Stream 8 
(x86_64) VM running the actual CentOS package do not appear vulnerable running 
this test.

Migrating the previously mentioned CentOS Linux 6 vm to Oracle Linux and 
running the same test shows the fully updated Oracle Linux 6 to be vulnerable 
as well.

Has anyone else tried this? Do your results match or differ from mine?

Thanks,
Barry

On January 28, 2021 9:15:47 AM UTC, James Pearson  
wrote:
>Maxim Shpakov:
>>
>> You can use oracle linux 6 , it is still supported (till March 2021)
>
>Looks like Oracle's el6 sudo update is now available:
>
>https://yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.x86_64.rpm
>https://yum.oracle.com/repo/OracleLinux/OL6/latest/i386/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.i686.rpm
>http://oss.oracle.com/ol6/SRPMS-updates/sudo-1.8.6p3-29.0.2.el6_10.3.src.rpm
>
>* Tue Jan 26 2021 Qing Lin  -
>1.8.6p3-29.0.2.el6_10.3
>- backport the fix CVE-2021-3156.patch from ol7.
>
>James Pearson
>___
>CentOS mailing list
>CentOS@centos.org
>https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] remote disk decryption on centos?

[Barry Brimer]

On Fri, 12 Mar 2021 ept8e...@secmail.pro wrote:


Hi I was reading about how unlock encrypted root partition from remote
(unattended). I'd like asking what is compatible way for this in centos
and commonly used by administrators?

I think most simple is install dropbear in initramfs for allow remote SSH
and manual enter passphrase. I find many HOWTO for that on debian/ubuntu,
but nothing for centos.

Is there any help, recommend or HOWTO available for centos?

Example reference:
https://security.stackexchange.com/questions/161974/unattended-disk-encryption/204369#204369


Is this what you're looking for?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] printing on C8S

[Barry Brimer]

On Thu, 6 Jan 2022, Fred wrote:


OK, I give up. How do I configure a printer on Centos 8 Stream? I can't
find any tools for doing that.

further, there doesn't seem to be a cups executable (which should allow
setting up a printer) though there ARE a bunch of cups packages installed.


According to 

The everywhere driver is used for nearly all modern networks printers sold 
since about 2009. For example, the following command creates a destination 
for a printer at IP address 11.22.33.44:


lpadmin -p printername -E -v ipp://11.22.33.44/ipp/print -m everywhere

On a Fedora 35 machine, which should probably be pretty close to C8S, the 
lpadmin executable is provided by the standard cups rpm


$ rpm -qf $(which lpadmin)
cups-2.3.3op2-11.fc35.x86_64

Hope this helps,
Barry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can't get forwarding to work

[Barry Brimer]

> Hello all:
>
> I am having trouble getting port forwarding
> with iptables to work.
>
> I have this configuration:
>
> Internet --- Linux machine --- Windows machine
>
> The windows machine is set up to listen on
> IP address 10.0.0.31
>
> I am able to use lynx to connect to http://10.0.0.31 on
> the linux machine so there is no problem going from
> the linux machine to the windows machine.
>
> I have tied a public IP address a.b.c.d to the
> linux machine and entered these rules in its
> firewall:
>
> /sbin/ifconfig eth0:1 $WIN_EXTERNAL_IP netmask $ETH0_NETMASK broadcast
> $ETH0_BCAST
> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $WIN_EXTERNAL_IP
> --dport 80 -j DNAT --to $WIN_INTERNAL_IP:80
> /sbin/iptables -A FORWARD -p tcp -i eth0 -d $WIN_INTERNAL_IP --dport 80 -j
> ACCEPT
>
> I have this log entry at the bottom of the firewall rules:
>
> /sbin/iptables -A FORWARD -j LOG --log-prefix "FORWARD "
>
> When I try to go to the external IP address http://a.b.c.d from
> another network, I get an error.

Do you have return POSTROUTING rules in your iptables nat table, have you 
enabled ip forwarding?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can't get forwarding to work

[Barry Brimer]

> I changed my rules to these:
>
> /sbin/iptables -t nat -A PREROUTING -d $WIN_EXTERNAL_IP -j DNAT --to
> $WIN_INTERNAL_IP
> /sbin/iptables -t nat -A POSTROUTING -s $WIN_INTERNAL_IP -j SNAT --to
> $WIN_EXTERNAL_IP
>
> And I am still not seeing anything log on the firewall log
> and the connection is not working.

I don't believe you need the forward rule since you're doing NAT.  What 
does your entire NAT table look like?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux...

[Barry Brimer]

Quoting m.r...@5-cent.us:

> Have I mentioned that I am less than enthralled with selinux?
>
> My latest issue is continuing messages in the /var/log/messages, which
> complain, for example, that siteminder can't write to smagent log (well,
> it can, since we've got selinux in permissive mode, and no, we have no
> control over using either siteminder or selinux).
>
> I've done what it says will solve the problem. A number of times.
> Discussing it with my manager, it seems as though selinux DOES NOT HAVE
> CORRECT ERROR HANDLING, and is falling through to a default error, and is
> *not* telling me the true cause.

What is the error?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] resolv.conf rewritten every reboot. How to figure out who and why?

[Barry Brimer]

Quoting Dave :

> On Thu, Oct 8, 2009 at 11:44 AM, Craig White  wrote:
> > On Thu, 2009-10-08 at 11:19 -1000, Dave wrote:
> >> [r...@lee1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
> [snip]
> >> PEERDNS=yes
> > - ^^^
> > change to PEERDNS=no
>
>
> What man page would tell me what this means? How should I have known
> that's what I should do, if I were lacking the luxury of being told by
> one wiser than myself?

/usr/share/doc/initscripts-*/sysconfig.txt
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] resolv.conf rewritten every reboot. How to figure out who and why?

[Barry Brimer]

I haven't been following this thread very closely since my last post, but 
if you want to know who is doing what ... use auditctl. 


Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables - Forwarding with port translation thru an OpenVPN tunnel

[Barry Brimer]

> I have a CentOS-5.3 "main" server with a static public IP address
> running Apache, OpenVPN, and a bunch of other services.
>
> The primary IP address for the only NIC in this box is used by
> Apache on standard ports 80 and 443.   I have a secondary
> static public IP address assigned to this same NIC as eth0:1
>
> I have a working OpenVPN tunnel going to another CentOS-5.3 server
> which has Apache listening on its eth0 NIC for requests on non-standard
> ports 29080 and 29443(don't ask!).  This server is accessible on its
> static public IP address and thru OpenVPN tunnel from the main server.
>
> The main server is the OpenVPN server as well, with private IP address
> 172.16.xxx.1/32 auto-assigned to it.  The second server is a VPN client
> with IP address 172.16.xxx.yyy/32 assigned.  The narrow netmasks are the
> OpenVPN default, presumably used for isolation among multiple clients.
>
> OpenVPN is configured to run over the main server's NIC via its eth0:1
> secondary IP address  64.aaa.bbb.cccThe main server has a static
> route set up between its eth0:1 IP and the remote server's public
> IP address (not the tunnel IP).  This route is only there so that during
> initial VPN negotiations the data will move via eth0:1's IP address.
>
> Things like ping, SSH, scp and HTTP/HTTPS all work correctly thru the
> VPN in both directions, so the VPN itself is solid.
>
> Ok, so now I want external HTTP/HTTPS requests made to the main
> server's eth0:1 public IP address to be forwarded thru the VPN to the
> second remote server, with port translation along the way.
>
> Here is what I want to happen:
>
> Outside world HTTP/HTTPS requests to eth0:1 ports 80/443
>|
>V
> CentOS eth0:1 (64.aaa.bbb.ccc)
>|
>V
> Translate to ports 29080/29443
>|
>V
> Forward requests thru the tunnel to 172.16.xxx.yyy
>|
>V
> Remote Apache responds, packets return thru VPN to "main"
>|
>V
> Response goes back to the outside world via 64.aaa.bbb.ccc
>
>
> HTTP/HTTPS requests to the 64.aaa.bbb.ccc public IP just hang and time out.
> Direct requests to the remote server on the non-standard ports work fine.
> I've tried lots of iptables example entries found on several forums but so
> far none of them seem to work.
>
> Does anyone have a cookbook-like complete set of iptables rules that will
> accomplish what I need?  Is it possible I need to set up strong-end routing
> on the remote server to send the response packets back thru the VPN? (such a
> pain to configure)   Any assistance will be most gratefully received!

I don't have a cookbook per se .. but here's my 30-second attempt:

1.  You need a PREROUTING DNAT rule to redirect traffic to the VPN address 
of the other web server.
2.  You need a POSTROUTING SNAT rule to ensure that all of the traffic 
comes back to the main server (of course your web server logs will have 
all the connections from the main server's VPN IP address in its log 
files) **OR** the default route of the web server needs to be the VPN IP 
address on the main server.
3.  You need a POSTROUTING SNAT rule to SNAT the appropriate traffic out 
from the desired IP address.

You *might* be able to you policy routing to help in steps 2 and 3.

Hope this helps,
Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpm --freshen issue (was: Re: Caught between a Red Hat and a CentOS)

[Barry Brimer]

On Wed, 21 Oct 2009, ken wrote:

>
> On 10/20/2009 12:15 PM Benjamin Franz wrote:
>> ken wrote:
>>> Okay, here's one. Maybe someone here can figure it out.
>>> Upgrading from 4.5 to 4.5.  From a 4.6 ISO I copied all the RPMs into a
>>> directory... let's call it c:/install :).   Now the oracle dba has
>>> strict parameters on what versions can be installed and which can't.
>>> The rpms in c:/install meet those requirements.  In addition, since this
>>> is a production machine, it can be down at most for one day.  So all I
>>> want to do is upgrade what's currently on the system.  Moreover, if
>>> something horks, I want two chances to back out (the second being asking
>>> the backup guy to put the system back to yesterday).  The command to do
>>> this would be
>>>
>>> rpm --freshen --repackage *
>>>
>>> run in that crazy c:/install directory (or what the redhat guy called, a
>>> "folder").  This command runs fine for one file which has no
>>> dependencies (i.e., change '*' to a specific rpm).  It also upgrades
>>> three or four co-dependent rpms if they're narrowly specified.  But if
>>> the file/rpm spec is '*', rpm complains about two missing dependencies
>>> and stops.
>>>
>>> Yeah, this directory contains 1507 rpms (IIRC)... which is a lot, but it
>>> should still work.  This is Linux, after all.  And there's plenty enough
>>> memory and cpu to handle it.
>>>
>>
>> Running
>>
>> rpm --freshen --repackage *
>>
>> for 1500+ rpms  probably exceeds the maximum character length for some
>> part of the system after expansion of the '*'  by the shell.
>
> That was my first suspicion too.  The redhat tech didn't bring that up
> though.  (That doesn't mean I'm going to ignore that as a possible
> workaround; the original conversation here was about tech support per
> se.  Of course I'm still seeking ways to do the job.  And so thanks for
> the suggestion.)
>
> I, too, recall reading some years back about a bash line length limit.
> Back then, a long time ago, it was 2048 characters.  So I ran "echo *"
> in that same install/ directory and the output included all 1507 files.
> So the problem's not with a bash command line length limit, but still
> pointing to the "rpm" command.
>
>
>
>>
>> Try breaking it up into smaller chunks (say two or three hundred at a
>> time). You can match subsets of the files using shell expansions like
>>
>> rpm --freshen --repackage [a-g]*
>>
>> and tweak the line for any dependency complaints manually.
>
> This solution occurred to me also.  And right now it's a top contender
> (along with another I'll mention shortly).  If the job environment were
> different, I'd go with it.  But my boss is making me jump through a lot
> of hoops for this project.  This upgrade from v.4.5 to v.4.6 needs to
> happen in a single, specified day *and* my boss needs to know how long
> it will take me to accomplish, this so the Oracle dba knows when he can
> start to on what he's got to do for this upgrade.  And I have at most
> fifteen hours (i.e., two working days) to come up with this fool-proof
> plan.  Plus, I don't have a test box to try things out on.  But I've had
> to do trickier stuff than this in the past with not dissimilar time
> constraints, so though I should be taking extra boxers to work, I'm not
> (yet).
>
> So what I was thinking of doing is scripting the solution you suggest
> above.  But then, if I'm going to script something, I might as well
> write a script that will take on the entire task wholistically.  I mean
> something like this:
>
> ls -1 install/ > what-to-upgrade.list  # create package list
> while read package | {upgrade package}  #just quasi-code here. Loop.
> if {there's nothing to upgrade}
>  remove pkg from what-to-upgrade.list
>  log this
>  continue
> fi
> if {there are dependencies}
> then for {each dependency} {upgrade package}  # yep, recursion
> fi
> else [upgrade package} # simplest case, just upgrade one pkg
>
> The {upgrade package} function would be fairly simple (I think):
> - Find the correct package in the install/ directory (containing the
> RPMs for v.4.6).
> - Upgrade the 4.5 package with that correct 4.6 package.
> - Confirm that the 4.6 is installed.
> - Remove that package name from what-to-upgrade.list
> - Log that this package has been upgraded.
>
> I already see some bogus stuff here, but I'm writing this on the fly.
> Point is, it seems do-able, and probably within the time constraints.
> And then, what are the alternatives?
>
> One, suggested by the redhat tech (about whom there's more news...
> later), is to use up2date.  I read the manpage on it and it's pretty
> vague.  I'm sure I have, but I don't recall using it before, so I can't
> fill in the details which the manpage lacks.  Lastly, I don't see a way
> to test up2date to see if it will work within my (dba's) specific
> parameters.

If you add --aid on the end of your rpm command, and you are in the 
directory with the rpms, it should solve any dependency issues for you 
provi

Re: [CentOS] Not able to FTP since 5.4

[Barry Brimer]

> I do not use ftp much lately, but my bro did and noticed we cannot ftp to
> the server since the upgrade.
>
> Using VSFTP.
> Tried rebooting but nothing.
>
> Looks like it goes through the whole process and then 'bam'.
> Could not find an error log that listed the error anywhere.
>
> Worked great before 5.4 update, now it does not work at all.

If you are using iptables, make sure you have ip_conntrack_ftp loaded. 
This can be accomplished by making sure that ip_conntrack_ftp appears in 
the "IPTABLES_MODULES" line in /etc/sysconfig/iptables-config and restart 
iptables.  Either that or try turning off iptables temporarily to test.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How Can I change CentOS CLI Screen Resolution to smaller text (without GUI)?

[Barry Brimer]

> Hi,
>
> I'd like to view the Screen resolution in smaller text on my server
> terminal.  The server is not installed with any GUI so it's in plain text
> mode.

Google for linux vga modes

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Inquiry:How to enable "NAT" on CentOS 5 ?

[Barry Brimer]

> Dear All
> On my CentOS 5 , I installed the Asterisk 1.4.13 and DECT application
> software and then when I want to try for "NAT" I issue as the followings :
> #iptables -t nat -A POSTROUTING -s 10.20.30.0/24 -o eth0 -j MASQUERADE
> But it didn't get through . So I checked if the "NAT" is enabled on
> my CentOS server , as the followings :
> #echo "1" > /proc/sys/net/ipv4/ip_forward
> But still I cannot try for "NAT" . Can you please let me know which other
> setings maybe influenced and need to be checked for enabling the "NAT" ?

You have your outgoing traffic NATed .. but you need a PREROUTING rule to 
forward the traffic to your Asterisk server.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] College student printer for CentOS 5.4 x86_64?

[Barry Brimer]

> What would the community recommend? His needs are simple...mostly B&W
> papers.  On rare occasions he needs to print a paper with color
> photos/graphs embedded. Not looking to spend a lot, just enough to
> satisfy the requirement.

Install cups-pdf and have pdfs created by any application that can print. 
Save those somewhere that can be used by both (fat partition, usb stick, 
send email to himself, etc) and then print in Vista.  cups-pdf is 
available from epel repo.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Inquiry:yum?

[Barry Brimer]

> With many thanks for your help , please let me know why I am receiving the
> followings ?
> [r...@mss-1 tmp]# rpm -Uvh yum-3.2.22-20.el5.centos.noarch.rpm
> warning: yum-3.2.22-20.el5.centos.noarch.rpm: Header V3 DSA signature:
> NOKEY, key ID e8562897
> error: Failed dependencies:
>python-elementtree is needed by yum-3.2.22-20.el5.centos.noarch
>python-iniparse is needed by yum-3.2.22-20.el5.centos.noarch
>python-sqlite is needed by yum-3.2.22-20.el5.centos.noarch
>urlgrabber >= 3.1.0 is needed by yum-3.2.22-20.el5.centos.noarch
>yum-fastestmirror is needed by yum-3.2.22-20.el5.centos.noarch
>yum-metadata-parser >= 1.1.0 is needed by
> yum-3.2.22-20.el5.centos.noarch

You need to get the packages listed above that are dependencies of yum. 
Download each of these packages from the same mirror site you downloaded 
the yum package from.  Put them all in the same directory (without other 
RPMs) and run "rpm -Uvh *.rpm"

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Inquiry:yum?

[Barry Brimer]

> I tried for the other engaged rpm packages one-by-one . But at last , only
> the following one remained as unresolved :
> [r...@mss-1 tmp]# rpm -Uvh yum-fastestmirror-1.1.16-13.el5.centos.noarch.rpm
> warning: yum-fastestmirror-1.1.16-13.el5.centos.noarch.rpm: Header V3 DSA
> signature: NOKEY, key ID e8562897
> error: Failed dependencies:
>yum >= 3.0 is needed by
> yum-fastestmirror-1.1.16-13.el5.centos.noarch
> Can you please let me know why it does not come to an end ?

What is the output of "lsb_release -a"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ip range cidr calculator

[Barry Brimer]

> I found a command-line program that did this once before, used it for a
> while and then forgot about it until right now and I'll be damned if I
> can find it again.
>
> A command line IP calculator that takes an address range and give it
> back in cidr format.
>
> I found an online one that does this here:
>
> http://www.ipaddresslocation.org/subnet-mask-calculator.php
>
> But I would prefer to have the commandline one back again.
>
> Does anyone know what it's called and where it can be found?

I like the one at  
which also gives Cisco wildcard masks as well as all the other useful 
things.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] upgrade adivce

[Barry Brimer]

> I have a new client that is running a fedora 4 system.  Can i upgrade
> that box to centos 5 with a reasonable expectation of success or should
> i just back it up and do it from scratch?  Also will the samba version
> in centos 5 natively support windows 7 clients?

I would strongly suggest backing it up and building a fresh CentOS 5.  Red 
Hat doesn't encourage you to upgrade from RHEL 4 to RHEL 5, I certainly 
wouldn't try it from Fedora 4.  I do not have any Windows 7 systems 
connecting to my Samba servers, so I can not help you with that.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] need to free space on a root partition.

[Barry Brimer]

On Fri, 1 Jan 2010, Yan Yu wrote:

> Hello, there,   Happy new year everyone!
>I am puzzled here. Could some expert help me shed some light on
> this?
> this may not be a centos specific Q..
> i have a linux machine. and the root partition (/) is full..
> so I moved a dir from /data to /var (/var is on a different
> partition), and created a link from /data/fa to /var/xyz, the files
> under /var/xyz is about 8G,
> du  /var/fa
> 8701248 /var/fa
>
> so I thought this should free some space for me, but when I used df,
> it gave me similar results before and after the move..   and my rpm
> installation would fail due to the lack of space..
>
> Filesystem   1K-blocks  Used Available Use% Mounted on
> /dev/cciss/c0d0p6 15235040  15232452 0 100% /
> /dev/cciss/c0d0p8other partitions have free space
>
> I was confused on why moving a 8G file to another partition did not
> free some space for me?
> and I did see that the disk usage for the destination partition/disk
> increases after the move..
>
> any pointer is appreciated!

If you do an "lsof" and look for anything that says "deleted" that is 
something that has been deleted from disk but is still open somewhere and 
the disk space can not be reclaimed until the process that has the file 
open lets go of the file.  You also may have hard links to files in other 
directories that will not allow the disk space to be freed as well.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with IPTABLES recent module.

[Barry Brimer]

Quoting "James B. Byrne" :

> I went to reload (iptables-restore) my iptables configuration and
> obtained an error at the COMMIT statement.  No further details were
> provided even when I ran restore with the -v option.
>
> I determined that none of my backed up configuration files going
> back to October will load either.  This is more than passing strange
> because I altered and uploaded the iptables configuration on this
> host several times in December alone.  These alterations certainly
> applied without error at the time.
>
> Through painful trial and error (it is a fairly large configuration)
> I discovered that I cannot add any rule using the __recent__ module.
>  Adding a single rule referencing that module inevitably results in
> a load error reported at the following COMMIT statement.  An example
> of an actual rule that fails follows:
>
> .  .  .
> :BRUTE_FORCE - [0:0]
> .  .  .
> -A BRUTE_FORCE -p tcp -m tcp -m state -m recent --set -i eth0
> --dport 22 --state NEW
> -A BRUTE_FORCE -m comment -j RETURN --comment "Return to calling chain"
> COMMIT
>
> Perhaps I am missing something obvious but as far as I can determine
> the rule using the recent module should simply add all traffic
> coming in over i/f eth0 consigned to port 22 on any ip-addr to the
> DEFAULT list.  I do not expect it to give an error.  If I remove
> this statement then the iptables file loads without error.
>
> An interesting thing happens if I simply add a trailing -j to the
> end of recent module rule above.  It fails with this specific error:
>
> -c packet counter not numeric
>
> Does anyone see what I am doing wrong?

I don't think you need the -m state ..

>From the iptables man page ...

  # iptables -A FORWARD -m recent --name badguy --rcheck --seconds
  60 -j DROP

  # iptables -A FORWARD -p tcp  -i  eth0  --dport  139  -m  recent
  --name badguy --set -j DROP

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Get Me Outta Here! Web site security issue

[Barry Brimer]

> How do I stop this from happing? Do I need to buy an SSL cert? Aren't 
> these really expensive per server and I have 5 servers I would need to 
> do this too.

Yes.  You need one SSL certificate per site.  Although I've never bought 
an SSL certificate, I have looked at www.rapidsslonline.com .. their rapid 
ssl is I think $18/year and less if you buy for multiple years.  If all of 
your websites are under the same domain, you could buy a wildcard cert as 
well.

HTH,
Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IO Schedulers

[Barry Brimer]

> I'm on a quest to do some serious tuning to some of my production systems. 
> All are on CentOS 5.x ranging from 5.0 to 5.4. I've been reading up on the 
> various IO schedulers available in the kernel and I'm hoping some of you can 
> lend some insightful suggestions. I typically have three classes of system in 
> production:

> I welcome your suggestions and experiences. :-)

First and foremost, I think that the only correct answer to how to tune 
your system is "it depends".  There are lots of factors at play, although 
disk access is one of the largest, if not the largest factor that can be 
tuned.  There is no silver bullet answer here.  You need to make one 
change at a time, measure your system performance and compare.  Beginning 
with RHEL 5, you can select a different elevator algorithm for each block 
device .. which may be useful to you.  If possible, I highly recommend the 
RH442 - Red Hat Enterprise System Monitoring and Performance Tuning class 
offered by Red Hat.  It is very in depth and does a good job of covering 
material which by many respects is seen as "black magic".

HTH,
Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Backup server

[Barry Brimer]

> On Wed, Jan 13, 2010 at 5:04 AM, Sorin Srbu  wrote:
> 
>> The way we currently do backups is to use rsync from the clients to two
>> folders on an older server that rolls over every other week. This worked fine
>> for a while, but the rsync is cumulative and the users generate a tremendous
>> amount of data...

I use rsnapshot .. which manages sets of rsync backups using hardlinks. 
IT may be similar to what you are using already ..
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] routing multiple network cards on a single subnet

[Barry Brimer]

Incidentally, it is my current understanding that anything that I do
with an "ip route" command will go away on a reboot, therefore if I
somehow screw up the routing on this box completely all I have to do is
reboot it and I'll be back to what I had before.  Which is not a bad
thing at the moment.  Once I have this nailed down should I put the "ip
route" commands into /etc/rc.local?  Or is there a better place?


Use /etc/sysconfig/network/route- file(s).___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] redirecting outside connections to https on apache

[Barry Brimer]

Quoting ankush grover <[EMAIL PROTECTED]>:

> Hi friends,
>
> There are about 15 applications hosted on different in our
> infrastructure mostly running on apache/iis/tomcat. We have a frontend
> apache server running on Centos 4.4 64bit which make these
> applications accessible to outside world.
>
> For the applications which are running on tomcat we are running
> jkmount to make these applications available without mentioning tomcat
> ports. For apache/iis applications we are using ProxyPass. The issue
> we are facing is that we are not able to make these applications
> accessible through https automatically means if the user is not from
> within the LAN then the http link should automatically redirected to
> https. We already have GoDaddy stamped ssl certificate on this apache
> frontend server but we are struggling for rules for outside world.
>
> What is the best way to make these applications accessible to outside
> world through https connections only that is if somebody use
> http://xx.xx.com/xx to use the application it should be redirected to
> https we don't have the requirement for https connections from within
> the LAN but definitely for outside connections.
>
> JkMount /team/* team
> JkMount /team team
>
> Then we have rules for this in the workers.properties file
>
>
> ProxyPass /public http://my.testing.com/public
> ProxyPassReverse /public https://my.testing.com/public

You can force to ssl by using something like this with mod_rewrite

RewriteRule ^(.*)$ https://www.domain.com/$1 [R,L]

Details on how to select your condition for this statement is available at:

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] AWStats included with Centos 5.1 distro?

[Barry Brimer]

Quoting Pam Astor <[EMAIL PROTECTED]>:

>
> Hi,
>
> Is AWStats included in the Centos 5.1 Distro?

No, but you can get it from rpmforge.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] AWStats included with Centos 5.1 distro?

[Barry Brimer]

Quoting Pam Astor <[EMAIL PROTECTED]>:

>
> Got it.
>
> How is the code security wise?  Should I stay away from web based log
> analyzers al together for a server hosting e-commerce?

If you have any concerns about running awstats on your e-commerce server, you
can choose to generate static html reports which can be run by a limited
privelege user or transfer the logs to a different server to run stats.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHCE Training

[Barry Brimer]

Quoting "Joseph L. Casale" <[EMAIL PROTECTED]>:

> I am possibly going to be sent for my RHCE training.
> Looking at
>
https://www.redhat.com/courses/rh300_rhce_rapid_track_course_and_rhce_exam/details/
> I am thinking the concepts do not look difficult at all, having a manual and
> instructor makes this look fairly easy actually.
>
> The only thing that looks important to take outside of this would be rh253 if
> I wasn't interested in taking the elementary courses.

RH253 is a detail course, and will dig deeper into the topics at hand.  RH300 is
just as it states is a rapid track course .. which does not have as much detail
in it.  If you have a decent amount of real world experience with the RH300
topics, I see no need to take RH253.

> Anyone done the VT courses? To fit within the budget and get what I think I
> need, I might take the rh253vt before the rh300.

I have not taken any VT courses.

> Any thoughts or pointers from guys here who have done all this?

Know the material well.  Time management is important.

HTH,

Barry (RHCE, RHCDS, RHCA)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ClamAV version(s)

[Barry Brimer]

Quoting Sam Drinkard <[EMAIL PROTECTED]>:

> I had clamav-milter working as well as clamd, then for some reason clamd
> stopped and would not create the socket.  After much hair pulling, I
> finally tracked the problem(s) down to /etc/clamd.conf.  After
> commenting all the stuff out that was providing errors, it is now
> working again.  I had somehow mixed versions from sourceforge and
> centos, and when I could not get things to update correctly, I removed
> clamav-milter and reinstalled it.  My question is about clamd. " clamd
> --version yields ClamAV 0.88.7/2314/Sun Dec 10 15:02:13 2006 "
>
> Is this the most current version available from centos?  In the logs,
> there is a note about it being drastically outdated and pointed me to an
> FAQ file on clamd.  I don't want to go through that hassle of mixing
> repos and get all fouled up again.

The version you have is very outdated.  rpmforge has updated packages that work
well.  I highly recommend them.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ClamAV version(s)

[Barry Brimer]

There's no such thing as a hands-off ClamAV upgrade. :-/


Why not? If you use all the current versions there is. yum remove what
you have or rpm -e what you have and Reinstall! Sort of hands off.


It *COULD* be a hands-off upgrade as long there are no upgrade notes 
listed at  for the new 
version.  If there are notes about the version you are upgrading to, you 
can plan on clamd not starting after the upgrade until you modify your 
clamd.conf to account for the changes in the upgrade notes.


Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] f/oss routing solution?

[Barry Brimer]

On Tue, 29 Apr 2008, John Bowden wrote:


On Sunday 27 April 2008 18:23:18 Rogelio wrote:

I'm looking for an open source router solution, and someone from the list
recently recommended zebra (www.zebra.org). I haven't yet identified all my
needs, but I'm guessing that it will do all my routing needs for a, say,
class C set of IP addresses, particularly if I ever have to do anything
BGP-related.

Anyone have any pointers before I delve in?  Or possibly a recommendation
for another open source routing solution?  Yeah, I know about Cisco stuff,
but I'm hoping to limp along on a shoestring budget until I get a few more
things in place, then I'll rethink everything.


CentOS / Red Hat distribute quagga which is a fork of zebra.  Same 
interface, which in itself is almost 100% cisco syntax.  You could also 
check out Vyatta .. they make open source routers .. not sure what their 
pricing/features are though.


Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] read only root file system

[Barry Brimer]

I am looking at having a read only box, it will not use a swap partition.
Any recommendations?


Why bother with a hard drive at all?  Customize a Live CD/DVD and remove 
the hard drive alltogether.


Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] serial port in linux

[Barry Brimer]

   i have centos 4.2. I have install a PCI card having serial port.
when the os is booted it detects the new hardware ( serial port) .a device is 
also created /dev/ttyS0. the port works very goog on the same pc in windows XP. 
but when i connect any serial device to that port in linux it does not work.

in /proc/ioports

there is entry for that port as

-001f : dma1
0020-003f : pic1
0040-005f : timer
0060-006f : keyboard
0070-007f : rtc
0080-008f : dma page reg
00a0-00bf : pic2
00c0-00df : dma2
00f0-00ff : fpu
0170-0177 : ide1
01f0-01f7 : ide0
0376-0376 : ide1
03c0-03df : vga+
03f6-03f6 : ide0
03f8-03ff : serial(auto)   > displayed here
0cf8-0cff : PCI conf1
c000-cfff : PCI Bus #01
 c800-c8ff : Realtek Semiconductor Co., Ltd. RTL-8139
   c800-c8ff : 8139too
d800-d81f : PCI device 8086:24d3 (Intel Corp.)
dc00-dc1f : PCI device 8086:24d2 (Intel Corp.)
 dc00-dc1f : usb-uhci
e000-e01f : PCI device 8086:24d4 (Intel Corp.)
 e000-e01f : usb-uhci
e400-e41f : PCI device 8086:24d7 (Intel Corp.)
 e400-e41f : usb-uhci
e800-e81f : PCI device 8086:24de (Intel Corp.)
 e800-e81f : usb-uhci
ec00-ec07 : PCI device 8086:2572 (Intel Corp.)
ffa0-ffaf : PCI device 8086:24db (Intel Corp.)


please help me out is there any extra configuration to be done.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS as VPN Gateway?

[Barry Brimer]

Hello,

I am currently setting up my new router, and I opted for using CentOS..
Now, I need OpenVPN support, and I'd rather not install it from source.

I tried yum, but there doesn't appear to be any packages for it available..

Any tips?


rpmforge has openvpn packages for Red Hat/CentOS/Fedora:


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] where is centos live cd?

[Barry Brimer]

Quoting David Hláèik <[EMAIL PROTECTED]>:

> As far as i am searching over internet, i am finding only dead links for
> CentOS Live CD project (http://wiki.centos.org/Projects) .
> Where can i find and download it please?
>
> thanks !
>
> D.

http://mirror.anl.gov/pub/centos/5.1/isos/i386/CentOS-5.1-i386-LiveCD.iso
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] kernel-2.6.9-67.0.15.plus.c4.i586.rpm

[Barry Brimer]

Are there plans to release kernel-2.6.9-67.0.15.plus.c4.i586.rpm ??

Thanks,
Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kernel-2.6.9-67.0.15.plus.c4.i586.rpm

[Barry Brimer]

Released ... there was a problem with one of the patches upstream added to 
the kernel and this failed on the i586 build the first time.  I did get a 
good build the second time after I fixed that patch.


Thanks so much.  Your efforts are greatly appreciated.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] problem of building stardict

[Barry Brimer]

On Sun, 18 May 2008, cjzjm100 wrote:


If i install the software from source code,how can i uninstall it?


If you are building from source code and want the ability to uninstall it, 
I recommend using checkinstall 
.  There is a slightly 
out of date version in rpmforge, but you should be able to use the spec 
as a starting point if needed.


Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] resizing partition

[Barry Brimer]

I'm going to have to resize a partition (shrink it) to make room for
more swap space.  This is actually not too big of a deal, since we're
not talking about a "system" partition (/, /var, /usr, etc), but one
where an application resides.  So I won't even have to go to "rescue"
mode to do this.  I can umount this thing live. (and since I'm working
on it remotely, that's important).

But this system was not configured with LVM.  So it occurs to me, that
in dealing with a non-LVM partition(s), if the swap space I want to
enlarge isn't next to the partition I shrink, my options would be to:

1.  Manually "move" the other partitions, probably very risky

2.  Simply make a second swap space that's next to the partition I
shrink.

Have I got the right idea?
  === Al


You could also create a swap file and put it in the partition you would be 
shrinking and use that instead of repartitioning.


Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] /etc/sysctl.conf edit not permanent

[Barry Brimer]

Hi,
I added the following to /etc/sysctl.conf:
net.ipv4.ip_forward = 1
sysctl -p does not show any errors.

So after a #service network restart, I see this:
Shutting down interface eth0:  [  OK  ]
Shutting down loopback interface:  [  OK  ]
Disabling IPv4 packet forwarding:  net.ipv4.ip_forward = 0
[  OK  ]
Bringing up loopback interface:  [  OK  ]
Bringing up interface eth0:  [  OK  ]
Bringing up interface eth1:
Determining IP information for eth1... done.

But a sysctl -p shows the right info after? Is this behavior normal?


I have seen the same thing.  I think what is happening is that when you 
restart networking, it disables packet forwarding.  When you start it, it 
will re-enable.  After you start the network type:

"/sbin/sysctl net.ipv4.ip_forward"

I expect that you will see "net.ipv4.ip_forward = 1"

Please confirm.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Config for NFSv4 an Kerberos on CentOS 5.1

[Barry Brimer]

Quoting Sebastian Marten <[EMAIL PROTECTED]>:

> Hi list,
> Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
> I set up Kerberos and NFS but get several erros
>
> "Warning: rpc.gssd appears not to be running.
> mount.nfs4: Permission denied"
>
> Is this an CentOS oder an config problem?

Yes.

Are you running all of the gss services?
Is portmap running?
Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs?
Was your kerberos principal created with:
"addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com"
Was your keytab entry created with:
"ktadd -e des-cbc-md5:normal nfs/server.domain.com"
Do you have gss/krb5p just before the nfs options in parentheses?

Hope this helps.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RE-export nfs mounted share

[Barry Brimer]

Quoting whoami i <[EMAIL PROTECTED]>:

> Hi
>
> Is there any way to re-export an nfs mounted directory?  I am having three
> servers runnning on centos4.5 and i am trying to implement  nfs share in an
> below manner [bcoz there is no alternative way for me to setup nfs share]


Did you add the options crossmnt,fsid=0 to the top level nfs export?  The fsid=0
might not be needed, but I'm pretty sure the crossmnt is needed.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Config for NFSv4 an Kerberos on CentOS 5.1

[Barry Brimer]

Barry Brimer schrieb:

Quoting Sebastian Marten <[EMAIL PROTECTED]>:


Hi list,
Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
I set up Kerberos and NFS but get several erros

"Warning: rpc.gssd appears not to be running.
mount.nfs4: Permission denied"

Is this an CentOS oder an config problem?


Yes.

Are you running all of the gss services?
Is portmap running?
Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs?
Was your kerberos principal created with:
"addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com"
Was your keytab entry created with:
"ktadd -e des-cbc-md5:normal nfs/server.domain.com"
Do you have gss/krb5p just before the nfs options in parentheses?



I've done all this + add princs for the host. (tested with ds and 
ds.example.lan)


Do other kerberized services work on this host?
Does NFS work in non-kerberized mode?

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.1 + Open source CRM

[Barry Brimer]

Quoting Test <[EMAIL PROTECTED]>:

>
> On Tue, 3 Jun 2008 14:53:21 -0300
> "Masters IT Gmail" <[EMAIL PROTECTED]> wrote:
>
> mastersit.com> I hope someone has implemented Centos plus some open source
> crm, what do you
> mastersit.com> recommend ? I already googled a lot, find a lot of open source
> related
> mastersit.com> things but I need to hear from someone who uses it or
> implemented in the
> mastersit.com> past to try something like that, I don't have to much
> experience in nix
> mastersit.com> world but I can try it.
> mastersit.com>
> mastersit.com> Thanks in advance for all who want to contribute in this
> matter.
> mastersit.com>
> mastersit.com> Cheers
> mastersit.com>
> mastersit.com> Jorge from Uruguay
> mastersit.com>
> mastersit.com> ___
> mastersit.com> CentOS mailing list
> mastersit.com> CentOS@centos.org
> mastersit.com> http://lists.centos.org/mailman/listinfo/centos
>
>
> I have installed sugar crm, and it looks promising...
>
> http://www.sugarcrm.com

I have had a customer with a CentOS 4 and Sugar CRM 4.0 which has been upgraded
to a 4.5.X that has been running very well on minimal hardware for almost 2
years.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] control outgoing IP address?

[Barry Brimer]

I'd like to consolidate some services that have been assigned by IP (dns, 
syslog etc.) onto one machine by giving it IP aliases to accept connections 
for the old addresses until all the references are fixed. However, I'd like 
to have it use it's original IP as the source for outbound connections. 
Where do you control that?


There may be settings in each application that control that, but in case 
there are not .. you should be able to do something like :


iptables -t nat -A POSTROUTING -p tcp --sport 334 -j SNAT --to 2.3.4.5

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] control outgoing IP address?

[Barry Brimer]

On Wed, 18 Jun 2008, Les Mikesell wrote:


Barry Brimer wrote:
I'd like to consolidate some services that have been assigned by IP (dns, 
syslog etc.) onto one machine by giving it IP aliases to accept 
connections for the old addresses until all the references are fixed. 
However, I'd like to have it use it's original IP as the source for 
outbound connections. Where do you control that?


There may be settings in each application that control that, but in case 
there are not .. you should be able to do something like :


iptables -t nat -A POSTROUTING -p tcp --sport 334 -j SNAT --to 2.3.4.5



Is there no way to control the default source address?


In some applications you can .. but it is application dependent.  what 
applications are you looking to do this with?


Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] is it possible to login to a switch via RS232 / serial port from the shell?

[Barry Brimer]

I have a problem switch in our data centre, which is connected to a
linux server via a serial cable. I know I can / could access the switch
from my Windows PC back at the office, using hyperterm, but trying to
access it using minicom just doesn't seem to work.


I have not been following this thread, but has minicom been suggested?

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] why yum cannot find lighttpd?

[Barry Brimer]

I tried to install lighttpd in CentOS 5.2, but yum list lighttpd
returned an error of "no matching packages to list". Should it be
installed from source tarball?


lighttpd is not in the CentOS repositories.  It is however a part of the 
rpmforge repositories.  Add the rpmforge repository and then you will find 
it.


Barry

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wanted: minimal install ks.cfg

[Barry Brimer]

I'm in need of a minimal ks.cfg file for the smallest possible install
with yum.  I've got the scripting for yum to install the apps I need, I
just want to insure all the cruft is not on the system as well.  Using
the s-c-ks app, the smallest I have gotten is 600MB.  This is for a
server appliance vm that I need to deploy quickly and dynamically.


http://wiki.centos.org/TipsAndTricks/KickStart
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding iptables

[Barry Brimer]

Quoting MHR <[EMAIL PROTECTED]>:

> In following up on the rsh "problem" I was having earlier, I decided
> to try out the suggestion Felipe sent about using
> system-config-securitylevel-tui to open up ports 513 and 514, but that
> doesn't seem to do the job, either.

I could be remembering this wrong, but I believe these are udp, not tcp.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 4.4 Linux Booting problem

[Barry Brimer]

I'm running linux CentOS 4.4. Everything was working fine, then one day I 
tried to log in, and my computer "hung"


.

I would boot off the install disc .. go into rescue mode .. and do an "rpm 
-V initscripts" and if necessary .. reinstall the initscripts rpm .. you 
could also do an "rpm -Va" to verify all rpms on your system.


Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] POOR: results using 'dig +short porttest.dns-oarc.net TXT'

[Barry Brimer]

Quoting Johnny Hughes <[EMAIL PROTECTED]>:

> Larry Vaden wrote:
> > What are the likely cockpit errors involved when getting POOR results
> > when running this test on an updated CentOS 5.2?
> >
> > Kind regards/ldv
> >
> > [EMAIL PROTECTED] ~]# dig +short porttest.dns-oarc.net TXT
> > z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
> > "a.b.c.d is POOR: 26 queries in 1.3 seconds from 1 ports with std dev 0.00"
>
> if this is a centos machine (your dns server) ... you may have a line
> like this in the config named.conf file:
>
>   query-source address * port 53;

Or you may be forwarding to an unpatched DNS server, or you may be behind a NAT
devices that remaps the source ports on outgoing requests.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hot upgrade from 5.2 Centos to 5.7 Centos

[Barry Brimer]

Hello Group,

I am installed some application running on top of Centos 5.2 OS and these
applications are running fine.  However, we are thinking of upgrading our
5.2 Centos to 5.7 (hot upgrade).  That is we want to upgrade from 5.2 Centos
to 5.7 Centos and not disturb the applications.

Is it possible?  Could someone please help.


It is rare for a 'yum update' to disturb already working applications.
It is possible of course, but the point of 'enterprise' distributions
is that a lot of care is taken to not break things (i.e. make changes
that aren't backwards compatible) within a major release version.

Not sure if it is necessary but there were some quirks in the updates
along the way that might make it a good idea to:

yum update glibc\* rpm\* yum\* python\*
before doing a full 'yum update'.


I might suggest a yum clean all before the above command.  I've seen a 5.0 
yum update to a 5.6 without issue, but there was very little on the 
server.___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] School cloud solution

[Barry Brimer]

> I manage a student file server and i would like to add cloud access to 
> it.  Basically i would like our students to have access to the same 
> files at home that they have at school.  This would allow them to start 
> an asignment at home, finish it at school, and print it off without 
> having to worry about losing their usb drive.  I want it housed on our 
> servers for backups and ease of access for our teachers when necessary.

Have you looked at Gollem?  http://www.horde.org/apps/gollem

WebDAV / DAV could work too.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] School cloud solution

[Barry Brimer]

Vreme: 11/06/2011 01:56 AM, Barry Brimer piše:

Have you looked at Gollem?  http://www.horde.org/apps/gollem


Where are clients for Windows/Linux/Mac?

It should be transparent to Document Applications.., like virtual file
system..


My mistake, I didn't recall the drive transparency requrement.  He asked 
for something web based like squirrelmail.  Does squirrelmail provide a 
virtual file system?


Barry___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] not using LVM for Linux VM guests?

[Barry Brimer]

On Thu, 17 Nov 2011, Smithies, Russell wrote:

> I came across an old post comment yesterday (from 
> http://echenh.blogspot.com/2010/04/how-to-extend-lvm-on-vmware-guest-os.html 
> ) discussing the "hack" of LVM on Linux VM guests and whether it's better not 
> to use it to simplify disk management.
> I've re-posted the comment below, does it sound reasonable? Is it better to 
> not use LVM on Linux VM guests?
>
> --Russell
>
>
> ---
> At my job, after doing the same kind of procedure graph, we began to ask 
> ourselves, why are using a LVM on a Linux VM guests?
>
> Since we're no longer living in the physical OS world, we didn't need to use 
> the OS hacks(LVM) to overcome physical disk limitations anymore.
> We decided to Just let the hypervisor and virtual storage do that work for us.
>
> For example, in our production setup (3 tier commerce with VMs for database , 
> webserver, and appserver), we're see a great improvement in managability and 
> performance (>10%) by just dropping LVM, and most partitions.
>
> In your example, the resize process is 7 functional steps:
> 1. Increase size of VMDK
> 2. In VM OS, Create Partition (??)
> 3. REBOOT (!!)
> 4. PVCreate
> 5. VGExtend
> 6. LVExtend
> 7. Resize2fs
>
> Going to a LVM/partition-less setup reduces expansion to 3 steps and we don't 
> need to take the VM OS offline!
> 1. Increase size of VMDK
> 2- Inside the VM, OS, rescan the scsi drive with:'echo 1 
> >/sys/class/scsi_device//rescan; dmesg' (dmesg will check that you drive 
> isize has grown)
> 3- Resize2fs.
>
> Our current disk arrangement has 3 VM HD devices
> 0 - small device (100M) with a single BOOT partition
> 1 - entire device is /
> 2 - entire device is SWAP
>
> Doing this has simplified resizing so much, I now let the junior admins and 
> my manager expand drive space as needed.
>
> It's also let's us really be spartan on space since expansion is so quick. 
> Instead of increasing systems in 30-50GB chunks, we can do 10-15GB and let 
> our rmonitoring system warn us when space gets tight.
> -

One reason I choose to have separate filesystems which do use LVM instead 
of VMware disks is that I can use different mount options.  For example my 
/tmp filesystems usually get noexec,nodev,nosuid .. with one 
root filesystem that contains everything, you can't use mount options as 
effectively.  I also bind mount /var/tmp to /tmp for the same reason.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] not using LVM for Linux VM guests?

[Barry Brimer]

Quoting "Smithies, Russell" :

> Perhaps I'm doing it wrong then.
>
> 1). In Vmware, extend the existing disk by changing the provisioned size in
> the vSphere client.
> 2). In Centos, create an additional partition with fdisk,
> 3). Somehow reread the partition table without rebooting??
> 4). pvcreate
> 5). vgextend
> 6). lvextend
> 7). resize2fs
>
> What I find is that without a reboot, the OS doesn't see the partition so
> can't pvcreate etc.
>
> --Russell
>
>
> > -Original Message-
> > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> > Behalf Of Reindl Harald
> > Sent: Friday, 18 November 2011 10:48 a.m.
> > To: centos@centos.org
> > Subject: Re: [CentOS] not using LVM for Linux VM guests?
> >
> >
> >
> > Am 17.11.2011 22:36, schrieb Smithies, Russell:
> > > Tried that, as well as rescanning the scsi bus, Everything I've tried
> > > returns a warning about kernel unable to reread partition table and
> > > requiring a reboot to see any modifications.
> >
> > gparted does tell you this since years after modify but i have never in my
> life
> > rebooted a linux system because partition changes

Step 3 .. run partprobe.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] not using LVM for Linux VM guests?

[Barry Brimer]

> I've tried that, it returns a warning about kernel unable to reread partition 
> table and requiring a reboot to see any modifications.
> Then the next call to pvcreate fails as it can't find the partition.
>
> --Russell
>
>> -Original Message-
>> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
>> Behalf Of Barry Brimer
>> Sent: Friday, 18 November 2011 11:13 a.m.
>> To: CentOS mailing list
>> Subject: Re: [CentOS] not using LVM for Linux VM guests?
>>
>> Quoting "Smithies, Russell" :
>>
>>> Perhaps I'm doing it wrong then.
>>>
>>> 1). In Vmware, extend the existing disk by changing the provisioned
>>> size in the vSphere client.
>>> 2). In Centos, create an additional partition with fdisk, 3). Somehow
>>> reread the partition table without rebooting??
>>> 4). pvcreate
>>> 5). vgextend
>>> 6). lvextend
>>> 7). resize2fs
>>>
>>> What I find is that without a reboot, the OS doesn't see the partition
>>> so can't pvcreate etc.
>>>
>>> --Russell

I don't believe partprobe works when you change the partitiontable of the 
disk that the root filesystem is on.  I could be remembering it wrong.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DHCP_HOSTNAME in ifcfg-eth0

[Barry Brimer]

> Is there a way for the dhcp client to send the current host name of the
> machine when requesting a lease ?
>
> Currently I have to include a line like
>   DHCP_HOSTNAME=appserver2
> in my /etc/sysconfig/network-scripts/ifcfg-eth0, but I would like to
> tell the dhcp client to just 'also send the hostname' and then the
> client to get the current hostname itself, instead of having the name
> hard-coded in the ifcfg-eth0 file.

For some reason I think you need to have "HOSTNAME=" in your 
/etc/sysconfig/network file .. meaning make the variable blank.  There is 
also a dhclient option you can create in /etc/dhcp/dhclient-.conf 
something like send fqdn.fqdn  but usually you don't need that 
if your use DHCP_HOSTNAME correctly ...

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Backup Redux

[Barry Brimer]

>> Anyone have any experience with this, which just came to my attention
>>
>> http://www.arkeia.com/en/solutions/open-source-solutions

I have used Arkeia for a few customers .. it works well.  Do you have any 
specific questions about it?

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.x - find interface with link up

[Barry Brimer]

 which have link up.   In 6.x it wants an interface as a parameter.
 What is the appropriate way to find which of some number of of
 interfaces are connected?   Better yet, what is the least typing
 to
 get the mac addresses of those interfaces?
> Dumb question: in /etc/sysconfig/network-scripts, do the ifcfg-* have
> HWADDRs?

biosdevname is in RHEL 6.1 and thus is in CentOS 6.1 but is only enabled 
by default for certain pieces of Dell hardware that could gain the most 
benefit from it.  If you are running 6.1 and want to force biosdevname to 
be used, you can pass biosdevname=1 on the kernel line in the grub config, 
but don't plan on switching between the two.  For those with paid RHN 
access, this is explained further in 
https://access.redhat.com/kb/docs/DOC-53612

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disable autoneg on r8169?

[Barry Brimer]

> 1. The switch being used has autoneg off and has port set to 100 full duplex.
> 2. Many times NIC fails to come up properly during PXE boot:
>
> Any other ideas?
udev rules?
mii-tool?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for lxc rpm for centos 6.2 x86_64

[Barry Brimer]

> On 02/06/2012 11:48 AM, Mihamina Rakotomandimby wrote:
>> Hi all
>>
>> Just on a fresh CentOS 6.2 minimal install, it doesnt find lxc:
>>[mihamina@dev-spare ~]$ sudo yum install lxc
> I have a lxc stack that works for me, but till such time as I can test
> it a bit more am hesitant to make it public. If you are happy to help
> test the packages, do get in touch.
>
> Rumour is still strong that RH will drop in a lxc in-distro soon ( but
> then the same was being said pre6.1 and then again pre 6.2 )

According to the RHEL 6.2 Technical Notes at 


Linux (NameSpace) Container [LXC]
 Linux containers provide a flexible approach to application runtime 
containment on bare-metal systems without the need to fully virtualize the 
workload. Red Hat Enterprise Linux 6.2 provides application level 
containers to separate and control the application resource usage policies 
via cgroup and namespaces. This release introduces basic management of 
container life-cycle by allowing creation, editing and deletion of 
containers via the libvirt API and the virt-manager GUI. Linux Containers 
are a Technology Preview.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Program to ban sniffers

[Barry Brimer]

> I doubt there is a program like this, but I would love to have a program
> that listens at common ports that I do not use at all...and only allow that
> program to listen to it, especially the usual ssh port (using a different
> one for real ssh)...
>
> That program would then, upon receiving a 'sniff' or 'user' would then add
> that ip to the deny hosts lists..for either a long or short time.

Many years ago I used portsentry for this.  You can find an article about 
portsentry at 

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 2TB partition limitation on X86_64 version??

[Barry Brimer]

> Does there has other tool can partition disk size large than 2TB?  (I 
> don't like use LVM)

Use parted with gpt disk labels.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Linux WYSIWYG HTML Editors

[Barry Brimer]

> I have KomPozer installed, but after using M$ FrontPage for years,
> KomPozer looks like it is going to have a learning curve and I want to
> get away from FrontPage and Windows.  I know Mark (MHR) uses
> SeaMonkey. Wondering if there is anything else I can use on Linux that
> is easier on a FrontPage user. I found this article:
>  when I
> googled. Recommendations?  TIA!

bluefish 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] server is always getting hacked

[Barry Brimer]

>> I don't know if you can disable su -
>
> Sure: usermod -L root.  Before you do that, you need to have a user in
> /etc/sudoers that has root equivalence.  Ubuntu does this by default.

I believe putting 'root' into /etc/pam.d/su will make it so that no one 
can su to root.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Permission problem

[Barry Brimer]

> 1) Members of the "administrators" group have unlimited read/write
> access to /home/pub and below.
>
> 2) Members of the "agents" group have read-only access to /home/pub and
> below.
>
> 3) All the others (that is, members of neither "administrators" and
> "agents") have no access at all to /home/pub, not even for listing the
> directory content.
>
> The thing is: I can't seem to formulate my problem in terms of
> user/group/others, as there are no owners, but two distinct groups
> involved.
>
> Any idea how to crack that nut?

Have you looked at using ACLs?  Just make sure that any backup software 
you use can handle them.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to mount a remote directory on linux

[Barry Brimer]

> Hello,
>
> i'd like to mount a remote directory that exists on a CENTOS 5 machine to a
> similar but local machine.
>
> i've made a local cron job that executes a script on the data provided in
> that folder hence the request above.
>
> if any help could be provided i'd appreciate it..
>
> ps: sshfs seems unsupported on centos using yum installation..

You want to determine what sharing method you would like to use (nfs,cifs) 
etc and then probably use autofs to automatically mount the remote 
filesystem when your local script gets called, and then the automounter 
will unmount XX # of seconds later .. which I belive is set in 
/etc/sysconfig/autofs ..

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to calculate how many semaphores already use on server?

[Barry Brimer]

> we have following setup on sysctl.conf:
>  kernel.sem = 256 32000 128 142
>
> I tried to startup database and have error happen.  I knew problem come from 
> SEMMNS (32000) is not enough.  Does anyone know how to calculate how many 
> semaphores already use on system?

Have you tried "ipcs -u" ?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] traceenable for httpd

[Barry Brimer]

> On centos 5.3 x86_64 I can add "traceenable off" to httpd.conf and that
> works well.
> however this doesnt seem to work for centos 4.7 i686.
> Is there a similiar named option on 4.7?
>
> Jerry

TraceEnable off is in apache 2.2 which is included in CentOS 5, and it may 
be in later versions of apache 2.0 but it is not available in the version 
(2.0.52) that ships with CentOS 4.X.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Integrate shell scripts into Nautilus ?

[Barry Brimer]

Quoting Niki Kovacs :

> Hi,
>
> I'd like to integrate a handful of shell scripts into my Nautilus file
> browser, for example to be able to resize a selection of images with one
> click via ImageMagick, or convert videos easily. After a bit of
> Googling, I found out that folks seem to do this by placing scripts into
> ~/.gnome2/nautilus-scripts. Only that doesn't seem to work for me.
> Nothing appears in the browsers contextual menu.
>
> Any pointers for a start ? Anyone here using something similar ?

I have used these before, but most importantly, I read about it from a Ubuntu
writeup/tutorial on something like this I believe for rotating images.  Ubuntu,
most likely rather Debian uses a beta version of the libjpeg software suite. 
Fedora/Red Hat/CentOS does not.  The result is that the script "transformed" my
images in place to 0 length files, thus trashing my files.  If you want this to
work correctly, you need the latest beta of the libjpeg software, and most
importantly *TEST* this on a copy of your images first.  I realize that you
could be looking at an entirely different writeup/tutorial, but I wanted to
make sure you were aware of this, and did not lose any data.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Noob Question: Uninstalling Firefox rpm's

[Barry Brimer]

> I want to uninstall the default version of firefox, however there appears to
> be 2 of the same rpm's installed and its complaining..
>
> I've been in Solaris land for the last 5 years and my rpm skills aren't the
> most current; how is this achieved?
>
> [r...@canthus ~]# rpm -q -a firefox
> firefox-3.0.10-1.el5.centos
> firefox-3.0.10-1.el5.centos

rpm -e firefox --allmatches
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Running UML on CentOS?

[Barry Brimer]

> Hello,
>   I've got a CentOS 5.3 machine that i'd like to virtualize some
> services on. Currently a reinstall for virtualization isn't doable so i
> thought about user-mode-linux, UML. Has anyone run this on Centos5? If so,
> feedback prose and cons appreciated.
> Thanks.
> Dave.

I have not run UML anywhere, but I know that the folks over at linode.com 
have lots of experience with it, although I don't know if they use CentOS 
or not.  You might check with them.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ned help on downloading

[Barry Brimer]

> Pentium(R) D CPU 2.80Ghz
> 3 GB of Ram
> 250 Gb harddrive
> i not sure if i'm downloading the right one here as my mechine runs on  1386 
> scale could someone help us ouit to see if i am downloading the right one
>
> Mike
> CentOS-5.3-i386-bin-DVD.iso

Mike,

You have the correct ISO image to do a CentOS 5.3 install for the i386 
architecture.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firewall and nfs mounts

[Barry Brimer]

> Which ports need to be open on a nfs mount server?  And does the client need
> anything opening?



Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Tomcat 6 and Java 1.6

[Barry Brimer]

> I did a yum -y install tomcat5 and tomcat got installed with openjdk. But 
> somehow if I goto http://localhost:8080 I am unable to get to the tomcat 
> default site.
>
> Any insight?

Does netstat show anything listening on 8080?  Do you have a firewall that 
hasn't been adjusted to allow access to port 8080?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Configuring the firewall on CentOS

[Barry Brimer]

> Is there a CentOS equivalent to config-system-firewall in Fedora,
> allowing specified services to pass through?

I don't know if it is the same as in Fedora, but there is firewall 
configuration available in system-config-securitylevel

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Investigate the root cause of server reboot

[Barry Brimer]

> My CentOS will reboot every several days. There's nothing in
> /var/log/messages. I want to find out why it reboots automatically. Is there
> any log I can look at? Or any suggestions to monitor the server activity?

You might try setting up remote syslogging to see if you catch anything 
extra there .. besides that .. if you have any indication that it is load 
related .. you might look at hangwatch 
 to try and get information 
from sysrq if load becomes too high.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Persisting iproute2 routes and rules

[Barry Brimer]

>>> I have defined a few routes and rules with:
>>>
>>> ip route add ...
>>> ip rule add ...
>
> but how do you add
>
>ip rule ...

/etc/syscontfig/network-scripts/rule-ethX
/etc/syscontfig/network-scripts/route-ethX

Check out /etc/sysconfig/network-scripts/ifup-routes to see exactly how 
things are processed.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dhcp server

[Barry Brimer]

> I have to run a dhcp server on CentOS release 5.5 (Final).
>
> # yum list| grep -i dhcp
> dhcp.x86_64   12:3.0.5-23.el5 installed
> dhcp-devel.x86_64 12:3.0.5-23.el5 installed
> dhcpv6-client.x86_64  1.0.10-18.el5   installed
>
> after starting the dhcpd daemon, the windows Clients on the subnet
> (192.168.100.0/24) tells me, that there is no dhcp server available.
>
> # /etc/init.d/dhcpd configtest
> Syntax: OK
>
> [/var/log/messages]
> Aug  9 07:11:14 tfelx01 dhcpd: Internet Systems Consortium DHCP Server
> V3.0.5-RedHat
> Aug  9 07:11:14 tfelx01 dhcpd: Copyright 2004-2006 Internet Systems
> Consortium.
> Aug  9 07:11:14 tfelx01 dhcpd: All rights reserved.
> Aug  9 07:11:14 tfelx01 dhcpd: For info, please visit
> http://www.isc.org/sw/dhcp/
> Aug  9 07:11:14 tfelx01 dhcpd: Wrote 0 leases to leases file.
> Aug  9 07:11:14 tfelx01 dhcpd: Listening on
> LPF/eth0/00:1a:64:b6:1d:1c/192.168.100/24
> Aug  9 07:11:14 tfelx01 dhcpd: Sending on
> LPF/eth0/00:1a:64:b6:1d:1c/192.168.100/24
> Aug  9 07:11:14 tfelx01 dhcpd: Sending on   Socket/fallback/fallback-net



How about firewalling ... does your firewall allow for a DHCP server?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how many folks are *seriously* using ACLs?

[Barry Brimer]

>  i'm just curious -- how many people here are using ACLs as a regular
> and significant part of their sys admin?

I use it in web hosting .. use ACLs to grant access to the user 
running the web server only on files that need it.  Great for protecting 
write access.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: redhat training and RHES6

[Barry Brimer]

> On Tue, 24 Aug 2010 11:20:46 -0500
> Monty Shinn  wrote:
>
>> That being said, do you all have any information about how long it takes
>> for their training platform to catch up to their release?  Which is to
>> say, if RHES 6 is released on day 1, at what point will they start
>> training on RHES6?
>
> By my current expirience, you'll see RHES6 courses at the time of RHES6.2.

I don't think it takes that long for them to catch up to a new version of 
RHEL in their training curriculum .. especially their RHCE curriculum.  I 
would imagine it would take a few months, but not much more than that.  It 
might take longer before *all* of their courses are updated .. but 
definetly not 2 years.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS, Firefox, and Java Plugin

[Barry Brimer]

>   The latest updates to CentOS 5.5 seem to have broken the Java 
> plugin, and have defeated any and all attempts to get it working again. 
> I'm running CentOS 5.5 (32-bit) and Firefox 3.6.9 (installed from the 
> CentOS repository); I've tried BOTH the openJDK plugin available through 
> the Argeo repositories, and installing Java 1.6.0 directly from 
> Sun/Oracle and creating the plugin soft link in 
> /usr/lib/mozilla/plugins.  Neither works at all. This was working a 
> while ago, but it broke and I didn't notice.

Starting in Firefox 3.6.7 (I think) the (Sun) Java plugin changed names. 
Here is what it should look like ...

$ ls -la /usr/lib/mozilla/plugins/libnpjp2.so
lrwxrwxrwx 1 root root 37 Jun 24 19:32 
/usr/lib/mozilla/plugins/libnpjp2.so -> /usr/java/latest/lib/i386/libnpjp2.so

The plugin name changed .. the old one plugin is still in the jdk, but 
will silently fail in the browser.

Hope this helps.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS, Firefox, and Java Plugin

[Barry Brimer]

>> Starting in Firefox 3.6.7 (I think) the (Sun) Java plugin changed names.
>> Here is what it should look like ...
>>
>> $ ls -la /usr/lib/mozilla/plugins/libnpjp2.so
>> lrwxrwxrwx 1 root root 37 Jun 24 19:32
>> /usr/lib/mozilla/plugins/libnpjp2.so -> /usr/java/latest/lib/i386/libnpjp2.so
>>
>> The plugin name changed .. the old one plugin is still in the jdk, but
>> will silently fail in the browser.
>>
> 
> Funny I ahve: amd64 java "Sun" FF 64bit
> libnpjp2.so -> /usr/java/jre1.6.0_21/lib/amd64/libnpjp2.so
>
> and it does not work period.  Sun says 64bit plugin works?  All my 32
> bit workstations are fine.

I only have 32-bit, which is what my example is from.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS, Firefox, and Java Plugin

[Barry Brimer]

Quoting Mathieu Baudier :

> > Apparently I don't have the java plugin browser installed.  I've tried
> > to install it using the rpm.bin file at
> > ,
> > but it's erroring out: "/bin/sh: bad interpreter: Text file busy".

Have you tried using dos2unix against the downloaded file?



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] system "stuck" with 2.6.18-128 kernel. how to move to 2.6.18-194.17?

[Barry Brimer]

> /etc/grub.conf points at 2.6.18-194.17, but when I reboot, 2.6.18-128 
> comes up.

I am suspecting that you are looking at /etc/grub.conf which is supposed 
to be a symlink to /boot/grub/grub.conf and somehow this is no longer a 
symlink, but rather a file of its own, which is not being read.

This is how this should look. (adjusted for screen wrap in a mail program)

# ls -la /etc/grub.conf
lrwxrwxrwx 1 root root 22 Sep 27  2008 /etc/grub.conf -> 
../boot/grub/grub.conf

What are the contents of your /boot/grub/grub.conf?  That is the actual 
file.  What is the default set to there?

Barry

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Routing local generted packets with fwmark

[Barry Brimer]

>>  I need to route local generated packages depending on which tcp or udp
>> service I need to use. To accomplish this I have configured two routing
>> tables:

I would use the OUTPUT chain of the nat table.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Running a DNS signed zone on Centos 5.5

[Barry Brimer]

Quoting R P Herrold :

> On Tue, 9 Nov 2010, Robert Moskowitz wrote:
>
> >> The[y] just announced customer only RHEL 5.6 beta notes:
> >>bind 9.7 - improved DNSsec support
>
> > So is there a Centos 5.6 beta with bind 9.7 or should I
> > switch to FC13/14? :)
>
> I inadvertently sent that under a @centos.org email address -
> that should have been from @owlriver -- sorry, as it was in no
> wise a statement from centos, and was my personal observation
> only
>
> > And given that this system is pretty much ONLY a DNS server,
> > is my 'risk' of using the beta minimal?
>
> well, you get to keep all the pieces  ;)

You may be interested in the instructions for running DNSSEC under RHEL 6 (when
available) that was presented by Red Hat training at the Red Hat Summit this
year.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Init.d script troubleshooting.

[Barry Brimer]

> Testing the script, both via "/etc/init.d/Fast start" and "service Fast 
> start" works, and it fully works for the implemented "start","stop","status" 
> commands.
>
> "/etc/rc0.d/K10Fast stop" works as expected. (as does /etc/rc1,2,6 etc..)
>
> The script contains full paths to everything.
>
> At boot, the script functions as expected.
>
> My problem is that at reboot, via shutdown -r or shutdown -h the script does 
> NOT get called, so naturally the system doesn't get to clean up after itself, 
> then it fails to startup correctly next boot.


I believe the name of the script in /etc/init.d needs to match the name of 
the lock file dropped in /var/lock/subsys .. so either change the case of 
your lockfile so it is called "Fast" and not "fast" to match the script or 
change the name of script to "fast" the match the lockfile.  For further 
reference, please examine /etc/init.d/killall.  This is the script that 
stops things that have placed files in /var/lock/subsys.

Hope this helps.
Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Init.d script troubleshooting.

[Barry Brimer]

> On Nov 9, 2010, at 5:15 PM, Barry Brimer wrote:
>
>> 
>>> Testing the script, both via "/etc/init.d/Fast start" and "service Fast 
>>> start" works, and it fully works for the implemented 
>>> "start","stop","status" commands.
>>>
>>> "/etc/rc0.d/K10Fast stop" works as expected. (as does /etc/rc1,2,6 etc..)
>>>
>>> The script contains full paths to everything.
>>>
>>> At boot, the script functions as expected.
>>>
>>> My problem is that at reboot, via shutdown -r or shutdown -h the script 
>>> does NOT get called, so naturally the system doesn't get to clean up after 
>>> itself, then it fails to startup correctly next boot.
>> 
>>
>> I believe the name of the script in /etc/init.d needs to match the name of
>> the lock file dropped in /var/lock/subsys .. so either change the case of
>> your lockfile so it is called "Fast" and not "fast" to match the script or
>> change the name of script to "fast" the match the lockfile.  For further
>> reference, please examine /etc/init.d/killall.  This is the script that
>> stops things that have placed files in /var/lock/subsys.
>>
>> Hope this helps.
>> Barry
>
>
> Wow... It works now...
>
> Thanks much. I didn't see that in the documentation, interesting info.

Glad it works!

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL 6 Officially Released

[Barry Brimer]

Quoting Karanbir Singh :

> hi Guys,
>
> On 11/10/2010 07:52 PM, Scott Silva wrote:
> > Last time there was only one build queue, so if 5.6 and 6 come out at the
> same
> > time, they will have to choose which one gets attention first. CentOS
> doesn't
> > have the multi-million dollar infrastructure to support multiple
> simultaneous
> > releases.
>
> Just a quick note here - the centos buildsystem, as used for centos4 and
> 5 has 8 builder 'threads'. So there is a fairly good potential for rapid
> builds.
>
> Having said that, were not going to use those for centos6, we have a 6
> node dedicated builder service that will get used for this.
>
> Over the next few days I'll post details on how you guys can keep track
> of whats going on. I'll also post some details on how everyone can get
> involved and help.
>
> Exciting times for sure :)

This is very exciting.  This also creates a tremendous amount of work for the
CentOS team.  I for one would like to thank the CentOS team for their continued
efforts as well as thanking them in advance for all the work that will go into
building CentOS 6.  You have my utmost respect and appreciation.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL 6 Officially Released

[Barry Brimer]

Quoting Connie Sieh :

> On Wed, 10 Nov 2010, Barry Brimer wrote:
>
> > Quoting Karanbir Singh :
> >
> >> hi Guys,
> >>
> >> On 11/10/2010 07:52 PM, Scott Silva wrote:
> >>> Last time there was only one build queue, so if 5.6 and 6 come out at the
> >> same
> >>> time, they will have to choose which one gets attention first. CentOS
> >> doesn't
> >>> have the multi-million dollar infrastructure to support multiple
> >> simultaneous
> >>> releases.
> >>
> >> Just a quick note here - the centos buildsystem, as used for centos4 and
> >> 5 has 8 builder 'threads'. So there is a fairly good potential for rapid
> >> builds.
> >>
> >> Having said that, were not going to use those for centos6, we have a 6
> >> node dedicated builder service that will get used for this.
> >>
> >> Over the next few days I'll post details on how you guys can keep track
> >> of whats going on. I'll also post some details on how everyone can get
> >> involved and help.
> >>
> >> Exciting times for sure :)
> >
> > This is very exciting.  This also creates a tremendous amount of work for
> the
> > CentOS team.  I for one would like to thank the CentOS team for their
> continued
> > efforts as well as thanking them in advance for all the work that will go
> into
> > building CentOS 6.  You have my utmost respect and appreciation.
> >
> > Barry

> We should also thank RedHat for if no RedHat then no CentOS.

Absolutely.  Red Hat does a tremendous amount of heavy lifting to produce RHEL,
without which there would be no CentOS.  Red Hat also gets paid pretty well to
do so, and unless I am mistaken the CentOS team does not.  In any case, I
appreciate the work of Red Hat and the CentOS team.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Confused about Java browser plugin for Firefox

[Barry Brimer]

> Any advice on how to go about that without jumping through burning loops? A
> pointer to some concise documentation or, even better, a short and working
> step-by-step HOWTO?

The problem may be that in Firefox 3.6.6 (or some time close to that) the 
name of the Java plugin changed.  It is no longer libjavaplugin_oji.so, 
rather it is now libnpjp2.so.  It also changed locations within the 
installed JRE as well.  If you have the current JRE installed, you should 
be able to get it working with the following command run as root:

ln -s /usr/java/latest/lib/i386/libnpjp2.so /usr/lib/mozilla/plugins/

HTH,
Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CENTOS 5 (X86 32 bits) only support 16 Gb RAM???

[Barry Brimer]

Quoting James Bensley :

> Eh? How can you have 16GBs on a 32bit kernel?

You can have up to 64GB using PAE
.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CENTOS 5 (X86 32 bits) only support 16 Gb RAM???

[Barry Brimer]

Quoting mcclnx mcc :

> I would like confirm one thing.  Based on what I saw Redhat document before,
> look like CENTOS 5 (X86, 32 bits) only support 16 GB RAM.
>
> Is this correct?

Yes.  I believe if you have more than 16 GB of RAM then it is recommended to use
x86_64.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Novell sale news?

[Barry Brimer]

> Just saw that today. I wonder if any of those assets is the superior (and
> utterly badly marketed) WordPerfect.

I thought Novell sold WordPerfect to Corel a long time ago.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] set and lengthen time between screensavers

[Barry Brimer]

> Please, How/where can I change to keep to screen longer open.

I assume you are using GNOME under CentOS 5.

System -> Preferences -> Screensaver

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos