Re: [CentOS] Security checklist for new Centos server?

2007-07-21 Thread M. Fioretti
On Fri, Jul 20, 2007 15:12:34 PM -0600, Stephen John Smoogen ([EMAIL PROTECTED]) wrote: > My first point is going over the long list > http://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdf and figuring out > what meets the local environment. > >- set up only ssh2 on a non standard port > > Depending

Re: [CentOS] Security checklist for new Centos server?

2007-07-21 Thread Carlos Daniel Ruvalcaba Valenzuela
For ssh I highly recommend disabling password login, use only key pairs, this will really help improve your security with SSH, another thing you can do is monitor SSH logs, you will find that at times there will be someone trying to loging using a dictionary of users, you can easily create a scrip

Re: [CentOS] Update postfix-mysql

2007-07-21 Thread Fabian Arrotin
On Fri, 2007-07-20 at 16:22 -0700, John Thomas wrote: > A recent update to postfix mysql errors on my cOS 4.5 system with > complaints about missing dependencies libmysqlclient.so.15 and > libpq.so.4. Have I messed up again? > > Details: > [EMAIL PROTECTED] ~]# yum update > Setting up Update Pr

Re: [CentOS] Update postfix-mysql

2007-07-21 Thread Johnny Hughes
Fabian Arrotin wrote: > On Fri, 2007-07-20 at 16:22 -0700, John Thomas wrote: >> A recent update to postfix mysql errors on my cOS 4.5 system with >> complaints about missing dependencies libmysqlclient.so.15 and >> libpq.so.4. Have I messed up again? >> >> Details: >> [EMAIL PROTECTED] ~]# yum

Re: [CentOS] Security checklist for new Centos server?

2007-07-21 Thread Ralph Angenendt
M. Fioretti wrote: > - install dovecot (not included in centos, IIRC) and other extra > packages you do need dovecot is included in CentOS - so no need to get it from somewhere else. > - set up itables (what would the safest iptables script to do all and > only the services listed above? Dep

Re: [CentOS] Update postfix-mysql

2007-07-21 Thread Jordi Espasa Clofent
Both dependencies are resolved (as answered by yum provides --enablerepo=centosplus ...) by postgresql-libs (for libpq.so.4) and mysql (for libmysqlclient.so.15) ... but it seems you've excluded some packages from your centosplus repo config file Be aware that the newer postfix package needs

Re: [CentOS] CentOS 5: rsyncd log problem

2007-07-21 Thread Mogens Kjaer
Mogens Kjaer wrote: ... # ls -lZ /etc/rsyncd.conf -rw-r--r-- root root root:object_r:etc_t /etc/rsyncd.conf # ls -lZ /var/log/rsyncd.log -rw-r--r-- root root root:object_r:var_log_t /var/log/rsyncd.log If I reboot with selinux=disabled logging works to the /var/log/rsync

Re: [CentOS] local yum mirrors and yum.conf.d

2007-07-21 Thread Mogens Kjaer
John R Pierce wrote: if I have a local centos yum mirror, whats the best way of adjusting the yum.repos.d/*.repo files to use this? If I simply edit CentOS-Base.repo there stands a chance that a yum update could conflict with my changes. The Fedora mirror system has a nice feature: If you

Re: [CentOS] luci

2007-07-21 Thread Patrick
On Fri, 2007-07-20 at 17:17 -0500, Shadow Lurker wrote: > Is anyone using luci successfully to create clusters with shared > storage support? If the "enable shared storage option is selected, the > cluster is not created and luci just gives errors about not being able > to install the necessary sof

[CentOS] CentOS-announce Digest, Vol 29, Issue 10

2007-07-21 Thread centos-announce-request
Send CentOS-announce mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reac

Re: [CentOS] Update postfix-mysql

2007-07-21 Thread Johnny Hughes
Johnny Hughes wrote: > Fabian Arrotin wrote: >> On Fri, 2007-07-20 at 16:22 -0700, John Thomas wrote: >>> A recent update to postfix mysql errors on my cOS 4.5 system with >>> complaints about missing dependencies libmysqlclient.so.15 and >>> libpq.so.4. Have I messed up again? >>> >>> Details:

Re: [CentOS] Horde on CentOS 5

2007-07-21 Thread Johnny Hughes
Johnny Hughes wrote: > Camron W. Fox wrote: >> Alle, >> >> Can't get on IRC or I would have asked there. Are there any plans to >> add a Horde-Apps groups to the extras repository like there is for CentOS4? >> > > The answer is ... YES > > I need those packages for centos-5. > > Whether they

Re: [CentOS] Security checklist for new Centos server?

2007-07-21 Thread M. Fioretti
On Sat, Jul 21, 2007 10:33:14 AM +0200, Ralph Angenendt ([EMAIL PROTECTED]) wrote: > > - set up itables (what would the safest iptables script to do all and > > only the services listed above? > > Depends on from where you want to connect to your imap server. From > everywhere? yes. More exact

Re: [CentOS] local yum mirrors and yum.conf.d

2007-07-21 Thread John R Pierce
Mogens Kjaer wrote: John R Pierce wrote: if I have a local centos yum mirror, whats the best way of adjusting the yum.repos.d/*.repo files to use this? If I simply edit CentOS-Base.repo there stands a chance that a yum update could conflict with my changes. The Fedora mirror system has a n

[CentOS] sudo path

2007-07-21 Thread centos
Hello Any time I am running sudo, I should have full path to the command, for example sudo /sbin/ifconfig Is there any way to set the path for sudo ? Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Security checklist for new Centos server?

2007-07-21 Thread Johnny Hughes
M. Fioretti wrote: > On Sat, Jul 21, 2007 10:33:14 AM +0200, Ralph Angenendt > ([EMAIL PROTECTED]) wrote: > >>> - set up itables (what would the safest iptables script to do all and >>> only the services listed above? >> Depends on from where you want to connect to your imap server. From >> ever

Re: [CentOS] sudo path

2007-07-21 Thread Johnny Hughes
centos wrote: > Hello > > Any time I am running sudo, I should have full path to the command, > for example sudo /sbin/ifconfig > > Is there any way to set the path for sudo ? use this command to get that (instead of just sudo): sudo su - signature.asc Description: OpenPGP digital signature

Re: [CentOS] sudo path

2007-07-21 Thread Brad Oaks
And while you're at it, you might as well supply the full path to su. Quite a while ago I was taught to give the full path to su. This instruction was given with a warning that it's more secure in case a malicious user was able to get a command named 'su' into your path ahead of the binary you're

Re: [CentOS] sudo path

2007-07-21 Thread centos
but su - will change the user to root. any other way ? I don't want to change the user to root and work, want to stay with the same user, but having my PATH apply while I am using sudo sudo man page says we can user -s to use SHELL environment, so I can alias sudo to sudo -s but still I should

Re: [CentOS] sudo path

2007-07-21 Thread John R Pierce
Brad Oaks wrote: And while you're at it, you might as well supply the full path to su. indeed, many traditional Unix (such as Solaris) admins tend to type the full path to most all admin commands, so you're sure you're running the correct stuff.

Re: [CentOS] CentOS based router dropping connections

2007-07-21 Thread William L. Maltby
On Fri, 2007-07-20 at 12:29 -0400, Jesse Cantara wrote: > Hi Bob, > > > The issue I'm having is that external traffic is being forwarded > properly, BUT that it drops the connection occasionally. It's not > consistent (maybe 2 out of 5 downloads from the internet through the > router to the w

[CentOS] NFS filesystem recommendations please (and problems with XFS)

2007-07-21 Thread Patrick - South Valley Internet
Hello all, I am implementing a new mail server into our environment consisting of three machines - two Dell Opterons that will act as load balanced Postfix servers, and a 1.5TB RAID10 NFS server. All three machines are running CentOS 4.5. Since the NFS is going to be used for only mail, I w

Re: [CentOS] Security checklist for new Centos server?

2007-07-21 Thread M. Fioretti
On Sat, Jul 21, 2007 12:19:23 PM -0500, Johnny Hughes ([EMAIL PROTECTED]) wrote: > >> Don't turn off SELinux. > > > > Hmmm... I had also forgotten this side of the package. I will be > > running on a rented VPS, can SELinux be used in such contexts? > > > > Also, frankly I am not up to date on t

Re: [CentOS] NFS filesystem recommendations please (and problems with XFS)

2007-07-21 Thread Akemi Yagi
On 7/21/07, Patrick - South Valley Internet <[EMAIL PROTECTED]> wrote: Hello all, I am implementing a new mail server into our environment consisting of three machines - two Dell Opterons that will act as load balanced Postfix servers, and a 1.5TB RAID10 NFS server. All three machines are runni

Re: [CentOS] NFS filesystem recommendations please (and problems with XFS)

2007-07-21 Thread Patrick - South Valley Internet
Akemi Yagi wrote: On 7/21/07, Patrick - South Valley Internet <[EMAIL PROTECTED]> wrote: Hello all, I am implementing a new mail server into our environment consisting of three machines - two Dell Opterons that will act as load balanced Postfix servers, and a 1.5TB RAID10 NFS server. All three

Re: [CentOS] NFS filesystem recommendations please (and problems with XFS)

2007-07-21 Thread Akemi Yagi
I do that, then when I reboot I still get the: mount: fs type xfs not supported by kernel Any ideas what's going on? Patrick P.S. The command I was using to install was: yum --enablerepo=centosplus install kernel-module-xfs Do I need to issue any other commands as well? The command looks

Re: [CentOS] NFS filesystem recommendations please (and problems with XFS)

2007-07-21 Thread Patrick - South Valley Internet
I see it just fine. Do I need to install the kernel from the plus repos as well? Patrick Akemi Yagi wrote: I do that, then when I reboot I still get the: mount: fs type xfs not supported by kernel Any ideas what's going on? Patrick P.S. The command I was using to install was: yum --en

Re: [CentOS] NFS filesystem recommendations please (and problems with XFS)

2007-07-21 Thread Johnny Hughes
Patrick - South Valley Internet wrote: > I see it just fine. Do I need to install the kernel from the plus repos > as well? > > Patrick > > > > Akemi Yagi wrote: >>> I do that, then when I reboot I still get the: >>> >>> mount: fs type xfs not supported by kernel >>> >>> Any ideas what's going

Re: [CentOS] sudo path

2007-07-21 Thread Eduardo Dela Rosa
Modify your ~/.bash_profile and /sbin to your path, i.e., PATH=/sbin:/usr/sbin:$PATH:$HOME/bin On 7/22/07, centos <[EMAIL PROTECTED]> wrote: Hello Any time I am running sudo, I should have full path to the command, for example sudo /sbin/ifconfig Is there any way to set the path for sudo ?

Re: [CentOS] sudo path

2007-07-21 Thread Eduardo Dela Rosa
Sorry for my typo error - should have been: Modify your ~./bash_profile and add /sbin to your PATH. cheers! On 7/22/07, Eduardo Dela Rosa <[EMAIL PROTECTED]> wrote: Modify your ~/.bash_profile and /sbin to your path, i.e., PATH=/sbin:/usr/sbin:$PATH:$HOME/bin On 7/22/07, centos <[EMAIL PR

[CentOS] error for milter

2007-07-21 Thread simon
dear All, I am jus installed centOS 5.0 from the distrubution to be as our mail server i have installed the following sendmail-8.13.8-2.el5 mailsacnner 4.61.7 spamassassin 3.2.1 clamav-0.91-1.el5.rf and every thing is workin fine but i want to implement domain keys so i downloaded