Re: [CentOS] miro from rpmforge appears to have dep solving issues
On Thu, 26 Aug 2010, John R Pierce wrote: > On 08/26/10 3:25 PM, Mark Pryor wrote: >> It's part of >> mozilla-devel-1.4.3-0.9.1.legacy.i386.rpm >> >> might be in FC9 if not elsewhere. > > seems a little odd that rpmforge would have a package with dependencies > that aren't in either the base distribution or rpmforge. Or maybe the answer is more simple. The libraries once were available in RHEL, but have been replaced by newer/incompatible ones ? -- -- dag wieers, d...@wieers.com, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PAM_shield locking me out?
> >> Yesterday I installed pam_shield and followed the testing suggested and > >> thought all was well. > >> today I find that I cannot get to my email account, I can login via ssh > >> okay > >> (uses keys) but su and sudo give > >> segmentation faults. I am guessing due to the pam module causing a problem. > >> As I cannot do remote login as root and sudo and su use pam I appear to > >> have > >> locked myself out. > >> > > > > I have not encountered this issue. And I have been using it on 32bit and > > 64bit machines with RHEL4 and RHEL5. I guess it must be related to a > > configuration issue somewhere. Not good though. > > > > Was this with the 0.9.2 release, or the 0.9.3 release ? > > > > Please provide this information to the author, he might help you find the > > cause and fix it in pam_shield. > > > > Thanks for reporting, > > > Update - running 0.9.2 release on both a .386 and a .x86_64 system > I think the location of the > auth optionalpam_shield.so > line within the /etc/pam.d/ config files is important?? > I had an error on the 64 bit machine thus it was not running - I have > now fixed and after looking at the response from S.Tindall I have moved > the line to the location as shown in /etc/pam.d/system-auth-ac: > > authrequired pam_env.so > authsufficientpam_unix.so nullok try_first_pass > authrequisite pam_succeed_if.so uid >= 500 quiet > authsufficientpam_krb5.so use_first_pass > authoptional pam_shield.so > authrequired pam_deny.so > > Lets see if this works. I've tried that too and it was a good suggestion as su now crashes only if you enter a wrong password. I've also tried to rebuild rpmforge srpm with no luck. Could you really make this thing work? I mean did it actually block anything after a series of failed logins? Sasha ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ATI, Catalyst and a new kernel
Hi, Robert! (2010/08/24 10:06), Robert wrote: > So, my question is, must/should I rebuild the driver each time I install > an updated kernel or is it sufficient to "yum remove > fglrx_6_9_0-8.741-1", update the kernel and (maybe) glibc, then "yum > localinstall $(locate i386/fglrx_6_9_0-8.741-1.i386.rpm)" ? The solution is dkms. dkms-fglrx, dkms-ati was provided by Mandrake/PClinuxOS/Ubuntu. Only dkms-nvidia (for CentOS5) was provided at dag repository. Tsuyoshi. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PAM_shield locking me out?
On Fri, 27 Aug 2010, A. Kirillov wrote: Yesterday I installed pam_shield and followed the testing suggested and thought all was well. today I find that I cannot get to my email account, I can login via ssh okay (uses keys) but su and sudo give segmentation faults. I am guessing due to the pam module causing a problem. As I cannot do remote login as root and sudo and su use pam I appear to have locked myself out. >>> >>> I have not encountered this issue. And I have been using it on 32bit and >>> 64bit machines with RHEL4 and RHEL5. I guess it must be related to a >>> configuration issue somewhere. Not good though. >>> >>> Was this with the 0.9.2 release, or the 0.9.3 release ? >>> >>> Please provide this information to the author, he might help you find the >>> cause and fix it in pam_shield. >>> >>> Thanks for reporting, >> >> Update - running 0.9.2 release on both a .386 and a .x86_64 system >> I think the location of the >> auth optionalpam_shield.so >> line within the /etc/pam.d/ config files is important?? >> I had an error on the 64 bit machine thus it was not running - I have >> now fixed and after looking at the response from S.Tindall I have moved >> the line to the location as shown in /etc/pam.d/system-auth-ac: >> >> authrequired pam_env.so >> authsufficientpam_unix.so nullok try_first_pass >> authrequisite pam_succeed_if.so uid >= 500 quiet >> authsufficientpam_krb5.so use_first_pass >> authoptional pam_shield.so >> authrequired pam_deny.so >> >> Lets see if this works. > > I've tried that too and it was a good suggestion > as su now crashes only if you enter a wrong password. > I've also tried to rebuild rpmforge srpm with no luck. > Could you really make this thing work? I mean did it > actually block anything after a series of failed logins? As I said, we use it for various services on all Internet-bound systems. And yes it works fine. Example: /etc/pam.d/sshd -- #%PAM-1.0 auth optional pam_shield.so auth include system-auth accountrequired pam_nologin.so accountinclude system-auth password include system-auth sessionoptional pam_keyinit.so force revoke sessioninclude system-auth sessionrequired pam_loginuid.so -- You don't want to add this to /etc/pam.d/system-auth simply because it makes no sense to enable pam_shield for things like su, screen, reboot, etc... If you understand what pam_shield does (eg. read the documentation), you'd never want to enable it for all PAM services that use system-auth. EVER. -- -- dag wieers, d...@wieers.com, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PAM_shield locking me out?
> Yesterday I installed pam_shield and followed the testing suggested and > thought all was well. > today I find that I cannot get to my email account, I can login via ssh > okay > (uses keys) but su and sudo give > segmentation faults. I am guessing due to the pam module causing a > problem. > As I cannot do remote login as root and sudo and su use pam I appear to > have > locked myself out. > >>> > >>> I have not encountered this issue. And I have been using it on 32bit and > >>> 64bit machines with RHEL4 and RHEL5. I guess it must be related to a > >>> configuration issue somewhere. Not good though. > >>> > >>> Was this with the 0.9.2 release, or the 0.9.3 release ? > >>> > >>> Please provide this information to the author, he might help you find the > >>> cause and fix it in pam_shield. > >>> > >>> Thanks for reporting, > >> > >> Update - running 0.9.2 release on both a .386 and a .x86_64 system > >> I think the location of the > >> auth optionalpam_shield.so > >> line within the /etc/pam.d/ config files is important?? > >> I had an error on the 64 bit machine thus it was not running - I have > >> now fixed and after looking at the response from S.Tindall I have moved > >> the line to the location as shown in /etc/pam.d/system-auth-ac: > >> > >> authrequired pam_env.so > >> authsufficientpam_unix.so nullok try_first_pass > >> authrequisite pam_succeed_if.so uid >= 500 quiet > >> authsufficientpam_krb5.so use_first_pass > >> authoptional pam_shield.so > >> authrequired pam_deny.so > >> > >> Lets see if this works. > > > > I've tried that too and it was a good suggestion > > as su now crashes only if you enter a wrong password. > > I've also tried to rebuild rpmforge srpm with no luck. > > Could you really make this thing work? I mean did it > > actually block anything after a series of failed logins? > > As I said, we use it for various services on all Internet-bound systems. > And yes it works fine. Example: /etc/pam.d/sshd > > -- > #%PAM-1.0 > auth optional pam_shield.so > auth include system-auth > accountrequired pam_nologin.so > accountinclude system-auth > password include system-auth > sessionoptional pam_keyinit.so force revoke > sessioninclude system-auth > sessionrequired pam_loginuid.so > -- > > You don't want to add this to /etc/pam.d/system-auth simply because it > makes no sense to enable pam_shield for things like su, screen, reboot, > etc... If you understand what pam_shield does (eg. read the > documentation), you'd never want to enable it for all PAM services that > use system-auth. EVER. I'm in no way a pam expert, yes. So I have to rely on the documentation which comes with the package. # cat /usr/share/doc/pam_shield-0.9.3/INSTALL ... If you want to use pam_shield for all services, edit /etc/pam.d/common-auth. Add the line auth optional pam_shield.so and that's that. ... And that's about the only hint on how and where to enable pam_shield. I've tried to add this line to /etc/pam.d/sshd too. Fortunately it didn't crash anything but it didn't work either. # diff -bB /etc/security/shield.conf.original /etc/security/shield.conf 56c56 < max_conns 10 --- > max_conns 3 67c67 < interval 5m --- > interval 60 72c72 < retention 1w --- > retention 60 The system is 64-bit centos 5.5, fully updated. Switching off selinux didn't help. So the question remains. Could anybody besides the maintainer make this very version of pam_shield (0.9.3-1.el5.rf.x86_64) work? Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
2010/8/27 Ski Dawg : > After spending a little bit of time searching around today, I have run > across 2 that seem like good options, cfengine and puppet. > > Does anyone have any thoughts about either of these tools? Is there > definite advantage to using one over the other from your experience? > Is there a another tool that I should be evaluating? have a look at http://www.linux-mag.com/id/7841 my 2 cents bye, -- Stefano Sasso http://stefano.dscnet.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
Stefano Sasso wrote: > 2010/8/27 Ski Dawg : >> After spending a little bit of time searching around today, I have run >> across 2 that seem like good options, cfengine and puppet. >> >> Does anyone have any thoughts about either of these tools? Is there >> definite advantage to using one over the other from your experience? >> Is there a another tool that I should be evaluating? > > have a look at > http://www.linux-mag.com/id/7841 > > my 2 cents Here's another two cents: first part of last year, I was working with Spacewalk, the released version of RedHat's satellite. While I was fighting it tooth and nail, it went from 0.4 to 0.5. With that experience, I'd say *don't* bother about it mark "user hostile" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] slightly OT: dban
I'm trying to nuke a Dell Optiplex GX620. I've got a perfectly good dban 1.0.4 that I've used a bunch of times... but on this machine, it says starting, then dies, saying "dban has finished with non-fatal errors. Check the log for more information" It never gets to the interactive menu. Now that I've disabled the non-existant floppy drive, at least it does say "to save the log file again, press enter" mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
On 27/08/2010 15:19, m.r...@5-cent.us wrote: > I'm trying to nuke a Dell Optiplex GX620. I've got a perfectly good dban > 1.0.4 that I've used a bunch of times... but on this machine, it says > starting, then dies, saying "dban has finished with non-fatal errors. > Check the log for more information" It never gets to the interactive menu. > > Now that I've disabled the non-existant floppy drive, at least it does say > "to save the log file again, press enter" I usually use dban but if it's not handy use a liveCD (me usually Ubuntu) and use dd: Assuming the drive to kill is /dev/sda: dd if=/dev/random of=/dev/sda Do it a few times for good measure. At work we have a policy of physically destroying drives which grates a little at times. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
Hi, > On 27/08/2010 15:19, m.r...@5-cent.us wrote: >> I'm trying to nuke a Dell Optiplex GX620. I've got a perfectly good dban >> 1.0.4 that I've used a bunch of times... but on this machine, it says >> starting, then dies, saying "dban has finished with non-fatal errors. >> Check the log for more information" It never gets to the interactive >> menu. >> >> Now that I've disabled the non-existant floppy drive, at least it does >> say >> "to save the log file again, press enter" > I usually use dban but if it's not handy use a liveCD (me usually > Ubuntu) and use dd: > > Assuming the drive to kill is /dev/sda: > dd if=/dev/random of=/dev/sda > > Do it a few times for good measure. At work we have a policy of > physically destroying > drives which grates a little at times. I use shred from a rescue CD (Centos/RHEL/Fedora/Ubuntu). shred -vz -n3 /dev/sda clears the disk nicely (takes some tim though :) ) regards, Michel > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
On Friday 27 August 2010, Kevin Thorpe wrote: > On 27/08/2010 15:19, m.r...@5-cent.us wrote: > > I'm trying to nuke a Dell Optiplex GX620. I've got a perfectly good dban > > 1.0.4 that I've used a bunch of times... but on this machine, it says > > starting, then dies, saying "dban has finished with non-fatal errors. > > Check the log for more information" It never gets to the interactive > > menu. > > > > Now that I've disabled the non-existant floppy drive, at least it does > > say "to save the log file again, press enter" > > I usually use dban but if it's not handy use a liveCD (me usually > Ubuntu) and use dd: > > Assuming the drive to kill is /dev/sda: > dd if=/dev/random of=/dev/sda This command will take forever and ever and ever (reads against /dev/random blocks as the kernel runs out of entropy). /dev/urandom would be better but still not very fast. To get some speed you'd have to do something like: 1) save a megabyte of /dev/urandom in a file 2) while true ; do dd file to dev ; done Or run some dban-like program instead of dd. /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
m.r...@5-cent.us wrote: > I'm trying to nuke a Dell Optiplex GX620. I've got a perfectly good dban > 1.0.4 that I've used a bunch of times... but on this machine, it says > starting, then dies, saying "dban has finished with non-fatal errors. > Check the log for more information" It never gets to the interactive menu. > > Now that I've disabled the non-existant floppy drive, at least it does say > "to save the log file again, press enter" *sigh* Well, my manager actually had some CDs - dban.org only has .iso's for CDs, which I don't know enough to make work with a DVD, so I d/l and burned the new one, 2.2.6 beta, and it's working now. Interesting... before the menu came up, it looked like the display from lshw Oh, and I *do* have to do at DOD full sanitization: I work at a US gov't agency, and the machine's being surplused mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
On 27 August 2010 14:41, wrote: > Stefano Sasso wrote: >> 2010/8/27 Ski Dawg : >>> After spending a little bit of time searching around today, I have run >>> across 2 that seem like good options, cfengine and puppet. >>> >>> Does anyone have any thoughts about either of these tools? Is there >>> definite advantage to using one over the other from your experience? >>> Is there a another tool that I should be evaluating? >> >> have a look at >> http://www.linux-mag.com/id/7841 >> >> my 2 cents > > Here's another two cents: first part of last year, I was working with > Spacewalk, the released version of RedHat's satellite. While I was > fighting it tooth and nail, it went from 0.4 to 0.5. With that experience, > I'd say *don't* bother about it > > mark "user hostile" > Basing your comments on a version 0.4/0.5 that is pretty unfair. It is now 1.1 and the user mailing list is active for assistance. I maintain nearly 100 servers that are a mix of virtualised guests, kvm hosts, production systems, dev/qa systems and so on with various different profiles. It has made my admin life much easier keep track of what updates are due for what and deploying both software and files - or running script son groups of systems. The only provisos I would put in place right now are that it requires an oracle database at this time and only use it if you are only looking after Redhat based systems... RHEL, Fedora, CentOS, etc ... Solaris support is there but it doesn't have a huge following to help troubleshoot and Debian support is still on its way. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
On 8/27/2010 9:57 AM, James Hogarth wrote: > On 27 August 2010 14:41, wrote: >> Stefano Sasso wrote: >>> 2010/8/27 Ski Dawg: After spending a little bit of time searching around today, I have run across 2 that seem like good options, cfengine and puppet. Does anyone have any thoughts about either of these tools? Is there definite advantage to using one over the other from your experience? Is there a another tool that I should be evaluating? >>> >>> have a look at >>> http://www.linux-mag.com/id/7841 >>> >>> my 2 cents >> >> Here's another two cents: first part of last year, I was working with >> Spacewalk, the released version of RedHat's satellite. While I was >> fighting it tooth and nail, it went from 0.4 to 0.5. With that experience, >> I'd say *don't* bother about it >> >>mark "user hostile" >> > > Basing your comments on a version 0.4/0.5 that is pretty unfair. > > It is now 1.1 and the user mailing list is active for assistance. > > I maintain nearly 100 servers that are a mix of virtualised guests, > kvm hosts, production systems, dev/qa systems and so on with various > different profiles. > > It has made my admin life much easier keep track of what updates are > due for what and deploying both software and files - or running script > son groups of systems. > > The only provisos I would put in place right now are that it requires > an oracle database at this time and only use it if you are only > looking after Redhat based systems... RHEL, Fedora, CentOS, etc ... > Solaris support is there but it doesn't have a huge following to help > troubleshoot and Debian support is still on its way. cfengine has a bit more cross-platform capability, but note that CentOS supplies a 2.x release where the project has moved on to 3.x with wildly different syntax, and a native windows build is only available in the commercial version. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PAE Kernel
>> [r...@ns1 log]# rpm -qa |grep kern |sort >> kernel-2.6.18-194.11.1.el5 >> kernel-2.6.18-194.3.1.el5 >> kernel-2.6.18-194.8.1.el5 > These are stock kernel. On CentOS 5.x 'yum update' seems to purge all but the latest 3 kernels. Is there anyway to also do that on CentOS 4.x? On my CentOS 4.x server I have had '/boot/' fill up and had to uninstall older kernels. Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
On 08/27/2010 08:25 AM, Todd Denniston wrote: > m.r...@5-cent.us wrote, On 08/27/2010 10:57 AM: > >> Oh, and I *do* have to do at DOD full sanitization: I work at a US gov't >> agency, and the machine's being surplused >> > Suggestion, check with your local DRMO (or whatever they are calling > themselves now) representative > and make sure that you are allowed to send any hard drive with the machine at > *ALL*. > > Concur. As far back as the early nineties when I was in the US Navy the standard for some materials on magnetic media was physical destruction of the media via specified means. *No* form of media erasure was considered acceptable for them. Given that modern hard drives can remap damaged sectors automatically, it is quite possible for an 'erased' drive to still have data on it that can't be removed by any software based erasure because it can't be accessed by the OS. -- Benjamin Franz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Freezing gnome terminals...
Hey On Fri, Aug 27, 2010 at 4:38 PM, John Doe wrote: > Hi, > > just wondering if you also experience gnome terminals freezing after a > while...? > It mainly happens over the week-end. > I would leave a terminal open (with an ssh session to a remote site), come > back > on monday and type a few commands and it jwould just freeze. > But it also happen from time to time randomly during the day (but still with > days old terminals). > Happens to my collegues too. > The Gnome terminal Reset option would not do anything. > any idea what could be the problem? Maybe have a look at the strace. But if you have an ssh session open chances are, that timed out. Cheers Didi -- Hoffmann Geerd-Dietger http://contact.ribalba.de ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Freezing gnome terminals...
Hi, just wondering if you also experience gnome terminals freezing after a while...? It mainly happens over the week-end. I would leave a terminal open (with an ssh session to a remote site), come back on monday and type a few commands and it jwould just freeze. But it also happen from time to time randomly during the day (but still with days old terminals). Happens to my collegues too. The Gnome terminal Reset option would not do anything. any idea what could be the problem? Thx, JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PAE Kernel
short answer... you dont really need it in this case. only if you want to use more then 3gb ram in a 32bit environment On 08/27/2010 05:26 PM, Matt wrote: > I have a box running CentOS 5.x 32 bit. I noticed these kernels are > installed. > > [r...@ns1 log]# rpm -qa |grep kern |sort > kernel-2.6.18-194.11.1.el5 > kernel-2.6.18-194.3.1.el5 > kernel-2.6.18-194.8.1.el5 > kernel-PAE-devel-2.6.18-194.11.1.el5 > kernel-PAE-devel-2.6.18-194.3.1.el5 > kernel-PAE-devel-2.6.18-194.8.1.el5 > > [r...@ns1 log]# uname -a > Linux ns1.xx.net 2.6.18-194.11.1.el5 #1 SMP Tue Aug 10 19:09:06 EDT > 2010 i686 i686 i386 GNU/Linux > > [r...@ns1 log]# free > total used free sharedbuffers cached > Mem: 1025500 687176 338324 0 87824 535628 > -/+ buffers/cache: 63724 961776 > Swap: 2031608 02031608 > > This machine only has 1G of RAM. Should I just remove the PAE kernels? > > Matt > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 66, Issue 9
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2010:0657 Low CentOS 4 i386 gdm - security and bug fix update (Tru Huynh) 2. CESA-2010:0657 Low CentOS 4 x86_64 gdm - security and bug fix update (Tru Huynh) 3. CESA-2010:0474 Important CentOS 4 i386 kernel - security and bug fix update (correction) (Tru Huynh) 4. CESA-2010:0474 Important CentOS 4 x86_64 kernel - security and bug fix update (correction) (Tru Huynh) 5. CESA-2010:0606 Important CentOS 4 x86_64 kernel - security and bug fix update (Tru Huynh) 6. CESA-2010:0606 Important CentOS 4 i386 kernel - security and bug fix update (Tru Huynh) 7. CESA-2010:0627 Important CentOS 5 x86_64 kvm Update (Tru Huynh) 8. CESA-2010:0633 Important CentOS 5 x86_64 qspice Update (Tru Huynh) 9. CESA-2010:0625 Moderate CentOS 5 x86_64 wireshark Update (Tru Huynh) 10. CESA-2010:0625 Moderate CentOS 5 i386 wireshark Update (Tru Huynh) -- Message: 1 Date: Fri, 27 Aug 2010 16:56:31 +0200 From: Tru Huynh Subject: [CentOS-announce] CESA-2010:0657 Low CentOS 4 i386 gdm - securityand bug fix update To: centos-annou...@centos.org Message-ID: <20100827145631.ga21...@sillage.bis.pasteur.fr> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory CESA-2010:0657 gdm security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0657.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/gdm-2.6.0.5-7.rhel4.19.el4_8.2.i386.rpm source: updates/SRPMS/gdm-2.6.0.5-7.rhel4.19.el4_8.2.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update gdm Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20100827/b700b7ac/attachment-0001.bin -- Message: 2 Date: Fri, 27 Aug 2010 16:57:28 +0200 From: Tru Huynh Subject: [CentOS-announce] CESA-2010:0657 Low CentOS 4 x86_64 gdm - security and bug fix update To: centos-annou...@centos.org Message-ID: <20100827145728.gb21...@sillage.bis.pasteur.fr> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory CESA-2010:0657 gdm security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0657.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/gdm-2.6.0.5-7.rhel4.19.el4_8.2.x86_64.rpm source: updates/SRPMS/gdm-2.6.0.5-7.rhel4.19.el4_8.2.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update gdm Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20100827/63b04c3e/attachment-0001.bin -- Message: 3 Date: Fri, 27 Aug 2010 17:04:34 +0200 From: Tru Huynh Subject: [CentOS-announce] CESA-2010:0474 Important CentOS 4 i386 kernel - security and bug fix update (correction) To: centos-annou...@centos.org Message-ID: <20100827150434.gc21...@sillage.bis.pasteur.fr> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory CESA-2010:0474 kernel security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0474.html ** corrected reference for kernel version 2.6.9-89.0.26.EL ** The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/kernel-2.6.9-89.0.26.EL.i586.rpm updates/i386/RPMS/kernel-2.6.9-89.0.26.EL.i686.rpm updates/i386/RPMS/kernel-devel-2.6.9-89.0.26.EL.i586.rpm updates/i386/RPMS/kernel-devel-2.6.9-89.0.26.EL.i686.rpm updates/i386/RPMS/kernel-hugemem-2.6.9-89.0.26.EL.i686.rpm updates/i386/RPMS/kernel-hugemem-devel-2.6.9-89.0.26.EL.i686.rpm up
Re: [CentOS] PAE Kernel
"Matt" wrote: > I have a box running CentOS 5.x 32 bit. I noticed these kernels are > installed. > > [r...@ns1 log]# rpm -qa |grep kern |sort > kernel-2.6.18-194.11.1.el5 > kernel-2.6.18-194.3.1.el5 > kernel-2.6.18-194.8.1.el5 > kernel-PAE-devel-2.6.18-194.11.1.el5 > kernel-PAE-devel-2.6.18-194.3.1.el5 > kernel-PAE-devel-2.6.18-194.8.1.el5 You can remove kernel-2.6.18-194.3.1.el5 and kernel-2.6.18-194.8.1.el5 and keep only the newest version, kernel-2.6.18-194.11.1.el5. Since you don't have kernel-PAE, you can also delete all the kernel-PAE-devel files. So, you can delete everything except kernel-2.6.18-194.11.1.el5. The other packages don't do any harm, but they take up disk space unnecessarily. The kernel-PAE-devel packages also get updated unnecessarily. Yves Bellefeuille ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
m.r...@5-cent.us wrote, On 08/27/2010 10:57 AM: > m.r...@5-cent.us wrote: >> I'm trying to nuke a Dell Optiplex GX620. I've got a perfectly good dban >> 1.0.4 that I've used a bunch of times... but on this machine, it says >> starting, then dies, saying "dban has finished with non-fatal errors. >> Check the log for more information" It never gets to the interactive menu. >> >> Now that I've disabled the non-existant floppy drive, at least it does say >> "to save the log file again, press enter" > > *sigh* > > Well, my manager actually had some CDs - dban.org only has .iso's for CDs, > which I don't know enough to make work with a DVD, so I d/l and burned the > new one, 2.2.6 beta, and it's working now. Interesting... before the menu > came up, it looked like the display from lshw > > Oh, and I *do* have to do at DOD full sanitization: I work at a US gov't > agency, and the machine's being surplused > > mark > Suggestion, check with your local DRMO (or whatever they are calling themselves now) representative and make sure that you are allowed to send any hard drive with the machine at *ALL*. -- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter Even when this disclaimer is not here, the opinions expressed by me are not necessarily sanctioned by and do not necessarily represent those of my employer. Also even when this disclaimer is not here, I DO NOT have authority to direct you in any way to alter your contractual obligation and my email can NOT be used as direction to modify a contract. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] PAE Kernel
I have a box running CentOS 5.x 32 bit. I noticed these kernels are installed. [r...@ns1 log]# rpm -qa |grep kern |sort kernel-2.6.18-194.11.1.el5 kernel-2.6.18-194.3.1.el5 kernel-2.6.18-194.8.1.el5 kernel-PAE-devel-2.6.18-194.11.1.el5 kernel-PAE-devel-2.6.18-194.3.1.el5 kernel-PAE-devel-2.6.18-194.8.1.el5 [r...@ns1 log]# uname -a Linux ns1.xx.net 2.6.18-194.11.1.el5 #1 SMP Tue Aug 10 19:09:06 EDT 2010 i686 i686 i386 GNU/Linux [r...@ns1 log]# free total used free sharedbuffers cached Mem: 1025500 687176 338324 0 87824 535628 -/+ buffers/cache: 63724 961776 Swap: 2031608 02031608 This machine only has 1G of RAM. Should I just remove the PAE kernels? Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
Todd Denniston wrote: > m.r...@5-cent.us wrote, On 08/27/2010 10:57 AM: >> m.r...@5-cent.us wrote: >>> I'm trying to nuke a Dell Optiplex GX620. I've got a perfectly good >>> dban >>> 1.0.4 that I've used a bunch of times... but on this machine, it says >>> starting, then dies, saying "dban has finished with non-fatal errors. >>> Check the log for more information" It never gets to the interactive >>> menu. >> Well, my manager actually had some CDs - dban.org only has .iso's for >> CDs, which I don't know enough to make work with a DVD, so I d/l and burned >> the new one, 2.2.6 beta, and it's working now. Interesting... before the > >> Oh, and I *do* have to do at DOD full sanitization: I work at a US gov't >> agency, and the machine's being surplused > > Suggestion, check with your local DRMO (or whatever they are calling > themselves now) representative and make sure that you are allowed to send > any hard drive with the machine at *ALL*. Not my problem - I'm not with DoD, I'm under HHS, and we've got PII and PHI info. I was told, when I started, that this was acceptable. Actually, I was introduced to dban here. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
James Hogarth wrote: > On 27 August 2010 14:41, wrote: >> Stefano Sasso wrote: >>> 2010/8/27 Ski Dawg : After spending a little bit of time searching around today, I have run across 2 that seem like good options, cfengine and puppet. Does anyone have any thoughts about either of these tools? Is there >> Here's another two cents: first part of last year, I was working with >> Spacewalk, the released version of RedHat's satellite. While I was >> fighting it tooth and nail, it went from 0.4 to 0.5. With that >> experience, >> I'd say *don't* bother about it > > Basing your comments on a version 0.4/0.5 that is pretty unfair. Why? The current CentOS kernel isn't anywhere near the latest, nor is a fair bit of other stuff in CentOS 5.5. And there are lots of folks running yr-old releases. > > It is now 1.1 and the user mailing list is active for assistance. I was on the mailing list. Did they ever put the change to the documentation that I sent in, that I found, about the settings required to make Oracle happy to work with it? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PAE Kernel
Matt, On 27 August 2010 16:26, Matt wrote: > I have a box running CentOS 5.x 32 bit. I noticed these kernels are > installed. > > [r...@ns1 log]# rpm -qa |grep kern |sort > kernel-2.6.18-194.11.1.el5 > kernel-2.6.18-194.3.1.el5 > kernel-2.6.18-194.8.1.el5 These are stock kernel. If you had these, you'd have PAE kernels: kernel-PAE.i686 : The Linux kernel compiled for PAE capable machines. kernel-PAE-devel.i686 : Development package for building kernel modules to match the PAE kernel. > kernel-PAE-devel-2.6.18-194.11.1.el5 > kernel-PAE-devel-2.6.18-194.3.1.el5 > kernel-PAE-devel-2.6.18-194.8.1.el5 These are just headers and shouldn't do any harm. Name : kernel-PAE-devel Arch : i686 Version: 2.6.18 Release: 194.11.1.el5 Size : 5.4 M Repo : updates Summary: Development package for building kernel modules to match the PAE kernel. URL: http://www.kernel.org/ License: GPLv2 Description: This package provides kernel headers and makefiles sufficient to build modules : against the PAE kernel package. And this is the PAE kernel info (all from yum info) Name : kernel-PAE Arch : i686 Version: 2.6.18 Release: 194.11.1.el5 Size : 17 M Repo : updates Summary: The Linux kernel compiled for PAE capable machines. URL: http://www.kernel.org/ License: GPLv2 Description: This package includes a version of the Linux kernel with support for up to : 16GB of high memory. It requires a CPU with Physical Address Extensions (PAE). : The non-PAE kernel can only address up to 4GB of memory. : Install the kernel-PAE package if your machine has more than 4GB of memory. -- Hakan (m1fcj) - http://www.hititgunesi.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] phpMyAdmin can't connect to remote server
Hi All,
I have had a thread about this going on the phpMyAdmin list for a little while.
Nobody there has been able to shed any light on my problem. It seems that with
phpMyAdmin I can not connect to remote servers. Though it also seems that
apache, php and mysqli all work fine outside of phpMyAdmin. Below I have
detailed my trouble shooting. This only seems to be an issue for me with CentOS
5 so I'm hoping someone out there has run into this before. I'm certain there
is some setting or dependency I am missing so if you have any insight into this
I'd greatly appreciate it.
We have CentOS 5.5 production systems with a major Cloud VM vendor and I have
replicated the results with CentOS 5.5 on local VM's (ISO install) with my own
VM platform.
The remote database server is listening on eth1.
eth0 is our public routable IP and eth1 is our 10.x.x.x private subnet.
We do not expose the mysql servers on the public interfaces. All of our web
applications access the database servers by IP on the 10.x.x.x subnet on eth1.
The apache server where phpmyadmin is installed also has other virtual hosts
that have wordpress instances among other things, that use the mysqli interface
to connect to the same remote database server and they all work fine.
The apache server also has a local mysql server that I can successfully connect
phpmyadmin to using localhost or 127.0.0.1 for the db host name with cookie
authentication.
The apache server where phpmyadmin is installed I can use the bash mysql client
and connect to the remote database server with my credentials.
I have tested CentOS 5.5 with RPM installed httpd and RPM installed PHP 5.1 and
PMA 2.x, and CentOS 5.5 RPM installed Apache, my compiled PHP 5.2.3 and PMA
3.x. Both with the same result.
Logins to any remote server over TCP with cookie auth fail with a "#1045 Cannot
log in to the MySQL server" and tcpdump shows no packets on the interface to
the DB server.
Connections to the local database server via PMA 3.x, my compiled php 5.2 over
tcp using localhost, port 3306, cookie auth connects right away.
Connections to the local database server via PMA "mysqli://localhost:3306"
shows no traffic in tcpdump on lo, eth0 or eth1 so I'm assuming it uses the
local socket for this.
I have tested Ubuntu 10 with Apt installed php, apache, mysqladmin and it all
works out of the box. I would love to just throw ubuntu up there but work won't
allow a mixed linux environment. It HAS to be CentOS.
Just to make sure I am not crazy I made the test file below and connected to my
remote database from the same virtualhost as phpmyadmin using the same username
and password (not root). It works perfectly and I get the results from my
mysql.user table. I have tested this php both from the CLI and through Apache.
query(
'SELECT * from user');
while( $row = $result->fetch_assoc() ){
print_r($row);
echo "\n";
}
$result->close();
$mysqli->close();
?>
And my PMA config files look like this
THIS DOES NOT WORK
* Date: Thu, 26 Aug 2010 10:32:53 -0600
*/
/* Servers configuration */
$i = 0;
/* Server: glacier [1] */
$i++;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['host'] = '10.x.x.x';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';
$cfg['Servers'][$i]['relation'] = 'pma_relation';
$cfg['Servers'][$i]['table_info'] = 'pma_table_info';
$cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';
$cfg['Servers'][$i]['column_info'] = 'pma_column_info';
$cfg['Servers'][$i]['history'] = 'pma_history';
$cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';
$cfg['Servers'][$i]['verbose'] = 'somename';
$cfg['Servers'][$i]['port'] = 3306;
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['user'] = '';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['AllowRoot'] = false;
$cfg['Servers'][$i]['AllowDeny'] = array (
'order' => 'allow,deny',
);
/* End of servers configuration */
$cfg['blowfish_secret'] = '4c74332d81b5c0.29678885';
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['DefaultLang'] = 'en-utf-8';
$cfg['ServerDefault'] = 1;
$cfg['ForceSSL'] = true;
$cfg['AllowAnywhereRecoding'] = true;
$cfg['UseDbSearch'] = false;
$cfg['ShowPhpInfo'] = true;
$cfg['LeftDisplayServers'] = true;
$cfg['DisplayServersList'] = true;
?>
THIS WORKS
* Date: Thu, 26 Aug 2010 10:34:31 -0600
*/
/* Servers configuration */
$i = 0;
/* Server: localhost [1] */
$i++;
$cfg['Servers'][$i]['verbose'] = 'localhost';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['port'] = 3306;
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = '';
$cfg['Servers'][$i]['password'] = '';
/* End of servers configuration */
$cfg['UploadDir'] = '';
$cfg[
Re: [CentOS] slightly OT: dban
On Fri, 2010-08-27 at 09:17 -0700, Benjamin Franz wrote: > Given that modern hard drives can remap damaged sectors automatically, > it is quite possible for an 'erased' drive to still have data on it that > can't be removed by any software based erasure because it can't be > accessed by the OS. --- After SET MAX ADDRESS 0x8000 Data can be gotten After SET MAX ADDRESS EXT 0x8500 Data can be gotten again After the drive is restored to factory reset it can NOT. *GRIN* take a Sledge Hammer to it. Dban at once did not support HPA nor DCO it still may not. John Yaa the remapping is done through SMART and is not reliable in data recovery either. Yaa I can still get the data through the OS Layer, BTW Benjamin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] phpMyAdmin can't connect to remote server
On Aug 27, 2010, at 1:23 PM, Brian Marshall wrote: > If anyone else has any insight or questions please let me know. I'm happy to > experiment. is SELinux enabled? any relevant messages in the audit log? -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v http://five.sentenc.es PGP.sig Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
JohnS wrote: > > On Fri, 2010-08-27 at 09:17 -0700, Benjamin Franz wrote: > >> Given that modern hard drives can remap damaged sectors automatically, >> it is quite possible for an 'erased' drive to still have data on it that >> can't be removed by any software based erasure because it can't be >> accessed by the OS. > --- > After SET MAX ADDRESS 0x8000 Data can be gotten > After SET MAX ADDRESS EXT 0x8500 Data can be gotten again > After the drive is restored to factory reset it can NOT. > > *GRIN* take a Sledge Hammer to it. Yeah, well, the double-hight Cheetah's that we're getting rid of, we have to disassemble, because there are *no* frames for the degausser that fit them. I'm considering bringing in my 1lb sledge for the platters > Dban at once did not support HPA nor DCO it still may not. Not sure... don't now about those. I s'pose I should look 'em up. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
>>> Stefano Sasso wrote: 2010/8/27 Ski Dawg : > After spending a little bit of time searching around today, I have run > across 2 that seem like good options, cfengine and puppet. > > Does anyone have any thoughts about either of these tools? Is there > >>> Here's another two cents: first part of last year, I was working with >>> Spacewalk, the released version of RedHat's satellite. While I was >>> fighting it tooth and nail, it went from 0.4 to 0.5. With that >>> experience, >>> I'd say *don't* bother about it Thanks to everyone for the replies, and the links to articles for further research. I will definitely continue reading those. At this time, we are not interested in Spacewalk because of the Oracle db requirement, but I will investigate the other options as well. -- Doug Registered Linux User #285548 (http://counter.li.org) Never trust a computer you can't throw out a window. -- Steve Wozniak ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
> Why? The current CentOS kernel isn't anywhere near the latest, nor is a > fair bit of other stuff in CentOS 5.5. And there are lots of folks running > yr-old releases. I... I... I don't really know how to answer this one... Anyone who is running *CentOS* from a year ago is strongly urged to upgrade... they always have been on this list. There have been plenty of bug fixes over the course of the past year in CentOS and it would have to take a very 'special' set of circumstances not to be at the very least on the last point release if not all updates for security and bug reasons. I think you need to differentiate between a major and minor product release and how to deal with a product under heavy development. Spacewalk does not have branches that get backported fixes - as indeed Redhat backports fixes from current software to the older they ship when appropriate. If you showed up on the Spacewalk mailing list saying you have a 0.5 instance with X problem the first thing to be said is at least get up to 1.0 as there have been so many bug fixes over a year that it becomes difficult to troubleshoot an issue and any fix found will not be backported to 0.5 but rather released as either a hotfix to the current version or fixed in the next release. Your comment would be like complaining about the state of say KVM a year ago and refusing to update CentOS to at least 5.5 (if not current) to get the numerous bug fixes that have gone in over that time. > > I was on the mailing list. Did they ever put the change to the > documentation that I sent in, that I found, about the settings required to > make Oracle happy to work with it? > > mark > I did mention a dependency on Oracle. I, and others, followed the instructions on the wiki and got an instance running fine. What did you mention specifically? Looking at the website there are steps to follow for oracle: https://fedorahosted.org/spacewalk/wiki/OracleXeSetup Please only comment on stuff you have genuine *current* knowledge of and not something you dabbled in a year ago... technology changes quickly especially in a product under heavy and active development. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
On 08/27/2010 10:27 AM, JohnS wrote: *GRIN* take a Sledge Hammer to it. Dban at once did not support HPA nor DCO it still may not. It still doesn't. There are just a *lot* of ways for a theoretically 'wiped' drive to not actually be fully wiped. As you said: Take a sledge hammer to it. -- Benjamin Franz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
> > > Thanks to everyone for the replies, and the links to articles for > further research. I will definitely continue reading those. > > At this time, we are not interested in Spacewalk because of the Oracle > db requirement, but I will investigate the other options as well. > -- > Doug Given your numbers given (20 web servers) you can use oracle-xe for the instance on the local box without much issue. My 80 odd systems with CentOS Base, Updates, EPEL, Spacewalk and my own custom repos all in place with full mirrors of upstream take about 2GB of the 4GB allowance of Oracle-XE. Work is ongoing to switch to postgres... but that probably won't be complete for at least 4-6 months if not longer. At the end of the day it depends on your requirements - if you want to manage package updates and kickstarts as well or just configuration files. Spacewalk is better for the former but if just files I'd favor puppet, James James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
On 8/27/2010 1:14 PM, James Hogarth wrote: > > Please only comment on stuff you have genuine *current* knowledge of > and not something you dabbled in a year ago... technology changes > quickly especially in a product under heavy and active development. Are wild changes in the span of a year really something you want to see in a system that is supposed to be managing your configurations for you? And if you accept the fact that technology changes quickly, do you want to install a system that locks you in to one or only a few distributions? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
On Friday, August 27, 2010 02:14:52 pm Benjamin Franz wrote: > There are just a *lot* of ways for a theoretically 'wiped' drive to not > actually be fully wiped. > > As you said: Take a sledge hammer to it. obFridayHumor www.harddrivedestruction.com The videos are worth the look, especially http://www.youtube.com/watch?v=yISqCAnROh8 (it was a good thing I didn't have any drink in my mouth when I saw that one) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] phpMyAdmin can't connect to remote server
On Aug 27, 2010, at 11:36 AM, Steve Huff wrote: > > On Aug 27, 2010, at 1:23 PM, Brian Marshall wrote: > >> If anyone else has any insight or questions please let me know. I'm happy to >> experiment. > > > is SELinux enabled? any relevant messages in the audit log? > > -steve Hi Steve, No we don't run SELinux on any of our systems. SELinux config is set to disabled and /selinux/enforce is '0' ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
On 27 August 2010 19:30, Les Mikesell wrote: > On 8/27/2010 1:14 PM, James Hogarth wrote: >> >> Please only comment on stuff you have genuine *current* knowledge of >> and not something you dabbled in a year ago... technology changes >> quickly especially in a product under heavy and active development. > > Are wild changes in the span of a year really something you want to see > in a system that is supposed to be managing your configurations for you? > And if you accept the fact that technology changes quickly, do you > want to install a system that locks you in to one or only a few > distributions? > Indeed these are genuine questions that should be asked in the process of evaluating a set of requirements. For myself we are a heavy CentOS house and will be for at least the foreseeable future - plans are already underway to start testing our apps on RHEL6 beta in preparation for CentOS6. As for 'wild changes' I personally have no problem using a product under development so long as data is carried forwards with no point of a 'format' change requiring a rebuild of data. At least with an active product suggests made or code contributions get looked at quickly ^^ Once the debian support is in place then as a product it opens up the field very swiftly for distribution changes and besides we often see huge changes in the space of just a year as we all know look at SPICE, KVM, ext4, btrfs, openjdk to name but a few that either didn't exist a year ago or have improved massively over the course of a year and anyone would be insane to be using releases from that far ago versus currently supported revisions in your preferred OS. Some of these technologies have gone from general talk to production ready and supported by Redhat, Canonical and others over that timespan. At any rate I stand by my position that in tech if you are going to put an opinion piece out on a mailing list, a blog or another medium it should be relevant to the current situation and not something you tried a year ago and didn't work out great so you advise others to steer clear a year later without checking to see what progress, if any, has been made in that area. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
James Hogarth wrote: >> Why? The current CentOS kernel isn't anywhere near the latest, nor is a >> fair bit of other stuff in CentOS 5.5. And there are lots of folks >> running yr-old releases. > > I... I... I don't really know how to answer this one... > > Anyone who is running *CentOS* from a year ago is strongly urged to > upgrade... they always have been on this list. There have been plenty I agree... but some won't, or can't. I've got someone here who insists on running RHEL 3, because of collaborators around the world who can't upgrade. > If you showed up on the Spacewalk mailing list saying you have a 0.5 > instance with X problem the first thing to be said is at least get up > to 1.0 as there have been so many bug fixes over a year that it > becomes difficult to troubleshoot an issue and any fix found will not > be backported to 0.5 but rather released as either a hotfix to the > current version or fixed in the next release. Fortunately, that was on a previous job, and we have something here that a) doesn't need a d/b, and b) is *nowhere* near as outright hostile to install and configure. I've been burned, badly, and don't care to use it again. >> I was on the mailing list. Did they ever put the change to the >> documentation that I sent in, that I found, about the settings required >> to make Oracle happy to work with it? >> > > I did mention a dependency on Oracle. I, and others, followed the > instructions on the wiki and got an instance running fine. What did > you mention specifically? Looking at the website there are steps to > follow for oracle: > > https://fedorahosted.org/spacewalk/wiki/OracleXeSetup > > Please only comment on stuff you have genuine *current* knowledge of > and not something you dabbled in a year ago... technology changes > quickly especially in a product under heavy and active development. > I didn't "dabble", my manager and VP insisted I get it up asap. And I just went to the page, above, and no, it does *not* mention what I found, which is that I had to go into Oracle admin, and up the memory available to, mmm, I think it was 995M, where the default is only 940M, and that was the *only* way to get around the stop-dead-in-my-tracks problem. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
On Fri, Aug 27, 2010 at 5:15 PM, Les Mikesell wrote: > cfengine has a bit more cross-platform capability, but note that CentOS > supplies a 2.x release where the project has moved on to 3.x with wildly > different syntax, and a native windows build is only available in the > commercial version. cfengine 2.x will be with us for years to come. It works great, it's easy to deploy, easy to use and has few dependencies. Cfengine3 is interesting, but I'll wait until Campi an Bauer write the 3rd edition of "Automating Linux and Unix System Administration" ;-) (the $40 I spent on Automating Linux and Unix System Administration, Second Edition by Campi and Bauer have made my life so much easier: thanks guys!). As to the windows build: no-one prevents you from building it yourself and running it, it is not that difficult: http://blog.zzamboni.org/installing-cfengine-on-windows-7-under-cygwin. You could even (gasp) consider buying the commercial version, Windows shops are used to paying for software anyways ;-) No experience with puppet, though. I am happy with cfengine already :-) -- natxo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
Fair enough - it didn't meet your requirements and you found something better that did :) My experience is that when managers/VPs start specifying a tech to use as opposed to a problem to solve things tend to get irritating quickly. I feel very fortunate to be in a company that looks to the future rather than hacking away to hang on to the past... James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
On 8/27/2010 2:17 PM, James Hogarth wrote: > Fair enough - it didn't meet your requirements and you found something > better that did :) > > My experience is that when managers/VPs start specifying a tech to use > as opposed to a problem to solve things tend to get irritating > quickly. > > I feel very fortunate to be in a company that looks to the future > rather than hacking away to hang on to the past... Keep in mind that next year the work you are doing now will be in the past and they may want to toss it (and the people who did it) for the next new thing. Let us know how that works out for everyone. My experience has been that the companies that hang on to the past do so because they have something worth keeping. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
> > Keep in mind that next year the work you are doing now will be in the > past and they may want to toss it (and the people who did it) for the > next new thing. Let us know how that works out for everyone. My > experience has been that the companies that hang on to the past do so > because they have something worth keeping. > Or they don't want to spend money to update infrastructure or are locked into some proprietary dependency... Heck in a year if our needs change I'll no doubt run a project to replace what I did this year ;) Having worked in places that are afraid to touch that thing that has run forever and working where I am now I'll take the place that is flexible enough to trial new technologies over struggling to maintain something beyond EOL any day... James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
On 8/27/2010 1:51 PM, James Hogarth wrote: > > At any rate I stand by my position that in tech if you are going to > put an opinion piece out on a mailing list, a blog or another medium > it should be relevant to the current situation and not something you > tried a year ago and didn't work out great so you advise others to > steer clear a year later without checking to see what progress, if > any, has been made in that area. Agreed, but a large part of that opinion and one of the most helpful pieces of information for others relates to how stable a project is over a long period of time. Of course it is hard to predict the future, but the past is often a good indicator. If we weren't all interested in stability, we probably wouldn't be subscribed to this particular mail list. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
>> At any rate I stand by my position that in tech if you are going to >> put an opinion piece out on a mailing list, a blog or another medium >> it should be relevant to the current situation and not something you >> tried a year ago and didn't work out great so you advise others to >> steer clear a year later without checking to see what progress, if >> any, has been made in that area. > > Agreed, but a large part of that opinion and one of the most helpful > pieces of information for others relates to how stable a project is over > a long period of time. Of course it is hard to predict the future, but > the past is often a good indicator. If we weren't all interested in > stability, we probably wouldn't be subscribed to this particular mail list. > Agreed - and given the OP has got the info he wanted (and more no doubt!) I think we should let it rest on that good point... James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
I haven't seen much mentioned about puppet and though I am not a puppet master (yet) and am really just now getting into using it, I will provide my reason for selecting puppet. Not having much experience with configuration management tools and after seeing a relatively new service it made sense for me to investigate puppet, thinking that puppet might have learned from the short comings that plagued earlier tools. I liked the large amount of active development that was happening with the project and after I caught Luke Kanies the original author of puppet on an episode of TLLTS discussing it my interest was peeked even further. It has the ability to integrate with cobbler; something I do currently use, though I haven't gotten that far yet, and even though I am sure other configuration management services could do this as well, the mention of puppet on the cobbler website and documentation on how to use the two together reinforced my continued efforts to explore it. I am not familiar with cfengine, though I have read some high level discussions regarding it, so I imagine that it supports SSL, but I really liked the fact that puppet supports SSL out of the box with no configuration required. I installed the puppet server on a Fedora 13 box (I tend to install actively developed services on Fedora), I will be managing CentOS 5.5 and it was installed and up and running in less then 5 min. Installing the puppet client on my CentOS boxes was even quicker. I suppose some dislike having to learn the ruby syntax that is required for the puppet configuration files, but like any other new venture it is what it is, you just have to learn it. The documentation on the puppet labs website is decent and has helped me through several configurations I have needed, this plus the few things I mentioned have me content with my decision to use puppet to manage my environment. Hope this helps a little. David On 08/27/2010 02:35 PM, Les Mikesell wrote: > On 8/27/2010 2:17 PM, James Hogarth wrote: > >> Fair enough - it didn't meet your requirements and you found something >> better that did :) >> >> My experience is that when managers/VPs start specifying a tech to use >> as opposed to a problem to solve things tend to get irritating >> quickly. >> >> I feel very fortunate to be in a company that looks to the future >> rather than hacking away to hang on to the past... >> > Keep in mind that next year the work you are doing now will be in the > past and they may want to toss it (and the people who did it) for the > next new thing. Let us know how that works out for everyone. My > experience has been that the companies that hang on to the past do so > because they have something worth keeping. > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
On 08/27/10 7:33 AM, Kevin Thorpe wrote: > > Assuming the drive to kill is /dev/sda: > dd if=/dev/random of=/dev/sda > /dev/random is WAY to slow for this. byte at a time, gads, that would take *days* (hint, use bs=65536 next time you use dd to bulk wipe something) with modern drives, just writing one pass of zeros is plenty good enough. the old much-touted DoD erase pattern dates back from the days of MFM drives where bits were the size of boulders. > Do it a few times for good measure. At work we have a policy of > physically destroying > drives which grates a little at times. ditto here. but the reality is, wiping a single 500GB drive can take HOURS, and if you have a whole palette of dead systems, many hours of time digging the drives out, hooking them up to erase fixtures, etc etc, the labor costs would be ridiculous. then you get server racks with SCSI, FC, etc drives, all requiring different sorts of fixtures and having MANY drives in them. all the drives get yanked, and stored in a bin until the chipper truck arrives, tossed in the chipper and recycled as scrap metal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange Apache log entry
On 08/26/2010 03:29 AM, Keith Roberts wrote: > register_globals is supposed to be off by default - so that > should stop any global variables being injected. Doesn't matter. The vulnerability discussed is one where a PHP application actually takes the name of a file as input from the client. If your application does that and does not sanitize the path then it ends up vulnerable to code injection from the user. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Freezing gnome terminals...
On 08/28/2010 01:40 AM, didi wrote: > Hey > > On Fri, Aug 27, 2010 at 4:38 PM, John Doe wrote: >> Hi, >> >> just wondering if you also experience gnome terminals freezing after a >> while...? >> It mainly happens over the week-end. >> I would leave a terminal open (with an ssh session to a remote site), come >> back >> on monday and type a few commands and it jwould just freeze. >> But it also happen from time to time randomly during the day (but still with >> days old terminals). >> Happens to my collegues too. >> The Gnome terminal Reset option would not do anything. >> any idea what could be the problem? > > Maybe have a look at the strace. But if you have an ssh session open > chances are, that timed out. In which case the escape sequence '~.' should close the connection and give you could terminal back. Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange Apache log entry
On 8/24/10, Keith Roberts wrote: > So bolting down PHP really tight should address these hacks? As others have mentioned, this is trying to take advantage of a poorly written PHP script that doesn't sanitize/check the input before using. However, you could possibly lock down PHP further to reduce the possibility of such apps working by using the disabled_function setting to disable the riskier functions which allow shell/command/file operations. Of course depending on how aggressive you are, it could lead to scripts breaking. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange Apache log entry
Just to add on, if your server is hosting multiple domains for clients so you can't just do a blanket function disable, you should look into suhosin to do per domain function blacklist. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
