Re: Adventures with 7.2

2017-01-07 Thread jdow 

On 2017-01-07 19:30, David Sommerseth wrote:

On 06/01/17 23:56, Konstantin Olchanski wrote:

On Sat, Dec 31, 2016 at 04:28:04PM -0800, jdow wrote:

... new 7.2 machine.
... SELinux issues.


You *must* disable SELinux in CentOS-7.


*That* deserves the price for the worst advice in 2017.  With '*must*',
that is just a way too strong advice which I hope nobody really
considers strongly.  It's as equally bad as saying "disable and flush
iptables because it blocks connections to your host".

I honestly hoped we had moved much further forward than this ...


I have turned SELinux permissive to try to track down problems. It removes one 
giant unknown variable from the picture. I seldom leave it that way very long.


And in a fairly clean (no servers) install iptables opened wide for brief 
periods can be considered "safe enough". Now, if you have a telnetd running (but 
--- why would you do something so stupid?) opening the firewall is suicidal.


Blanket disabling both of them at once, permanently is stupid beyond belief, 
IMAO. OTOH the people who got in so easily might figure it's a honeypot or 
something and walk away. But that's a stretch.


{^_-}

Re: Adventures with 7.2

2017-01-07 Thread David Sommerseth 
On 06/01/17 23:56, Konstantin Olchanski wrote:
> On Sat, Dec 31, 2016 at 04:28:04PM -0800, jdow wrote:
>> ... new 7.2 machine.
>> ... SELinux issues.
>>
> You *must* disable SELinux in CentOS-7.

*That* deserves the price for the worst advice in 2017.  With '*must*',
that is just a way too strong advice which I hope nobody really
considers strongly.  It's as equally bad as saying "disable and flush
iptables because it blocks connections to your host".

I honestly hoped we had moved much further forward than this ...


-- 
kind regards,

David Sommerseth

emails from yum

2017-01-07 Thread John Pilkington 
I used to get emails about SL7 auto-updates, but the last one is dated 
11 Nov 2016.  There have been many auto-updates since then.


/etc/yum/yum-cron.conf hasn't changed, and points to the address from 
which I'm sending this.  I had tried to use another address earlier but 
that never worked.


The last update reported by email was google-chrome-stable.  The next 
one listed in /var/log/yum-log-20170101 is cpuid


The first line of output on starting yumex is:
'Can't detect the network connection state', but it then works as normal.

?

John P