Re: Adventures with 7.2
On 2017-01-07 19:30, David Sommerseth wrote: On 06/01/17 23:56, Konstantin Olchanski wrote: On Sat, Dec 31, 2016 at 04:28:04PM -0800, jdow wrote: ... new 7.2 machine. ... SELinux issues. You *must* disable SELinux in CentOS-7. *That* deserves the price for the worst advice in 2017. With '*must*', that is just a way too strong advice which I hope nobody really considers strongly. It's as equally bad as saying "disable and flush iptables because it blocks connections to your host". I honestly hoped we had moved much further forward than this ... I have turned SELinux permissive to try to track down problems. It removes one giant unknown variable from the picture. I seldom leave it that way very long. And in a fairly clean (no servers) install iptables opened wide for brief periods can be considered "safe enough". Now, if you have a telnetd running (but --- why would you do something so stupid?) opening the firewall is suicidal. Blanket disabling both of them at once, permanently is stupid beyond belief, IMAO. OTOH the people who got in so easily might figure it's a honeypot or something and walk away. But that's a stretch. {^_-}
Re: Adventures with 7.2
On 06/01/17 23:56, Konstantin Olchanski wrote: > On Sat, Dec 31, 2016 at 04:28:04PM -0800, jdow wrote: >> ... new 7.2 machine. >> ... SELinux issues. >> > You *must* disable SELinux in CentOS-7. *That* deserves the price for the worst advice in 2017. With '*must*', that is just a way too strong advice which I hope nobody really considers strongly. It's as equally bad as saying "disable and flush iptables because it blocks connections to your host". I honestly hoped we had moved much further forward than this ... -- kind regards, David Sommerseth
emails from yum
I used to get emails about SL7 auto-updates, but the last one is dated 11 Nov 2016. There have been many auto-updates since then. /etc/yum/yum-cron.conf hasn't changed, and points to the address from which I'm sending this. I had tried to use another address earlier but that never worked. The last update reported by email was google-chrome-stable. The next one listed in /var/log/yum-log-20170101 is cpuid The first line of output on starting yumex is: 'Can't detect the network connection state', but it then works as normal. ? John P