Re: [CentOS] Network Install Procedure Question

[Sorin Srbu]

>-Original Message-
>From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf
>Of Kaplan, Andrew H.
>Sent: Wednesday, May 13, 2009 10:24 PM
>To: centos@centos.org
>Subject: [CentOS] Network Install Procedure Question
>
>I wanted to do a netinstall of the 5.3 release, and the source that I had
in mind was
>either an ftp or http site.
>When going through this procedure, am I going to download the .iso images
from one
>of the mirror sites or
>is/are there a directory(ies) at another site(s) that I should specify as
the source of
>the files? Thanks.

Is this what you're looking for?

http://www.chrisgountanis.com/technical/45-centos-netinstall.html
-- 
/Sorin


smime.p7s
Description: S/MIME cryptographic signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 5.3 and XFS

[Ralph Angenendt]

James Pearson wrote:
> - [fs] xfs: backport to rhel5.4 kernel (Eric Sandeen ) [470845]
> - [fs] xfs:  update to 2.6.28.6 codebase (Eric Sandeen ) [470845]
> 
> Eric Sandeen is ex-SGI and I guess the experienced XFS engineer 
> mentioned ...

No, Eric is doing ext4 (and has been for quite some while now).

Ralph


pgpAcB9FYFKkm.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Postfix: user unknown

[Manuel Monteiro]

 

Dear all,

 

I have a mail server based on  a CentOS 5.3 machine with postfix.

 

Most of our users are on LDAP (on localhost) but we also have some local
users and we are using PAM for authentication.

 

Sometimes emails are not delivered to an user (happens either with users on
LDAP or local users on shadow) with error "unknown user" (sometimes the
error comes from smtpd and sometimes from procmail when writing to an users'
folder):

-

Apr 23 16:00:37 mail postfix/smtpd[6707]: D62A676856C: reject: RCPT from
unknown[116.23.241.165]: 550 5.1.1 : Recipient address
rejected: User unknown in local recipient table;
from= to=< xx...@astro.up.pt >
proto=SMTP helo=

-

May  4 05:53:08 mail postfix/local[13781]: E33F776882D:
to=, relay=local, delay=0.03, delays=0.01/0/0/0.02,
dsn=5.1.1, status=bounced (user unknown. Command output: procmail: Unknown
user "x" )

-

 

It seems that sometimes the system (postfix? procmail?   ???) can't retrieve
user information.

 

Any ideas on what might be causing this?

 

Thanks!

 

 

Cheers,

 

Manuel Monteiro

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 5.3 and XFS

[James Pearson]

Ralph Angenendt wrote:
> James Pearson wrote:
> 
>>- [fs] xfs: backport to rhel5.4 kernel (Eric Sandeen ) [470845]
>>- [fs] xfs:  update to 2.6.28.6 codebase (Eric Sandeen ) [470845]
>>
>>Eric Sandeen is ex-SGI and I guess the experienced XFS engineer 
>>mentioned ...
> 
> No, Eric is doing ext4 (and has been for quite some while now).

That doesn't stop him from being an 'experienced XFS engineer' :-)

James Pearson
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Shell Script Pointers?

[James Bensley]

I have written my script but I wanted to add this on before and after
the update to see the difference but all it returns are zeros? Anyone
have any idea why?

#!/bin/sh

f=0 #Folder count
d=0 #Domains count (one per line in each file)
u=0 #Url count (one per line in each file)
t=0 #Total of domains and urls
x=0 #Temporary variable for calculations

find /usr/local/squidGuard/db -maxdepth 1 -type d | while read FOLDER; do
f=`expr $f + 1`
if [ -f $FOLDER/domains ]; then
x=`wc -l $FOLDER/domains | awk '{print $1}'`
d=`expr $d + 1`
fi
if [ -f $FOLDER/urls ]; then
x=`wc -l $FOLDER/urls | awk '{print $1}'`
u=`expr $u + 1`
fi
done

t=`expr $d + $u`

echo "Number of categories: $f"
echo "Number of domains: $d"
echo "Number of URLs: $u"
echo "Total entries: $t"
echo "$x"



This is the ouput:

[ha...@hades ~]$ sh tester
Number of categories: 0
Number of domains: 0
Number of URLs: 0
Total entries: 0
0
[ha...@hades ~]$

Many thanks, James ;)



-BEGIN GEEK CODE BLOCK-
  Version: 3.1
GIT/MU/U dpu s: a--> C++>$ U+> L++> B-> P+> E?> W+++>$ N K W++ O M++>$ V-
PS+++ PE++ Y+ PGP t 5 X+ R- tv+ b+> DI D+++ G+ e(+) h--(++) r++ z++
--END GEEK CODE BLOCK--
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Possible SAN Issue

[Alan Bartlett]

Just a quick ping to the general m/l.

Is there a SAN expert out there who could spare some time to have a
look at this forum post, please?

URL -- http://www.centos.org/modules/newbb/viewtopic.php?topic_id=20273&forum=39

Alan.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] File compare word by word

[Brent L. Bates]

 Find the `spiff' utility.  It will compare files word by word and
highlight ONLY the word differences.  One can also compare numbers and change
the resolution of the comparison.  This lets the text "1.0" equally compare to
"0.1e+1" or even "0.9", if the fudge factor is large enough in the second
case.

-- 

  Brent L. Bates (UNIX Sys. Admin.)
  M.S. 912  Phone:(757) 865-1400, x204
  NASA Langley Research CenterFAX:(757) 865-8177
  Hampton, Virginia  23681-0001
  Email: b.l.ba...@larc.nasa.govhttp://www.vigyan.com/~blbates/

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Shell Script Pointers?

[James Bensley]

Update: these lines should be:

 + $X


>                d=`expr $d + 1`

and


>                u=`expr $u + 1`
>        fi
> done
>

James ;)

-BEGIN GEEK CODE BLOCK-
  Version: 3.1
GIT/MU/U dpu s: a--> C++>$ U+> L++> B-> P+> E?> W+++>$ N K W++ O M++>$ V-
PS+++ PE++ Y+ PGP t 5 X+ R- tv+ b+> DI D+++ G+ e(+) h--(++) r++ z++
--END GEEK CODE BLOCK--
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] if no NFS server clients are waiting..

[Michael Casey]

What can I do, If the NFS server is rebooting/offline?
I mean the clients just wait and wait and wait...

I tried to set

timeo=5,retrans=2

mount options when mounting nfs in fstab on client side =
still no luck, clients are just waiting...
Can I set a timeout somewhere? :D

Thank you for any tips
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] if no NFS server clients are waiting..

[Johan Swensson]

Try with the soft option.

- Original Message -
From: "Michael Casey" 
To: centos@centos.org
Sent: Thursday, May 14, 2009 2:06:31 PM GMT +01:00 Amsterdam / Berlin / Bern / 
Rome / Stockholm / Vienna
Subject: [CentOS] if no NFS server clients are waiting..


What can I do, If the NFS server is rebooting/offline? 
I mean the clients just wait and wait and wait... 

I tried to set 

timeo=5,retrans=2 

mount options when mounting nfs in fstab on client side = 
still no luck, clients are just waiting... 
Can I set a timeout somewhere? :D 

Thank you for any tips 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] if no NFS server clients are waiting..

[Michael Casey]

I tried "ls --color=never"
https://bugzilla.redhat.com/show_bug.cgi?id=468049
it still waits

I tried on the client side with other mount options: intr, soft
it still waits


update :D :
I turn the NFS server down
Clients hang
reboot client
client cant see the NFS share, but at least it doesn't wait's for it
I start the NFS server
reboot client
It can see the shares again

Client's are Lenny's

ps.: amm...the nfs server is really an unfs3 server in an openwrt kamikaze
8.09 router... :) :S
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] if no NFS server clients are waiting..

[James Pearson]

Johan Swensson wrote:
> Try with the soft option.
> 
> - Original Message -
> From: "Michael Casey" 
> To: centos@centos.org
> Sent: Thursday, May 14, 2009 2:06:31 PM GMT +01:00 Amsterdam / Berlin / Bern 
> / Rome / Stockholm / Vienna
> Subject: [CentOS] if no NFS server clients are waiting..
> 
> 
> What can I do, If the NFS server is rebooting/offline? 
> I mean the clients just wait and wait and wait... 
> 
> I tried to set 
> 
> timeo=5,retrans=2 
> 
> mount options when mounting nfs in fstab on client side = 
> still no luck, clients are just waiting... 
> Can I set a timeout somewhere? :D 

If the server is just rebooting, then don't use the "soft" option. In 
fact, I would never use the soft option - see: 


You probably want to use "hard,intr"

If the server is really offline for a period, then you can clear the 
mount entry by using 'umount -l /mount/point' - see umount(1)

James Pearson
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] if no NFS server clients are waiting..

[Michael Casey]

the fstab entry is this

vim /etc/fstab
192.168.1.1:/mnt/share/ /home/user/Desktop/Share/ nfs
defaults,ro,nfsvers=3,nolock 0 0
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Possible SAN Issue

[Ross Walker]

On May 14, 2009, at 6:48 AM, Alan Bartlett   
wrote:

> Just a quick ping to the general m/l.
>
> Is there a SAN expert out there who could spare some time to have a
> look at this forum post, please?
>
> URL -- 
> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=20273&forum=39

Doing storage work is a pain, it means you are up in the middle of the  
night doing all sorts of scary stuff with the company's data.

You are going to have to reboot to see the new size because the  
partition is in use.

I highly recommend using LVM on the bare SAN volume next time.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Possible SAN Issue

[Jim Perrin]

On Thu, May 14, 2009 at 6:48 AM, Alan Bartlett  wrote:
> Just a quick ping to the general m/l.
>
> Is there a SAN expert out there who could spare some time to have a
> look at this forum post, please?
>
> URL -- 
> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=20273&forum=39

If you unmount the partition, then rescan the scsi bus it'll work.
Basically your system won't see the additional space while you're
using the partition. if you stop using it (unmount) then you can
operate on it and bring it back online.

This is where LVM shines, because you can simply add another lun, add
it to your lvm setup, and expand the filesystem on the fly.
-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Possible SAN Issue

[Karanbir Singh]

Jim Perrin wrote:
> This is where LVM shines, because you can simply add another lun, add
> it to your lvm setup, and expand the filesystem on the fly.


Just hope that $guru didnt use fdisk to setup things, when you need to 
grow the LUN a bit.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Dual-booting CentOS and WinXP

[Sorin Srbu]

Hi all,

You know how I asked about procedures to build a dual-boot system with
CentOS and WinXP a while ago? Well, I I've begun with a test machine.

What I had from start was a working CentOS 5.3 32b system. What I did was to
just add another empty drive configured as slave and then boot from the
Windows install cd.

The most curious thing happened now, I get a blank screen after the Windows
installer screen saying something about "Setting up install procedure..."
just at the beginning. That is to say, this happens only if the hd with
CentOS is connected to power. If I disconnect the power connector to the
CentOS drive, the Windows installer happily goes on.

Is this to be expected, that Windows won't install if it sees a hd with
another OS as master?

Thanks for any hints.
-- 
BW,
Sorin
---
# Sorin Srbu[Sysadmin, Systems Engineer]
# Dept of Medicinal Chemistry,  Phone: +46 (0)18-4714482 >3 signals> GSM
# Div of Org Pharm Chem,Mobile: +46 (0)701-718023
# Box 574, Uppsala University,  Fax: +46 (0)18-4714482
# SE-751 23 Uppsala, Sweden Visit: BMC, Husargatan 3, D5:512b
#   Web: http://www.orgfarm.uu.se
---
# ()  ASCII ribbon campaign - Against html E-mail 
# /\
#
# MotD follows:
# This label is not a significant source of information.



smime.p7s
Description: S/MIME cryptographic signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix: user unknown

[nate]

Manuel Monteiro wrote:
>
>
> Dear all,
>
>
>
> I have a mail server based on  a CentOS 5.3 machine with postfix.
>
>
>
> Most of our users are on LDAP (on localhost) but we also have some local
> users and we are using PAM for authentication.

Are you running nscd on the server? That should smooth out LDAP
blips, though I would disable nscd's dns caching in /etc/nscd.conf

Is postfix configured to talk directly to LDAP ? What does the
configuration look like?

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Possible SAN Issue

[nate]

Jim Perrin wrote:

> This is where LVM shines, because you can simply add another lun, add
> it to your lvm setup, and expand the filesystem on the fly.

Also the OP should look into thin provisioning software that may
be available for his EMC array. In some situations this can eliminate
the need for LVM. For me I still use LVM because it helps when
detecting what paths to use with MPIO. I often create larger(1-2TB)
volumes on the storage array and then create smaller logical volumes
in LVM, then when I need to expand I just expand, no need for new
LUNs. If your data access patterns don't involve large amounts of
writes and then deletes(thin provisioning dedicates storage when it
is written to), then you don't need volume management at all the
array can do it for you.

Most workloads in my experience are friendly with thin provisioning,
some are not. Some vendors have ways to reclaim deleted space as
well to put it back into the storage pool(s) for use by other
systems.

http://searchstorage.techtarget.com/news/column/0,294698,sid5_gci1134713,00.html

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Kickstart hang trying to install CentOS 5.3

[Alfred von Campe]

I've been using kickstart successfully with a local mirror going back  
to CentOS 4.X.  I'm trying to install CentOS 5.3 via kickstart on a  
new system (which happens to be different than most other systems  
I've installed on), and the install process always hangs shortly  
after the partitions are created.  If I go to the alternate console  
#3, the last two lines are always this (except that the time stamp  
changes every time I try it of course):

   10:06:18 DEBUG:  Member xorg-x11-drv-i128-1.2.0-4 - u
   10:06:18 DEBUG:  Adding Package xorg-x11-drv-i128-1.2.0-4.i386 in  
mode u

This is preceded by hundreds of similar lines for other packages, but  
it always hangs at xorg-x11-drv-i128-1.2.0-4.  I am currently out of  
other systems to test/install this on.  Instead of the usual  
ThinkCentre mini tower, this system is a ThinkCentre pizza box.  I've  
installed CentOS on this type of hardware before without problems,  
but it hangs on the only two systems I currently have.

It's possible that there is something wrong with my local mirror, but  
I rsync it every night and this problem has been going on for a few  
days.  I will try to install this on a mini tower to rule out any  
hardware compatibility issues, but in the mean time, I'm looking for  
suggestions on how to debug this.  I've booted into Linux rescue mode  
after power cycling the system after it hung to look at whatever did  
get installed, but there are no useful log files.

Alfred

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dual-booting CentOS and WinXP

[Ned Slider]

Sorin Srbu wrote:
> Hi all,
> 
> You know how I asked about procedures to build a dual-boot system with
> CentOS and WinXP a while ago? Well, I I've begun with a test machine.
> 
> What I had from start was a working CentOS 5.3 32b system. What I did was to
> just add another empty drive configured as slave and then boot from the
> Windows install cd.
> 
> The most curious thing happened now, I get a blank screen after the Windows
> installer screen saying something about "Setting up install procedure..."
> just at the beginning. That is to say, this happens only if the hd with
> CentOS is connected to power. If I disconnect the power connector to the
> CentOS drive, the Windows installer happily goes on.
> 
> Is this to be expected, that Windows won't install if it sees a hd with
> another OS as master?
> 
> Thanks for any hints.
> 

It's a known issue - I've seen it affecting other distro's (Fedora in my 
case). It's a Windows XP thing, not specific to the distro, and only 
affects WinXP afaik (doesn't affect Win2K, couldn't care less about 
Vista). I first came across it trying to install WinXP on a system that 
had previously had Fedora on it and the installer hangs at a black 
screen. The "solution" is to do as you've done and disconnect the drive. 
If it's a single drive system, then install Windows first for dual 
booting, or if you just want to reinstall Windows over the top of a 
previous Linux installation then remove all Linux partitions with fdisk 
first.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Dealing with brute force attacks

[James B. Byrne]

Over the weekend one of our servers at a remote location was
hammered by an IP originating in mainland China.  This attack was
only noteworthy in that it attempted to connect to our pop3 service.

We have long had an IP throttle on ssh connections to discourage
this sort of thing.  But I had not considered the possibility that
other services were equally at risk.  Researching this on the web
does not reveal any comprehensive list of vulnerable ports or
services.  Most discussion centres on ssh, then some on ftp, and
relatively few regarding pop3.

So, my questions are these:

1. Should I throttle all new connections regardless of destination
ports?  In other words: are there any legitimate reasons that a
single IP would require more than one new connection every 30
seconds or so?

2. Moving pass the obvious and unhelpful "everything", what services
are particularly vulnerable to these types of attacks?  Does a list
exist anywhere?

Regards,

-- 
***  E-Mail is NOT a SECURE channel  ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dual-booting CentOS and WinXP

[Robert Heller]

At Thu, 14 May 2009 15:41:02 +0100 CentOS mailing list  
wrote:

> 
> Sorin Srbu wrote:
> > Hi all,
> > 
> > You know how I asked about procedures to build a dual-boot system with
> > CentOS and WinXP a while ago? Well, I I've begun with a test machine.
> > 
> > What I had from start was a working CentOS 5.3 32b system. What I did was to
> > just add another empty drive configured as slave and then boot from the
> > Windows install cd.
> > 
> > The most curious thing happened now, I get a blank screen after the Windows
> > installer screen saying something about "Setting up install procedure..."
> > just at the beginning. That is to say, this happens only if the hd with
> > CentOS is connected to power. If I disconnect the power connector to the
> > CentOS drive, the Windows installer happily goes on.
> > 
> > Is this to be expected, that Windows won't install if it sees a hd with
> > another OS as master?
> > 
> > Thanks for any hints.
> > 
> 
> It's a known issue - I've seen it affecting other distro's (Fedora in my 
> case). It's a Windows XP thing, not specific to the distro, and only 
> affects WinXP afaik (doesn't affect Win2K, couldn't care less about 
> Vista). I first came across it trying to install WinXP on a system that 
> had previously had Fedora on it and the installer hangs at a black 
> screen. The "solution" is to do as you've done and disconnect the drive. 
> If it's a single drive system, then install Windows first for dual 
> booting, or if you just want to reinstall Windows over the top of a 
> previous Linux installation then remove all Linux partitions with fdisk 
> first.

Windows NT 4.0's installer also is wonky if the first disk is not
available for the MS-Windows install.  I had this problem with a SCSI
system and ended up re-numbering the drives making the disk with the
existing Linux install drive #1 (/dev/sdb) and the 'new' drive for
MS-Windows NT 4.0 drive #0 (/dev/sda).  In the OP's case, this would
mean making the disk with Linux installed the 'slave' (/dev/hdb) and
the new disk (for MS-Windows) the 'master' (/dev/hda).  The OP would
then have to boot up with a rescue disk to fix the /etc/fstab file
(unless it uses labeled file systems) and re-install the boot loader.

> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
>   
>  

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
hel...@deepsoft.com   -- http://www.deepsoft.com/ModelRailroadSystem/

  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dealing with brute force attacks

[Chris Boyd]

On May 14, 2009, at 9:46 AM, James B. Byrne wrote:

> 2. Moving pass the obvious and unhelpful "everything", what services
> are particularly vulnerable to these types of attacks?  Does a list
> exist anywhere?

If it's reachable over the 'net, it will eventually get pounded.

POP, IMAP, SMTP Auth, FTP, SSH are obvious targets.

Movable Type / Wordpress blogs are popular targets for link spammers.

Cpanel, webmin, phpMyAdmin and similar applications get pounded on  
less often, but you'll still get hit.

--Chris
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kickstart hang trying to install CentOS 5.3

[nate]

Alfred von Campe wrote:
> I've been using kickstart successfully with a local mirror going back
> to CentOS 4.X.  I'm trying to install CentOS 5.3 via kickstart on a
> new system (which happens to be different than most other systems
> I've installed on), and the install process always hangs shortly
> after the partitions are created.  If I go to the alternate console
> #3, the last two lines are always this (except that the time stamp
> changes every time I try it of course):

How long does it hang? CentOS 5.x takes much longer to get to the
point where it is installing packages than 4.x, probably a good 3-4
minutes more, perhaps longer if your mirror is over a WAN connection,
my mirror is on the local LAN and it does take a long time as well
though it always has(CentOS 5.0,5.1,5.2, haven't tried 5.3).

Unless your waiting for hours for it to go I think what your seeing
is "normal". I'd suggest using a mirror on your local network to
see if it speeds anything up, but I think most of the time is spent
on the client calculating the various things it needs for packages.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix: user unknown

[Manuel Monteiro]

>> Dear all,
>>
>> I have a mail server based on  a CentOS 5.3 machine with postfix.
>>
>>
>> Most of our users are on LDAP (on localhost) but we also have some local
>> users and we are using PAM for authentication.
>
>Are you running nscd on the server? That should smooth out LDAP
>blips, though I would disable nscd's dns caching in /etc/nscd.conf
>
>Is postfix configured to talk directly to LDAP ? What does the
>configuration look like?
>
>nate

We are using nscd with the default configuration.
This server also has a web server, will disabling nscd's dns cache have
negative impact on the performance in this service (or others)?

Postfix does not talk with LDAP. Here's the configuration file:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = mail.astro.up.pt
mydomain = astro.up.pt
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks_style = host
virtual_alias_domains = vlti.org sp-astronomia.pt
virtual_alias_maps = hash:/etc/postfix/virtual,
hash:/etc/mailman/virtual-mailman
smtp_generic_maps = hash:/etc/postfix/generic
canonical_maps = hash:/etc/postfix/canonical
alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
home_mailbox = Maildir/
mailbox_command = /usr/bin/procmail -d ${USER}
debug_peer_level = 2
debugger_command =
 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop

### AMAVIS
content_filter = smtp-amavis:[localhost]:10024

### SASL
#TLS - SMTP AUTH
disable_vrfy_command = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file = /etc/pki/tls/certs/mail-chained.pem
smtpd_tls_key_file = /etc/pki/tls/private/mail.astro.up.pt.key
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

# Security
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination

# Options
message_size_limit = 3096
smtpd_timeout = 600
-


Thanks,
Manuel

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Problem booting 2.6.30-rc5 kernel

[Jeff Layton]

Good morning!

I know I'm on the bleeding edge, but I'm having trouble getting
the 2.6.30-rc5 kernel to boot on my CentOS 5.3 box. It's a
dual-socket Nehalem box with the Tylersburg chipset (Supermicro
board). I installed CentOS 5.3 on it with no problems - boots and
runs fine. But I wanted to take a look at the 2.6.30-rc5 kernel
and try out some new stuff.

After a few go around's with 2.6.30-rc5 the closest I can get it
to boot is that I receive the following typing from my notes, so
please excuse my typos):

Red Hat nash version 5.1.19.6 starting
insmod : error inserting '/lib/dm-region-hash.ko' : -1 File exists
   Reading all physical volumes. This may take a while...
   Volume gruop "VolGroup00" not found
mount: could not find filesystem '/dev/root'
setuproot: moving /dev failed: No such file or directory
setuproot: error mounting /proc: No such file or directory
setuproot: error mounting /sys: No such file or directory
setuproot: mount failed: No such file or directory
Kernel panic - not syncing: Attempted to kill init!


I think this all boils down to the missing module. But I can't seem
to find it in the 2.6.30-rc5 kernel.

Any ideas?

Thanks!

Jeff


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Install Procedure Question

[Kaplan, Andrew H.]

Hi there --

That was it...thanks for the help. The netinstall worked without problems.  

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Tim Shubitz
Sent: Wednesday, May 13, 2009 5:00 PM
To: CentOS mailing list
Subject: Re: [CentOS] Network Install Procedure Question

On May 13, 2009, at 3:48 PM, Kaplan, Andrew H. wrote:

> Hi there --
>
> Yes, I read that section. What I am asking is the following: When  
> entering the
> information into the fields, the URL for one of the mirror sites  
> would be on
> the first line. When I went to several of the mirror sites, the iso  
> images were
> there, but there were no directories listed for the packages. If  
> that is the
> case, am I going to be downloading the .iso images during the  
> install, or is
> there
> a directory at that or some other location that contains the  
> packages needed for
> the installation to proceed?

I think I see what you're asking.

If you start out at http://isoredirect.centos.org/centos/5.3/isos/ 
i386/ and choose a mirror (say,
http://mirrors.bluehost.com/centos/5.3/isos/i386/) 
  you'll be presented with a list of the ISOs for CentOS.

What the netinstall is looking for is a few directories back and down  
from this location.

By clicking on "Parent Directory" two times and drilling down into "os/ 
i386," THIS is directory path that you want to enter into the  
netinstall part of the CentOS installer.

 From the example mirror above, the first line would be...

mirrors.bluehost.com

and the second line would be...

centos/5.3os/i386

The installer goes into the "images" directory and downloads  
"stage2.img" to continue with the net-based  installation.

Hope that helps.


--
Tim Shubitz
IT Coordinator
alwaysBEthere, Inc.
email: tshub...@alwaysbethere.com
phone: (651) 373-2009
AIM: abttims

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kickstart hang trying to install CentOS 5.3

[Alfred von Campe]

> How long does it hang? CentOS 5.x takes much longer to get to the
> point where it is installing packages than 4.x, probably a good 3-4
> minutes more, perhaps longer if your mirror is over a WAN connection,
> my mirror is on the local LAN and it does take a long time as well
> though it always has(CentOS 5.0,5.1,5.2, haven't tried 5.3).

I waited overnight and it was still hung in the morning.  My local  
mirror is on the LAN, so it's not a network issue.

I was able to find another system, and it appeared to hang at the  
same spot (that is, I was looking at alternate console #3 and saw  
that it stopped at the same RPM). However, after a couple of minutes  
it proceeded.  My guess is that this RPM is the last one to download,  
and the kickstart process needs to "think" about the next step.   
While it was stuck at this step, anaconda was using close to 100% of  
the CPU according to top in console 2.

So it appears to be a resource problem on the smaller desktops.  The  
specs are Pentium 4 @ 3.00GHz with 1.5GB of memory and integrated  
Intel 915G/915GV/910GL accelerated VGA graphics.  This should be more  
than enough to install/run CentOS.  I even tried installing in text  
mode and it also hung.  Very strange...

Alfred

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Preventing hour-long fsck on ext3-filesystem

[Bernhard Gschaider]

Hi!

I'm justing in the process of setting up a new fileserver for our
company. I'm installing CentOS 5.3 (64 bit) on it.

One of the "problems" with it is that it has a 3.5TB filesystem for
the user data which I formatted during setup as an ext3. Now my
experience with our current fileserver is that a 0.5TB ext3 filesystem
needs approx half an hour to complete (and kicks in every so and so
reboots or every 180days). My estimate is that for the larger
filesystem (and the faster machine) the fsck would need well over an
hour (being optimistic). I dread the day when I have to reboot the
server and wait for 2hours or more just because the system thought it
would be a prudent thing to check the filesystem.

My question:

 - is there another stable filesystem (XFS, ReiserFS ...) in the
   centosplus-kernel where this could be avoided (fsck is faster) and
   that is as safe as ext3
 - Or would it be better to switch off automatic checking with tune2fs

Any opinion/experience welcome. I looked around a bit but couldn't
find a good answer

Bernhard

PS: Sorry for the stupid question, but I'm only part-time admin and
testing this myself would take weeks, I guess

-- 
---
DI Bernhard F.W. Gschaider
---
EMail:  bernhard.gschai...@ice-sf.at
WWW  : www.ice-sf.at
Jabber : bgsch...@jabber.org
Tel:+43(3842)98282-42   Fax:+43(3842)98282-02
---
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dealing with brute force attacks

[Bill Campbell]

On Thu, May 14, 2009, James B. Byrne wrote:
>Over the weekend one of our servers at a remote location was
>hammered by an IP originating in mainland China.  This attack was
>only noteworthy in that it attempted to connect to our pop3 service.

You might look at fail2ban which can automatically create
iptables blocks when things like this happen.

Bill
-- 
INTERNET:   b...@celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186  Skype: jwccsllc (206) 855-5792

Manual, n.:
A unit of documentation.  There are always three or more on a
given item.  One is on the shelf; someone has the others.  The
information you need is in the others.
-- Ray Simard
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Ray Van Dolson]

On Thu, May 14, 2009 at 05:44:11PM +0200, Bernhard Gschaider wrote:
> 
> Hi!
> 
> I'm justing in the process of setting up a new fileserver for our
> company. I'm installing CentOS 5.3 (64 bit) on it.
> 
> One of the "problems" with it is that it has a 3.5TB filesystem for
> the user data which I formatted during setup as an ext3. Now my
> experience with our current fileserver is that a 0.5TB ext3 filesystem
> needs approx half an hour to complete (and kicks in every so and so
> reboots or every 180days). My estimate is that for the larger
> filesystem (and the faster machine) the fsck would need well over an
> hour (being optimistic). I dread the day when I have to reboot the
> server and wait for 2hours or more just because the system thought it
> would be a prudent thing to check the filesystem.
> 
> My question:
> 
>  - is there another stable filesystem (XFS, ReiserFS ...) in the
>centosplus-kernel where this could be avoided (fsck is faster) and
>that is as safe as ext3
>  - Or would it be better to switch off automatic checking with tune2fs

Yes, you could use XFS.  Or, use tune2fs on the filesystem to disable
the automatic checking:

  # tune2fs -c 0 -i 0 /dev/whatever

See tune2fs(8) for more information.  The -m 0 parameter may also be
useful as by default 5% of blocks are "reserved" (useful for root
filesystems).

> 
> Any opinion/experience welcome. I looked around a bit but couldn't
> find a good answer
> 
> Bernhard
> 
> PS: Sorry for the stupid question, but I'm only part-time admin and
> testing this myself would take weeks, I guess

Ray
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Peter Lemenkov]

2009/5/14 Bernhard Gschaider :

> One of the "problems" with it is that it has a 3.5TB filesystem for
> the user data which I formatted during setup as an ext3.

Yes, using ext3 is a real pain especially on such large partitions. I
advice you to switch to XFS.

-- 
With best regards!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Toby Bluhm]

Bernhard Gschaider wrote:
> Hi!
> 
> I'm justing in the process of setting up a new fileserver for our
> company. I'm installing CentOS 5.3 (64 bit) on it.
> 
> One of the "problems" with it is that it has a 3.5TB filesystem for
> the user data which I formatted during setup as an ext3. Now my
> experience with our current fileserver is that a 0.5TB ext3 filesystem
> needs approx half an hour to complete (and kicks in every so and so
> reboots or every 180days). My estimate is that for the larger
> filesystem (and the faster machine) the fsck would need well over an
> hour (being optimistic). I dread the day when I have to reboot the
> server and wait for 2hours or more just because the system thought it
> would be a prudent thing to check the filesystem.
> 
> My question:
> 
>  - is there another stable filesystem (XFS, ReiserFS ...) in the
>centosplus-kernel where this could be avoided (fsck is faster) and
>that is as safe as ext3
>  - Or would it be better to switch off automatic checking with tune2fs
> 
> Any opinion/experience welcome. I looked around a bit but couldn't
> find a good answer
> 
> Bernhard
> 
> PS: Sorry for the stupid question, but I'm only part-time admin and
> testing this myself would take weeks, I guess
> 

If you use ext3 on LVM, you could every once in a while make a snapshot 
of the fs & do a background fsck on the snapshot.

https://www.redhat.com/archives/ext3-users/2008-January/msg00032.html



-- 
tkb
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Bernhard Gschaider]

Thank you all for your quick answers (you guys must have started
typing BEFORE I hit the Send-button).

The general consensus seems to be "If you can start anew: use
XFS". This leaves one question: as the XFS is not included in the
standard-kernel which option offers the "smoothest sailing"
(especially during kernel-updates):

 - kernel from centosplus
 - kmod-xfs from centosplus
 - kmod-xfs from extras 

Bernhard

> On Thu, 14 May 2009 11:57:49 -0400
> "BLB" == Brent L Bates  wrote:

BLB>  I strongly recommend XFS over ext[23] ANY day.  XFS is
BLB> faster, more robust, and more dependable than ext.  I've used
BLB> it for years and it is rock solid.  I've had it work through
BLB> failing disk drives and number system crashes (caused by
BLB> faulty memory).  It takes a licking and keeps on ticking.
BLB> :-) No need to `fsck' the drive.  If there are any file
BLB> system problems, one can run xfs_check with a live system.
BLB> It isn't recommended as it can give false positives for a
BLB> live running file system, but it can help if needed.
BLB> xfs_repair has to be run on an unmounted file system,
BLB> however, I've almost never needed to use xfs_check or
BLB> xfs_repair.  XFS has over a decade and pentabytes of use
BLB> behind it.  I wouldn't use any other file system.

BLB> --

BLB>   Brent L. Bates (UNIX Sys. Admin.)  M.S. 912 Phone:(757)
BLB> 865-1400, x204 NASA Langley Research Center FAX:(757)
BLB> 865-8177 Hampton, Virginia 23681-0001 Email:
BLB> b.l.ba...@larc.nasa.gov http://www.vigyan.com/~blbates/



-- 
---
DI Bernhard F.W. Gschaider
---
EMail:  bernhard.gschai...@ice-sf.at
WWW  : www.ice-sf.at
Jabber : bgsch...@jabber.org
Tel:+43(3842)98282-42   Fax:+43(3842)98282-02
---
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Filipe Brandenburger]

Hi,

On Thu, May 14, 2009 at 12:23, Bernhard Gschaider
 wrote:
> which option offers the "smoothest sailing"
> (especially during kernel-updates):
>
>  - kernel from centosplus
>  - kmod-xfs from centosplus
>  - kmod-xfs from extras

Use kmod-xfs from extras (it should be already enabled in your yum
config) unless you already need the centosplus kernel for another
reason.

See here:
http://wiki.centos.org/AdditionalResources/Repositories/CentOSPlus#line-76

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dealing with brute force attacks

[Rudi Ahlers]

On Thu, May 14, 2009 at 5:48 PM, Bill Campbell  wrote:

> On Thu, May 14, 2009, James B. Byrne wrote:
> >Over the weekend one of our servers at a remote location was
> >hammered by an IP originating in mainland China.  This attack was
> >only noteworthy in that it attempted to connect to our pop3 service.
>
> You might look at fail2ban which can automatically create
> iptables blocks when things like this happen.
>
> Bill
> --
> INTERNET:   b...@celestial.com  Bill Campbell; Celestial Software LLC
> URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
> Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
> Fax:(206) 232-9186  Skype: jwccsllc (206) 855-5792
>
> Manual, n.:
>A unit of documentation.  There are always three or more on a
>given item.  One is on the shelf; someone has the others.  The
>information you need is in the others.
>-- Ray Simard
> ___
>

fail2ban does a good job of automatically blocking any IP which constantly
tries to login to any service with an incorrect password.

Another option, with even more control, is ConfigServer firewall (or other
firewalls), which can monitor various aspects of your network and block
unwanted users on demand.

-- 
Kind Regards
Rudi Ahlers
CEO, SoftDux Hosting
Web: http://www.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Akemi Yagi]

On Thu, May 14, 2009 at 9:30 AM, Filipe Brandenburger
 wrote:

> Use kmod-xfs from extras (it should be already enabled in your yum
> config) unless you already need the centosplus kernel for another
> reason.
>
> See here:
> http://wiki.centos.org/AdditionalResources/Repositories/CentOSPlus#line-76

That wiki article needs to be updated. The centosplus kernel does not
have xfs enabled any more. Therefore, cplus kernel users also need to
install kmod-xfs (which is available from the centosplus repo).

If you are running CentOS-4, the last 2 kernels do not (yet) have
corresponding kmod-xfs.  You need to wait for CentOS devs to build
those kmods or to supply a kernel version independent kmod.

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dealing with brute force attacks

[David G . Miller]

James B. Byrne  writes:

> 
> Over the weekend one of our servers at a remote location was
> hammered by an IP originating in mainland China.  This attack was
> only noteworthy in that it attempted to connect to our pop3 service.
> 
> We have long had an IP throttle on ssh connections to discourage
> this sort of thing.  But I had not considered the possibility that
> other services were equally at risk.  Researching this on the web
> does not reveal any comprehensive list of vulnerable ports or
> services.  Most discussion centres on ssh, then some on ftp, and
> relatively few regarding pop3.
> 
> So, my questions are these:
> 
> 1. Should I throttle all new connections regardless of destination
> ports?  In other words: are there any legitimate reasons that a
> single IP would require more than one new connection every 30
> seconds or so?
> 
> 2. Moving pass the obvious and unhelpful "everything", what services
> are particularly vulnerable to these types of attacks?  Does a list
> exist anywhere?
> 
> Regards,
> 

Hi -

I went though a similar process back when the DNS cache poisoning attacks
were coming fast and furious.  The question to answer is, "Are there 
legitimate reasons why the same IP address will apparently make multiple
connection requests for a particular service?"  For DNS the answer was a
resounding "no" since the source nameserver should cache the results of the 
query.  

For POP3 the answer is more dependent on your particular organization.  As an
example, is there a remote office that will generate a number of connection
requests when everyone egts to work in the morning; all apparently from the 
same IP address?  If there are no such legit reasons why a number of requests 
could occur in a short period of time, a simple firewall throttling rule may 
be sufficient.  I have an article on my blog describing the firewall rules I 
used to throttle and then block DNS cache poisoning attacks at: 

http://davenjudy.org/davesBlog/node/41

One of the other replies also suggested "fail2ban" which may be more 
appropriate anyway since you really want to look at failed logins; not just
connection attempts.


Cheers,
Dave

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Printing graphics on CentOS 5.3

[MHR]

I am absolutely thrilled and delighted to report that the problem I
have been having on CentOS since I first started using it, back in
4.4, of having all images (graphics) print out from the image viewer
as all-black pages appears to be gone!

I just printed 13 graphics from the image viewer directly to my laser
printer, and they're all excellent.

I suppose it could be that I'm using a more-supported laser printer
now (Brother 2140) than then (Minolta PagePro 1100), with a driver
that actually works properly - I don't know.

I'm just extremely pleased that this works, regardless pf who should
get the blame/credit!

Okay, I'm getting my breath back, now



mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dealing with brute force attacks

[Lanny Marcus]

On Thu, May 14, 2009 at 9:46 AM, James B. Byrne  wrote:
> Over the weekend one of our servers at a remote location was
> hammered by an IP originating in mainland China.  This attack was
> only noteworthy in that it attempted to connect to our pop3 service.

About 6 years ago, the POP3 port on one of our web sites (on a shared
server at OLM) was attacked. OLM discovered this when I couldn't
download my email and filed a trouble ticket. Someone was accessing it
60 times a minute. Whatever OLM did, to prevent it worked.   :-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dealing with brute force attacks

[James B. Byrne]

On: Thu, 14 May 2009 08:48:36 -0700, Bill Campbell
 wrote:
>
> You might look at fail2ban which can automatically create
> iptables blocks when things like this happen.
>

I went to the source forge website, but the rh rpm is inaccessible.
I really do not wish to join yet another mailing list simply to
report this so if anyone here is a member there as well please let
them know.

Regards,

-- 
***  E-Mail is NOT a SECURE channel  ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dealing with brute force attacks

[Rudi Ahlers]

On Thu, May 14, 2009 at 8:46 PM, James B. Byrne wrote:

>
>
> I went to the source forge website, but the rh rpm is inaccessible.
> I really do not wish to join yet another mailing list simply to
> report this so if anyone here is a member there as well please let
> them know.
>
> Regards,
>
> --
> ***  E-Mail is NOT a SECURE channel  ***
> James B. Byrnemailto:byrn...@harte-lyne.ca
> Harte & Lyne Limited  http://www.harte-lyne.ca
> 9 Brockley Drive  vox: +1 905 561 1241
> Hamilton, Ontario fax: +1 905 561 0757
> Canada  L8E 3C3
>
> ___
>

Have you tried rpmfind.net or Dag Wier's repository?


-- 
Kind Regards
Rudi Ahlers
CEO, SoftDux Hosting
Web: http://www.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dealing with brute force attacks

[nate]

James B. Byrne wrote:

> I went to the source forge website, but the rh rpm is inaccessible.
> I really do not wish to join yet another mailing list simply to
> report this so if anyone here is a member there as well please let
> them know.

looks like they already know..

http://www.fail2ban.org/wiki/index.php/Downloads

There is a comment next to the link that says the link is broken.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Bart Schaefer]

On Thu, May 14, 2009 at 8:44 AM, Bernhard Gschaider
 wrote:
>
> One of the "problems" with it is that it has a 3.5TB filesystem for
> the user data which I formatted during setup as an ext3.

An option I haven't seen suggested yet is to split this into several
filesystems that can be fsck'd in parallel.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dealing with brute force attacks

[Scott Silva]

on 5-14-2009 11:46 AM James B. Byrne spake the following:
> On: Thu, 14 May 2009 08:48:36 -0700, Bill Campbell
>  wrote:
>> You might look at fail2ban which can automatically create
>> iptables blocks when things like this happen.
>>
> 
> I went to the source forge website, but the rh rpm is inaccessible.
> I really do not wish to join yet another mailing list simply to
> report this so if anyone here is a member there as well please let
> them know.
> 
> Regards,
> 
http://packages.sw.be/fail2ban/




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Pasi Kärkkäinen]

On Thu, May 14, 2009 at 06:23:05PM +0200, Bernhard Gschaider wrote:
> 
> Thank you all for your quick answers (you guys must have started
> typing BEFORE I hit the Send-button).
> 
> The general consensus seems to be "If you can start anew: use
> XFS". This leaves one question: as the XFS is not included in the
> standard-kernel which option offers the "smoothest sailing"
> (especially during kernel-updates):

It seems XFS might be added as a default to RHEL 5.4.. 

-- Pasi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Scott Silva]

on 5-14-2009 1:24 PM Pasi � spake the following:
> On Thu, May 14, 2009 at 06:23:05PM +0200, Bernhard Gschaider wrote:
>> Thank you all for your quick answers (you guys must have started
>> typing BEFORE I hit the Send-button).
>>
>> The general consensus seems to be "If you can start anew: use
>> XFS". This leaves one question: as the XFS is not included in the
>> standard-kernel which option offers the "smoothest sailing"
>> (especially during kernel-updates):
> 
> It seems XFS might be added as a default to RHEL 5.4.. 
> 
Probably not a default, but an option.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Joshua Baker-LePain]

On Thu, May 14, 2009 at 2:03 PM, Scott Silva  wrote:
> on 5-14-2009 1:24 PM Pasi � spake the following:
>>
>> It seems XFS might be added as a default to RHEL 5.4..
>>
> Probably not a default, but an option.

I wonder which high-end customer *finally* drove them to do this (if,
indeed, they are going to).  Us regular folks have been agitating for
this for ages, but we were always told that ext3 was just fine and why
would we need anything else.  Somebody with $$ must have told them in
no uncertain terms "XFS or we're outta' here".

-- 
Joshua "conspiracy theorist for a day" Baker-LePain
Department of Biomedical Engineering
Duke University
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Rainer Duffner]

Am 14.05.2009 um 21:25 schrieb Bart Schaefer:

> On Thu, May 14, 2009 at 8:44 AM, Bernhard Gschaider
>  wrote:
>>
>> One of the "problems" with it is that it has a 3.5TB filesystem for
>> the user data which I formatted during setup as an ext3.
>
> An option I haven't seen suggested yet



For a reason, believe me.



> is to split this into several
> filesystems that can be fsck'd in parallel.




The eighties called - they want their stone-age way to handle disks  
back




Rainer  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Les Mikesell]

Scott Silva wrote:
> on 5-14-2009 1:24 PM Pasi � spake the following:
>> On Thu, May 14, 2009 at 06:23:05PM +0200, Bernhard Gschaider wrote:
>>> Thank you all for your quick answers (you guys must have started
>>> typing BEFORE I hit the Send-button).
>>>
>>> The general consensus seems to be "If you can start anew: use
>>> XFS". This leaves one question: as the XFS is not included in the
>>> standard-kernel which option offers the "smoothest sailing"
>>> (especially during kernel-updates):
>> It seems XFS might be added as a default to RHEL 5.4.. 
>>
> Probably not a default, but an option.

Is this a reasonable choice on a 32 bit machine?  I thought 4k stacks 
were a problem.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Scott Silva]

on 5-14-2009 2:21 PM Les Mikesell spake the following:
> Scott Silva wrote:
>> on 5-14-2009 1:24 PM Pasi � spake the following:
>>> On Thu, May 14, 2009 at 06:23:05PM +0200, Bernhard Gschaider wrote:
 Thank you all for your quick answers (you guys must have started
 typing BEFORE I hit the Send-button).

 The general consensus seems to be "If you can start anew: use
 XFS". This leaves one question: as the XFS is not included in the
 standard-kernel which option offers the "smoothest sailing"
 (especially during kernel-updates):
>>> It seems XFS might be added as a default to RHEL 5.4.. 
>>>
>> Probably not a default, but an option.
> 
> Is this a reasonable choice on a 32 bit machine?  I thought 4k stacks 
> were a problem.
> 
I'm sure that RedHat can easily build 32 bit kernels with 8k stacks if they so
choose.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Tru Huynh]

On Thu, May 14, 2009 at 10:10:58AM -0700, Akemi Yagi wrote:
> If you are running CentOS-4, the last 2 kernels do not (yet) have
> corresponding kmod-xfs.  You need to wait for CentOS devs to build
> those kmods or to supply a kernel version independent kmod.

I have just pushed the latest .22 kernel... for extras.

I completely missed the .17 kernel.

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B


pgpQgv5dWWSpD.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preventing hour-long fsck on ext3-filesystem

[Filipe Brandenburger]

On Thu, May 14, 2009 at 17:21, Les Mikesell  wrote:
> Is this a reasonable choice on a 32 bit machine?  I thought 4k stacks
> were a problem.

Oh yeah, I failed to mention in my previous e-mail that all the
machines I have running XFS are using x86_64 versions of CentOS.

I don't know if the 4k stack on 32-bit machines is still an issue.

In any case, nowadays I would recommend x86_64 for servers anyway,
even if they have only 2GB of RAM. It works much better than PAE,
etc., for 4GB RAM or more, and even if you still have less than 4GB
RAM installing x86_64 will make it much easier when you want to
upgrade.

Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Shell Script Pointers?

[Spiro Harvey]

On Thu, 14 May 2009 12:35:13 +0100
James Bensley  wrote:

> Update: these lines should be:
>  + $X

that should be lower case.

My guess is that because your variables all equal zero, it's possible
that something is wrong with:

find /usr/local/squidGuard/db -maxdepth 1 -type d | while read FOLDER;

stick "set -x" under your #!/bin/sh to see what's running and what's
not.





signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Shell Script Pointers?

[Stephen Harris]

On Fri, May 15, 2009 at 10:17:21AM +1200, Spiro Harvey wrote:

> My guess is that because your variables all equal zero, it's possible
> that something is wrong with:
> 
> find /usr/local/squidGuard/db -maxdepth 1 -type d | while read FOLDER;

More likely he's using a shell that runs the "while" loop in a subshell.

What is
  a=bad
  echo good | read a
  echo a is a

For ksh88, ksh93, zsh it's "good"; for pdksh, bash it's "bad".

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Printing graphics on CentOS 5.3

[fred smith]

On Thu, May 14, 2009 at 10:51:20AM -0700, MHR wrote:
> I am absolutely thrilled and delighted to report that the problem I
> have been having on CentOS since I first started using it, back in
> 4.4, of having all images (graphics) print out from the image viewer
> as all-black pages appears to be gone!
> 
> I just printed 13 graphics from the image viewer directly to my laser
> printer, and they're all excellent.
> 
> I suppose it could be that I'm using a more-supported laser printer
> now (Brother 2140) than then (Minolta PagePro 1100), with a driver
> that actually works properly - I don't know.
> 
> I'm just extremely pleased that this works, regardless pf who should
> get the blame/credit!
> 
> Okay, I'm getting my breath back, now
> 
> 

Well, I have to agree, my brother HL2070N works wonderfully well with
my Centos box. (and my Fedora laptop. And the old Ubuntu box where my
scsi scanner lives. And even--gasp--Windoze!)

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
The Lord detests the way of the wicked 
  but he loves those who pursue righteousness.
- Proverbs 15:9 (niv) -


pgp9bzILmrBjp.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dealing with brute force attacks

[Robert Heller]

At Thu, 14 May 2009 13:00:09 -0700 CentOS mailing list  
wrote:

> 
> 
> 
> on 5-14-2009 11:46 AM James B. Byrne spake the following:
> > On: Thu, 14 May 2009 08:48:36 -0700, Bill Campbell
> >  wrote:
> >> You might look at fail2ban which can automatically create
> >> iptables blocks when things like this happen.
> >>
> > 
> > I went to the source forge website, but the rh rpm is inaccessible.
> > I really do not wish to join yet another mailing list simply to
> > report this so if anyone here is a member there as well please let
> > them know.
> > 
> > Regards,
> > 
> http://packages.sw.be/fail2ban/

If you have either epel or rpmforge repos setup, then

yum install fail2ban

also will work.

> 
> 
> Content-Description: OpenPGP digital signature
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkoMeEkACgkQRADw9lziUqQXqwCfT4tOBbYDvP8hdzRpXIcGJFr+
> qV4An25wJNeT7gvhH8s9MNC3X+spHjwE
> =vFVn
> -END PGP SIGNATURE-
> 
> MIME-Version: 1.0
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
> 

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
hel...@deepsoft.com   -- http://www.deepsoft.com/ModelRailroadSystem/
  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kickstart hang trying to install CentOS 5.3

[nate]

Alfred von Campe wrote:

> I waited overnight and it was still hung in the morning.  My local
> mirror is on the LAN, so it's not a network issue.

hmm, is your package selection particularly complex? In my case
I list hundreds of packages in my %packages section I don't have
groups and stuff. I assume your using a stock CentOS install
and you didn't put any of your own 3rd party rpms in the installation
and update the comps.xml(?) file to include them?

A P4 3Ghz is plenty to install CentOS, I install CentOS 5.2 at least
on 2Ghz systems with 1GB or less ram(running in VMs), I do get about
a 2-4 minute pause but nothing as severe as what you see.

I'm not sure what to suggest..if your packages selection is complex
try simplifying it. I believe what is going on during that stage is
it's calculating all of the dependencies and stuff.

I don't expect strace to be installed as part of the stage2 installer
if it were it'd be interesting to know what exactly it's doing..

nate



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dual-booting CentOS and WinXP

[Sorin Srbu]

>-Original Message-
>From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf
>Of Robert Heller
>Sent: Thursday, May 14, 2009 5:03 PM
>To: CentOS mailing list
>Cc: CentOS mailing list
>Subject: Re: [CentOS] Dual-booting CentOS and WinXP
>
>> > The most curious thing happened now, I get a blank screen after the
Windows
>> > installer screen saying something about "Setting up install
procedure..."
>> > just at the beginning. That is to say, this happens only if the hd with
>> > CentOS is connected to power. If I disconnect the power connector to
the
>> > CentOS drive, the Windows installer happily goes on.
>> >
>> > Is this to be expected, that Windows won't install if it sees a hd with
>> > another OS as master?
>>
>> It's a known issue - I've seen it affecting other distro's (Fedora in my
>> case). It's a Windows XP thing, not specific to the distro, and only
>> affects WinXP afaik (doesn't affect Win2K, couldn't care less about
>> Vista). I first came across it trying to install WinXP on a system that
>> had previously had Fedora on it and the installer hangs at a black
>> screen. The "solution" is to do as you've done and disconnect the drive.
>
>In the OP's case, this would
>mean making the disk with Linux installed the 'slave' (/dev/hdb) and
>the new disk (for MS-Windows) the 'master' (/dev/hda).  The OP would
>then have to boot up with a rescue disk to fix the /etc/fstab file
>(unless it uses labeled file systems) and re-install the boot loader.

Thanks for the confirmation all. I'll try switching the master/slave
settings. 

Luckily I'm still at the testing phase, to see how things'll go smoothest,
before I go live so to speak.
-- 
/Sorin


smime.p7s
Description: S/MIME cryptographic signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos