[CentOS] Seeds for Centos 4.5 (s390) bittorrent
Hello, I would like to download the DVD image for the s390x hardware - could someone seed the torrent or point me to an image I can download? Thanks, Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: Seeds for Centos 4.5 (s390) bittorrent
Someone is seeding it now - get it while it's hot :) Cheers, Mike. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ray Leventhal Sent: Thursday, August 30, 2007 6:38 AM To: CentOS mailing list Subject: Re: [CentOS] Re: Seeds for Centos 4.5 (s390) bittorrent Scott Silva wrote: > Ray Leventhal spake the following on 8/29/2007 11:53 AM: >> [EMAIL PROTECTED] wrote: >>> Hello, I would like to download the DVD image for the s390x hardware - >>> could someone seed the torrent or point me to an image I can download? >>> >>> Thanks, >>> >>> Mike. >>> >> Hi Mike, >> >> centos.org has links to mirrors. I found this for x390. >> http://altruistic.lbl.gov/mirrors/centos/4.5/isos/s390/centos-4.5-s390-bindv d.torrent >> >> >> HTH, >> ~Ray > I think his problem was that there are no seeds for the DVD image. I > can't find any 390x dvd images on any of the mirrors that usually have > dvd's. > Well, after re-reading, you're clearly right about that, Scott. Sorry, Mike. Had I the image, I'd gladly seed. ~R ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Compiling mod_webauth on CentOS 5 - krb dependency failure
Hello all, When I try to compile the mod_webauth module on CentOS 5, the dependencies for Kerberos fail. I have the Kerberos libs installed, which is what I assume it's complaining about. Ideas? Is there an RPM missing? Here's some of what I found: [EMAIL PROTECTED] webauth-3.5.4]# ./configure checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for krb5-config... no checking for library containing res_search... no checking for library containing __res_search... -lresolv checking for library containing crypt... -lcrypt checking for krb5_init_context in -lkrb5... no checking for krb5int_getspecific in -lkrb5support... no checking for library containing pthread_setspecific... -lpthread checking for krb5int_setspecific in -lkrb5support... no checking for krb5_cc_default in -lkrb5... no configure: error: cannot find usable Kerberos v5 library [EMAIL PROTECTED] webauth-3.5.4]# However, when I search via rpm, I see: [EMAIL PROTECTED] webauth-3.5.4]# rpm -qa | grep -i krb krb5-libs-1.5-26 krb5-libs-1.5-29 krb5-server-1.5-29 pam_krb5-2.2.11-1 pam_krb5-2.2.11-1 krb5-workstation-1.5-26 [EMAIL PROTECTED] webauth-3.5.4]# Thanks, Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] perltidy
On Thu, 27 Sep 2007, Gregory P. Ennis wrote: Everyone, I'm looking for perltidy for CentOS 5. Does anyone know where I might find this? Thanks Greg Ennis It's in rpmforge as perl-Tidy. If you don't have rpmforge installed good instructions are here: http://wiki.centos.org/Repositories/RPMForge -- Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Kernel panic - where to go from here?
CentOS 5 has been running continuously since 9/21 on my "do everything" home server (with the exception of a kernel update). It's a fairly old Athlon machine that serves as a firewall and various servers (dovecot, samba, NFS, dhcp, OpenVPN, etc). I connected via OpenVPN about a week ago and discovered I get a kernel panic. I've since found that this is very repeatable and happens only after being connected via OpenVPN for about 4 hours or so. I was able to manually copy the stuff on the console after the panic (see below). I googled "unable to handle kernel paging request" and didn't really find anything useful (to me). I've tried both kernel version 2.6.18-8.1.14.el5 and 2.6.18-8.1.15.el5 as well as OpenVPN versions 2.1_rc4-1 and 2.0.9 all with the same results. Not sure where to go with this(?). Should I post this on a kernel mailing list? Or somewhere else? Call Trace: [] dump_trace+0x8c/0x96 [] show_trace_log_lvl+0x10/0x20 [] show_stack_log_lvl+0x8c/0x94 [] show_registers+0x125/0x191 [] kernel_thread_helper+0x7/0x10 [] die+0x196/0x296 [] do_page_fault+0x3ea/0x4b8 [] kthread+0x0/0xeb [] do_page_fault+0x0/0x4b8 [] error_code+0x39/0x40 [] kthread+0x0/0xeb [] kernel_thread_helper+0x7/0x10 BUG: unable to handle kernel paging request at virtual address c0613dbf Printing eip: c0404c44 *pde = 2f9b5163 Recursive die() failure, output suppressed <0>Kernel panic - not syncing: Fatal exception -- Thanks, Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel panic - where to go from here?
On Wed, 28 Nov 2007, Bart Schaefer wrote: On Nov 28, 2007 11:27 AM, Mike <[EMAIL PROTECTED]> wrote: I googled "unable to handle kernel paging request" and didn't really find anything useful (to me). In my experience this probably means that you have some RAM going bad and you only manage to tickle the problem when the machine becomes loaded enough to need that part of the address space. Reboot with memtest86 (should be on the centos install media) and look for test failures. Thanks Bart - That makes perfect sense. I've installed memtest and will let it cook over night. -- Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel panic - where to go from here?
On Wed, 28 Nov 2007, Bart Schaefer wrote: On Nov 28, 2007 11:27 AM, Mike <[EMAIL PROTECTED]> wrote: I googled "unable to handle kernel paging request" and didn't really find anything useful (to me). In my experience this probably means that you have some RAM going bad and you only manage to tickle the problem when the machine becomes loaded enough to need that part of the address space. Reboot with memtest86 (should be on the centos install media) and look for test failures. That was it! Replaced the failing memory, now OpenVPN has been up for ~16 hours. -- Thanks, Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On Tue, 22 Feb 2011, ken wrote: > I heard about some inexpensive security cameras which get their power > through the same cat5 cable which delivers the data/pictures (which > would simplify wiring tremendously). Does anyone know about these? Do > they work with Linux, particularly CentOS? > > > tnx 4 tips. > I've been meaning to try ZoneMinder (www.zoneminder.com) for some time but have not just yet. In any case there is some good info on cameras in a few places on that site, "Hardware Compatibility List" section of the forum for one. -- Mike :wq ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 9 Stream on Workstation with Ver. 1 x86_64 cpu
Hello All, RHEL9 deprecated version 1 x86_64 cpus. My old testbench HP workstation has such a version 1 cpu. I've tested install of Rocky Linux 9 and CentOS9Stream but no go upon reboot after install -- kernel panic. Is there a way to recompile the kernel to handle the legacy cpu after install -- via some other live cd, perhaps? Due to the fact I can't reboot after install, I'm not able to build a kernel using the following: https://wiki.centos.org/HowTos/Custom_Kernel Sidenote: I'd also like to include support for btrfs too, but first things first. Thank you. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 9 Stream on Workstation with Ver. 1 x86_64 cpu
Thanks very much for the link and your reply. Yes, glibc and other core parts set with specific cpu flags is precisely what I feared. I suppose it's over to debian or prep the old box for recycling. Best regards. On Mon, Sep 5, 2022 at 11:07 AM Fabian Arrotin wrote: > On 05/09/2022 16:15, Mike wrote: > > Hello All, > > > > RHEL9 deprecated version 1 x86_64 cpus. My old testbench HP workstation > > has such a version 1 cpu. I've tested install of Rocky Linux 9 and > > CentOS9Stream but no go upon reboot after install -- kernel panic. > > > > Is there a way to recompile the kernel to handle the legacy cpu after > > install -- via some other live cd, perhaps? > > > > Due to the fact I can't reboot after install, I'm not able to build a > > kernel using the following: > > https://wiki.centos.org/HowTos/Custom_Kernel > > > > Sidenote: I'd also like to include support for btrfs too, but first > things > > first. > > > > Thank you. > > To keep a long story short : don't even try :) > > Worth reading : > > https://developers.redhat.com/blog/2021/01/05/building-red-hat-enterprise-linux-9-for-the-x86-64-v2-microarchitecture-level > > So it's not only kernel but the whole userland and glibc (and others) > that would need to be recompiled, so basically rebuilding the whole > distro ... > > -- > Fabian Arrotin > The CentOS Project | https://www.centos.org > gpg key: 17F3B7A1 | twitter: @arrfab > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 9 Stream on Workstation with Ver. 1 x86_64 cpu
Fedora Server, installed and operational. Thanks for your help! On Mon, Sep 5, 2022 at 1:00 PM Leon Fauster via CentOS wrote: > Am 05.09.22 um 17:18 schrieb Mike: > > Thanks very much for the link and your reply. > > Yes, glibc and other core parts set with specific cpu flags is precisely > > what I feared. > > I suppose it's over to debian or prep the old box for recycling. > > > > Give Fedora Linux a try ... > > -- > Leon > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] apt on Centos 5.1
Just read on planet centos that you can easily install apt on Centos too using yum. However, I get : [EMAIL PROTECTED] ~]# yum install apt Loading "installonlyn" plugin Setting up Install Process Setting up repositories Reading repository metadata in from local files Parsing package install arguments Nothing to do So not sure what I am missing .. And sorry if this isn't the right place to ask :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] lvm errors after replacing drive in raid 10 array
I thought I'd test replacing a failed drive in a 4 drive raid 10 array on a CentOS 5.2 box before it goes online and before a drive really fails. I 'mdadm failed, removed', powered off, replaced drive, partitioned with sfdisk -d /dev/sda | sfdisk /dev/sdb, and finally 'mdadm add'ed'. Everything seems fine until I try to create a snapshot lv. (Creating a snapshot lv worked before I replaced the drive.) Here's what I'm seeing. # lvcreate -p r -s -L 8G -n home-snapshot /dev/vg0/homelv Couldn't find device with uuid 'yIIGF9-9f61-QPk8-q6q1-wn4D-iE1x-MJIMgi'. Couldn't find all physical volumes for volume group vg0. Volume group for uuid not found: I4Gf5TUB1M1TfHxZNg9cCkM1SbRo8cthCTTjVHBEHeCniUIQ03Ov4V1iOy2ciJwm Aborting. Failed to activate snapshot exception store. So then I try # pvdisplay --- Physical volume --- PV Name /dev/md3 VG Name vg0 PV Size 903.97 GB / not usable 3.00 MB Allocatable yes PE Size (KByte) 4096 Total PE 231416 Free PE 44536 Allocated PE 186880 PV UUID yIIGF9-9f61-QPk8-q6q1-wn4D-iE1x-MJIMgi Subsequent runs of pvdisplay eventually returns nothing. pvck /dev/md3 seems to restore that but creating a snapshot volume still fails. It's as if the "PV stuff" is not on the new drive. I (probably incorrectly) assumed that just adding the drive back in to the raid array would take care of that. I've searched quite a bit but have not found any clues. Any one? -- Thanks, Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RE: lvm errors after replacing drive in raid 10 array
On Thu, 17 Jul 2008, Ross S. W. Walker wrote: It would be interesting to see what the mdadm --detail /dev/mdX says. I see the VG is made out of 1 PV md3? What are md0,1,2 doing, I can guess md0 is probably /boot, but what about 1 and 2? It wouldn't hurt to give the sfdisk partition dumps for the drives in question too. -Ross Thanks for the reply. md2 is /boot, md0 is /root and md1 is swap. # mdadm --detail /dev/md3 /dev/md3: Version : 00.90.03 Creation Time : Fri Jul 4 17:11:30 2008 Raid Level : raid10 Array Size : 947883008 (903.97 GiB 970.63 GB) Used Dev Size : 473941504 (451.99 GiB 485.32 GB) Raid Devices : 4 Total Devices : 4 Preferred Minor : 3 Persistence : Superblock is persistent Update Time : Thu Jul 17 15:58:52 2008 State : clean Active Devices : 4 Working Devices : 4 Failed Devices : 0 Spare Devices : 0 Layout : near=1, far=2 Chunk Size : 256K UUID : 7ecb1de6:c6e22a3a:1bd5446a:1dcd5444 Events : 0.3852 Number Major Minor RaidDevice State 0 840 active sync /dev/sda4 1 8 201 active sync /dev/sdb4 2 8 362 active sync /dev/sdc4 3 8 523 active sync /dev/sdd4 # sfdisk -l /dev/sda Disk /dev/sda: 60801 cylinders, 255 heads, 63 sectors/track Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0 Device Boot Start End #cyls#blocks Id System /dev/sda1 * 0+ 12 13-104391 fd Linux raid autodetect /dev/sda2 1312871275 10241437+ fd Linux raid autodetect /dev/sda3 12881797 5104096575 fd Linux raid autodetect /dev/sda4 1798 60800 59003 473941597+ fd Linux raid autodetect # sfdisk -l /dev/sdb Disk /dev/sdb: 60801 cylinders, 255 heads, 63 sectors/track Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0 Device Boot Start End #cyls#blocks Id System /dev/sdb1 * 0+ 12 13-104391 fd Linux raid autodetect /dev/sdb2 1312871275 10241437+ fd Linux raid autodetect /dev/sdb3 12881797 5104096575 fd Linux raid autodetect /dev/sdb4 1798 60800 59003 473941597+ fd Linux raid autodetect # sfdisk -l /dev/sdc Disk /dev/sdc: 60801 cylinders, 255 heads, 63 sectors/track Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0 Device Boot Start End #cyls#blocks Id System /dev/sdc1 * 0+ 12 13-104391 fd Linux raid autodetect /dev/sdc2 1312871275 10241437+ fd Linux raid autodetect /dev/sdc3 12881797 5104096575 fd Linux raid autodetect /dev/sdc4 1798 60800 59003 473941597+ fd Linux raid autodetect # sfdisk -l /dev/sdd Disk /dev/sdd: 60801 cylinders, 255 heads, 63 sectors/track Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0 Device Boot Start End #cyls#blocks Id System /dev/sdd1 * 0+ 12 13-104391 fd Linux raid autodetect /dev/sdd2 1312871275 10241437+ fd Linux raid autodetect /dev/sdd3 12881797 5104096575 fd Linux raid autodetect /dev/sdd4 1798 60800 59003 473941597+ fd Linux raid autodetect ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: lvm errors after replacing drive in raid 10 array [SOLVED ?]
Just for the record I'm about 98.7% sure that the root problem here was that the LVM stuff (pvcreate, vgcreate, lvcreate) was done when booted from systemrescuecd and had nothing to do with replacing a failed drive. The ouptut from 'pvcreate --version' on the systemrescuecd is: LVM version: 2.02.33 (2008-01-31) Library version: 1.02.26 (2008-06-06) Driver version: 4.13.0 And when booted from CentOS 5.2: LVM version: 2.02.32-RHEL5 (2008-03-04) Library version: 1.02.24 (2007-12-20) Driver version: 4.11.5 When [pv|vg|lv]create is done like it should have been (after booting CentOS) snapshot volume creation works as expected even after replacing a failed drive. On Thu, 17 Jul 2008, Mike wrote: I thought I'd test replacing a failed drive in a 4 drive raid 10 array on a CentOS 5.2 box before it goes online and before a drive really fails. I 'mdadm failed, removed', powered off, replaced drive, partitioned with sfdisk -d /dev/sda | sfdisk /dev/sdb, and finally 'mdadm add'ed'. Everything seems fine until I try to create a snapshot lv. (Creating a snapshot lv worked before I replaced the drive.) Here's what I'm seeing. # lvcreate -p r -s -L 8G -n home-snapshot /dev/vg0/homelv Couldn't find device with uuid 'yIIGF9-9f61-QPk8-q6q1-wn4D-iE1x-MJIMgi'. Couldn't find all physical volumes for volume group vg0. Volume group for uuid not found: I4Gf5TUB1M1TfHxZNg9cCkM1SbRo8cthCTTjVHBEHeCniUIQ03Ov4V1iOy2ciJwm Aborting. Failed to activate snapshot exception store. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Shell script - ping
I really like 'fping' for use in shell scripts. See: http://www.fping.com/ and http://fping.sourceforge.net/man/ It can be 'yum installed' from the CentOS RPMforge repo. So in your script you can just do fping -c 10 ... I don't understand exactly what 'scripts which launches 10 pings' and 'execution of single shell scripts' means. So don't think I can help with the scripting part... On Mon, 28 Jul 2008, Gopinath Achari wrote: hi, how to write a scripts which launches 10 pings to different destinations at execution of single shell scripts please help me any ideas regards, Gopinath ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Samba, SELinux and system created directories
Does anybody know what 'setsebool -P samba_export_all_rw on' is actually supposed to do? I'm trying to share /tmp via samba and am seeing the same results with samba_export_all_rw set to on or off. Maybe I'm misunderstanding what this is intended to do but from windows I cannot see files in /tmp with 'tmp_t' security context (as shown by ls -lZ /tmp). I do see those with 'smbd_tmp_t' which are files placed there from windows via samba. I assumed that this boolean, when on, would allow samba to see files in /tmp regardless of security context. I did try 'touch /.autorelabel' and rebooting, still no dice. From /etc/samba/smb.conf: # If you need to share a system created directory you can use one of the # following (read-only/read-write): # setsebool -P samba_export_all_ro on # or # setsebool -P samba_export_all_rw on ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: securing rsync over ssh
On Tue, 29 Jul 2008, Kai Schaetzl wrote: I want to secure some remote rsyncs over ssh by using the command= option in .authorized_keys. As I understand I can use only the full command there, as it is not a list of "allowed commands" but the command that will be executed when logging in with this key. Now, I'm running several rsync commands on individual directories in the root, not just one command. I do that to pull different exclude lists in. I want to exclude nothing in some directories and a few different things in other directories. rsyncing per /rooted directory seems to be the cleanest and easiest way. All other combinations of complicated exclude/include lists may have unexpected results. I thought about putting the remote command in a shell script. However, I think this won't work as each rsync on the remote side will be executed with the first rsync command in the script on the local side. Is there a solution (besides using several keys or so)? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com By 'secure some remote rsyncs' do you mean only allow rsync but not interactive login? If so perhaps this will meet your needs: http://troy.jdmz.net/rsync/index.html -- Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSD Drives
On Thu, 2 Feb 2012, William Warren wrote: > On 2/2/2012 1:19 PM, Matt wrote: >> Has anyone installed a high I/O application such as an email server on >> SSD drives? Was thinking about doing two SSD's in RAID1. It would >> solve my I/O latency issues but I have heard that SSD's wear out >> quickly in high I/O situations? Something like each memory location >> only has X many writes before its done. Just wandering if anyone has >> tested it and if newer SSD's are better about this? >> > it all depends on how much writing you do AND how much spare space the > drives have. The more spare flash the drives have the longer they'll > live due to being able to spread the writing wear over a larger area. > How very timely, I'm just starting to investigate something similar myself. I don't have much to contribute however this forum post: http://www.xtremesystems.org/forums/showthread.php?271063-SSD-Write-Endurance-25nm-Vs-34nm seems as though it'll be interesting, if I can ever make it through 3500+ pages to get to the conclusion. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: file manager over ssh
On Sun, 17 Aug 2008, Linux Man wrote: Hello. I need to copy several file from one PC to another over Internet, both using CentOS. What file manager that works over console do you recommend me? Thanks at all Best Regards You've got a lot of good suggestions already but sftp is also a good one. Very similar to ftp but over ssh. -- Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rdiff-backup update broken?
After the recent yum update to rdiff-backup-1.2.2-1.el5.rf rdiff-backup no longer works. I don't "speak" python so not sure what's going on. Here's a portion of what I'm seeing... # rdiff-backup /etc/ /backup/localhost/etc Exception '[Errno 34] Numerical result out of range' raised of class 'exceptions.IOError': File "/usr/lib64/python2.4/site-packages/rdiff_backup/robust.py", line 32, in check_common_error try: return function(*args) File "/usr/lib64/python2.4/site-packages/rdiff_backup/rpath.py", line 1123, in append return self.__class__(self.conn, self.base, self.index + (ext,)) File "/usr/lib64/python2.4/site-packages/rdiff_backup/rpath.py", line 868, in __init__ else: self.setdata() File "/usr/lib64/python2.4/site-packages/rdiff_backup/rpath.py", line 893, in setdata if self.lstat(): self.conn.rpath.setdata_local(self) File "/usr/lib64/python2.4/site-packages/rdiff_backup/rpath.py", line 1470, in setdata_local if Globals.eas_conn: rpath.data['ea'] = ea_get(rpath) File "/usr/lib64/python2.4/site-packages/rdiff_backup/eas_acls.py", line 584, in rpath_ea_get ea.read_from_rp(rp) File "/usr/lib64/python2.4/site-packages/rdiff_backup/eas_acls.py", line 74, in read_from_rp try: self.attr_dict[attr] = rp.conn.xattr.getxattr(rp.path, attr, rp.issym()) Anyone else use rdiff-backup? Or any thoughts? -- Thanks, Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] which firewall to automatically block bandwidth abusers?
On Thu, 18 Aug 2011, Rudi Ahlers wrote: > Let's try again: > > > I need to automatically block any user who abuses bandwidth, either > incoming or outgoing. I should be able to set the limits, in either > rate/s or usage/s: 1Mb/s or 10GB/h, for example. > > Then, any users, connecting from anywhere, on any IP should be blocked > - either if he uploads or downloads (i.e ingres & outgres) for a > specific amount of time. > As one might imagine there is at least one commercial product that seems to fit the bill. http://www.aspirantinfotech.com/downloads/Cyberoam/pdf/Managing-bandwidth-the-User-based-approach.pdf I mention this as I thought it was well written and thorough. After reading the pdf seems to me there ought to be something open source based upon perhaps this: http://lartc.org/lartc.html Anyway maybe some food for thought. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] which firewall to automatically block bandwidth abusers?
> > I have read through that document link on > http://lartc.org/lartc.html#AEN1393 and the closest I could get is > rate limiting, but that doesn't actually block the IP if it goes over > a certain threshold, it just slows everything down. So I'm not sure I fully understand your requirements. Why isn't slowing the user to zero or at least near zero sufficient? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] which firewall to automatically block bandwidth abusers?
On Thu, 18 Aug 2011, Rudi Ahlers wrote: On Thu, Aug 18, 2011 at 9:38 PM, Mike wrote: I have read through that document link on http://lartc.org/lartc.html#AEN1393 and the closest I could get is rate limiting, but that doesn't actually block the IP if it goes over a certain threshold, it just slows everything down. So I'm not sure I fully understand your requirements. Why isn't slowing the user to zero or at least near zero sufficient? How do I slow one user down, without affecting the others? The way I understand rate limiting is that you rate limit a certain protocol / port, or IP / IP range. So, how would I automatically slow down someone (on any IP address, and accessing any protocol) once he hits a certain threshold / limit? I think I understand now and the short answer is that you can't! In other words you're saying that say "Steve" is using a ton of bandwidth so you want to block him. But "Fred" and 10 other users that may be at the same IP address are fine and you don't want to block them. I mean you could conceptually at least block the IP/Source port that "Steve" is "coming from" right now. But the source port (and perhaps IP) will eventually change and your block is now useless. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] help with gpg
On Sun, 21 Aug 2011, Jerry Geis wrote: > Under Centos 5 I ran this command: > gpg --passphrase-file /home/myuser/pass_phrase.txt -c > ../Versions/program.x86_64.tgz > > and this worked fine. > > On CentOS 6 running the same command prompts me for the passphrase. > > Thats exactly what I dont want to have happen. I have the pass phrase I > want in the file. > > After some searching it says I need to start the daemon like "gpg-agent > --daemon" > take the output: > GPG_AGENT_INFO=/tmp/gpg-x4WH7K/S.gpg-agent:19156:1; export GPG_AGENT_INFO; > and use it - which I did. > > Then when I run my command above I still get prompted for the pass phrase. > > What am I not doing correct? > > I just want a simple phrase on a file that someone has to know before they > can extract it. Nothing special going on > > Thanks, > > Jerry > >From the man page: "...Note that this passphrase is only used if the option --batch has also been given." ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] help with gpg
On Sun, 21 Aug 2011, Jerry Geis wrote: > >>> / From the man page: >> / >> "...Note that this passphrase is only used if the option --batch has also >> been given." > Mike, > > Thanks - that does work. I was thinking "too hard" and thought it was > something > with the gpg-agent. > > Thanks > > Jerry > I'm certainly no gpg expert but I had a similar issue that was *finally* solved by using --batch. I also meant to mention from what I can tell in CentOS6 gpg is really gpg2. Notice that "/usr/bin/gpg" is really "/usr/bin/gpg -> gpg2". I mention this because in various places as I searched I noticed phrases like "This is different from gpg". What? Now I understand, I'm now using gpg2 and never knew it... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
Perhaps the most important point here is that the script kiddies and/or bots usually make sure the target string, 'login' in your example is *not* contained within a single packet. You can verify this with wireshark. In any case just be aware that your solution will likely not have the desired effect. This a decent read: http://spamcleaner.org/en/misc/w00tw00t.html Specifically the Conclusion section near the bottom. On Wed, 31 Aug 2011, Always Learning wrote: > > On a VPS I wanted to add to IP tables:- > > iptables -A -p tcp -m string --algo bm --string 'login' -j DROP > > I got: > > iptables: Unknown error 18446744073709551615 > > uname -a = 2.6.35.4 #2 (don't know how this got installed) > > lsmod | grep ipt = ipt_LOG 5419 2 > > yum upgrade iptables* = nothing to install. > > --- > > On a standalone server (C 5.6) > > iptables -A -p tcp -m string --algo bm --string 'login' -j DROP > > is accepted. > > uname -a = 2.6.18-274.el5 #1 > > lsmod | grep ipt = > ipt_LOG39617 1 > iptable_filter 36161 1 > ip_tables 55457 1 iptable_filter > x_tables 50505 6 > xt_string,xt_state,ipt_LOG,xt_tcpudp,ip_tables,ip6_tables > > > > Appreciate suggestions on how to get kernel 2.6.35.4 to install the > whole IP tables package, especially the STRING and RECENT options (in > -m). > > Thank you. > > Paul. > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tasks in /etc/cron.daily on CentOS 7?
Hi Nicki, I'm new to CentOS, and came from Slackware servers too. I recently installed 2 servers with CentOS 7 and was unaware of /etc/anacrontab. I saw there was an /etc/crontab file and entered a few executable bash scripts in there. My logs confirm it's up and functional. /etc/crontab : SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root # For details see man 4 crontabs # Example of job definition: # . minute (0 - 59) # | .- hour (0 - 23) # | | .-- day of month (1 - 31) # | | | .--- month (1 - 12) OR jan,feb,mar,apr ... # | | | | . day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed 20 6 * * * root /root/RTCSS 20 12 * * * root /root/RTCSS 20 18 * * * root /root/RTCSS 10 23 * * * root /root/a1-precise On Wed, Mar 11, 2015 at 11:17 AM, Niki Kovacs wrote: > Hi, > > I just configured SquidAnalyzer, a nifty little network statistics tool > that I'm using mainly in school networks to monitor network usage. > > I want to run the '/usr/bin/squid-analyzer' script once a day. I took a > peek in /etc/cron.daily, and the package already installed an > /etc/cron.daily/0squidanalyzer script. > > I wanted to know at what time CentOS ran the cron.daily scripts, so I > typed crontab -l, but there was only "no cronjobs defined for root". > > Here's how things look on a public Slackware64 14.0 server I administrate: > > # crontab -l > ... > # Run hourly cron jobs at 47 minutes after the hour: > 47 * * * * /usr/bin/run-parts /etc/cron.hourly 1> /dev/null > # > # Run daily cron jobs at 4:40 every day: > 40 4 * * * /usr/bin/run-parts /etc/cron.daily 1> /dev/null > # > # Run weekly cron jobs at 4:30 on the first day of the week: > 30 4 * * 0 /usr/bin/run-parts /etc/cron.weekly 1> /dev/null > # > # Run monthly cron jobs at 4:20 on the first day of the month: > 20 4 1 * * /usr/bin/run-parts /etc/cron.monthly 1> /dev/null > > How is this handled on CentOS 7? > > Cheers, > > Niki > -- > Microlinux - Solutions informatiques 100% Linux et logiciels libres > 7, place de l'église - 30730 Montpezat > Web : http://www.microlinux.fr > Mail : i...@microlinux.fr > Tél. : 04 66 63 10 32 > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Install Bind with gss-spnego enabled
CentOS 7.1503 installed. Installed Samba 4 from sernet: Version 4.1.17-SerNet-RedHat-11.el7 (to be configured). The samba wiki Readme First page states, "Some distributions like . . . Red Hat Enterprise Linux (and clones), ship BIND9 packages with disabled GSS-SPNEGO option, which is required for signed DNS updates when using BIND as DNS backend on your Samba DC. This circumstance requires to self compile BIND9." Is there any way to use a yum command to install Bind9 with gss-spnego enabled? I'm worried about installing from source and creating future problems when trying to update other CentOS packages that may be affected by the source install of Bind9. Is it safe to obtain a bind9 source tarball for install on an rpm-based CentOS 7 server? If anyone has installed Bind for use with Samba 4 on CentOS 7, please let me know what worked. Thanks for your time and patience. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install Bind with gss-spnego enabled
Hi Johnny, Thank you for your response. I thought to choose the sernet package because of the following stated in Samba Readme: Samba packages shipped in some distributions like e. g. Fedora, RHEL may not be able to be used as Samba AD DC, because the distribution relies on MIT Kerberos which isn't supported by Samba yet. In this case build Samba yourself or use the packages from SerNet or other reliable sources. I do want to use samba as an AD DC. Does the above not apply to CentOS distro? Thanks for reading. On Apr 16, 2015 4:35 AM, "Johnny Hughes" wrote: > On 04/16/2015 12:53 AM, Mike wrote: > > CentOS 7.1503 installed. > > Installed Samba 4 from sernet: Version 4.1.17-SerNet-RedHat-11.el7 (to be > > configured). > > > > The samba wiki Readme First page states, "Some distributions like . . . > Red > > Hat Enterprise Linux (and clones), ship BIND9 packages with disabled > > GSS-SPNEGO option, which is required for signed DNS updates when using > BIND > > as DNS backend on your Samba DC. This circumstance requires to self > compile > > BIND9." > > > > Is there any way to use a yum command to install Bind9 with gss-spnego > > enabled? > > > > I'm worried about installing from source and creating future problems > when > > trying to update other CentOS packages that may be affected by the source > > install of Bind9. Is it safe to obtain a bind9 source tarball for install > > on an rpm-based CentOS 7 server? > > > > If anyone has installed Bind for use with Samba 4 on CentOS 7, please let > > me know what worked. > > > > Thanks for your time and patience. > > That is a bind build option, the only way to enable it is to build it. > > Is there some reason you don't want to use the samba-4.1 that is shipped > in CentOS-7? > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install Bind with gss-spnego enabled
On Thu, Apr 16, 2015 at 9:29 AM, Johnny Hughes wrote: > On 04/16/2015 06:33 AM, Mike wrote: > > > BUT .. If I was going to solve this problem, I would do so asking the > sernet guys and I would rebuild the "bind" sources in CentOS with the > proper configure switches so it would likely still meet all the other > software requires for CentOS that bind needs to meet. You could also > then only track when CentOS releases a new bind (because RH has released > new source code) .. and thereby not have to track bind upstream tarball > releases for security. > > > Sounds like good advice for me to follow up on. Thanks for the thoughtful response. :-) Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install Bind with gss-spnego enabled
On Thu, Apr 16, 2015 at 6:03 PM, James Hogarth wrote: > This was required for kerberos secured updates prior to el7.1 and el6.6 ... > > The problem in the underlying kerberos libraries was resolved so that > kerberos based updates worked with gss again and spnego doesn't need to be > compiled in. > ___ > James, thank you for your reply. This sounds like good news for me; I can stay planted in the accepted CentOS repo. biosphere. | | | | | | | | | | | | | | | I installed bind-9.9.4 package from the CentOS repo. I've been reading the Changes and Readme file but don't see where this issue is addressed. Can you point me to the centOS announcements or release notes that deal with the bind package and gss-spnego. I'd like to try to understand and possibly aggregate the right info to send to the samba wiki maintainers. | | | | | | | | | | | | | | | | | | | | | | | | | named -V on the installed package produces: BIND 9.9.4-RedHat-9.9.4-18.el7_1.1 (Extended Support Version) built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' <<>> '--with-gssapi=yes' '--disable-isc-spnego' using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013 using libxml2 version: 2.9.1 END Does the above output show that gss-spnego is actually enabled? Thanks for your help. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install Bind with gss-spnego enabled
On Fri, Apr 17, 2015 at 7:46 AM, James Hogarth wrote: > It wasn't the bind package directly but rather an issue with the libkrb5 > libraries. > > This is the specific bug that fixed the issue: > > https://bugzilla.redhat.com/show_bug.cgi?id=1087068 > > I'll get the samba wiki updated to make this clear. > Zoinks! I didn't realize I was corresponding with the fellow who actually maintains this section of the Samba Wiki. :-) Thanks for your expertise and synergy between the OS and the Samba software. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install Bind with gss-spnego enabled
K, clear. Still very much appreciative of your experience and insight. I'm a wannabe who never has enough time amongst my duties to get my sys-admin skills tight. Cheers, Mike On Fri, Apr 17, 2015 at 9:36 AM, James Hogarth wrote: > On 17 Apr 2015 13:04, "Mike" <1100...@gmail.com> wrote: > > > > On Fri, Apr 17, 2015 at 7:46 AM, James Hogarth > > wrote: > > > > > It wasn't the bind package directly but rather an issue with the > libkrb5 > > > libraries. > > > > > > This is the specific bug that fixed the issue: > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1087068 > > > > > > I'll get the samba wiki updated to make this clear. > > > > > > > > > Zoinks! I didn't realize I was corresponding with the fellow who > actually > > maintains this section of the Samba Wiki. :-) > > Thanks for your expertise and synergy between the OS and the Samba > software. > > Just to be clear I don't do that. > > However I have had a fair bit of my professional life in the realm of samba > in an AD context on CentOS this past year. > > I happen to know someone who does maintain that wiki though so will give > him the heads up over drinks in a few weeks ;) > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Tar CentOS installation and transfer it to new server
Current Installation: CentOS 7.1503 with SerNet Samba 4 ver. 4.1.17 configured as Active Directory Domain Controller. Current Installation: HP Workstation with dual Xeon quadcore cpu's and 4 x SATA hard drives NOT configured in RAID array. New Installation: CentOS 7.1503 minimal install New Installation: SuperMicro with single Xeon quadcore cpu and 4 x SATA hard drives configured in two pairs of RAID 1. The Current Install is about 3.5 GB's and has my Samba 4 setup all solid and working well. I want to know if it's possible to simply: - tar up the whole root partition - put it on a USB drive - boot the New server with a livecd - chroot into / partition - unpack the tar'ed root (/) from the USB drive into the New server root (/). Both installs used the automatic partitioning from anaconda, so /boot is on a separate partition. Each server has an initrd and kernel that works from /boot partition. Both CentOS installs are setup using the xfs filesystem on the root (/) partition. I saw someone do this successfully once but they left out certain directories like /srv , /tmp , and /var. But I'm not 100% certain which directories need to be left out of the tarball. Has anyone done this before? Do you know if it's doable? Thanks for reading. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tar CentOS installation and transfer it to new server
Thanks Mr. Roth! That's nice and methodical. I do like how you can revert by simply remounting the previous directories. I'm going to try both. I'm still hopeful that a simple tar -xf server.tgz into the chrooted "/" is possible. At linuxquestions.org, one user suggests it can be done by exempting the following: /proc /sys /dev /tmp /var I'm thinking the tarball thing may work due to the following: There's only one posix user account besides root, thus almost all files on the system are user: root group: root. I'll be using the same version of tar on both the Current Installation and the New Installation. All other user data will be mounted on the other set of hard drives and not a part of the base installation I'm un-tarring into (/). I'll also update each server install prior to transfer so all base packages on both servers match x.y.z to x.y.z. Mike On Mon, Jun 29, 2015 at 2:45 PM, wrote: > Mike wrote: > > Current Installation: CentOS 7.1503 with SerNet Samba 4 ver. 4.1.17 > > configured as Active Directory Domain Controller. > > Current Installation: HP Workstation with dual Xeon quadcore cpu's and 4 > x > > SATA hard drives NOT configured in RAID array. > > > > New Installation: CentOS 7.1503 minimal install > > New Installation: SuperMicro with single Xeon quadcore cpu and 4 x SATA > > hard drives configured in two pairs of RAID 1. > > > > The Current Install is about 3.5 GB's and has my Samba 4 setup all solid > > and working well. I want to know if it's possible to simply: > > > > - tar up the whole root partition > > - put it on a USB drive > > - boot the New server with a livecd > > - chroot into / partition > > - unpack the tar'ed root (/) from the USB drive into the New server root > > (/). > > > > Both installs used the automatic partitioning from anaconda, so /boot is > > on > > a separate partition. Each server has an initrd and kernel that works > > from > > /boot partition. Both CentOS installs are setup using the xfs filesystem > > on the root (/) partition. > > > > I saw someone do this successfully once but they left out certain > > directories like /srv , /tmp , and /var. > > But I'm not 100% certain which directories need to be left out of the > > tarball. > > > > Has anyone done this before? > > Do you know if it's doable? > > > > Thanks for reading. > > What we've done a good bit of, to upgrade one server from another that's > already where we want it to be, is this: > > 1. On the target machine, mkdir /new /boot/new > 2. rsync -HPavx :/boot/. /boot/new/ > 3. rsync -HPavx -exclude=/old -exclude=/var/log/wtmp :/. > /new/ (exclude anything else you want) > 4. Copy /etc/fstab, /etc/sysconfig/network, > /etc/sysconfig/network-scripts/ifcfg-e*, /boot/grub/device.map, and > /etc/exports, if any, to /boot/new and /new/etc/ > 5. Deal with /new/etc/udev.d/rules/70-persistant-net.rules > 6. copy /etc/ssh/ssh_host* /new/etc/ssh/ > 7. IF THE NEW HARDWARE IS DIFFERENT THAN THE OLD, make a new initrd. > mount --bind /dev /new/dev > mount --bind /sys /new/sys > mount --bind /proc /new/proc > mount --bind /boot/new /new/boot > chroot /new > cd /lib/modules > > VER=$(ls -rt1 | tail -1) > echo $VER > > mkinitrd X $VER > mv X /boot/initrd-$VER.img > > exit > > 8. I haven't been able to do the next in bash, my preferred shell, so: > zsh > zmodload zsh/files > > cd /boot > mkdir old > mv * old > mv old/lost+found . > mv old/new/* . > > # Root partition. > cd / > mkdir old > mv * old > mv old/lost+found . > #mv old/root . -- WHY? > mv old/scratch . > mv old/new/* . > > sync > sync > > 9. touch /.autorelabel > > reboot > > And you can always go back via a rescue boot and a few moves. > >mark > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tar CentOS installation and transfer it to new server
On Mon, Jun 29, 2015 at 4:43 PM, Chris Murphy wrote: > On Mon, Jun 29, 2015 at 2:38 PM, Chris Murphy > wrote: > > Anaconda on Fedora live media installs uses: > > > > rsync -pogAXtlHrDx > > Looks like this is the same as -aAXHx > > The cap X is for extended attributes. > > Mr. Murphy, thanks for your follow up. Do you mean boot both the current and the new server with LiveCD's and then --- rsync -aAXHx -e 'ssh' /chroot-mounted/root/directory root@192.168.10.200: /chroot-mounted/root/destination/directory Best regards. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tar CentOS installation and transfer it to new server
On Tue, Jun 30, 2015 at 12:55 PM, Warren Young wrote: > On Jun 29, 2015, at 6:50 PM, Mike <1100...@gmail.com> wrote: > > > > rsync -aAXHx -e 'ssh’ > > -e ssh has been the default in rsync for a very long time. I believe the > newest CentOS where -e defaults to rsh instead is CentOS 3. > > You only need to give -e nowadays when you need nonstandard ssh options, > and you don’t want to put them in your ~/.ssh/config file. A common > example is a nonstandard port number: > Thanks Mr. Young. The man page definitely tracks with your observation. Appreciated. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync question
I tried your rsync command and it worked on my LAN over ssh. The following was placed in the destination directory: drwxr-x--- 2 root smmsp 4.0K Jul 28 21:05 named/ -rw-r- 1 root smmsp 1.6K Oct 30 2013 named.conf -rw-r--r-- 1 root smmsp 2.4K Jul 28 21:05 named.iscdlv.key -rw-r- 1 root smmsp 931 Jun 21 2007 named.rfc1912.zones -rw-r--r-- 1 root smmsp 487 Jul 19 2010 named.root.key On Mon, Sep 7, 2015 at 1:05 PM, Robert Moskowitz wrote: > I am trying to rsync the named files under /etc for backup purposes. I > tried: > > rsync -ah --stats --delete -e "ssh -p613 -l root" 192.168.192.2:/etc/name* > /home/rgm/data/htt/httnet/homebase/new/etc > > The stats shows it sees all the files, but only moves the dir /etc/named > and the files within it. > > It does not move the /etc/name* files (like /etc/named.conf). > > By file count, it is 'seeing' all the files, but not moving them. > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.1.1503 + Dovecot + IPA
On Tue, 8 Sep 2015, Kanwar Ranbir Sandhu wrote: Hi Everyone, My question is simply this: does anyone else have dovecot-2.2.10-4.el7_0.1.x86_64 working with GSSAPI auth against an IPA server? IPA is also running on CentOS 7.1.1503. Yep, I have it working. It's been almost 6 months since I set it up so don't recall many details other than it was NOT trivial :). Have only used alpine and thunderbird clients, both work fine. -- Mike ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.1.1503 + Dovecot + IPA
On Thu, 10 Sep 2015, Kanwar Ranbir Sandhu wrote: On 2015-09-09 14:21, Mike wrote: Yep, I have it working. It's been almost 6 months since I set it up so don't recall many details other than it was NOT trivial :). Have only used alpine and thunderbird clients, both work fine. I wonder if that means Evolution is broken. In any case, could you tell me the changes you made to 10-auth.conf and any other files for GSSAPI auth to work? I would like to compare your setup to mine and to what I've read online. Thanks! Ranbir In looking at my notes I think it was LDAP integration that gave me the most headaches, GSSAPI was pretty straight forward. In any case for GSSAPI/SSO I'm pretty sure this is what I used primarily (noting that it was written with RHEL 6.2 as a target): http://www.freeipa.org/page/Dovecot_IMAPS_Integration_with_FreeIPA_using_Single_Sign_On And I believe these are the primary changes that I made to the dovecot config. # diff ~/etc_dovecot_orig/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf 10a11 disable_plaintext_auth = no 29a31 auth_realms = ourdomain.com 33a36 auth_default_realm = ourdomain.com 71a75 auth_gssapi_hostname = mx01.ourdomain.com 76a81 auth_krb5_keytab = /etc/dovecot/krb5.keytab 100c105,106 < auth_mechanisms = plain --- #auth_mechanisms = plain auth_mechanisms = gssapi cram-md5 plain login 122c128 < !include auth-system.conf.ext --- #!include auth-system.conf.ext 124c130 < #!include auth-ldap.conf.ext --- !include auth-ldap.conf.ext ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld being stupid
On Nov 17, 2015 12:11 PM, wrote: > tell me progress, and final result. You'd think they were an old New > Englander. > > mark, ayu' _ Totally hilarious. Thanks for making my day. Mike ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Seeking Clarification CentOS 7 as Samba 4 Active Directory Domain Controller
I performed a Samba 4 Active Directory Domain Controller install in June of 2015 on CentOS 7. At that time I used the Samba 4.1.XX package from SerNet due to the absence of necessary heimdal packages and libraries not provided in the CentOS 7 Samba package. Since the the 4.1 series is on security fix only, I'd like to upgrade to the latest package that tracks with CentOS 7. When searching the samba packages, I've found: samba-client.x86_64 : Samba client programs samba-client-libs.i686 : Samba client libraries samba-client-libs.x86_64 : Samba client libraries samba-common.x86_64 : Files used by both Samba servers and clients samba-common.noarch : Files used by both Samba servers and clients samba-common-libs.x86_64 : Libraries used by both Samba servers and clients samba-common-tools.x86_64 : Tools for Samba servers and clients samba-dc.x86_64 : Samba AD Domain Controller samba-dc-libs.x86_64 : Samba AD Domain Controller Libraries samba-devel.i686 : Developer tools for Samba libraries samba-devel.x86_64 : Developer tools for Samba libraries samba-libs.x86_64 : Samba libraries samba-libs.i686 : Samba libraries samba-python.x86_64 : Samba Python libraries samba-test.x86_64 : Testing tools for Samba servers and clients samba-test-devel.x86_64 : Testing devel files for Samba servers and clients samba-test-libs.i686 : Libraries need by teh testing tools for Samba servers and clients samba-test-libs.x86_64 : Libraries need by teh testing tools for Samba servers and clients It appears the CentOS 7 packages now support full provisioning of a Samba 4 AD DC but I'd like to obtain guidance regarding all necessary packages and libraries necessary to do so on CentOS7. Has anyone on the list used CentOS7 packages (not samba source tarball or SerNet package) to install and provision a Samba4 AD DC. Which combination of repository packages did you use? Thanks for your help. Mike ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] [SOLVED] Seeking Clarification CentOS 7 as Samba 4 Active Directory Domain Controller
I'm putting the Centos 7 repository Samba 4 packages on hold. Going to work with Samba 4 source with embedded heimdal. I see this suggested often on the samba mailing list. On Mon, Feb 8, 2016 at 3:41 PM, Mike <1100...@gmail.com> wrote: > I performed a Samba 4 Active Directory Domain Controller install in June > of 2015 on CentOS 7. > At that time I used the Samba 4.1.XX package from SerNet due to the > absence of necessary heimdal packages and libraries not provided in the > CentOS 7 Samba package. > Since the the 4.1 series is on security fix only, I'd like to upgrade to > the latest package that tracks with CentOS 7. > > When searching the samba packages, I've found: > > samba-client.x86_64 : Samba client programs > samba-client-libs.i686 : Samba client libraries > samba-client-libs.x86_64 : Samba client libraries > samba-common.x86_64 : Files used by both Samba servers and clients > samba-common.noarch : Files used by both Samba servers and clients > samba-common-libs.x86_64 : Libraries used by both Samba servers and clients > samba-common-tools.x86_64 : Tools for Samba servers and clients > > samba-dc.x86_64 : Samba AD Domain Controller > samba-dc-libs.x86_64 : Samba AD Domain Controller Libraries > > samba-devel.i686 : Developer tools for Samba libraries > samba-devel.x86_64 : Developer tools for Samba libraries > samba-libs.x86_64 : Samba libraries > samba-libs.i686 : Samba libraries > samba-python.x86_64 : Samba Python libraries > samba-test.x86_64 : Testing tools for Samba servers and clients > samba-test-devel.x86_64 : Testing devel files for Samba servers and clients > samba-test-libs.i686 : Libraries need by teh testing tools for Samba > servers and clients > samba-test-libs.x86_64 : Libraries need by teh testing tools for Samba > servers and clients > > It appears the CentOS 7 packages now support full provisioning of a Samba > 4 AD DC but I'd like to obtain guidance regarding all necessary packages > and libraries necessary to do so on CentOS7. > > Has anyone on the list used CentOS7 packages (not samba source tarball or > SerNet package) to install and provision a Samba4 AD DC. Which combination > of repository packages did you use? > > Thanks for your help. > > Mike > > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Seeking Clarification CentOS 7 as Samba 4 Active Directory Domain Controller
Hi James,
Thanks for your response.
I was nervous about installing the samba-dc packages, but after your post,
I spun up a virtual machine and installed the samba-dc packages and saw the
README to which you referred.
It sounds like work is well under way from a strong redhat-backed community.
This will be a good one to follow.
Best regards,
Mike
On Tue, Feb 9, 2016 at 9:24 AM, James Hogarth
wrote:
> On 8 February 2016 at 20:41, Mike <1100...@gmail.com> wrote:
>
> > I performed a Samba 4 Active Directory Domain Controller install in June
> of
> > 2015 on CentOS 7.
> > At that time I used the Samba 4.1.XX package from SerNet due to the
> absence
> > of necessary heimdal packages and libraries not provided in the CentOS 7
> > Samba package.
> > Since the the 4.1 series is on security fix only, I'd like to upgrade to
> > the latest package that tracks with CentOS 7.
> >
> > When searching the samba packages, I've found:
> >
> > samba-client.x86_64 : Samba client programs
> > samba-client-libs.i686 : Samba client libraries
> > samba-client-libs.x86_64 : Samba client libraries
> > samba-common.x86_64 : Files used by both Samba servers and clients
> > samba-common.noarch : Files used by both Samba servers and clients
> > samba-common-libs.x86_64 : Libraries used by both Samba servers and
> clients
> > samba-common-tools.x86_64 : Tools for Samba servers and clients
> >
> > samba-dc.x86_64 : Samba AD Domain Controller
> > samba-dc-libs.x86_64 : Samba AD Domain Controller Libraries
> >
> > samba-devel.i686 : Developer tools for Samba libraries
> > samba-devel.x86_64 : Developer tools for Samba libraries
> > samba-libs.x86_64 : Samba libraries
> > samba-libs.i686 : Samba libraries
> > samba-python.x86_64 : Samba Python libraries
> > samba-test.x86_64 : Testing tools for Samba servers and clients
> > samba-test-devel.x86_64 : Testing devel files for Samba servers and
> clients
> > samba-test-libs.i686 : Libraries need by teh testing tools for Samba
> > servers and clients
> > samba-test-libs.x86_64 : Libraries need by teh testing tools for Samba
> > servers and clients
> >
> > It appears the CentOS 7 packages now support full provisioning of a
> Samba 4
> > AD DC but I'd like to obtain guidance regarding all necessary packages
> and
> > libraries necessary to do so on CentOS7.
> >
> > Has anyone on the list used CentOS7 packages (not samba source tarball or
> > SerNet package) to install and provision a Samba4 AD DC. Which
> combination
> > of repository packages did you use?
> >
> >
> >
> RHEL/CentOS/Fedora does not at this time have DC capable samba4 packages.
>
> If you check the samba-dc{,-libs} packages you'll see they just have a
> README stating this.
>
> The work is ongoing and in the background I've heard good things on
> progress.
>
> If the free sernet packages are too old I suggest using their spec as the
> basis for the current samba4 version and building from source with the
> current.
>
> Hopefully it won't be much longer till it arrives - keep an eye on Fedora
> for indication on when it arrives there... I imagine it'd be the first 7.X
> milestone after that as a tech preview, if RH do decide to support it.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Copying CentOS to new drive
On Wed, May 4, 2016 at 7:22 AM, wwp wrote: > Hello Timothy, > > > I personally would not copy FROM or TO running systems. Thus, > proceeding to the copy from a third (liveCD or not) system sounds good > to me. > Agreed. It appears others have had success doing so; but, I prefer to eliminate as many variables as possible. I've done the following: 1. yum update Server 1. 2. complete a minimal CentOS install on Server 2. <> 3. yum update Server 2. 4.Then boot both using LiveCD of choice. <> 5. rsync --delete-after --force -aAHPWl --exclude-from="/root/centos7-rsync-exclude.txt" / root@10.10.10.200:/ <
Re: [CentOS] gpg can't decrypt message
Hey guys, Having a little gpg issue I was wondering if someone could help me with. A friend of mine sent me an encrypted message. So I searched online and found a a set of keys that correspond with his email address. And imported them. But when I go to decrypt the message, this is what I get: [root@ops:~] #gpg --decrypt roger-message gpg: encrypted with 2048-bit RSA key, ID 9617EA5C, created 2014-10-01 "Roger Sherman " *gpg: encrypted with RSA key, ID 9A41C766* *gpg: decryption failed: secret key not available* Here's a listing of keys that shows his key imported: [root@ops:~] #gpg --list-keys /root/.gnupg/pubring.gpg pub 1024D/F186197B 2010-11-30 uid Tim Dunphy sub 2048g/B712B288 2010-11-30 Tim Dunphy *pub 2048R/9E0AD649 2014-10-01 [expires: 2016-10-01]* *uid Roger Sherman >* *sub 2048R/9617EA5C 2014-10-01 [expires: 2016-10-01]* So maybe I just didn't import the right key? Or do you think the message wasn't sent correctly? Who's the dummy here? Me or him? :) Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B I haven't messed with gpg for a while but it seems to me that the message was encrypted with the worng key. In other words for you (Tim) to be able to decrypt the message uaing your private key Roger should have encrypted it with your public key. You should not have had to import Rogers keys. However if had needed to verify Rogers signature you would need his public key(s). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gpg can't decrypt message
On Wed, 1 Oct 2014, Valeri Galtsev wrote: On Wed, October 1, 2014 11:34 am, Nicolas Thierry-Mieg wrote: On 10/01/2014 06:07 PM, Valeri Galtsev wrote: On Wed, October 1, 2014 10:19 am, Nicolas Thierry-Mieg wrote: On 10/01/2014 05:16 PM, Nicolas Thierry-Mieg wrote: On 10/01/2014 04:58 PM, Tim Dunphy wrote: Hey guys, Having a little gpg issue I was wondering if someone could help me with. A friend of mine sent me an encrypted message. So I searched online and found a a set of keys that correspond with his email address. And imported them. But when I go to decrypt the message, this is what I get: [root@ops:~] #gpg --decrypt roger-message gpg: encrypted with 2048-bit RSA key, ID 9617EA5C, created 2014-10-01 "Roger Sherman " *gpg: encrypted with RSA key, ID 9A41C766* *gpg: decryption failed: secret key not available* So maybe I just didn't import the right key? Or do you think the message wasn't sent correctly? Who's the dummy here? Me or him? :) looks like he encrypted with HIS public key. So you need his private key to decrypt, obviously you don't have that. I believe it's the other way around: he should encrpyt with your public key, then you are the only person capable of decrypting (with your private key). BTW what would be the point of encrypting, if anyone can just grab a key online and decrypt? :-) If you can decrypt his message with his public key, this tells you that the person who has access to secret key of the pair was the one who encrypted the message. This ensures that you know that he is the one who indeed sent this message. that is the purpose of *signing*: authenticate the sender and prevent tampering of the message. The purpose of *encrypting* is different: make sure only the intended recipient can read (decrypt) the message. Sometimes you do both, but you don't have to. Sure, I agree, but I just answered the question if encrypting with one's own secret key is nonsense, which it isn't, but normally people do what you describes, and that is the way was pgp and gpg are meant to be used... still "unusual thing" as encrypting with one's own private key isn't nonsense. Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 This thread has turned in to 'cryptography 101' on the CentOS mailing list. This is my last post... Encrypting content (a message) with ones own secret key with the intent of privacy is pointless (or nonesense as you say). With the premise being that the 'matching' key to that secret key is, well, public or accessible to anyone. Hense no privacy as the content can be decrypted by anyone. Encrypting a message digest or hash with ones own secret key makes perfect sense. That is the essence of a digital signature. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 kernel console under KVM?
On Wed, 8 Oct 2014, Chris Adams wrote: Is there a way to get GRUB2 and the kernel to run a "serial" console under KVM? This worked for me. Add the following three lines to /etc/default/grub: GRUB_CMDLINE_LINUX='console=tty0 console=ttyS0,115200n8' GRUB_TERMINAL=serial GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" Then re-generate grub.cfg: grub2-mkconfig -o /boot/grub2/grub.cfg Taken from: https://fedoraproject.org/wiki/GRUB_2?rd=Grub2 (near the bottom of the page) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Wrong file permissions in CentOS 7
On Fri, 10 Oct 2014, Alan Stern wrote: Sorry if this question has been asked many times before. On a new CentOS 7 system, when I create files they end up with strange permissions. For example, as root: [root@server ~]# umask [root@server ~]# touch a [root@server ~]# ls -l a -r--r- 1 root root 0 Oct 10 11:45 a As a regular user: [stern@server ~]$ umask [stern@server ~]$ touch b [stern@server ~]$ ls -l b -rw--- 1 stern stern 0 Oct 10 11:47 b In both cases the permsissions should have been -rw-rw-rw-. What on earth is going on, and how can I fix it? Thanks, Alan Stern ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I'm sure I don't have an answer, but the last time I saw something like that the problem was related to a fat or vfat file system (I believe). What type of filesystem is "/"? What is the output from 'df -Th' ? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] systemctl reboot -- server not accessible after reboot
Hi, Such a simple problem, but I can't figure out the cause. Supermicro server with a Xeon E3-1200 cpu. 1U entry level item. Using CentOS 7 from ~$root --- systemctl reboot Server disconnects my ssh connection and never comes back up. Go to the server and the power is on but the server is not accessible by ssh. When I connect a monitor and keyboard --- non-responsive. It's like it's in suspend mode. I push and hold the power button until the server fully powers down. Push power again and everything boots, goes to prompt, and all is well. When I try systemctl reboot directly on the server. Same problem --- does not start to login prompt. Manually power down and power up again --- works and all is well. Anyone have this problem before? I've checked all the BIOS options and I can't find anything misconfigured. Thanks for your help. Mike ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemctl reboot -- server not accessible after reboot
On Sat, Oct 14, 2017 at 2:29 PM, Vitalino Victor wrote: > > Try: > > # shutdown -r now > I'll have to try this late one evening. It's a production Samba Active Directory Domain Controller in production so it's difficult to do this without warning to users. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemctl reboot -- server not accessible after reboot
cat /etc/centos-release: CentOS Linux release 7.4.1708 (Core) The bugzilla report does sound similar --- in one of the comments, a user reports hang-up when trying remote reboot. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemctl reboot -- server not accessible after reboot
On Sat, Oct 14, 2017 at 6:24 PM, Jonathan Billings wrote: > > When you say that the monitor is plugged in, and the server is unresponsive, > does that mean that the monitor doesn’t even come active? That sounds like > it might have crashed the kernel in a way that the display isn’t showing. > > You could set up kdump to catch that. You could also set up a persistent > journal (create /var/log/journal) and try again, then when you manually power > it up, check to see if anything was logged in the journal. > > If the system’s keyboard is plugged in, you could try using the magic sysrq > keys to get it to do something. (see > https://en.wikipedia.org/wiki/Magic_SysRq_key ) > Try ‘c’ to initiate a crashdump to force kdump to record a kernel dump, then > you can examine the active processes. ‘k’ or ‘g’ might clean up the display > if it’s bad. > > Also, remote syslog is always helpful for these kinds of situations, although > if the network is down when it crashes then it won’t be as helpful, which is > why I suggest looking at the journal. > > -- 1. Monitor is on but screen is blank. 2. kdump logging --- i'll follow up on that. 3. remote syslog --- i'll need to do some more rtfm. I looked at /var/log/anaconda/syslog but I can't tell which boot-up I was looking at. Seemed like everything was normal...identifying naming locating hardware/devicessystemd services starting and running. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemctl reboot -- server not accessible after reboot
Thank you for your thoughtful responses. Very much appreciated. Good points to follow up with. Kind regards, Mike ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemctl reboot -- server not accessible after reboot
It turns out kdump.service is already enabled on the server and /etc/kdump.conf settings would report any kernel crash/error items to /var/crash. The /var/crash file/folder is empty. It leads me to think the kernel is not crashing; however, I could be wrong. I'll need to perform another test "systemctl reboot" from remote ssh session and check it one more time. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] ssm vs. lvm: moving physical drives and volume group to another system
I did the following test: ### 1. Computer with Centos 7.5 installed on hard drive /dev/sda. Added two hard drives to the computer: /dev/sdb and /dev/sdc. Created a new logical volume in RAID-1 using RedHat System Storage Manager: ssm create --fstype xfs -r 1 /dev/sdb /dev/sdc /mnt/data Everything works. /dev/lvm_pool/lvol001 is mounted to /mnt/data. Files and folders can be copied/moved, read/written on /mnt/data. ### 2. I erased CentOS 7.5 from /dev/sda. Wrote zeros to /dev/sda using dd. Reinstalled CentOS 7 on /dev/sda. Completed yum update - reboot - yum install system-storage-manager. RedHat system storage manager listed all existing volumes on the computer: [root@localhost]# ssm list -- Volume Pool Volume size FS FS size Free TypeMount point -- /dev/cl/rootcl65.00 GB xfs 64.97 GB 63.67 GB linear / /dev/cl/swapcl 8.00 GB linear /dev/lvm_pool/lvol001 lvm_pool200.00 GB xfs 199.90 GB 184.53 GB raid1 /mnt/data /dev/cl/homecl 200.00 GB xfs 199.90 GB 199.87 GB linear /home /dev/sda1 4.00 GB xfs3.99 GB3.86 GB part/boot -- [/CODE] So far, so good. The new CentOS7 install can see the logical volume. Mounted the volume: ssm mount -t xfs /dev/lvm_pool/lvol001 /mnt/data Works. cd to /mnt/data and I can see the files left on the volume from the previous tests. Moving/copying/read/write -- works. ### 3. Is it safe to assume when using RedHat System Storage Manager it's not necessary to use the lvm commands (vgexport and vgimport) to move two physical drives containing a logical volume in raid 1 from one computer to another? Thanks for your help and guidance. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssm vs. lvm: moving physical drives and volume group to another system
Maybe not a good assumption afterall -- I can no longer boot using kernel 3.10.0-514 or 3.10.0-862. boot.log shows: Dependency failed for /mnt/data Dependency failed for Local File Systems Dependency failed for Mark the need to relabel after reboot. Dependency failed for Migrate local SELinux policy changes from the old store structure to the new structure. Dependency failed for Relabel all filesystems, if necessary. On Sat, Jul 14, 2018 at 12:55 PM Mike <1100...@gmail.com> wrote: > > I did the following test: > > ### > 1. > > Computer with Centos 7.5 installed on hard drive /dev/sda. > > Added two hard drives to the computer: /dev/sdb and /dev/sdc. > > Created a new logical volume in RAID-1 using RedHat System Storage Manager: > > ssm create --fstype xfs -r 1 /dev/sdb /dev/sdc /mnt/data > > Everything works. > /dev/lvm_pool/lvol001 is mounted to /mnt/data. > Files and folders can be copied/moved, read/written on /mnt/data. > > ### > > 2. > > I erased CentOS 7.5 from /dev/sda. > Wrote zeros to /dev/sda using dd. > Reinstalled CentOS 7 on /dev/sda. > Completed yum update - reboot - yum install system-storage-manager. > > RedHat system storage manager listed all existing volumes on the computer: > > [root@localhost]# ssm list > > -- > Volume Pool Volume size FS FS size Free > TypeMount point > -- > /dev/cl/rootcl65.00 GB xfs 64.97 GB 63.67 GB > linear / > /dev/cl/swapcl 8.00 GB > linear > /dev/lvm_pool/lvol001 lvm_pool200.00 GB xfs 199.90 GB 184.53 GB > raid1 /mnt/data > /dev/cl/homecl 200.00 GB xfs 199.90 GB 199.87 GB > linear /home > /dev/sda1 4.00 GB xfs3.99 GB3.86 GB > part/boot > -- > [/CODE] > > So far, so good. The new CentOS7 install can see the logical volume. > > Mounted the volume: ssm mount -t xfs /dev/lvm_pool/lvol001 /mnt/data > Works. > cd to /mnt/data and I can see the files left on the volume from the > previous tests. > Moving/copying/read/write -- works. > > ### > > 3. Is it safe to assume when using RedHat System Storage Manager it's > not necessary to use the lvm commands (vgexport and vgimport) to move > two physical drives containing a logical volume in raid 1 from one > computer to another? > > Thanks for your help and guidance. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssm vs. lvm: moving physical drives and volume group to another system
When I change /etc/fstab from /dev/mapper/lvol001 to /dev/lvm_pool/lvol001, kernel 3.10.0-514 will boot. Kernel 3.10.0-862 hangs and will not boot. On Sat, Jul 14, 2018 at 1:20 PM Mike <1100...@gmail.com> wrote: > > Maybe not a good assumption afterall -- > > I can no longer boot using kernel 3.10.0-514 or 3.10.0-862. > > boot.log shows: > > Dependency failed for /mnt/data > Dependency failed for Local File Systems > Dependency failed for Mark the need to relabel after reboot. > Dependency failed for Migrate local SELinux policy changes from the > old store structure to the new structure. > Dependency failed for Relabel all filesystems, if necessary. > > > On Sat, Jul 14, 2018 at 12:55 PM Mike <1100...@gmail.com> wrote: > > > > I did the following test: > > > > ### > > 1. > > > > Computer with Centos 7.5 installed on hard drive /dev/sda. > > > > Added two hard drives to the computer: /dev/sdb and /dev/sdc. > > > > Created a new logical volume in RAID-1 using RedHat System Storage Manager: > > > > ssm create --fstype xfs -r 1 /dev/sdb /dev/sdc /mnt/data > > > > Everything works. > > /dev/lvm_pool/lvol001 is mounted to /mnt/data. > > Files and folders can be copied/moved, read/written on /mnt/data. > > > > ### > > > > 2. > > > > I erased CentOS 7.5 from /dev/sda. > > Wrote zeros to /dev/sda using dd. > > Reinstalled CentOS 7 on /dev/sda. > > Completed yum update - reboot - yum install system-storage-manager. > > > > RedHat system storage manager listed all existing volumes on the computer: > > > > [root@localhost]# ssm list > > > > -- > > Volume Pool Volume size FS FS size Free > > TypeMount point > > -- > > /dev/cl/rootcl65.00 GB xfs 64.97 GB 63.67 GB > > linear / > > /dev/cl/swapcl 8.00 GB > > linear > > /dev/lvm_pool/lvol001 lvm_pool200.00 GB xfs 199.90 GB 184.53 GB > > raid1 /mnt/data > > /dev/cl/homecl 200.00 GB xfs 199.90 GB 199.87 GB > > linear /home > > /dev/sda1 4.00 GB xfs3.99 GB3.86 GB > > part/boot > > -- > > [/CODE] > > > > So far, so good. The new CentOS7 install can see the logical volume. > > > > Mounted the volume: ssm mount -t xfs /dev/lvm_pool/lvol001 /mnt/data > > Works. > > cd to /mnt/data and I can see the files left on the volume from the > > previous tests. > > Moving/copying/read/write -- works. > > > > ### > > > > 3. Is it safe to assume when using RedHat System Storage Manager it's > > not necessary to use the lvm commands (vgexport and vgimport) to move > > two physical drives containing a logical volume in raid 1 from one > > computer to another? > > > > Thanks for your help and guidance. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssm vs. lvm: moving physical drives and volume group to another system
Tried -- umount -t xfs /mnt/data vgchange -a n lvm_pool vgexport lvm_pool vgimport lvm_pool Rebooted and kernel 862 still panics/hangs. Can boot into kernel 514. On Sat, Jul 14, 2018 at 1:35 PM Mike <1100...@gmail.com> wrote: > > When I change /etc/fstab from /dev/mapper/lvol001 to > /dev/lvm_pool/lvol001, kernel 3.10.0-514 will boot. > > Kernel 3.10.0-862 hangs and will not boot. > On Sat, Jul 14, 2018 at 1:20 PM Mike <1100...@gmail.com> wrote: > > > > Maybe not a good assumption afterall -- > > > > I can no longer boot using kernel 3.10.0-514 or 3.10.0-862. > > > > boot.log shows: > > > > Dependency failed for /mnt/data > > Dependency failed for Local File Systems > > Dependency failed for Mark the need to relabel after reboot. > > Dependency failed for Migrate local SELinux policy changes from the > > old store structure to the new structure. > > Dependency failed for Relabel all filesystems, if necessary. > > > > > > On Sat, Jul 14, 2018 at 12:55 PM Mike <1100...@gmail.com> wrote: > > > > > > I did the following test: > > > > > > ### > > > 1. > > > > > > Computer with Centos 7.5 installed on hard drive /dev/sda. > > > > > > Added two hard drives to the computer: /dev/sdb and /dev/sdc. > > > > > > Created a new logical volume in RAID-1 using RedHat System Storage > > > Manager: > > > > > > ssm create --fstype xfs -r 1 /dev/sdb /dev/sdc /mnt/data > > > > > > Everything works. > > > /dev/lvm_pool/lvol001 is mounted to /mnt/data. > > > Files and folders can be copied/moved, read/written on /mnt/data. > > > > > > ### > > > > > > 2. > > > > > > I erased CentOS 7.5 from /dev/sda. > > > Wrote zeros to /dev/sda using dd. > > > Reinstalled CentOS 7 on /dev/sda. > > > Completed yum update - reboot - yum install system-storage-manager. > > > > > > RedHat system storage manager listed all existing volumes on the computer: > > > > > > [root@localhost]# ssm list > > > > > > -- > > > Volume Pool Volume size FS FS size Free > > > TypeMount point > > > -- > > > /dev/cl/rootcl65.00 GB xfs 64.97 GB 63.67 GB > > > linear / > > > /dev/cl/swapcl 8.00 GB > > > linear > > > /dev/lvm_pool/lvol001 lvm_pool200.00 GB xfs 199.90 GB 184.53 GB > > > raid1 /mnt/data > > > /dev/cl/homecl 200.00 GB xfs 199.90 GB 199.87 GB > > > linear /home > > > /dev/sda1 4.00 GB xfs3.99 GB3.86 GB > > > part/boot > > > -- > > > [/CODE] > > > > > > So far, so good. The new CentOS7 install can see the logical volume. > > > > > > Mounted the volume: ssm mount -t xfs /dev/lvm_pool/lvol001 /mnt/data > > > Works. > > > cd to /mnt/data and I can see the files left on the volume from the > > > previous tests. > > > Moving/copying/read/write -- works. > > > > > > ### > > > > > > 3. Is it safe to assume when using RedHat System Storage Manager it's > > > not necessary to use the lvm commands (vgexport and vgimport) to move > > > two physical drives containing a logical volume in raid 1 from one > > > computer to another? > > > > > > Thanks for your help and guidance. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssm vs. lvm: moving physical drives and volume group to another system
On Sat, Jul 14, 2018 at 1:57 PM Tony Schreiner wrote: > > > > > Is that first entry /dev/mapper/lvol001 right? > I'd expect /dev/mapper/lvm_pool-lvo001 ssm list shows - /dev/lvm_pool/lvol001 When I place /dev/lvm_pool/lvol001 into /etc/fstab the computer will boot using kernel 514. Kernel 862 still hangs/panics. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssm vs. lvm: moving physical drives and volume group to another system
On Sat, Jul 14, 2018 at 2:15 PM Tony Schreiner wrote: > I don't have an answer to why kernel 514 is not booting, > but what I was trying to say is: > > /dev/lvm_pool/lvol001 > and > /dev/mapper/lvm_pool-lvol001 > are both symlinks to the same /dev/dm-X device file. > You can use either name, but the one you listed was missing the volume > group name kernel 514 does boot. kernel 862 hangs/panics. I will try both entries in your example above on kernel 514 to confirm. If both work then I'll try them also on kernel 862 to see if possibly one will work. thanks for your help. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssm vs. lvm: moving physical drives and volume group to another system
/dev/lvm_pool/lvol001 and /dev/mapper/lvm_pool-lvol001 work with kernel 514. they don't work with kernel 862. the googling continues . . . ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssm vs. lvm: moving physical drives and volume group to another system
Cannot get the system storage manager (ssm) to create the raid 1 array with logical volume and xfs file system in one step. Cannot find my error or omission. The 862 kernel crashes on reboot every time. I went back to simple lvm on raid and everything worked on the first try --- man page reviews and implementation complete in under 30 mins. I'm giving myself permission to let it be. :-) Tested. Confirmed. Works -- fdisk /dev/sdb primary partition partition 1 type: fd write to disk and exit. fdisk /dev/sdc primary partition partition 1 type: fd write to disk and exit. [root@localhost ~]# systemctl reboot [root@localhost ~]# mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 /dev/sdc1 [root@localhost ~]# cat /proc/mdstat [root@localhost ~]# systemctl reboot [root@localhost ~]# ssm create --fstype xfs -p alpha -n charlie /dev/md0 /mnt/data add the following to /etc/fstab: /dev/mapper/alpha-charlie /mnt/dataxfsdefaults0 0 [root@localhost ~]# systemctl reboot copy/move/read/write/to/from /mnt/data --- yes to all. On Sat, Jul 14, 2018 at 2:25 PM Mike <1100...@gmail.com> wrote: > > /dev/lvm_pool/lvol001 and /dev/mapper/lvm_pool-lvol001 work with kernel 514. > > they don't work with kernel 862. > > the googling continues . . . ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Drop/Terminate data to/from source using firewalld rich rules
I need to be able to temporarily cut off the source of network slowdowns. What I used to do: Router with 2 x NICs running slackware 14. Execute iptraf-ng, choose IP Network Monitor and sort by Byte Count. The sorted screen always seemed a bit confusing but I could usually pluck a couple of IP addresses with racing byte counts and cut all traffic to them using an iptables rule. Then if I wanted to identify the computer or device, I’d go into the dhcpd.leases file and look for the ip address and the corresponding device hostname. It was a bit of a pain, but it worked. Now: Router with 2 x NIC’s running CentOS 7. Using systemd and firewalld with 2 zones: external (internet-facing) and internal (LAN-facing). Now when I try the same thing using firewall-cmd rich rules, it won’t work. Example: [root@hello ~]# firewall-cmd --zone=external --list-rich-rules rule family="ipv4" source address="10.10.1.73/24" drop rule family="ipv4" source address="40.97.126.210" drop rule family="ipv4" source address="10.10.1.73/32" drop rule family="ipv4" source address="40.97.126.210/32" drop and [root@hello ~]# firewall-cmd --zone=internal --list-rich-rules rule family="ipv4" source address="10.10.1.73/24" drop rule family="ipv4" source address="40.97.126.210" drop rule family="ipv4" source address="10.10.1.73/32" drop It didn’t work. The traffic continued to burst away for another hour before stopping. The address (40.97.126.210) belongs to Microsoft so I’m not concerned about publishing it. What am I doing wrong with firewalld rich rules and how do I properly drop/terminate traffic to/from a specific source on the LAN? Current command - ADD rich rule to drop any traffic in zone "internal" from source ip address 10.10.1.125: firewall-cmd --permanent --zone=internal --add-rich-rule='rule family=ipv4 source address=10.10.1.125/24 drop' firewall-cmd --reload REMOVE the same rich rule above: firewall-cmd --permanent --zone=internal --remove-rich-rule='rule family=ipv4 source address=10.10.1.125/24 drop' firewall-cmd --reload Thank you for reading. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Drop/Terminate data to/from source using firewalld rich rules
A bit embarrassing,I answered my own question almost a year ago on another forum. Apologies for the extra mail -- Solution: firewalld-cmd --complete-reload ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] time to say good-bye to win 7 / printer is the last blocker
So far I am having smooth and functional experience with Kyocera multi-function devices. They connect easily to the main samba active directory domain controller and there is a decent Android app for wireless or network printing. PPD driver works in fedora but haven't tried with centOS yet. Scanning functionality works directly from the device interface or console so there is not much configuration needed through a client app. On Fri, Feb 22, 2019, 4:53 AM J Martin Rushton via CentOS On 22/02/2019 09:21, Pete Biggs wrote: > > On Fri, 2019-02-22 at 07:12 +0100, Ralf Prengel wrote: > >> Hallo, > >> the laptop of my wife is the last Win7 system in my network. > >> My question: > >> I need a well supported printer (MFC) with network interface, if > possible with colour printing. > >> > > > > I know this is a bit controversial since they are a bit Marmite in > > nature, but I use HP devices. They are well supported using the most > > recent hplip package - that also provides a scan to desktop > > functionality, but I tend to use the sane packages because they better > > suit how I work. > > > > P. > > > > > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > My recent experience is that Cannon is pretty useless. You apparently > need the latest sane, which is more recent that CentOS provides. I > suppose they are good as door stops. > > I've used Samsung in the past and Linux support is poor, but just usable. > > My latest is an HP MFP M281 which so far seems to perform well and the > control interface works with Linux. I control it from the main CentOS > machine, but it is also directly access from other distros and from > Win6/Win7 laptops. > > -- > J Martin Rushton MBCS > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to laptop
https://www.asrock.com/nettop/index.asp Asrock has a series of Intel and/or AMD based mini-pc's called the DeskMini. Competes in the Intel NUC space. Plenty of power and up-to-date components, multiple ports for dual monitor and at least two ssd's, etc. I don't work for Asrock or sell their equipment. On Wed, Jul 10, 2019 at 2:52 AM H wrote: > > I am considering buying a small, and therefore easily portable, computer as > an alternative to the laptop I already have. Obviously it would not have > battery, a screen, nor a keyboard etc. but more or less be an easily portable > computing unit to move between offices where a keyboard and monitor(s) could > then be connected. I want to run CentOS 7, later CentOS 8. > > The smaller, the better, however, there are certain key features I would like > to have: > > - HDMI for 2 monitors > > - USB for keyboard > > - 2 extra USB for eg external harddisk etc. > > - both wifi and at least Gb Ethernet cable connector > > Probably at least 16 Gb of memory, capability to drive two high-resolution > monitors and whatever else might be nice such as SSD of at least 256 Gb. > > Size wise it would be nice if it were no larger than a "book", whatever size > that might be. > > Does anyone use something like the above, or know of a computer meeting the > above criteria? > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] bcachefs-tools
Hello, I want to test bachefs file system on CentOS 7. ~$ cat /etc/system-release CentOS Linux release 7.6.1810 (Core) I'm following the bcachefs howto: https://bcachefs.org/Howto/. Having a problem trying to complete make && make install of the bcache-tools. After going through all the dependencies and insuring they are installed on Cent 7, I get the following output on make && make install: Package blkid was not found in the pkg-config search path. Perhaps you should add the directory containing `blkid.pc' to the PKG_CONFIG_PATH environment variable No package 'blkid' found Package uuid was not found in the pkg-config search path. Perhaps you should add the directory containing `uuid.pc' to the PKG_CONFIG_PATH environment variable No package 'uuid' found Package libsodium was not found in the pkg-config search path. Perhaps you should add the directory containing `libsodium.pc' to the PKG_CONFIG_PATH environment variable No package 'libsodium' found Package libzstd was not found in the pkg-config search path. Perhaps you should add the directory containing `libzstd.pc' to the PKG_CONFIG_PATH environment variable No package 'libzstd' found Makefile:42: *** pkg-config error, command: pkg-config --cflags "blkid uuid liburcu libsodium zlib liblz4 libzstd". Stop. The packages are installed but I'm not certain how to satisfy pkg-config and place them in the correct path. The pkg-config man page states - ENVIRONMENT VARIABLES PKG_CONFIG_PATH A colon-separated (on Windows, semicolon-separated) list of directories to search for .pc files. The default directory will always be searched after searching the path; the default is libdir/pkgconfig:datadir/pkgconfig where libdir is the libdir for pkg-config and datadir is the datadir for pkg-config when it was installed. On my installation, the current path seems to be: ~$ pkg-config --variable pc_path pkg-config /usr/lib64/pkgconfig:/usr/share/pkgconfig ~$ echo $PKG_CONFIG_PATH <> Using locate, I do not find any of these files, so how do I properly add the packages to the path -- `blkid.pc' `uuid.pc' `libsodium.pc' `libzstd.pc' Thanks for reading and I appreciate any guidance. Best, Mike ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bcachefs-tools
On Thu, Jul 25, 2019 at 10:45 AM Nux! wrote: > > You could try to get this slightly old rpm, save you the build troubles > (untested): > http://ftp5.gwdg.de/pub/opensuse/repositories/home:/garloff:/storage/RHEL_7/x86_64/ Thanks I may go back to this repo if I can't get it done with more current packages. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bcachefs-tools
On Thu, Jul 25, 2019 at 11:20 AM Chris Schanzle wrote: > Hi Mike, > > You say (twice) all the dependencies are installed but you didn't say > specifically what you installed. I suspect you didn't install the > corresponding -devel packages which provide the files you need for > compiling/linking software (not just running it). > Absolutely right; nice catch and thanks for helping me see it. Installing : libuuid-devel-2.23.2-59.el7_6.1.x86_64 Installing : libblkid-devel-2.23.2-59.el7_6.1.x86_64 Installing : libsodium-devel-1.0.18-1.el7.x86_64 Installing : libzstd-devel-1.4.0-1.el7.x86_64 I also needed: libscrypt-devel.x86_64 : Development files for libscrypt After make && make install it appears I've got a fresh set of problems with tooling re: function errors and notes. Time to head over to the bcachefs irc and see what it's all about. Thanks again for your guidance. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Netfilter fails to filter traffic from a netblock?
Thought it might also be helpful to confirm that firewalld is not interfering in any way. what is the output of ~$# systemctl status firewalld On Sun, Apr 19, 2020 at 9:30 AM Jeffrey Walton wrote: > > On Sun, Apr 19, 2020 at 9:26 AM Anand Buddhdev wrote: > > > > On 19/04/2020 14:58, Jeffrey Walton wrote: > > > > Hi Jeffrey, > > > > > The offending host is 59.64.129.175. To err on the side of caution we > > > attempted to block the entire netblock. According to whois data, > > > that's 59.64.128.0-59.64.159.255. > > > > > > iptables -A INPUT -s 59.64.128.0/19 -p TCP -j DROP > > > > > > After reboot cpu usage is still high and access_log still shows > > > useless requests from the host: > > > > Did you actually arrange for your iptables rule to be reinstated at boot? > > > > If you just configure a rule as above, but don't save it, it will > > disappear ar reboot. > > Ugh, thanks. I did not realize the changes were only temporary. > > What is the recommended way to permanently add a ban rule? > > Thanks again. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Netfilter fails to filter traffic from a netblock?
On Sun, Apr 19, 2020 at 9:45 AM Anand Buddhdev wrote: > > Personally though, I find firewalld to be cumbersome, so I remove it > completely, and installed instead "iptables-services". > Ya, i agonized over accepting firewalld. I'm a smalltime manager who wears many hats and doesn't have alot of time to practice sysadmin skills. It took me about 5 years to get confident with iptables and go from fresh install to company firewall in one sitting. Now that I've adopted firewalld which has a wider variety of command/rule statements, I am constantly hitting "man firewall-cmd" and cannot competently recall iptables in any comprehensible way; it's like mixing Japanese and English whenever I try to communicate with a centos box firewall, heh. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] /etc/sysconfig/iptables syntax
The last two router/firewall servers I had used Slackware and Gentoo. I'm used to writing complete and explicit iptables rules; however, when I set up /etc/sysconfig/iptables in CentOS 7 my usual syntax is unusable. For example, I'm used to stating postrouting masquerade as: /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE But when I use the rule above, iptables.service fails upon start and exits. Through a series of trial and error, I found a correct masquerade statement: *nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE COMMIT This looks similar to output from iptables-save. Another example: /usr/sbin/iptables -t filter -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP [DOES NOT WORK] *filter -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP COMMIT [DOES WORK] After using iptables for a long time, I can't figure out where this syntax comes from. Can anyone point me in the right direction to understand the proper syntax necessary in /etc/sysconfig/iptables? Thanks for your help. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/sysconfig/iptables syntax
On Sun, May 22, 2016 at 11:02 PM, Rob Kampen wrote: By default CentOS 7 uses firewalld and not iptables - check what is > enabled and running with > >systemctl status firewalld.service > systemctl reports: systemctl status firewalld.service ● firewalld.service Loaded: masked (/dev/null) Active: inactive (dead) I disabled/removed firewalld and installed/enabled iptables. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/sysconfig/iptables syntax
On Sun, May 22, 2016 at 11:55 PM, Barak Korren wrote: > בתאריך 23 במאי 2016 05:56, > The syntax comes from the output of the 'iptables-save' command. > You can configure 'iptables' from the command line as you normally would > and then run > > iptables-save > /etc/sysconfig/iptables > > On centos<=6 the init.d script also included a 'save' command to do it for > you, I'm not sure about the systemd unit file though. > > HTH, > Barak ___ > Hi Barak, If I'm understanding correctly, write out all rules in a bash terminal and run them, and then do /usr/sbin/iptables-save --- ~#/usr/sbin/iptables rule; ~#/usr/sbin/iptables rule; ~#/usr/sbiniptables rule; ~#/usr/sbin/iptables rule; ~#/usr/sbin/iptables rule; ~#/usr/sbiniptables rule; ~#/usr/sbin/iptables rule; ~#/usr/sbin/iptables rule; ~#/usr/sbiniptables rule; ~#/usr/sbin/iptables rule; ~#/usr/sbin/iptables rule; ~#/usr/sbiniptables rule ~#/usr/sbin/iptables-save > /etc/sysconfig/iptables ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/sysconfig/iptables syntax
Thank you, Mr. Korren. I'll practice a few times and see if I can reproduce my original rule set. Best regards. On May 23, 2016 1:39 AM, "Barak Korren" wrote: > > > > If I'm understanding correctly, write out all rules in a bash terminal > and > > run them, and then do /usr/sbin/iptables-save --- > > > > ~#/usr/sbin/iptables rule; > > ~#/usr/sbin/iptables rule; > > ~#/usr/sbiniptables rule; > > ~#/usr/sbin/iptables rule; > > ~#/usr/sbin/iptables rule; > > ~#/usr/sbiniptables rule; > > ~#/usr/sbin/iptables rule; > > ~#/usr/sbin/iptables rule; > > ~#/usr/sbiniptables rule; > > ~#/usr/sbin/iptables rule; > > ~#/usr/sbin/iptables rule; > > ~#/usr/sbiniptables rule > > > > ~#/usr/sbin/iptables-save > /etc/sysconfig/iptables > > Yep. > And you can copy '/etc/sysconfig/iptables' around if you have > identical machines and no machine-specific rules... > (Note, you can even port the rules from other Linux distros as > iptables-save exists there as well) > > -- > Barak Korren > bkor...@redhat.com > RHEV-CI Team > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/sysconfig/iptables syntax
The closest thing I could find to an iptables to firewalld conversion tool was Offline Configuation. The firewall-offline-cmd command was created to help setup firewall rules when Firewalld is not running. For instance, to open the tcp port 22, you would type in the /etc/sysconfig/iptables file: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT Instead, you can now execute the following command: # firewall-offline-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT / / / / / / / / / / / / / / / / / / / / / / / / / // / It's not that convenient for a rule-set of 250 lines, but with a little creative copying/pasting between the iptables rules and the "firewall-offline-cmd --direct -add-rule ipv4 filter" and "firewall-offline-cmd --direct -add-rule ipv4 nat " statements, I suppose a decent conversion can be completed. Of course, you'd still need to apply rules to the correct zones which I'm still trying to digest. On Mon, May 23, 2016 at 3:24 PM, Kenneth Porter wrote: > On 5/22/2016 9:45 PM, Eero Volotinen wrote: > >> Firewalld is preferred way. You should learn it.. >> > > Are there any good tools for converting an iptables-save file to a > Firewalld configuration? > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/sysconfig/iptables syntax
On Mon, May 23, 2016 at 4:10 PM, James Hogarth wrote: > > > Using DIRECT bypasses all the zone and service stuff. > > Frankly if your going to DIRECT everything then you really are better off > masking (and removing) firewalld and installing iptables-service and just > using the old traditional way. > James, thanks for some much-needed clue. :-) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CENTOS ]IPTABLES - How Secure & Best Practice
On Wed, Jun 29, 2016 at 1:49 PM, Gordon Messmer wrote: > > By putting these rules first, before the "ESTABLISHED,RELATED" rule, you're > applying additional processing (CPU time) to the vast majority of your > packets for no reason. The "E,R" rule should be first. It won't match the > invalid packets you're trying to drop. > > You're not specifying the "new" state in any of your input ACCEPT rules, > which means that you're also ACCEPTing invalid packets that don't match the > handful of invalid states you DROPped earlier. > >> 1. The drop commands at the beginning of each chain is for increase >> performance. > > > I understand what you're trying to do, but in the real world, this will > decrease performance. > Gordon, I appreciate your observations. I've been using iptables for a long time and still don't really know how to configure the order of rules to optimize performance while providing thorough filtering as a component of security. Can you share links and/or other sources and guides on this subject. Thank you. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CENTOS ]IPTABLES - How Secure & Best Practice
Ned, Thank you very much for the response. Great example following through on the premise. It sounds like I need to have a better understanding of the traffic patterns on my network to know the optimal order for iptables filtering rules. My brief example - Premise: I want to limit outsiders from interfering with LAN client machines. So, I have the following rules regarding forwarding traffic: -A FORWARD -m state --state INVALID -j DROP -A FORWARD -p tcp --tcp-flags ACK,FIN FIN -j DROP -A FORWARD -p tcp --tcp-flags ACK,PSH PSH -j DROP -A FORWARD -p tcp --tcp-flags ACK,URG URG -j DROP -A FORWARD -p tcp --tcp-flags FIN,RST FIN,RST -j DROP -A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP -A FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -j DROP -A FORWARD -p tcp --tcp-flags ALL ALL -j DROP -A FORWARD -p tcp --tcp-flags ALL NONE -j DROP -A FORWARD -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP -A FORWARD -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP -A FORWARD -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -i LAN-NIC -s 10.100.100.0/24 -o INET-NIC -m state --state NEW -j ACCEPT -A FORWARD -i INET-NIC -o LAN-NIC -d 10.100.100.0/24 -m state --state NEW -j ACCEPT But I don't know if this is interfering with, or delaying DNS requests between LAN clients and the DHCP server. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CENTOS ]IPTABLES - How Secure & Best Practice
On Fri, Jul 1, 2016 at 2:16 AM, Ned Slider wrote: > > Try running: > > iptables -nv -L Yes! Much sunlight awakening crusty synapses here. :-) > > The first thing I would do is move your ESTABLISHED,RELATED rule to the top > of the chain. Once you've accepted the first packet you may as well accept > the rest of the stream as quickly and efficiently as possible as you've > established the connection is not malicious. Yes - this is by far the rule with the most packets and bytes. The rule goes to the top. > > What is the default policy for the FORWARD table? Probably a little paranoid, but all my filter policies are "DROP" > For example, if you trust all traffic coming from inside your > network that is destined for the outside and want to pass that traffic > without testing for all those tcp flags (and any other rules), you could do > something like: > > -A Forward -p all -i LAN-NIC -o INET-NIC -j ACCEPT I'm definitely going to test a few different configurations. Your input is really appreciated; great nudge! Best regards, Mike ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 7 :: cannot update
Does your /etc/yum.repos.d/ directory look at all similar? - -rw-r--r--. 1 root root 1.7K Dec 9 2015 CentOS-Base.repo -rw-r--r--. 1 root root 1.3K Dec 9 2015 CentOS-CR.repo -rw-r--r--. 1 root root 649 Dec 9 2015 CentOS-Debuginfo.repo -rw-r--r--. 1 root root 290 Dec 9 2015 CentOS-fasttrack.repo -rw-r--r--. 1 root root 630 Dec 9 2015 CentOS-Media.repo -rw-r--r--. 1 root root 1.3K Dec 9 2015 CentOS-Sources.repo -rw-r--r--. 1 root root 2.0K Dec 9 2015 CentOS-Vault.repo -rw-r--r--. 1 root root 957 Mar 31 00:05 epel.repo -rw-r--r--. 1 root root 1.1K Mar 31 00:05 epel-testing.repo -rw-r--r--1 root root 344 May 19 17:48 ntop.repo On Sat, Aug 13, 2016 at 4:44 AM, Adrian Sevcenco wrote: > Hi! I have a very strange problem with my centos 7 vm : i cannot update!! > I have normal ingress/egress access but my yum update fills my screen with : > [Errno 14] HTTP Error 404 - Not Found > > i already done "clean all" ... > anyone seen this problem? any idea about the issue and workarounds? > > Thank you! > Adrian > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Iptables not save rules
On Tue, 13 Sep 2016, TE Dukes wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of John R Pierce Sent: Sunday, September 11, 2016 10:44 PM To: centos@centos.org Subject: Re: [CentOS] Iptables not save rules On 9/11/2016 8:55 AM, TE Dukes wrote: I have been using ipset to blacklist badbots. Works like a champ! The only problem is if I do a system reboot, I lose the ipset and the rule. I changed /etc/sysconfig/iptables.conf to: IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes" And followed the instructions in: https://www.centos.org/forums/viewtopic.php?t=3853 The changes are still not saved. wild guess says, you need to ... chkconfig on ipset service ipset start and when you change ipset stuff, service ipset save but I'm just guessing, I've never used ipsets. -- john r pierce, recycling bits in santa cruz [Thomas E Dukes] THANKS!! I did not realize ipset was running as a service. Been trying figure out what was wrong for a couple weeks. Only way to know is to do a reboot and see what happens. Ipset save xx apparently doesn't really do anything. Thanks, again!! John R Pierce's wild guesses are exactly right. ipset is NOT running as a "traditional" service, however: service ipset start|stop|save load and save ipsets for you automagically. Notice that it's "service ipset save" not "ipset save " as you had typed. Finally, and this is a bit of a corner case, but "service ipset save" won't work if you don't have the "ip_set" kernel module loaded, that is if your environment has the kernel modules compiled in to the kernel. See lines 123 and 124 of /etc/rc.d/init.d/ipset Easiest thing for me is to just comment out those two lines, however I need to remember to comment them out again when the ipset rpm is updated. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS on new Thinkpads
Another 2 cents if you want it -- No Lenovo laptop experiences; only deployed some refurb desktop models --- all work well with CentOS/Fedora. I've deployed several AMD-based Toshibas over the last 2 years and think they're a good value. I've read many criticisms of their build and components quality but I've had good experiences with several different models. The battery life is average on the AMD based models. I usually pull the factory hard drive and replace it with a crucial M200 SSD. Also deployed several Dell Inspiron 5000 and 7000 models over the last 3 years and found them reliable and good performers. I purchase refurbs, install an SSD and an updated CentOS or Fedora. Good battery life, no hardware driver problems, nice HD 1920x1080 screens, external USB devices work well. On Thu, Sep 29, 2016 at 8:55 PM, Michael B Allen wrote: > Is anyone running CentOS on a newish Thinkpad? > > I have been using Linux as my primary workstation since about 97 and > it seems like using Linux as a desktop has slipped over the years. > After the Gnome desktop dumb-down, I have been nursing CentOS 6.8 on a > 5 yo Toshiba. So I was hoping that someone has some recent real-world > experience with new Thinkpads. > > So is anyone running a new Thinkpad? What model? Any problems with > wireless or suspend or the touchpad? > > It seems optical drives are gone. Do I boot the iso from USB or what's > the procedure now? > > Generally seeking new laptop advice. If Lenovo is not good is anyone > using Toshiba? > > Mike > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] NetworkManager vs. Firewalld vs. /etc/sysconfig/network-scripts/ifcfg-*****
I've made 3 CentOS 7 installation attempts to configure a simple firewall/router box with 2 nics. I got myself into a circular scenario where NetworkManager and firewalld and /etc/sysconfig/network-scrpts/ifcfg-* were interfering or overwriting each other. Needed to perform ifdown enp3s7 on the internal LAN nic in order to make the external internet enp2s0 reach websites and ping nameservers. After completing firewall-cmd --complete-reload the internal LAN nic would still provide private ip addresses via dhcpd server but LAN clients could not access the internet. So far these steps work to enable both nics to provide router and firewall services: 1. sysctemctl stop NetworkManager 2. systemctl disable NetworkManager 3. Create dhcp ifcfg-* for external interface. It must include a “ZONE=external” statement even though firewalld service will overwrite and erase it like this “ZONE=” Example (external/internet nic): Code: TYPE=Ethernet BOOTPROTO=dhcp NM_CONTROLLED=no DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=enp2s0 UUID=---- DEVICE=enp2s0 ONBOOT=yes PEERDNS=yes PEERROUTES=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes ZONE=external 4. Create static ip address ifcfg-enp3s7 for internal interface. Example (internal/LAN nic): Code: TYPE=Ethernet BOOTPROTO=static NM_CONTROLLED=no DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=enp3s7 UUID=----xx DEVICE=enp3s7 ONBOOT=yes HWADDR=xx:xx:xx:xx:xx:xx DNS1=75.75.75.75 DNS2=75.75.76.76 IPADDR=10.10.1.1 NETMASK=255.255.255.0 PREFIX=24 GATEWAY=10.10.1.1 IPV6_PEERDNS=yes IPV6_PEERROUTES=yes IPV6_PRIVACY=no ZONE=internal 5. As said in #3, firewalld will erase the ZONE setting on the external nic configured for dhcp. The only way I've found to deal with this overwriting is to make the intended external ethernet device associated with the default zone in firewalld. When firewalld reads the empty zone reference "ZONE=" it will revert and assign the default zone I set like this --- Code: firewall-cmd --change-interface=enp2s0 --zone=external --permanent firewall-cmd --set-default-zone=external firewall-cmd --complete-reload 6. The external ethernet device won’t work (cannot ping any internet host) until you manually Deactivate it and then Reactivate it. ~# ifdown enp2s0 ~# ifup enp2s0 I didn't include my dhcpd server settings or firewalld settings for brevity. Please let me know if those would be helpful. Although the steps above work, it's definitely not ideal. If I need to reboot the routerbox remotely, I won't be able to access it again to perform the necessary ifdown/ifup routine to enable input/output/forward through the external interface. Any guidance on how to make this work is greatly appreciated. Kind regards. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld management on a headless server
I recently converted my employer's firewall from pure iptabes to firewalld and looked for something similar, more along the lines of webmin, etc. I didn't find anything close to a match. In the end, it all came down to getting comfortable with "firewall-cmd" in the shell. Haven't used suricata, so nothing to add there. On Mon, Mar 27, 2017 at 3:03 PM, Robert Moskowitz wrote: > Is there an Apache tool to manage firewalld on a headless server? > > I am looking forward to my next Centos project which is to replace my > Juniper SSG5 firewall... > > And along that line, what overlap, if any between firewalld and Suricata? > > thank you > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld management on a headless server
I don't think it's going to give you a web-based firewall configuration tool. It does allow you to control/configure networking hardware and devices via NetworkManager, but I don't believe it goes further than that for networking. Ironically, it does provide a an ssh-like session terminal where you can get directly logged in and use firewall-cmd. :-) http://cockpit-project.org/guide/latest/feature-terminal.html On Mon, Mar 27, 2017 at 4:46 PM, Robert Moskowitz wrote: > > > On 03/27/2017 03:24 PM, Mike wrote: >> >> I recently converted my employer's firewall from pure iptabes to >> firewalld and looked for something similar, more along the lines of >> webmin, etc. >> I didn't find anything close to a match. >> In the end, it all came down to getting comfortable with >> "firewall-cmd" in the shell. > > > I have been digging and found that Fedora includes Cockpit, but I don't know > all it supports. Probably should ask over on Fedora list... > > >> >> Haven't used suricata, so nothing to add there. >> >> >> >> On Mon, Mar 27, 2017 at 3:03 PM, Robert Moskowitz >> wrote: >>> >>> Is there an Apache tool to manage firewalld on a headless server? >>> >>> I am looking forward to my next Centos project which is to replace my >>> Juniper SSG5 firewall... >>> >>> And along that line, what overlap, if any between firewalld and Suricata? >>> >>> thank you >>> >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld management on a headless server
Nice catch, Mr. Schumacher ---> The following modules are included as standard with release 1.831 of Webmin. FirewallD firewalld.wbm.gz Configure a Linux firewall using FirewallD, by editing allowed services and ports. This is likely the right tool for the job. On Mon, Mar 27, 2017 at 5:00 PM, Michael Schumacher wrote: > Hi, > >> I recently converted my employer's firewall from pure iptabes to >> firewalld and looked for something similar, more along the lines of >> webmin, etc. > > funny, > my webmin installation on a banana-pi has webmin 1.831, which has > support for firewalld. > > I am not sure, but I believe I got it directly from www.webmin.com. > > best regards > --- > Michael Schumacher > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld management on a headless server
yum (CentOS/RedHat/Fedora) By adding the Webmin repository and Jamie Cameron's key, it is possible to install & maintain the latest Webmin/Usermin versions. The following will install the latest Webmin version by adding the webmin-repo and corresponding GPG key. Yum will resolve all the necessary dependancies. Just Cut&Paste the entire text below and hit enter/return: (echo "[Webmin] name=Webmin Distribution Neutral baseurl=http://download.webmin.com/download/yum enabled=1 gpgcheck=1 gpgkey=http://www.webmin.com/jcameron-key.asc"; >/etc/yum.repos.d/webmin.repo; yum -y install webmin) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld management on a headless server
Webmin used to be considered insecure, and people would scream and yell if you suggested using it. Has that changed? mark Ahh, I did not know of this. Well, I'm back to suggesting OP take a little time and get comfortable with firewall-cmd in the terminal. If we want our solid redhat clone then systemd, NetworkManager, and firewalld are soldered into the foreseeable future. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: Re: What libs req'd to resolve DNS within achroot jail?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of William L. Maltby > Sent: Monday, January 14, 2008 5:55 PM > To: CentOS General List > Subject: Re: [CentOS] Re: Re: What libs req'd to resolve DNS > within achroot jail? > > On Mon, 2008-01-14 at 17:53 -0500, Eric B. wrote: > > > Eric B. wrote: > > >>>> > > >> Thanks for the feedback Rick. I didn't realize that security > > >> implication. > > >> However I'm already running this on a machine that is heavily > > >> firewalled on a VPN so I am fairly sure that no one will be > > >> accessing this externally, but I still would like to restrict > > >> access to particular machines. Ideally, would rather > use FQDN to > > >> make life easier for me to administer. I have created my > > >> additional reverse-dns pointer but I am still having > problems with > > >> it. > > >> > > >> nslookup from the server gives me: > > >> # nslookup 192.168.3.103 > > >> Server: 192.168.1.67 > > >> Address:192.168.1.67#53 > > >> > > >> 103.3.168.192.in-addr.arpaname = > > >> eric.test.com.3.168.192.in-addr.arpa. > > >> > > > > > > It looks like there is a missing trailing dot in your DNS zone > > > configuration. I doubt you are authoritative for the > in-addr.arpa zone. > > > > > > in your zone file, you should have something like > > > 103 IN PTR eric.test.example. > > > (notice the last dot). Otherwise, the zone name (@ORIGIN) > will be added. > > > > > > > > > make sure you have a matching reverse _and_ forward > resolution. you > > > should get something like: > > > > > > 192.168.3.103 => eric.test.example > > > _and_ > > > eric.test.example => 192.168.3.103 > > > > > > If you only have the reverse lookup, the result is untrusted and > > > sane applications should ignore it. > > > > > > Thanks for the pointer. Indeed, I was missing the trailing > . after my > > FQDN in my revers file. I have updated my reverse files, > and nslookup > > is resolving better, but still not further ahead. > > > > My reverse file: 3.168.192.in-addr.arpa now contains the > following line: > > 103 IN PTR eric.test.com. > > > > > > If I try nslookups now, my results are as follows: > > > > # nslookup 192.168.3.103 > > Server: 192.168.1.67 > > Address:192.168.1.67#53 > > > > 103.103.168.192.in-addr.arpaname = eric.test.com. > > > > # nslookup eric.test.com > > Server: 192.168.1.67 > > Address:192.168.1.67#53 > > > > Name: eric.test.com > > Address: 192.168.3.103 > > > > > > So from that, it seems as though the DNS / rDNS are properly > > configured, does it not? Similarly, I have both the forward and > > reverse domain name on the DNS server as the nslookups > show. However, > > I still get the same error > > msg: > > Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from > > 192.168.103.103 > AAA > Correct? -||| > > I haven't seen that in your previous posts. Type in posting > or some configuration problem? > > > > > > > > > Thanks, > > > > Eric > > > > HTH > -- > Bill > > Additionally, the connection was refused from 192.168.103.103 (NOT 192.168.3.103) Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: Re: Re: What libs req'd to resolve DNS within achrootjail?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eric B. > Sent: Monday, January 14, 2008 5:59 PM > To: centos@centos.org > Subject: [CentOS] Re: Re: Re: What libs req'd to resolve DNS > within achrootjail? > > > "William L. Maltby" <[EMAIL PROTECTED]> wrote in > message news:[EMAIL PROTECTED] > > On Mon, 2008-01-14 at 17:53 -0500, Eric B. wrote: > >> > Eric B. wrote: > >> > >> >> Thanks for the feedback Rick. I didn't realize that security > >> >> implication. > >> >> However I'm already running this on a machine that is heavily > >> >> firewalled on a VPN so I am fairly sure that no one will be > >> >> accessing this externally, but I still would like to restrict > >> >> access to particular machines. > >> >> Ideally, > >> >> would rather use FQDN to make life easier for me to > administer. I > >> >> have created my additional reverse-dns pointer but I am still > >> >> having problems with it. > >> >> > >> >> nslookup from the server gives me: > >> >> # nslookup 192.168.3.103 > >> >> Server: 192.168.1.67 > >> >> Address:192.168.1.67#53 > >> >> > >> >> 103.3.168.192.in-addr.arpaname = > >> >> eric.test.com.3.168.192.in-addr.arpa. > >> >> > >> > > >> > It looks like there is a missing trailing dot in your DNS zone > >> > configuration. I doubt you are authoritative for the > in-addr.arpa zone. > >> > > >> > in your zone file, you should have something like > >> > 103 IN PTR eric.test.example. > >> > (notice the last dot). Otherwise, the zone name > (@ORIGIN) will be > >> > added. > >> > > >> > > >> > make sure you have a matching reverse _and_ forward > resolution. you > >> > should get something like: > >> > > >> > 192.168.3.103 => eric.test.example > >> > _and_ > >> > eric.test.example => 192.168.3.103 > >> > > >> > If you only have the reverse lookup, the result is untrusted and > >> > sane applications should ignore it. > >> > >> > >> Thanks for the pointer. Indeed, I was missing the > trailing . after > >> my FQDN in my revers file. I have updated my reverse files, and > >> nslookup is resolving better, but still not further ahead. > >> > >> My reverse file: 3.168.192.in-addr.arpa now contains the > following line: > >> 103 IN PTR eric.test.com. > >> > >> > >> If I try nslookups now, my results are as follows: > >> > >> # nslookup 192.168.3.103 > >> Server: 192.168.1.67 > >> Address:192.168.1.67#53 > >> > >> 103.103.168.192.in-addr.arpaname = eric.test.com. > >> > >> # nslookup eric.test.com > >> Server: 192.168.1.67 > >> Address:192.168.1.67#53 > >> > >> Name: eric.test.com > >> Address: 192.168.3.103 > >> > >> > >> So from that, it seems as though the DNS / rDNS are properly > >> configured, does it not? Similarly, I have both the forward and > >> reverse domain name on the DNS server as the nslookups show. > >> However, I still get the same error > >> msg: > >> Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from > >> 192.168.103.103 > > AAA > > Correct? -||| > > Whoops - cut & paste typo. That line is supposed to read: > Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from > 192.168.3.103 > Can you post your complete hosts.allow and hosts.deny files? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: Re: Re: Re: What libs req'd to resolve DNSwithinachrootjail?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eric B. > Sent: Monday, January 14, 2008 8:45 PM > To: centos@centos.org > Subject: [CentOS] Re: Re: Re: Re: What libs req'd to resolve > DNSwithinachrootjail? > > > "Mike Kercher" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] nger.net... > > >> Thanks for the pointer. Indeed, I was missing the > > trailing . after > > >> my FQDN in my revers file. I have updated my reverse files, and > > >> nslookup is resolving better, but still not further ahead. > > >> > > >> My reverse file: 3.168.192.in-addr.arpa now contains the > > following line: > > >> 103 IN PTR eric.test.com. > > >> > > >> > > >> If I try nslookups now, my results are as follows: > > >> > > >> # nslookup 192.168.3.103 > > >> Server: 192.168.1.67 > > >> Address:192.168.1.67#53 > > >> > > >> 103.103.168.192.in-addr.arpaname = eric.test.com. > > >> > > >> # nslookup eric.test.com > > >> Server: 192.168.1.67 > > >> Address:192.168.1.67#53 > > >> > > >> Name: eric.test.com > > >> Address: 192.168.3.103 > > >> > > >> > > >> So from that, it seems as though the DNS / rDNS are properly > > >> configured, does it not? Similarly, I have both the forward and > > >> reverse domain name on the DNS server as the nslookups show. > > >> However, I still get the same error > > >> msg: > > >> Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from > > >> 192.168.103.103 > > > AAA > > > Correct? -||| > > > > Whoops - cut & paste typo. That line is supposed to read: > > Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from > > 192.168.3.103 > > > > > Can you post your complete hosts.allow and hosts.deny files? > > Not much to them actually: > /chroot/tftpd/etc/hosts.allow: > # > # hosts.allow This file describes the names of the hosts which are > # allowed to use the local INET services, as decided > # by the '/usr/sbin/tcpd' server. > # > in.tftpd : eric.test.com : allow > > /chroot/tftpd/etc/hosts.deny: > # > # hosts.denyThis file describes the names of the hosts which are > # *not* allowed to use the local INET services, > as decided > # by the '/usr/sbin/tcpd' server. > # > in.tftpd : ALL : deny > > > > Again, I have concerns that I might be missing something in > my chroot jail, but when I change my hosts.allow file to read > the following, it works fine. > in.tftpd: 192.168.3.103 : allow > > So I am utterly and totally confused. I keep thinking that > there must be something DNS related that I need in the chroot > jail that I am missing. > I do have a /chroot/tftpd/etc/resolv.conf with the nameserver > entry that points to the DNS server, and all files in my > /chroot/tftpd/etc dir are world readable. I also have a > /chroot/tftpd/etc/hosts file (that is pretty much empty - > just a line for 127.0.0.1). > > # ls -l /chroot/tftpd/etc > -rw-r--r-- 1 root root 148 Jan 14 17:53 hosts > -rw-r--r-- 1 root root 417 Jan 14 17:37 hosts.allow > -rw-r--r-- 1 root root 370 Jan 13 12:13 hosts.deny > -rw-r--r-- 1 root root 1267 Jan 12 21:43 localtime > -rw-r--r-- 1 root root 1686 Jan 12 15:50 nsswitch.conf > -rw-r--r-- 1 root root86 Jan 14 17:52 resolv.conf > -rw-r--r-- 1 root root 20373 Jan 12 15:47 services > > > Is there anything else I need that I am missing? Either > config file or lib? > > Any suggestions of things I can try? > > Thanks, > > Eric > Something I found: 15.2.3.2. Access Control Option fields also allow administrators to explicitly allow or deny hosts in a single rule by adding the allow or deny directive as the final option. For instance, the following two rules allow SSH connections from client-1.example.com, but deny connections from client-2.example.com: sshd : client-1.example.com : allow sshd : client-2.example.com : deny By allowing access control on a per-rule basis, the option field allows administrators to consolidate all access rules into a single file: either hosts.allow or hosts.deny. Some consider this an easier way of organizing access rules. Conceivably, you could put all rules into one file (hosts.allow maybe). See if that helps.. Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: Re: Re: Re: Re: What libs req'd toresolveDNSwithinachrootjail?
From: [EMAIL PROTECTED] on behalf of Eric B. Sent: Tue 1/15/2008 11:39 AM To: centos@centos.org Subject: [CentOS] Re: Re: Re: Re: Re: What libs req'd toresolveDNSwithinachrootjail? > > > > Can you post your complete hosts.allow and hosts.deny files? > > > > Not much to them actually: > > /chroot/tftpd/etc/hosts.allow: > > # > > # hosts.allow This file describes the names of the hosts which are > > # allowed to use the local INET services, as decided > > # by the '/usr/sbin/tcpd' server. > > # > > in.tftpd : eric.test.com : allow > > > > /chroot/tftpd/etc/hosts.deny: > > # > > # hosts.denyThis file describes the names of the hosts which are > > # *not* allowed to use the local INET services, > > as decided > > # by the '/usr/sbin/tcpd' server. > > # > > in.tftpd : ALL : deny > > > > > > > > Again, I have concerns that I might be missing something in > > my chroot jail, but when I change my hosts.allow file to read > > the following, it works fine. > > in.tftpd: 192.168.3.103 : allow > > > > So I am utterly and totally confused. I keep thinking that > > there must be something DNS related that I need in the chroot > > jail that I am missing. > > I do have a /chroot/tftpd/etc/resolv.conf with the nameserver > > entry that points to the DNS server, and all files in my > > /chroot/tftpd/etc dir are world readable. I also have a > > /chroot/tftpd/etc/hosts file (that is pretty much empty - > > just a line for 127.0.0.1). > > > > # ls -l /chroot/tftpd/etc > > -rw-r--r-- 1 root root 148 Jan 14 17:53 hosts > > -rw-r--r-- 1 root root 417 Jan 14 17:37 hosts.allow > > -rw-r--r-- 1 root root 370 Jan 13 12:13 hosts.deny > > -rw-r--r-- 1 root root 1267 Jan 12 21:43 localtime > > -rw-r--r-- 1 root root 1686 Jan 12 15:50 nsswitch.conf > > -rw-r--r-- 1 root root86 Jan 14 17:52 resolv.conf > > -rw-r--r-- 1 root root 20373 Jan 12 15:47 services > > > > > > Is there anything else I need that I am missing? Either > > config file or lib? > > > > Any suggestions of things I can try? > > > > Thanks, > > > > Eric > > > > Something I found: > > 15.2.3.2. Access Control > > Option fields also allow administrators to explicitly allow or deny > hosts in a single rule by adding the allow or deny directive as the > final option. > > For instance, the following two rules allow SSH connections from > client-1.example.com, but deny connections from client-2.example.com: > > sshd : client-1.example.com : allow > sshd : client-2.example.com : deny > > By allowing access control on a per-rule basis, the option field allows > administrators to consolidate all access rules into a single file: > either hosts.allow or hosts.deny. Some consider this an easier way of > organizing access rules. > > Conceivably, you could put all rules into one file (hosts.allow maybe). > See if that helps.. Just tried putting everything in the hosts.allow but didn't make any difference. Tried also in the hosts.deny bu no success either. Where did you find that reference? What does 15.2.3.2 point to? Any other ideas / theories? ___ http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-tcpwr appers-access.html <>___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] VPN in China for our server [OT?]
We recently deployed MPLS to our office in Shanghai. Not sure what paperwork they had to do, but their email resides in the US now. Their internet connection still goes out through China Telecom so the government can still monitor their web traffic. Mike > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jason Pyeron > Sent: Sunday, January 27, 2008 10:31 AM > To: 'CentOS mailing list' > Subject: RE: [CentOS] VPN in China for our server [OT?] > > > > -Original Message- > > From: Chris Mauritz > > > > Les Bell wrote: > > > http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#prc. You may > > well require a > > > licence from the State Encryption Management Commission. > > > > > > > A-yup. It is technically illegal to set up a virtual > private network > > without the necessary paperwork. I'm not sure how strictly it's > > enforced (many things in China are only enforced if someone in > > authority has it out for you), but I suspect if you're running an > > actual business in China it is better to comply with their > regulations > > than to roll the dice and risk getting busted. There are a > few people > > on the list that run and/or work at Chinese datacenters so I'm sure > > someone will chime in with their experiences soon. > > Thanks. After searching based on the details from Les and > finding nothing (in English) I have defered to our > non-technical Chinese manager. > > So if any one on the list has done this properly, I would > like to talk to them. > > That being said, I will be going to China in a few days for a > short trip. Is there any hopes of checking my email? SSH or > imaps? Ideas? > > -jason > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > - - > - Jason Pyeron PD Inc. http://www.pdinc.us - > - Sr. Consultant10 West 24th Street #100- > - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - > - - > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > This message is for the designated recipient only and may > contain privileged, proprietary, or otherwise private > information. If you have received it in error, purge the > message from your system and notify the sender immediately. > Any other use of the email by you is prohibited. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] VPN in China for our server [OT?]
To my knowledge, Sprint did all of the paperwork as well as having the loop installed in Shanghai. Mike > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jason Pyeron > Sent: Sunday, January 27, 2008 11:57 AM > To: 'CentOS mailing list' > Subject: RE: [CentOS] VPN in China for our server [OT?] > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Mike Kercher > > Sent: Sunday, January 27, 2008 11:49 > > To: CentOS mailing list > > Subject: RE: [CentOS] VPN in China for our server [OT?] > > > > We recently deployed MPLS to our office in Shanghai. Not sure what > > paperwork they had to do, but their email resides in the US now. > > Their internet connection still goes out through China > Telecom so the > > government can still monitor their web traffic. > > > Good to know, that is pretty much what we would want to do, > as to not saturate our link with http requests. Could you > find out who they used to process their paperwork or put me > in touch with the IT management their (sorry for being so forward)? > > Besides, it would be on less corporate content filter > appliance that we need to budget for. :) > > > -jason > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > - - > - Jason Pyeron PD Inc. http://www.pdinc.us - > - Sr. Consultant10 West 24th Street #100- > - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - > - - > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > This message is for the designated recipient only and may > contain privileged, proprietary, or otherwise private > information. If you have received it in error, purge the > message from your system and notify the sender immediately. > Any other use of the email by you is prohibited. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] IPTables GUIs
> Hi, > This is semi-OT, but is Centos-related. > > I'm looking for an IPTables GUI to help us with our > expanding network configuration. I know there's plenty out > there, but most of them seem to manage the firewall on the > computer on which they run, or only handle one firewall at a > time. I need one that can easily manage multiple firewalls > from some sort of central location/repository, i.e. > sharing definitions of services, hosts etc. > > I've googled and hunted, and FWBuilder seems reasonably good > from what I've seen so far. Are there any other packages out > there? Are there any recommendations (to look at or to avoid)? > > Thanks, > > Craig Miskell, I've used Bifrost and it works great http://bifrost.heimdalls.com/ Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] PPC
Hi All, The only Centos PPC distro that I could find is at: http://vault.centos.org/4.0beta/isos/ppc Is there an official (non-beta) release of Centos 4 (or better yet Centos 5)? If not, are there plans for such a release? Best Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] remote command execution
Try using screen? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Joseph L. Casale > Sent: Monday, March 17, 2008 5:14 PM > To: 'centos@centos.org' > Subject: [CentOS] remote command execution > > I need to launch a job remotely from a Windows machine on a > CentOS box, the caveat is that I can't maintain a connection > once I have initiated the job. Anyone got an idea how I can > accomplish this? > > Thanks! > jlc > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
