Nepomuk/Strigi
Hi, does anyone successfully use Nepomuk and Strigi on SL6. In the kde system settings, under desktop search, i have enabled the nepomuk and strigi. Though it displays the message "Strigi service failed to initialize, most likely due to an installation problem." I have installed the Strigi package, and i can set the tags in dolpin using nepomuk.but the search based on the tags, using dolphin or kde runner alt+f2 does not work. The strigi service did work briefly and started to index the files on my computer. i am not sure why it started to work, and why it stopped again. Thank Jonathan
Re: xrdb gone bad. xorg-x11-server-utils-7.1-5.el5_6.1 broken?
On Thu, Apr 14, 2011 at 3:49 PM, David M. Cooke wrote: > Phil Perry wrote: > >> On 13/04/11 15:47, Alec T. Habig wrote: >> >> >>> David M. Cooke writes: >>> >>> Several users started complaining today about various X apps, such as xterm and emacs, that no longer look the way they want. It looks like the resources they set in their .Xresources files are no longer set. >>> Same in EL6. The changelog for this package says: >>> >>> * Wed Mar 16 2011 Adam Jackson 7.4-15.el6_0.1 >>> - cve-2011-0465: Sanitize cpp macro expansion. (CVE 2011-0465) >>> >>> which sounds like something that could indeed break .Xresources parsing. >>> Although in my case, not only old-style X apps lost their fonts marbles, >>> but so did the KDE programs, menus, etc -- which I didn't think used the >>> old-style X fonts at all. >>> >>> After wasting 15 minutes resetting fonts in many different places, X is >>> usable again. I'm sure Murphy's Law says that this bug will be fixed >>> tomorrow and we'll all have to re-reset things :) >>> >>> >>> >> >> Thanks for your posts David and Alec. I thought I was losing my marbles >> when all my fonts went screwy on EL5/KDE so good to know the root cause. >> >> >> > > One of the posters in the bugzilla entry noted the -nocpp option on xrdb. > The following works great: > > $ xrdb -nocpp -merge .Xresources > > > I've added it to my session startup commands and helped some users do the > same. > As you will have seen, the issue has been resolved with xorg-x11-server-utils-7.1-5.el5_6.2 http://rhn.redhat.com/errata/RHBA-2011-0454.html gregory
Re: Scientific Linux 4.9 is officially released
On 21 April 2011 17:25, Troy Dawson wrote: > April 21, 2011 > Scientific Linux 6.0 is now officially released and available. > We want to thank all those who have contributed time helping us build and > test this release. Scientific Linux 4.9 contains almost 2 years of security > and bug fixes. There are no new features or packages, but it is a nice > stable release. Troy, Argh! Alert, alert. Wet-ware malfunction. sed 's/Scientific Linux 6.0/Scientific Linux 4.9/' Alan.
Re: [SCIENTIFIC-LINUX-USERS] RHEL/SL and iptables
On 04/20/2011 02:47 PM, Nicolas Kovacs wrote: Le 20/04/2011 02:26, Tom H a écrit : On Tue, Apr 19, 2011 at 12:53 PM, Robert E. Blair wrote: There is a sourceforge project called firestarter which has a rather nice script that does lots of iptables config and provides a gui monitor of firewall activity. You could also try APF: http://www.rfxn.com/projects/advanced-policy-firewall/ (I've never used it so this isn't an experienced-based recommendation but I've installed it on a test box to check out its rules and they looked good.) Shorewall's also an option that you could consider. It's another blind recommendation though; I've never even seen its default rules... Thanks very much for the numerous answers. I read through a pile of documentation, and figured out the most simple solution was a handcrafted iptables script from scratch. Here goes : --8<--- #!/bin/sh ##/root/bin/firewall-start IPT="/sbin/iptables" WAN_IFACE="eth0" LAN_IFACE="eth1" $IPT -F $IPT -t nat -F $IPT -t mangle -F $IPT -X $IPT -t nat -X $IPT -t mangle -X $IPT -P INPUT DROP $IPT -P FORWARD ACCEPT $IPT -P OUTPUT ACCEPT $IPT -A INPUT -i lo -j ACCEPT $IPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT $IPT -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT $IPT -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A INPUT -p tcp -i $LAN_IFACE --dport 22 -j ACCEPT $IPT -A INPUT -p udp -i $LAN_IFACE --dport 67 -j ACCEPT $IPT -A INPUT -j LOG --log-prefix "+++ IPv4 packet rejected +++ " $IPT -A INPUT -j REJECT $IPT -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE /sbin/service iptables save /sbin/service iptables condrestart --8<--- Works like a charm so far. Logging (near the end of the script) tells me whenever I'm locking myself out of something. Cheers from South France, Niki Please add the following line BEFORE the RELATED,ESTABLISHED line $IPT -A INPUT -m state --state INVALID -j DROP This will drop any packet whose flags make no sense or whose size is not as advertised. If you are not intending to do any routing, I'd remove the "$IPT -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE" line as well as "$IPT -P FORWARD ACCEPT" and instead insert some drops. Adding to the list of firewall management, I'm strangely attached to UFW mostly because I can pre-load application rules into it and it makes limiting connection rates easier[1]. A current(ish) rpm is hiding out at http://www.openmamba.org/distribution/distromatic.html?tag=devel-ercolinux&pkg=ufw.source Pat [1] http://www.snowman.net/projects/ipt_recent/ you can seriously slow brute force logins with this
Upstream fault? sshd re-chkconfiging
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have noticed several times now that when sshd gets updated it chkconfig's itself to start at boot. I need sshd on my laptop for some occasions when I run atlas tdaq software (which communicates via ssh), but I do not care to have it on by default. Whenever there is an update of openssh-server the update does an "chkconfig --add sshd". Should this be reported as a bug to redhat? I'm sure I'm not the only one who finds this annoying and potentially insecure. - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFNsHNhOMIGC6x7/XQRAmxVAKDBqI24kYRKm3qC3IdVaX9SouVJGwCfWij+ DAtG71EdZy3XxEdJ9U8hBkE= =uuhn -END PGP SIGNATURE- <> smime.p7s Description: S/MIME Cryptographic Signature
Re: Scientific Linux 4.9 is officially released
On 04/21/2011 11:45 AM, Alan Bartlett wrote: On 21 April 2011 17:25, Troy Dawson wrote: April 21, 2011 Scientific Linux 6.0 is now officially released and available. We want to thank all those who have contributed time helping us build and test this release. Scientific Linux 4.9 contains almost 2 years of security and bug fixes. There are no new features or packages, but it is a nice stable release. Troy, Argh! Alert, alert. Wet-ware malfunction. sed 's/Scientific Linux 6.0/Scientific Linux 4.9/' Alan. There's always one bug in every release somewhere. Let's hope this was it. Thanks for the bug report, as well as the patch. Troy -- __ Troy Dawson daw...@fnal.gov (630)840-6468 Fermilab ComputingDivision/SCF/FEF/SLSMS Group __
Re: Upstream fault? sshd re-chkconfiging
On Thu, 21 Apr 2011, Robert E. Blair wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have noticed several times now that when sshd gets updated it chkconfig's itself to start at boot. I need sshd on my laptop for some occasions when I run atlas tdaq software (which communicates via ssh), but I do not care to have it on by default. Whenever there is an update of openssh-server the update does an "chkconfig --add sshd". Should this be reported as a bug to redhat? I'm sure I'm not the only one who finds this annoying and potentially insecure. Which SL version does this happen on? -Connie Sieh - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux)
Re: Upstream fault? sshd re-chkconfiging
On Thu, 21 Apr 2011, Robert E. Blair wrote: I have noticed several times now that when sshd gets updated it chkconfig's itself to start at boot. I need sshd on my laptop for some occasions when I run atlas tdaq software (which communicates via ssh), but I do not care to have it on by default. Whenever there is an update of openssh-server the update does an "chkconfig --add sshd". Should this be reported as a bug to redhat? I'm sure I'm not the only one who finds this annoying and potentially insecure. How are you disabling sshd in the first place? If you are doing: chkconfig --del sshd then you may well get this behaviour, but if you chckconfig it *off* then you won't. A quick test on sl5 shows: # chkconfig --list sshd sshd0:off 1:off 2:on3:on4:on5:on6:off # chkconfig --del sshd # chkconfig --list sshd service sshd supports chkconfig, but is not referenced in any runlevel (run 'chkconfig --add sshd') # chkconfig --add sshd # chkconfig --list sshd sshd0:off 1:off 2:on3:on4:on5:on6:off # # chkconfig --level 123456 sshd off # chkconfig --list sshd sshd0:off 1:off 2:off 3:off 4:off 5:off 6:off # chkconfig --add sshd # chkconfig --list sshd sshd0:off 1:off 2:off 3:off 4:off 5:off 6:off The man page for chkconfig warns about using --del to disable services: ... --del name The service is removed from chkconfig management, and any symbolic links in /etc/rc[0-6].d which pertain to it are removed. Note that future package installs for this service may run chkconfig --add, which will re-add such links. To disable a service, run chkconfig name off. ... In this case 'installs' can also include upgrades :-) -- Jon -- /\ | "Computers are different from telephones. Computers do not ring." | | -- A. Tanenbaum, "Computer Networks", p. 32 | -| | Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge | | Mail: jp...@damtp.cam.ac.uk Web: http://www.damtp.cam.ac.uk/ | \/
