Re: [CentOS] DRBD very slow....

[Coert Waagmeester]

On Fri, 2009-07-24 at 10:21 +0400, Roman Savelyev wrote:
> 1. You are hit by Nagel alghoritm (slow TCP response). You can build DRBD 
> 8.3. In 8.3 "TCP_NODELAY" and "QUICK_RESPONSE" implemented in place.
> 2. You are hit by DRBD protocol. In most cases, "B" is enought.
> 3. You are hit by triple barriers. In most cases you are need only one of 
> "barrier, flush,  drain" - see documentation, it depens on type of storage 
> hardware.
> 

I have googled the triple barriers thing but cant find that much
information.

Would it help if I used IPv6 instead of IPv4?

Ross, here are the results of those tests you suggested:

For completeness here is my current setup:

host1: 10.99.99.2
Xeon Quad-Core
8GB RAM
Centos 5.3 64bit
2x 1TB seagate sata disks in software raid level 1
LVM on top of the raid for dom0 root fs and for all domU root FSses

host2: 10.99.99.1
Xeon Dual-Core
8GB RAM
Centos 5.3 64bit
2x 1TB seagate sata disks in software raid level 1
LVM on top of the raid for dom0 root fs and for all domU root FSses

common:
hosts are connected to local LAN
and directly to each other with a CAT6 gigabit crossover.

I have 6 DRBDs running for 5 domUs over the back to back link.
DRBD version drbd82-8.2.6-1.el5.centos
___
___




Ok, here is what I have done:

___
I have added the following to the drbd config:
disk { no-disk-flushes;
 no-md-flushes; }

That made the resync go up to 50MB/sec after I issued a
drbdsetup /dev/drbdX syncer -r 110M

It used to stick around at 11MB/sec

As far as i can tell it has improved the domUs disk access as well.

I do see that there are a lot of warnings to be heeded with disk and 
metadata flushing..
___

iperf results:

on host 1:
# iperf -s

Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)

[  5] local 10.99.99.1 port 5001 connected with 10.99.99.2 port 58183
[ ID] Interval   Transfer Bandwidth
[  5]  0.0-10.0 sec  1.16 GBytes990 Mbits/sec


on host 2:
# iperf -c 10.99.99.1

Client connecting to 10.99.99.1, TCP port 5001
TCP window size: 73.8 KByte (default)

[  3] local 10.99.99.2 port 58183 connected with 10.99.99.1 port 5001
[ ID] Interval   Transfer Bandwidth
[  3]  0.0-10.0 sec  1.16 GBytes992 Mbits/sec


I am assuming those results are to be expected from a back to back
gigabit.
___

the dd thing.
I think I did this completely wrong, how is this supposed to be done?

this is what i did

host 1:
nc -l 8123 | dd of=/mnt/data/1gig.file oflag=direct
(/mnt/data is an ext3 FS in LVM mounted on dom0)
(Not drbd) i first wanted to try it locally.

host 2:
date; dd if=/dev/zero bs=1M count=1000 | nc 10.99.99.2 8123 ; date


I did not wait for it to finish... according to ifstat the average speed
I got during this transfer was 1.6MB/sec

___

Any tips would be greatly appreciated.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Named Assertion Failure

[shprahi shprahi]

Hi All,

Recently I am getting the below error on my DNS caching server logs

named[21177]: mem.c:1061: REQUIREctx) != ((void *)0)) && (((const
isc__magic_t *)(ctx))->magic == ((('M') << 24 | ('e') << 16 | ('m') << 8 |
('C')) failed  named[21177]: exiting (due to assertion failure)

Does any one facing this, Please share the resolution if any one resolved

Details are as follows

OS : Centos 5.2 32bit
Bind details :
bind-utils-9.3.4-10.P1.el5_3.1
bind-9.3.4-10.P1.el5_3.1
bind-chroot-9.3.4-10.P1.el5_3.1
bind-libs-9.3.4-10.P1.el5_3.1

Thanks in advance
Shprahi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[Andreas Rogge]

Am Donnerstag, den 23.07.2009, 19:45 +0100 schrieb Miguel Medalha:
> I moved the ssh port from the standard 22 to a high port. The attempts 
> to break into my servers disappeared. The logs are clean now. I would 
> advise you to do the same. Choose a high (> 1024) unused port and 
> configure the clients accordingly.
> 
*cough*
A port > 1024 for SSH? Actually that means that if your sshd dies every
normal user can start to listen on that port with watever they want.
Of course, there is still the host key. However, AFAICT most normal
users just ignore host key changes...

Regards,
Andreas

-- 
Solvention
Egermannstr. 6-8
53359 Rheinbach

Tel: +49 2226 158179-0
Fax: +49 2226 158179-9

http://www.solvention.de
mailto:i...@solvention.de


smime.p7s
Description: S/MIME cryptographic signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DRBD very slow....

[Roman Savelyev]

> I have googled the triple barriers thing but cant find that much
> information.
Please refer to drbdsetup(8) for detailed description of the parameters. 
no-disk-barrier, no-disk-flushes, no-disk-drain, no-md-flushes

> Would it help if I used IPv6 instead of IPv4?
No.

And small transaction must be very slow on DRBD prior to 8.3. 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iso from rpm's

[Tom Brown]

> I have downloaded from an ftp something like RHEL 5.3 ppc64 rpm's. Is there 
> any way to make from them an installation iso?
>
>
>   

why not just download the iso's from redhat with the valid subscription 
details you have?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[Ralph Angenendt]

Andreas Rogge wrote:
> Am Donnerstag, den 23.07.2009, 19:45 +0100 schrieb Miguel Medalha:
> > I moved the ssh port from the standard 22 to a high port. The attempts 
> > to break into my servers disappeared. The logs are clean now. I would 
> > advise you to do the same. Choose a high (> 1024) unused port and 
> > configure the clients accordingly.
> > 
> *cough*
> A port > 1024 for SSH? Actually that means that if your sshd dies every
> normal user can start to listen on that port with watever they want.
> Of course, there is still the host key. However, AFAICT most normal
> users just ignore host key changes...

I just do a portforward on the firewall to achieve that -> port 12345 on
the fw goes to 22 on the host :)

Cheers,

Ralph


pgpodDlrqdIW8.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Named Assertion Failure

[Ralph Angenendt]

shprahi shprahi wrote:
> Hi All,
> 
> Recently I am getting the below error on my DNS caching server logs
> 
> named[21177]: mem.c:1061: REQUIREctx) != ((void *)0)) && (((const
> isc__magic_t *)(ctx))->magic == ((('M') << 24 | ('e') << 16 | ('m') << 8 |
> ('C')) failed  named[21177]: exiting (due to assertion failure)
> 
> Does any one facing this, Please share the resolution if any one resolved

Not yet, see

https://bugzilla.redhat.com/show_bug.cgi?id=455802

This will be fixed in 5.4

> OS : Centos 5.2 32bit

Well, actually you are running 5.3 ...

Cheers,

Ralph


pgpw2Tyapu2HW.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iso from rpm's

[Dmitry Zaletnev]

> 
> > I have downloaded from an ftp something like RHEL 5.3 ppc64 rpm's. Is there 
> > any way to make from them an installation iso?
> 
> why not just download the iso's from redhat with the valid subscription 
> details you have?
Because the value of subscription is equal the value of my PlayStation 3.
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>  

Здесь спама нет http://mail.yandex.ru/nospam/sign
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[John]

Am Donnerstag, den 23.07.2009, 19:45 +0100 schrieb Miguel Medalha:
> I moved the ssh port from the standard 22 to a high port. The attempts
> to break into my servers disappeared. The logs are clean now. I would
> advise you to do the same. Choose a high (> 1024) unused port and
> configure the clients accordingly.
>
*cough*
A port > 1024 for SSH? Actually that means that if your sshd dies every
normal user can start to listen on that port with watever they want.
Of course, there is still the host key. However, AFAICT most normal
users just ignore host key changes...

Regards,
Andreas

Hi,

Using a non default port is not the solution, because history has learned 
that security by obscurity never worked.
for using a high port I agree with Andreas.


We came to the conclusion that for US there are 2 ways to keep SSH access 
"relative" safe:
1: Use Iptables or other firewall in front of server,  to only allow a 
selected group of "trusted" Ip's to access the server trough SSH.
2: Enforce Public / Private key Authentication, so that only the users with 
a valid key can access the server.

And:
3: Deny remote root access, limit who can do su - root

For some people, maybe portnocking is an option. But I don't know how easy / 
difficult that is to circumvent.

If you use SSH only for server managemt, and doing that only from a limited 
amount of pubic IP addresses,  option 1 is the most easy way to go. But if 
you're are an ISP, allowing SSH of SFP access to the host  then, option 1 
impossible to use, and option 2  is probably to  diffucult for your 
clients..

My conclusion was at the time I made the assesment:
If possible, limit Server management to a limited set off public Ip 
adresses, for sentive systems enforce Public privat key authentication
If above is not possible, Enforce Public / Private Key authentication.
Do not allow remote root access.

regards,

John




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[Andreas Rehmer]

Hi

i am using the following way to dissallow ssh connects without having the 
Problem of specific IPs or something else.

Before you get access to the machine you must visit a webpage protected by 
httpauth. This start a small script that put the Remote Adress into a 
list. Only if your ip is on the list and not older than 5 min. you gain 
access via ssh.

For this i used only iptables the Skript and apache.
The only Problem is when the httpd hangs on.

If you want more Information write me.

Reg. Rehmer

reh...@teltarif.de
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iso from rpm's

[Karanbir Singh]

On 07/24/2009 11:32 AM, Dmitry Zaletnev wrote:
>>> I have downloaded from an ftp something like RHEL 5.3 ppc64 rpm's. Is there 
>>> any way to make from them an installation iso?
>> why not just download the iso's from redhat with the valid subscription
>> details you have?
> Because the value of subscription is equal the value of my PlayStation 3.

rhel ppc64 does not work on the playstation

didnt we already have this conversation earlier though ?

-- 
Karanbir Singh : http://www.karan.org/  : 2522...@icq
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[luc...@lastdot.org]

On Fri, Jul 24, 2009 at 12:04 PM, Andreas Rehmer wrote:
> Hi
>
> i am using the following way to dissallow ssh connects without having the
> Problem of specific IPs or something else.
>
> Before you get access to the machine you must visit a webpage protected by
> httpauth. This start a small script that put the Remote Adress into a
> list. Only if your ip is on the list and not older than 5 min. you gain
> access via ssh.
>
> For this i used only iptables the Skript and apache.
> The only Problem is when the httpd hangs on.
>
> If you want more Information write me.
>
> Reg. Rehmer
>
> reh...@teltarif.de
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

I banned all China and Korea in my gateway :) (not for all ports, only
for ssh & ftp).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[Eduardo Silvestre]

I'm using ssh port knocking.

Regards,

---
Eduardo Silvestre
nfsi telecom, lda.

eduardo.silves...@nfsi.pt
Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301
http://www.nfsi.pt/

- Original Message -
From: "Andreas Rehmer" 
To: "CentOS mailing list" 
Sent: Sexta-feira, 24 de Julho de 2009 12H04m GMT +00:00 GMT Britain, Ireland, 
Portugal
Subject: Re: [CentOS] SSH attacks from china

Hi

i am using the following way to dissallow ssh connects without having the 
Problem of specific IPs or something else.

Before you get access to the machine you must visit a webpage protected by 
httpauth. This start a small script that put the Remote Adress into a 
list. Only if your ip is on the list and not older than 5 min. you gain 
access via ssh.

For this i used only iptables the Skript and apache.
The only Problem is when the httpd hangs on.

If you want more Information write me.

Reg. Rehmer

reh...@teltarif.de
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Drupal installation

[Timothy Murphy]

John Thomas wrote:

>> Sorry, I should have made myself clearer.
>> Drupal-5 is available on EPEL,
>> so it can just be yum-installed.
>> The question is, what to do after that?
>> Eg is it a good idea to create a user drupal
>> who will own the database one has to create?
> 
> No need to create a user Drupal at the OS level.
> 
> You need to create a database and a database user/password.  The
> database/user/password go into the settings.php file.

I understand that that is the theory,
but it is clear from a quick google for "drupal installation"
that many people apart from me do not find it that simple.

The fact is, there are a dozen points where there is some ambiguity,
in the absence of precise instructions.

For example, I created a directory /etc/drupal/sites/www.gayleard.com
with my settings.php it in, as did several of the tutorials I visited.
But I get error messages in /var/log/messages telling me
that sites/default cannot be read.

That's just an example.
As I say, there are several other points of ambiguity.
If only the so-called tutorials and howtos just listed
the exact commands they gave.

> There is a Drupal support list too, which may be more appropriate at
> some point.

I did indeed ask on , 
but just got replies saying that it was easy.
Not one person listed a single command they gave.



-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iso from rpm's

[Dmitry Zaletnev]

> On 07/24/2009 11:32 AM, Dmitry Zaletnev wrote:
> > > > I have downloaded from an ftp something like RHEL 5.3 ppc64 rpm's. Is 
> > > > there any way to make from them an installation iso?
> > > why not just download the iso's from redhat with the valid subscription
> > > details you have?
> > Because the value of subscription is equal the value of my PlayStation 3.
> 
> rhel ppc64 does not work on the playstation
> 
> didnt we already have this conversation earlier though ?
> -- 
> Karanbir Singh : http://www.karan.org/ : 2522...@icq
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>  
thank you
--
Dmitry

Здесь спама нет http://mail.yandex.ru/nospam/sign
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iso from rpm's

[Per Qvindesland]

I guess that this one might work do I have never tried it my self
http://psubuntu.com/ [1]

Regards
Per Qvindesland

E-mail: p...@norhex.com [2]
http://www.linkedin.com/in/perqvindesland [3]
--- Original message follows ---
SUBJECT: Re: [CentOS] iso from rpm's
FROM:  Dmitry Zaletnev
TO: "CentOS mailing list"
DATE: 24-07-2009 13:24

> On 07/24/2009 11:32 AM, Dmitry Zaletnev wrote:
> > > > I have downloaded from an ftp something like RHEL 5.3 ppc64
rpm's. Is there any way to make from them an installation iso?
> > > why not just download the iso's from redhat with the valid
subscription
> > > details you have?
> > Because the value of subscription is equal the value of my
PlayStation 3.
> 
> rhel ppc64 does not work on the playstation
> 
> didnt we already have this conversation earlier though ?
> --
> Karanbir Singh : http://www.karan.org/ : 2522...@icq
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
thank you
--
Dmitry

Здесь спама нет http://mail.yandex.ru/nospam/sign
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Links:
--
[1] http://psubuntu.com/
[2] http://webmail.norhex.com/#
[3] http://www.linkedin.com/in/perqvindesland___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Named Assertion Failure

[shprahi shprahi]

Hi Ralph,

Thanks a lot for the help, Find my Kernel details is kernel needs to be
upgraded? (5.3)

Linux cache1.com 2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 12:03:43 EST 2008 i686
i686 i386 GNU/Linux

cat /etc/issue

CentOS release 5.2 (Final)
Kernel \r on an \m

Thanks in advance,
Shprahi


On Fri, Jul 24, 2009 at 3:38 PM, Ralph Angenendt

> wrote:

> shprahi shprahi wrote:
> > Hi All,
> >
> > Recently I am getting the below error on my DNS caching server logs
> >
> > named[21177]: mem.c:1061: REQUIREctx) != ((void *)0)) && (((const
> > isc__magic_t *)(ctx))->magic == ((('M') << 24 | ('e') << 16 | ('m') << 8
> |
> > ('C')) failed  named[21177]: exiting (due to assertion failure)
> >
> > Does any one facing this, Please share the resolution if any one resolved
>
> Not yet, see
>
> https://bugzilla.redhat.com/show_bug.cgi?id=455802
>
> This will be fixed in 5.4
>
> > OS : Centos 5.2 32bit
>
> Well, actually you are running 5.3 ...
>
> Cheers,
>
> Ralph
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[Ralph Angenendt]

John wrote:
> Using a non default port is not the solution, because history has learned 
> that security by obscurity never worked.

It's not "security by obscurity", moving the default port is just to not
see all that garbage in the log files - as the automated scripts don't
check for ssh on different ports than 22. 

And save cpu cycles by not having to answer to those requests.

> 1: Use Iptables or other firewall in front of server,  to only allow a 
> selected group of "trusted" Ip's to access the server trough SSH.

Well, that is not always possible or wanted.

> 2: Enforce Public / Private key Authentication, so that only the users with 
> a valid key can access the server.

And yes, you shouldn't be using ssh with password authentication, true.

Ralph


pgpn73qJu4wHk.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Named Assertion Failure

[Ralph Angenendt]

shprahi shprahi wrote:
> Hi Ralph,
> 
> Thanks a lot for the help, Find my Kernel details is kernel needs to be
> upgraded? (5.3)
> 
> Linux cache1.com 2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 12:03:43 EST 2008 i686
> i686 i386 GNU/Linux

Well, it's not only the kernel you should upgrade - you should keep your
system (releatively) secure by running "yum update" on a regular basis.

yum update *really* makes it easy to keep your system up to date.

Why aren't you using it?

Ralph


pgpgL8KWcAB55.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Drupal installation

[John Thomas]

Timothy Murphy wrote:

> For example, I created a directory /etc/drupal/sites/www.gayleard.com
> with my settings.php it in, as did several of the tutorials I visited.
> But I get error messages in /var/log/messages telling me
> that sites/default cannot be read.

I was at your level when I did it the first time, but I forgot what I 
learned, so it is hard to help.

If you plan on hosting multiple sites, create a symlink (ln -s) in sites 
called default to www.gayleard.com.  If you only plan to host the one 
site, rename it to default.

Once you do it a few times you will probably find it easy.  It is 
probably best to keep studying so you understand the security aspects if 
you plan to face the site to the public.  Drupal makes it hard to be 
insecure, but not impossible.

http://drupal.org/getting-started/5/install

Oh, and you should probably use Drupal 6 unless you have a very specific 
reason.

-- 
Sincerely,
John Thomas
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DRBD very slow....

[Ross Walker]

On Jul 24, 2009, at 3:28 AM, Coert Waagmeester  wrote:

>
> On Fri, 2009-07-24 at 10:21 +0400, Roman Savelyev wrote:
>> 1. You are hit by Nagel alghoritm (slow TCP response). You can  
>> build DRBD
>> 8.3. In 8.3 "TCP_NODELAY" and "QUICK_RESPONSE" implemented in place.
>> 2. You are hit by DRBD protocol. In most cases, "B" is enought.
>> 3. You are hit by triple barriers. In most cases you are need only  
>> one of
>> "barrier, flush,  drain" - see documentation, it depens on type of  
>> storage
>> hardware.
>>
>
> I have googled the triple barriers thing but cant find that much
> information.
>
> Would it help if I used IPv6 instead of IPv4?

Triple barriers wouldn't affect you as this is on top of LVM and LVM  
doesn't support barriers, so it acts like a filter for them. Not good,  
but that's the state of things.

I would have run the dd tests locally and not with netcat, the idea is  
to take the network out of the picture.

Given the tests though it looks like the disks have their write caches  
disabled which cripples them, but with LVM filtering barriers, it's  
the safest configuration.

The way to get fast and safe is to use partitions instead of logical  
volumes. If you need more then 4 then use GPT partition table which  
allows up to 256 I believe. Then you can enable the disk caches as  
drbd will issue barrier writes to assure consistency (hmmm maybe the  
barrier problem is with devmapper which means software RAID will be a  
problem too? Need to check that).

Or

Invest in a HW RAID card with NVRAM cache that will negate the need  
for barrier writes from the OS as the controller will issue them async  
from cache allowing I/O to continue flowing. This really is the safest  
method.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[Kai Schaetzl]

Bob Hoffman wrote on Thu, 23 Jul 2009 12:37:54 -0400:

> Enjoy this..., 8000+ attempts.

I did not enjoy this. Could you please consider next time putting such a 
log up under a link somewhere and refer to it instead of sending it all to 
the list? Thanks.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Self signed certs, openssl dovecot

[Bob Hoffman]

So, at wits end. Have gone back to plain text for pop3.

I set up the ssl as per instructions but I always get a 'chain' error first
time trying to receive mail with my mail client.

Comes down I believe to the need to get a CA for dovecot's pem files or I
will always get an error.

Now I am thinking since I am self signing my own mail I should be able to
make that intermediate crt file for dovecotbut have no idea the name or
process for that one.

I am not gonna pay 30 dollars to get a signed cert for my own mail, nor do I
want to keep getting that error when my mail client opens up.


So...anyone ever do a self signed cert with dovecot and went ssl pop3s?
Millions of posts out there but no one has an answer.


bummed

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] rpm

[David Leon]

Hi folks

I'm trying to install amavisd-new on Centos 5.3. There is a lot of
failed dependencies errors when I try to install it. My question is,
there is a way to automatically get all the rpm dependencies I need
and get them saved somewhere in my hard drive for future
installations? I'm behind a squid proxy.

Thanks in advance.

David
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpm

[luc...@lastdot.org]

On Fri, Jul 24, 2009 at 2:52 PM, David Leon wrote:
> Hi folks
>
> I'm trying to install amavisd-new on Centos 5.3. There is a lot of
> failed dependencies errors when I try to install it. My question is,
> there is a way to automatically get all the rpm dependencies I need
> and get them saved somewhere in my hard drive for future
> installations? I'm behind a squid proxy.
>
> Thanks in advance.
>
> David
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Yep, add Dag's repo. Latest amavisd-new is there, with all the dependencies:
http://dag.wieers.com/rpm/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] About NIDS software or hardware.

[Semih Gokalp]

Hi all CentOS users.

I have used the Snort on server for NIDS.It is connected to switch's
SPAN port and server ethernet mode is promiscuous and it is analysing
all network traffic and alert me all status.

But i am searching other alternative for NIDS that it connectable to
network area like Snort server.I found some hardware machine such as
SonicWall,Barracuda etc.. but at the same time this hardwares are
firewall and VPN UTM but only I am looking for NIDS alternative.

Do you know which hardware can i use for NIDS ? I am waiting your
advice and suggestion.

-- 
Iyi calismalar.Basarilar...
Semih Gokalp
Istanbul/Turkiye
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Dependency problems

[Sam Drinkard]

Below is output from yum update.  Don't know when or what's caused the 
dependencies to go haywire with the apache or httpd stuff, but would 
appreciate pointers.  The repos don't include rpmforge, only the 
standard CentOS repositories.# yum update
Loaded plugins: fastestmirror, priorities, protectbase
Loading mirror speeds from cached hostfile
 * base: centos.corenetworks.net
 * updates: mirror.anl.gov
 * addons: mirror.skiplink.com
 * extras: centos.corenetworks.net
Excluding Packages in global exclude list
Finished
0 packages excluded due to repository priority protections
0 packages excluded due to repository protections
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package samba-common.x86_64 0:3.0.33-3.7.el5_3.1 set to be updated
---> Package samba-client.x86_64 0:3.0.33-3.7.el5_3.1 set to be updated
---> Package kernel-headers.x86_64 0:2.6.18-128.2.1.el5 set to be updated
---> Package mod_ssl.x86_64 1:2.2.3-22.el5.centos.2 set to be updated
---> Package kernel.x86_64 0:2.6.18-128.2.1.el5 set to be installed
---> Package samba.x86_64 0:3.0.33-3.7.el5_3.1 set to be updated
---> Package httpd.x86_64 0:2.2.3-22.el5.centos.2 set to be updated
--> Processing Dependency: httpd = 2.2.3-22.el5.centos.1 for package: 
httpd-devel
---> Package httpd-devel.x86_64 0:2.2.3-22.el5.centos.2 set to be updated
---> Package httpd-manual.x86_64 0:2.2.3-22.el5.centos.2 set to be updated
--> Finished Dependency Resolution
httpd-devel-2.2.3-22.el5.centos.1.i386 from installed has depsolving 
problems
  --> Missing Dependency: httpd = 2.2.3-22.el5.centos.1 is needed by 
package httpd-devel-2.2.3-22.el5.centos.1.i386 (installed)
--> Running transaction check
---> Package kernel.x86_64 0:2.6.18-128.1.10.el5.centos.plus set to be 
erased
--> Processing Dependency: httpd = 2.2.3-22.el5.centos.1 for package: 
httpd-devel
--> Finished Dependency Resolution
httpd-devel-2.2.3-22.el5.centos.1.i386 from installed has depsolving 
problems
  --> Missing Dependency: httpd = 2.2.3-22.el5.centos.1 is needed by 
package httpd-devel-2.2.3-22.el5.centos.1.i386 (installed)
Error: Missing Dependency: httpd = 2.2.3-22.el5.centos.1 is needed by 
package httpd-devel-2.2.3-22.el5.centos.1.i386 (installed)
#

Main question is why is it looking for something from centos.1 ?

Thanks..

Sam

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dependency problems

[Filipe Brandenburger]

Hi,

On Fri, Jul 24, 2009 at 10:07, Sam Drinkard wrote:
> ---> Package httpd.x86_64 0:2.2.3-22.el5.centos.2 set to be updated
> ---> Package httpd-devel.x86_64 0:2.2.3-22.el5.centos.2 set to be updated
> [...]
> Error: Missing Dependency: httpd = 2.2.3-22.el5.centos.1 is needed by
> package httpd-devel-2.2.3-22.el5.centos.1.i386 (installed)

You have a 64-bit machine but a 32-bit httpd-devel package installed.

To fix your problem, uninstall the 32-bit version of httpd-devel, with
this command:
# rpm -e httpd-devel.i386

After that, yum update should complete successfully.

Now, as to why this happened, the 64-bit version of CentOS (and RHEL)
includes 32-bit versions of some packages. Maybe in the past
httpd-devel was provided in both 32-bit and 64-bit versions, and you
ended up installing both versions of the package, but now only the
64-bit version is provided, so the upgrade of the 32-bit version is
not available anymore. I've seen similar problems happen with other
packages, so I believe the same might have happened with httpd-devel
too.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] A little more info

[Sam Drinkard]

I forgot to mention this is an x86_64 machine.  Sometime somewhere back 
several months ago, the centos plus kernel got installed, and I didn't 
notice it until just recently.  It's not in use.  I understand there are 
some i386 packages already installed, and at one point, I thought I had 
set yum up to only pull down the x8_64 packages, but I suppose something 
got changed in the yum.repos.d files somewhere along the way.

Sam

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpm

[Kwan Lowe]

On Fri, Jul 24, 2009 at 9:52 AM, David Leon wrote:
> Hi folks
>
> I'm trying to install amavisd-new on Centos 5.3. There is a lot of
> failed dependencies errors when I try to install it. My question is,
> there is a way to automatically get all the rpm dependencies I need
> and get them saved somewhere in my hard drive for future
> installations? I'm behind a squid proxy.

To keep the cache, edit the /etc/yum.conf file and add:
keepcache=1

The yum cache will be in /var/cache/yum/REPO_NAME.

E.g., the rpmforge repo will be /var/cache/yum/rpmforge/packages.

You can copy the rpms in that dir to the same location on the next
server.. *or* share the location as a repository.  For one offs, it's
probably easier to just copy the rpms.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpm

[David Leon]

hi, thanks, but where should I add that repo and how can I use it?

David

On Fri, Jul 24, 2009 at 9:03 AM, luc...@lastdot.org wrote:
> On Fri, Jul 24, 2009 at 2:52 PM, David Leon wrote:
>> Hi folks
>>
>> I'm trying to install amavisd-new on Centos 5.3. There is a lot of
>> failed dependencies errors when I try to install it. My question is,
>> there is a way to automatically get all the rpm dependencies I need
>> and get them saved somewhere in my hard drive for future
>> installations? I'm behind a squid proxy.
>>
>> Thanks in advance.
>>
>> David
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
> Yep, add Dag's repo. Latest amavisd-new is there, with all the dependencies:
> http://dag.wieers.com/rpm/
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UPDATE over REPO

[Alberto García Gómez]

OK, maybe I don't write the right word, what I really need is an upgrade 
(eg.: from PHP5.1.x to PHP5.2.x, and so on) and I don't know do that using 
yum. What I do until know is downloading the packages from rpmfind.net and 
when they request me some dependencies I download those packages again, and 
again, and again..and that's what I want to avoid

Saludos Fraternales
_
Atte.
Alberto García Gómez M:.M:.
Administrador de Redes/Webmaster
IPI "Carlos Marx", Matanzas. Cuba.
- Original Message - 
From: "Filipe Brandenburger" 
To: "CentOS mailing list" 
Sent: Thursday, July 23, 2009 11:04 AM
Subject: Re: [CentOS] UPDATE over REPO


Hi,

2009/7/23 Alberto García Gómez :
> I'm not talking of make a "yum -y update"; is more liked an intelligent
> "rpm" with REPO connection. ;-)

"yum" is "rpm" with repository connection and dependency solving.
There currently is no way to have RPM download and install
dependencies by itself, that is what "yum" is for.

You should look into using "createrepo" to create a "yum" repository.
It is not that hard.

Alternatively, you should look into already existing repositories for
CentOS that contain the versions of Apache and PHP that you want.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] About NIDS software or hardware.

[John R Pierce]

Semih Gokalp wrote:
> 
> Do you know which hardware can i use for NIDS ? I am waiting your
> advice and suggestion.
>   

my suggestion is, this question has nothing to do with CentOS.

you might try google,
http://www.google.com/search?hl=en&q=hardware+intrusion+detection+system

or something like Gartner reports, which evaluate IT systems for 
enterprises ($$$)


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bacula Instalation - Dependencies problems

[John Doe]

From: Alejandro 
> The FSCHWARZ rpm work excellent!
> You use some GUI for make the admin of the Jobs?

I just used bacula monitor and console while building/testing my configuration 
files.
But the graphic console is very close to an xterm where you would run a text 
console...
The monitor is quite basic too.
And now that everything is automated and running, I don't use them anymore...
I receive daily emails with backups logs results.
There is BAT that is more advanced, but never tried it.
  http://wiki.bacula.org/doku.php?id=bat
I prefer to modify my configuration files manualy...
Only thing I would miss is an explorer like interface to recover files from the 
backups.
But never had to so far...

JD


  

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UPDATE over REPO

[Ralph Angenendt]

Alberto García Gómez wrote:
> OK, maybe I don't write the right word, what I really need is an upgrade 
> (eg.: from PHP5.1.x to PHP5.2.x, and so on) and I don't know do that using 
> yum. What I do until know is downloading the packages from rpmfind.net and 
> when they request me some dependencies I download those packages again, and 
> again, and again..and that's what I want to avoid

I wonder why we write all that documentation ...



Ralph


pgpI7n5lB7B0V.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpm

[John Doe]

From: David Leon 
> On Fri, Jul 24, 2009 at 9:03 AM, luc...@lastdot.org wrote:
> > Yep, add Dag's repo. Latest amavisd-new is there, with all the dependencies:
> > http://dag.wieers.com/rpm/
> hi, thanks, but where should I add that repo and how can I use it?

If you go to the url, there is "Installation and Configuration"...

JD


  

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UPDATE over REPO

[Kwan Lowe]

2009/7/24 Alberto García Gómez :
> OK, maybe I don't write the right word, what I really need is an upgrade
> (eg.: from PHP5.1.x to PHP5.2.x, and so on) and I don't know do that using
> yum. What I do until know is downloading the packages from rpmfind.net and
> when they request me some dependencies I download those packages again, and
> again, and again..and that's what I want to avoid

Not sure if this is precisely what you mean, but I have a similar issue.

I run some production RedHat servers (4.x) and CentOS for development
and test instances. The Apache/PHP packages we require are not
available via repos as they need some specific Oracle, Perl and other
miscellaneous packages.   I need to rebuild the packages because of
these dependencies.

To ease the process, I use the Sourcexx: lines in the rpm spec file to
automatically retrieve sources from their online homes. This works if
the URLs are relatively consistent. For example:

Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz

You could add another local server containing those packages then use
the Source line to specify the location of your local server.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpm

[Tom Brown]

>
> hi, thanks, but where should I add that repo and how can I use it?
>
>   

dont top post

google yum

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] About NIDS software or hardware.

[Semih Gokalp]

Thanks for your reply but I have already know this is not CentOS question.

I only wanted to know your suggestions and advice.

Sorry my question.Everbody can ignore my question.


2009/7/24 John R Pierce :
> Semih Gokalp wrote:
>> 
>> Do you know which hardware can i use for NIDS ? I am waiting your
>> advice and suggestion.
>>
>
> my suggestion is, this question has nothing to do with CentOS.
>
> you might try google,
> http://www.google.com/search?hl=en&q=hardware+intrusion+detection+system
>
> or something like Gartner reports, which evaluate IT systems for
> enterprises ($$$)
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Iyi calismalar.Basarilar...
Semih Gokalp
Istanbul/Turkiye
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] apache redirect rule

[David Hláčik]

Hi Jacob,

thank you very much for your improvement! I did so.

Best Regards,
David Hlacik

On Thu, Jul 23, 2009 at 5:46 PM,  wrote:
> put your check for extensions.polarion.com before the rule for 
> community.polarion.com and end it with a [L] on the rewriterule.
>
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf 
> Of David Hlácik
> Sent: Thursday, July 23, 2009 7:47 AM
> To: CentOS mailing list
> Subject: [CentOS] apache redirect rule
>
> Hello guys,
>
> sorry for this OT, but It seems that I am a very stupid :(.
> I want to achieve one simple think in apache 2.2.
>
> If users will type extensions.polarion.com I want to redirect him to
> extensions.polarion.com/polarion/extensions However there are
> following rules that apply
>
> 1) extensions.polarion.com is an virtual host alias to
> community.polarion.com . There is a definition inside virtual host
> which redirects all / to /polarion using this RedirectMatch permanent
> ^/$ /polarion/
>
> 2) what I want to achieve is to check if user comes from
> extensions.polarion.com and If so to redirect him to
> extensions.polarion.com/polarion/extensions
>
> I guess something like :
>
> RewriteCond %{HTTP_HOST} extensions.polarion.com
> RewriteRule / http://extensions.polarion.com/polarion/extensions/
>
> Is this going to work?
>
> Thanks milion times.
>
> David
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Self signed certs, openssl dovecot

[Ned Slider]

Bob Hoffman wrote:
> So, at wits end. Have gone back to plain text for pop3.
> 
> I set up the ssl as per instructions but I always get a 'chain' error first
> time trying to receive mail with my mail client.
> 
> Comes down I believe to the need to get a CA for dovecot's pem files or I
> will always get an error.
> 
> Now I am thinking since I am self signing my own mail I should be able to
> make that intermediate crt file for dovecotbut have no idea the name or
> process for that one.
> 
> I am not gonna pay 30 dollars to get a signed cert for my own mail, nor do I
> want to keep getting that error when my mail client opens up.
> 
> 
> So...anyone ever do a self signed cert with dovecot and went ssl pop3s?
> Millions of posts out there but no one has an answer.
> 
> 
> bummed
> 

Did you try any of the advice you received when you asked a month ago?

http://lists.centos.org/pipermail/centos/2009-June/078273.html

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpm

[Ned Slider]

luc...@lastdot.org wrote:
> On Fri, Jul 24, 2009 at 2:52 PM, David Leon wrote:
>> Hi folks
>>
>> I'm trying to install amavisd-new on Centos 5.3. There is a lot of
>> failed dependencies errors when I try to install it. My question is,
>> there is a way to automatically get all the rpm dependencies I need
>> and get them saved somewhere in my hard drive for future
>> installations? I'm behind a squid proxy.
>>
>> Thanks in advance.
>>
>> David
>>
> 
> Yep, add Dag's repo. Latest amavisd-new is there, with all the dependencies:
> http://dag.wieers.com/rpm/

It's covered on the Wiki too:

http://wiki.centos.org/HowTos/Amavisd

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Self signed certs, openssl dovecot

[Paul Heinlein]

On Fri, 24 Jul 2009, Bob Hoffman wrote:

> So, at wits end. Have gone back to plain text for pop3.
>
> I set up the ssl as per instructions but I always get a 'chain' 
> error first time trying to receive mail with my mail client.
>
> Comes down I believe to the need to get a CA for dovecot's pem files 
> or I will always get an error.

You've got to tell your mail client to trust either the dovecot 
certificate or the CA cert that signed it.

The procedure for doing so varies with your mail client. The message 
you sent to the list came from Outlook. Is that the client you 
typically use?

-- 
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bizarre firefox/X11 problem on centos 5.3

[fred smith]

On Thu, Jul 23, 2009 at 05:05:36PM -0700, Akemi Yagi wrote:
> On Thu, Jul 23, 2009 at 4:51 PM, fred
> smith wrote:
> > I set up a Centos5 box at work a week or two ago. Today I had this
> > bizarre, repeatable problem:
> >
> > fire up firefox 3.5.1, browse to centos.org, go to the wiki, click the
> > HOWTO button at the top of the page, and either at that point, or a
> > moment later when clicking the link for the RAID documents, KABMMM!!!
> > X dies and you return to a login prompt. I did it at least three times.
> 
> > Never seen that before, anybody else experienced it?
> 
> Yes.  Please see these (long) threads:
> 
> http://lists.centos.org/pipermail/centos/2009-July/079046.html
> 
> and
> 
> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=21070&forum=37
> 
> Akemi
> ___


One of those threads includes a message from Olaf Mueller in which he suggests
adding this stuff (below) to Section "Device" in your xorg.conf:

Option  "AccelMethod" "XAA"
Option  "XAANoOffscreenPixmaps" "true"

I did add it, and have not been able to reproduce the crash since. 

I'm not sure what that does to performance, if anything.

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
  "And he will be called Wonderful Counselor, Mighty God, Everlasting Father,
  Prince of Peace. Of the increase of his government there will be no end. He 
 will reign on David's throne and over his kingdom, establishing and upholding
  it with justice and righteousness from that time on and forever."
--- Isaiah 9:7 (niv) --


pgplciIWGQGju.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[Miguel Medalha]

>> Using a non default port is not the solution, because history has learned 
>> that security by obscurity never worked.
>> 
>
> It's not "security by obscurity", moving the default port is just to not
> see all that garbage in the log files - as the automated scripts don't
> check for ssh on different ports than 22. 
>   

People get those fixed ideas and it is difficult to get rid of them. Of 
course you should not rely ONLY on obscurity to secure your server. But 
using a non-standard port effectively defeats *the vast majority* of 
attacks, which never try other than the standard port. I went from 
thousands of entries in the logs to NONE.

> And save cpu cycles by not having to answer to those requests.
>
>   
YES!
>> 1: Use Iptables or other firewall in front of server,  to only allow a 
>> selected group of "trusted" Ip's to access the server trough SSH.
>> 
>
> Well, that is not always possible or wanted.
>
>   

Of course! In my case it is not even possible.

>> 2: Enforce Public / Private key Authentication, so that only the users with 
>> a valid key can access the server.
>> 
>
> And yes, you shouldn't be using ssh with password authentication, true.
>
>   

Yes! Use only authentication with an encrypted key, e.g. a 
public/private key pair.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dependency problems

[Sam Drinkard]

Filipe Brandenburger wrote:
> Hi,
>
> On Fri, Jul 24, 2009 at 10:07, Sam Drinkard wrote:
>   
>> ---> Package httpd.x86_64 0:2.2.3-22.el5.centos.2 set to be updated
>> ---> Package httpd-devel.x86_64 0:2.2.3-22.el5.centos.2 set to be updated
>> [...]
>> Error: Missing Dependency: httpd = 2.2.3-22.el5.centos.1 is needed by
>> package httpd-devel-2.2.3-22.el5.centos.1.i386 (installed)
>> 
>
> You have a 64-bit machine but a 32-bit httpd-devel package installed.
>
> To fix your problem, uninstall the 32-bit version of httpd-devel, with
> this command:
> # rpm -e httpd-devel.i386
>
> After that, yum update should complete successfully.
>
> Now, as to why this happened, the 64-bit version of CentOS (and RHEL)
> includes 32-bit versions of some packages. Maybe in the past
> httpd-devel was provided in both 32-bit and 64-bit versions, and you
> ended up installing both versions of the package, but now only the
> 64-bit version is provided, so the upgrade of the 32-bit version is
> not available anymore. I've seen similar problems happen with other
> packages, so I believe the same might have happened with httpd-devel
> too.
>
> HTH,
> Filipe
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
Filipe,

Thank you so much.  That did the trick.!  updating as I am typing now...

Sam

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] A little more info

[Kai Schaetzl]

Sam Drinkard wrote on Fri, 24 Jul 2009 10:18:22 -0400:

> I forgot

You forgot to post that in the thread it belongs to.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Drupal installation

[David G . Miller]

Timothy Murphy  writes:

> 
> Does anyone have experience of drupal installation under CentoOS-5.3
> with MySQL database preferably accessed through phpMyAdmin.
> 
> I want to install drupal more or less as an experiment,
> and I'm looking for a 1- or 2-page document 
> that just lists precisely what steps to take.
> 
> I've had a quick look at the official installation instructions,
> and I found them confusing and contradictory.
> 

I installed Drupal 6 a while ago since I wanted something more powerful that
WordPress.  I captured my experience in a series of postings at:

http://davenjudy.org/davesBlog/forum/22

Yes, you probably want to have a separate database user for Drupal.  I don't
think it's a requirement; just good practice.

I found the book "Building powerful and robust websites with Drupal 6" by David
Mercer to be very helpful.

Cheers,
Dave

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Self signed certs, openssl dovecot

[Bob Hoffman]

 
> Did you try any of the advice you received when you asked a month ago?
> 
> http://lists.centos.org/pipermail/centos/2009-June/078273.html
> 

That was for the error with outlook, this is more about how to add that
middle chain with dovecot to avoid the issue.
None of those others will work with outlook. Importing a cert will do
nothing to avoid a constant error everytime you open up the mail client.
Only a trusted CA will work it seems.
Dovecot setup uses two pem files and that is what the books say, but to not
get the trusted chain error there has to be that third file of 'some kind'
'some where' relating to 'some thing'

If you have an answer, link to it, because I can show you no answer at all
to prevent ssl chain warnings when accessing self signed certs via dovecot
and mail clients...even if adding to the trusted folders client side.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Self signed certs, openssl dovecot

[Bob Hoffman]

 


> > Comes down I believe to the need to get a CA for dovecot's 
> pem files 
> > or I will always get an error.
> 
> You've got to tell your mail client to trust either the 
> dovecot certificate or the CA cert that signed it.
> 
> The procedure for doing so varies with your mail client. The 
> message you sent to the list came from Outlook. Is that the 
> client you typically use?

Trying not to buy a ssl for my private mail, doesn't seem like something you
would need just to get access to your own mail, so no trusted CA there (ssh
does not require trusted dang it).

The idea floated as a thought in some channels is to make a sort of
self-trusted CA on your server for dovecot. But no examples of this can be
found, so if anyone has knowledge, all ears here.

For now I swtiched to plain text and cannot ssl my user/pass without the
errors each time opening mail client (have downloaded and used a few)..this
is a chain trust thing, not a mail client thing.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Self signed certs, openssl dovecot

[Paul Heinlein]

On Fri, 24 Jul 2009, Bob Hoffman wrote:

>>> Comes down I believe to the need to get a CA for dovecot's pem 
>>> files or I will always get an error.
>>
>> You've got to tell your mail client to trust either the dovecot 
>> certificate or the CA cert that signed it.
>>
>> The procedure for doing so varies with your mail client. The 
>> message you sent to the list came from Outlook. Is that the client 
>> you typically use?
>
> Trying not to buy a ssl for my private mail, doesn't seem like 
> something you would need just to get access to your own mail, so no 
> trusted CA there (ssh does not require trusted dang it).
>
> The idea floated as a thought in some channels is to make a sort of 
> self-trusted CA on your server for dovecot. But no examples of this 
> can be found, so if anyone has knowledge, all ears here.

The easy-rsa scripts that ship with OpenVPN might be helpful to you. 
Grab the latest openvpn distribution:

   http://openvpn.net/index.php/open-source/downloads.html

Then have a look at the easy-rsa instructions:

   
http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html

You'll end up with a roll-your-own certificate authority (CA) and 
scripts to build a certificate for your dovecot server.

Then use the Window key-management system to import the CA's public 
certificate. At that point Outlook ought to trust your dovecot 
certificate.

-- 
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Self signed certs, openssl dovecot

[Ned Slider]

Bob Hoffman wrote:
>  
>> Did you try any of the advice you received when you asked a month ago?
>>
>> http://lists.centos.org/pipermail/centos/2009-June/078273.html
>>
> 
> That was for the error with outlook, this is more about how to add that
> middle chain with dovecot to avoid the issue.
> None of those others will work with outlook. Importing a cert will do
> nothing to avoid a constant error everytime you open up the mail client.
> Only a trusted CA will work it seems.
> Dovecot setup uses two pem files and that is what the books say, but to not
> get the trusted chain error there has to be that third file of 'some kind'
> 'some where' relating to 'some thing'
> 
> If you have an answer, link to it, because I can show you no answer at all
> to prevent ssl chain warnings when accessing self signed certs via dovecot
> and mail clients...even if adding to the trusted folders client side.
> 

You need to become your own root CA, and sign your server certs with 
that root CA cert. Then import the root CA into Outlook as a trusted 
authority.

Step by step guides...

http://www.g-loaded.eu/2005/11/10/be-your-own-ca/

http://www.globalsign.com/support/personal-certificate/per_outlook07.html

but all this was explained a month ago in your original thread right here:

http://lists.centos.org/pipermail/centos/2009-June/078275.html

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] install DVD mounted -noexec by default == bad interpreter permission denied

[Dave]

Installing matlab on Centos5.

command I typed:

/media/MATHWORKS_R2009A/install &

Error message I received:
[1] 10759
[r...@taro matlab]# bash: /media/MATHWORKS_R2009A/install: /bin/sh:
bad interpreter: Permission denied

Google found no hits with this precise error message, but several
similar hits when I leave out the matlab path.

Solution:

mount -o remount -o exec /dev/scd0

(scd0 is the drive where the DVD is inserted.)

Hope this helps someone with the same problem.

Dave



-- 
———-
Q: Why should this email be 5 sentences or less?
A: http://five.sentenc.es
IPRC-help FAQ: https://wailua/wiki/index.php/Faq
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RAID problem when building new computer

[fred smith]

On Thu, Jul 23, 2009 at 12:19:20PM -0400, Bob Hoffman wrote:
>  
> 
> > 
> > Hi all!
> > 
> > I'm building up a new box and plan to use Centos 5 on it.
> > 
> > i've got a pair of SATA 320 GB drives to make a RAID1.
> > 
> > I'm trying to follow the "howto" on the centos wiki for 
> > making a "partitionable RAID" installation.
> > 
> > Given that my partition scheme has a separate /boot 
> > partition, while the one in the HOWTO apparently does not, 
> > I've had to tweak the steps just slightly. But they all 
> > succeed without any problems, including watching mdadm create 
> > the mirrored pair.
> > 
> 
> > 
> > I'd appreciate clues, hints, suggestions, etc.
> > 
> 
> Ta da.step by step
> http://www.bobhoffman.com/wordpress/?page_id=44

Bob:

Following the step where we let the installer do its thing, what's
next? the next step in the document has us doing stuff on the commandline.
I assume we're supposed to go ahead and let the installation DV reboot
at that point, like it normally would? Then log in as root and do the
commandline stuff?

Thanks in advance!

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
   I can do all things through Christ 
  who strengthens me.
-- Philippians 4:13 ---


pgpTkhkUMFfzb.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Updating kernel driver module questions

[Robert Heller]

I am running CentOS 4.7, presently on an older box (PIII slot 1
processor @ 500mhz with 384meg of RAM, using SCSI disks with an
AHA-2940 host controller).  I have built a new box: AMH Semporon
2. GHZ, 2gig of RAM.  I put in a AHA-29160 host controller (uses
same driver as the AHA-2940).  The motherboard is an ASROCK thing with
nVideo's chipset: nv's SATA controller and nv's integrated network
(forcedeth).  I just did some tests with live CD and installer CDs for
CentOS 4 and 5.  It looks like the stock CentOS 4 kernel's achi and
forcedth drivers don't really care for this board :-(.  I bought a SATA
DVD burner for this system -- it looks like I won't be able to use it
unless/until I upgrade either the kernel or the whole O/S (eg to at
least CentOS 5.3).  I really don't want to go an upgrade to CentOS 5 at
this time.  Do I have any other options?  I have the kernel-devel
installed -- is it possible to 'steal' the sources for later kernel
drivers and re-compile them for the kernel I am running?  Are there
other options available?


-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
hel...@deepsoft.com   -- http://www.deepsoft.com/ModelRailroadSystem/
   
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos