Re: [CentOS] looking for cool, post-install things to do on a centos 5.5 system
i'm not ignoring all of the suggestions so far (i'm taking note of all of them) but as rp herrold suggests, a lot of this is getting pretty far afield, so let me drag this back on-topic. i'm looking for cool things that can be added into a very generic 5-day course in basic RHEL (centos) administration that wouldn't normally be covered. i've provided the outline on which the 3rd party courseware is based -- it was written to mimic red hat's RH 131 course: https://www.redhat.com/courses/rh131_red_hat_linux_system_administration/ so you can see what's already there, and i'm after cool tips, tricks and utilities that people who are long-time RHEL/centos admins have learned that they think are terrifically useful that i can sneak in as bonus content. the caveat is that i don't want to add topics that would take longer than, say, a half day since i can always take a topic like that, extend it to a full-day course, and market it *separately*. case in point: virtualization. the course already covers virtualization *very* briefly and i don't want to make that section any longer since i can easily see having a full-day course on that topic. *possibly* the same thing with puppet or cfengine (both excellent suggestions). i'm thinking of at least demoing one or both and, depending on the interest, perhaps suggesting a full day course in enterprise-wide administration. anyway, i appreciate all of the ideas so far, and i'm definitely going to use some of them. thanks muchly. rday p.s. one stupendously trivial idea i had was to give each student a cheap USB drive and use that as the vehicle for playing with filesystem utilities. with an $8 2G drive, i can demonstrate concepts like hotplugging, udev, LVM and so on, knowing i'll never risk the contents of the hard drive. -- Robert P. J. Day Waterloo, Ontario, CANADA Top-notch, inexpensive online Linux/OSS/kernel courses http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] securing centos 5.2 for public usage
Dear all, i Just finished setting up an apache service on a centos 5.2 VM machine. i need to secure this machine as i'm soon to be setting a public IP over it where i'd be opening up the following services: 1. http 2. https 3. ssh Things i've done so far: 1. stopped root ssh access in sshd.conf 2. tried configuring PAM so i get a more secure ssh passwords (dictionary wise) as well as tried setting up a 2 times authentication failure for the account to be disabled for 12 hours (i couldnl't succeed in setting this up) 3. disabled port forwarding (to deny outsiders to tunnel through the server inside my network) couldn't succeed with this either. Any help or advice would be greatly appreciated.. thanks, --Roland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] securing centos 5.2 for public usage
Am 18.09.2010 12:08, schrieb Roland RoLaNd: > > Dear all, > > i Just finished setting up an apache service on a centos 5.2 VM machine. > > i need to secure this machine as i'm soon to be setting a public IP over it > where i'd be opening up the following services: > > > 1. http > 2. https > 3. ssh > > > Things i've done so far: > > 1. stopped root ssh access in sshd.conf > 2. tried configuring PAM so i get a more secure ssh passwords (dictionary > wise) as well as tried setting up a 2 times authentication failure for the > account to be disabled for 12 hours (i couldnl't succeed in setting this up) > 3. disabled port forwarding (to deny outsiders to tunnel through the server > inside my network) couldn't succeed with this either. > > > Any help or advice would be greatly appreciated.. > > thanks, > > --Roland First of all, you should really update to CentOS 5.5 plus all the additional package updates. And then, there is a nice wiki page http://wiki.centos.org/HowTos/OS_Protection with lots of helpful information about your topic. Read it carefully, and you will find a link to http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf with further tips to secure your system. Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] securing centos 5.2 for public usage
On 09/18/10 12:08, Roland RoLaNd wrote: > Dear all, > > i Just finished setting up an apache service on a centos 5.2 VM machine. > > i need to secure this machine as i'm soon to be setting a public IP over it > where i'd be opening up the following services: > > > 1. http > 2. https > 3. ssh > > > Things i've done so far: > > 1. stopped root ssh access in sshd.conf > 2. tried configuring PAM so i get a more secure ssh passwords (dictionary > wise) as well as tried setting up a 2 times authentication failure for the > account to be disabled for 12 hours (i couldnl't succeed in setting this up) > 3. disabled port forwarding (to deny outsiders to tunnel through the server > inside my network) couldn't succeed with this either. > > > Any help or advice would be greatly appreciated.. > > thanks, > > --Roland Start by upgrading to the latest release... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for cool, post-install things to do on a centos 5.5 system
On 17/09/2010 13:41, Les Mikesell wrote: > Oh - and how to install and use freenx/NX for remote access. And how about Serial Over LAN using IPMI if your kit supports it? Very useful is you've broken things... (speaking from experience :-) D ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
> This command will take forever and ever and ever (reads against /dev/random > blocks as the kernel runs out of entropy). /dev/urandom would be better but > still not very fast. I recently came across a replacement for /dev/urandom called frandom that the author claims is 10x faster on i686 hardware. Based on my own tests within a VMware Player VM, frandom can generate 150MB/s when piped to /dev/null. Tests on writing to disk were a modest 50MB/s which is about all what my laptop's disk can handle. -- Drew "Nothing in life is to be feared. It is only to be understood." --Marie Curie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for cool, post-install things to do on a centos 5.5 system
On Sat, Sep 18, 2010 at 5:06 AM, Robert P. J. Day wrote: > p.s. one stupendously trivial idea i had was to give each student a > cheap USB drive and use that as the vehicle for playing with > filesystem utilities. with an $8 2G drive, i can demonstrate concepts > like hotplugging, udev, LVM and so on, knowing i'll never risk the > contents of the hard drive. That reminds me of a sysadmin course where we set up minimal, console-only QEMU virtual machines with two virtual disks, and taught fdisk, mkfs, RAID, LVM and the like. -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for cool, post-install things to do on a centos 5.5 system
On Sat, 18 Sep 2010, Eduardo Grosclaude wrote: > On Sat, Sep 18, 2010 at 5:06 AM, Robert P. J. Day > wrote: > > > p.s. one stupendously trivial idea i had was to give each student > > a cheap USB drive and use that as the vehicle for playing with > > filesystem utilities. with an $8 2G drive, i can demonstrate > > concepts like hotplugging, udev, LVM and so on, knowing i'll never > > risk the contents of the hard drive. > > That reminds me of a sysadmin course where we set up minimal, > console-only QEMU virtual machines with two virtual disks, and > taught fdisk, mkfs, RAID, LVM and the like. interesting ... is this course publicly available? be fun to take a look at it. rday -- Robert P. J. Day Waterloo, Ontario, CANADA Top-notch, inexpensive online Linux/OSS/kernel courses http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for cool, post-install things to do on a centos 5.5 system
On Sat, 18 Sep 2010, Robert P. J. Day wrote: > To: CentOS mailing list > From: Robert P. J. Day > Subject: Re: [CentOS] looking for cool, > post-install things to do on a centos 5.5 system > > > i'm not ignoring all of the suggestions so far (i'm taking note of > all of them) but as rp herrold suggests, a lot of this is getting > pretty far afield, so let me drag this back on-topic. > > i'm looking for cool things that can be added into a very generic > 5-day course in basic RHEL (centos) administration that wouldn't > normally be covered. i've provided the outline on which the 3rd party > courseware is based -- it was written to mimic red hat's RH 131 > course: > > https://www.redhat.com/courses/rh131_red_hat_linux_system_administration/ > > so you can see what's already there, and i'm after cool tips, tricks > and utilities that people who are long-time RHEL/centos admins have > learned that they think are terrifically useful that i can sneak in as > bonus content. > > the caveat is that i don't want to add topics that would take longer > than, say, a half day since i can always take a topic like that, > extend it to a full-day course, and market it *separately*. > > case in point: virtualization. the course already covers > virtualization *very* briefly and i don't want to make that section > any longer since i can easily see having a full-day course on that > topic. > > *possibly* the same thing with puppet or cfengine (both excellent > suggestions). i'm thinking of at least demoing one or both and, > depending on the interest, perhaps suggesting a full day course in > enterprise-wide administration. > > anyway, i appreciate all of the ideas so far, and i'm definitely > going to use some of them. thanks muchly. > > rday > > p.s. one stupendously trivial idea i had was to give each student a > cheap USB drive and use that as the vehicle for playing with > filesystem utilities. with an $8 2G drive, i can demonstrate concepts > like hotplugging, udev, LVM and so on, knowing i'll never risk the > contents of the hard drive. What about showing them how to use the GParted Live CD. They can practice partitioning the USB drive, which comes up as /dev/sd??? As far as Linux is concerned, a USB drive is just another block device like /dev/sda HTH Keith - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] e2fsck with millions of files
> I'm not sure how much 64-bit support the kernel expects so there might be some > complications going that direction, but you can certainly install a 64-bit > system and run the 32-bit versions of the apps and have both versions of most > libraries available. To bring some closure to this thread, I ended up using a 64 bit Ubuntu Desktop Live CD which comes with e2fsck version 1.41. Here are the steps required: sudo /bin/su - root modprobe dm_mod apt-get install lvm2 vgscan vgchange -a y lvscan e2fsck /dev/path/to/partition This worked and the fsck completed within a few hours. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Software RAID + LVM + Grub
I'm playing with software RAID and LVM in some virtual machines and I've run into an issue that I can't find a good answer to in the docs. I have the following RAID setup: md0: sda1 and sdb1, RAID 1. This is /boot md1: sda2 and sdb2, RAID 1. This is a PV for LVM. VolGroup00, this is the volume group and md1 is the only PV in it. LogVol00 is swap LogVol01 is / LogVol02 is /home So, I tested to see what happens if I disable sdb in virtualbox. Machine booted find and I was able to see that part of the raid array was gone. I reattached the disk and rebuilt the array mdam --add /dev/md0 /dev/sdb1 mdam --add /dev/md1 /dev/sdb2 The array rebuilt without issue. But now, if I remove sda, the machine doesn't boot and grub complains. The question I have is how does one reinstall the boot sector at this point? I'm a little confused as far as to what device to install it on and what to specify as the root. This is grub.conf if it helps: default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz title CentOS (2.6.18-194.e15) root (hd0,0) kernel /vmlinuz-2.6.18-194.e15 ro root=/dev/VolGroup00/LogVol01 initrd /initrd-2.6.18-194.e15.img Grub has always been a little confusing for me, so I guess I don't understand. What do the two root entries specify? And again, my main question is how do I reinstall grub to the repaired disk? Sorry for the lengthy post, I'm trying to provide as much information as possible. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for cool, post-install things to do on a centos 5.5 system
On Sat, Sep 18, 2010 at 10:11 AM, Robert P. J. Day wrote: > On Sat, 18 Sep 2010, Eduardo Grosclaude wrote: > >> On Sat, Sep 18, 2010 at 5:06 AM, Robert P. J. Day >> wrote: >> >> > p.s. one stupendously trivial idea i had was to give each student >> > a cheap USB drive and use that as the vehicle for playing with >> > filesystem utilities. with an $8 2G drive, i can demonstrate >> > concepts like hotplugging, udev, LVM and so on, knowing i'll never >> > risk the contents of the hard drive. >> >> That reminds me of a sysadmin course where we set up minimal, >> console-only QEMU virtual machines with two virtual disks, and >> taught fdisk, mkfs, RAID, LVM and the like. > > interesting ... is this course publicly available? be fun to take a > look at it. The course materials were just the labs, along with succinct syntax notes. Exercises were just "partition that drive according to the following criteria", "create a PV/VG/LV that size", "build a level 1 RAID volume", "declare that RAID component invalid", that sort of things. Theory was kept at a minimum and was orally exposed. When managing educational efforts, I have encouraged instructors to concentrate in hands-on training, write minimal labs guides, and take the "Internet is already filled with info" approach wrt other docs. Of course, guidance was given about where and what to read: look for docs from your distro, learn to know when docs are out of date, etc. My experience is that non-academia students, while enthusiastic, lack studying muscle, and handouts you throw at them are seldom read or understood. Face-to-face is different; that's the place where your theory should go. However, they can build up a practical understanding of the task they must accomplish, so they can attempt to read documentation later. The labs should pull the theory, while University does the other way around. I found out this while being an instructor for Cisco CCNA program -- it wasn't an easy switch. -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Software RAID + LVM + Grub
On 09/18/2010 05:13 PM, Matthew Topper wrote: > I'm playing with software RAID and LVM in some virtual machines and > I've run into an issue that I can't find a good answer to in the docs. > > I have the following RAID setup: > > md0: sda1 and sdb1, RAID 1. This is /boot > > md1: sda2 and sdb2, RAID 1. This is a PV for LVM. > > VolGroup00, this is the volume group and md1 is the only PV in it. > > LogVol00 is swap > LogVol01 is / > LogVol02 is /home > > So, I tested to see what happens if I disable sdb in virtualbox. > Machine booted find and I was able to see that part of the raid array > was gone. > > I reattached the disk and rebuilt the array > mdam --add /dev/md0 /dev/sdb1 > mdam --add /dev/md1 /dev/sdb2 > > The array rebuilt without issue. But now, if I remove sda, the machine > doesn't boot and grub complains. The question I have is how does one > reinstall the boot sector at this point? I'm a little confused as far > as to what device to install it on and what to specify as the root. > > This is grub.conf if it helps: > > default=0 > timeout=5 > splashimage=(hd0,0)/grub/splash.xpm.gz > title CentOS (2.6.18-194.e15) > root (hd0,0) > kernel /vmlinuz-2.6.18-194.e15 ro root=/dev/VolGroup00/LogVol01 > initrd /initrd-2.6.18-194.e15.img > > Grub has always been a little confusing for me, so I guess I don't > understand. What do the two root entries specify? And again, my main > question is how do I reinstall grub to the repaired disk? Sorry for > the lengthy post, I'm trying to provide as much information as possible. http://wiki.centos.org/HowTos/CentOS5ConvertToRAID#head-fa2b73a28acdf965daa1e018962eaa8cbd94110c HTH, Timo :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 67, Issue 6
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CEBA-2010:0700 CentOS 5 x86_64 apr-util Update (Karanbir Singh)
2. CEBA-2010:0700 CentOS 5 i386 apr-util Update (Karanbir Singh)
3. CEBA-2010:0699 CentOS 5 x86_64 openCryptoki Update
(Karanbir Singh)
4. CEBA-2010:0699 CentOS 5 i386 openCryptoki Update (Karanbir Singh)
--
Message: 1
Date: Fri, 17 Sep 2010 20:41:47 +
From: Karanbir Singh
Subject: [CentOS-announce] CEBA-2010:0700 CentOS 5 x86_64 apr-util
Update
To: centos-annou...@centos.org
Message-ID: <20100917204147.ga18...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2010:0700
Upstream details at : https://rhn.redhat.com/errata/RHBA-2010-0700.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
22707603aefbf604fc0cd85be5fc4841 apr-util-1.2.7-11.el5_5.1.i386.rpm
b85bf6a071cf2d6eeaf06acfc0eb70fb apr-util-1.2.7-11.el5_5.1.x86_64.rpm
8927856d409178b4e110358a134436a6 apr-util-devel-1.2.7-11.el5_5.1.i386.rpm
5e6940ca24926a143435cb764c7e3e89 apr-util-devel-1.2.7-11.el5_5.1.x86_64.rpm
ec7d39f1424a851428e5d69776ea567d apr-util-docs-1.2.7-11.el5_5.1.x86_64.rpm
6d5e55de221b2934930a2adaa259ba98 apr-util-mysql-1.2.7-11.el5_5.1.x86_64.rpm
Source:
92c957a4fc281a58e04ff1f48bee4938 apr-util-1.2.7-11.el5_5.1.src.rpm
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net
--
Message: 2
Date: Fri, 17 Sep 2010 20:41:47 +
From: Karanbir Singh
Subject: [CentOS-announce] CEBA-2010:0700 CentOS 5 i386 apr-util
Update
To: centos-annou...@centos.org
Message-ID: <20100917204147.ga18...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2010:0700
Upstream details at : https://rhn.redhat.com/errata/RHBA-2010-0700.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
e6f5599bb88a29e319c78d167ea8f5a4 apr-util-1.2.7-11.el5_5.1.i386.rpm
1a03a1c2887fc0aeb2477a951d62fc23 apr-util-devel-1.2.7-11.el5_5.1.i386.rpm
891af9f087a4c71cb22c45af6714a955 apr-util-docs-1.2.7-11.el5_5.1.i386.rpm
5ffde8d4fa37240c22fdb660fbb962a5 apr-util-mysql-1.2.7-11.el5_5.1.i386.rpm
Source:
92c957a4fc281a58e04ff1f48bee4938 apr-util-1.2.7-11.el5_5.1.src.rpm
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net
--
Message: 3
Date: Fri, 17 Sep 2010 20:45:19 +
From: Karanbir Singh
Subject: [CentOS-announce] CEBA-2010:0699 CentOS 5 x86_64 openCryptoki
Update
To: centos-annou...@centos.org
Message-ID: <20100917204519.ga18...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2010:0699
Upstream details at : https://rhn.redhat.com/errata/RHBA-2010-0699.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
df73e4505e30d94056831e7e6f1d9f43 openCryptoki-2.2.4-22.el5_5.1.i386.rpm
b38b8b4d5b2f25977690774588b79f25 openCryptoki-2.2.4-22.el5_5.1.x86_64.rpm
9529d5c96a88ffecb28b648ee1723951 openCryptoki-devel-2.2.4-22.el5_5.1.i386.rpm
14d0ce467b1d7b1b7addf1d89199859a openCryptoki-devel-2.2.4-22.el5_5.1.x86_64.rpm
Source:
e1c510c0ed30783a18ab126a118064ad openCryptoki-2.2.4-22.el5_5.1.src.rpm
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net
--
Message: 4
Date: Fri, 17 Sep 2010 20:45:19 +
From: Karanbir Singh
Subject: [CentOS-announce] CEBA-2010:0699 CentOS 5 i386 openCryptoki
Update
To: centos-annou...@centos.org
Message-ID: <20100917204519.ga18...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2010:0699
Upstream details at : https://rhn.redhat.com/errata/RHBA-2010-0699.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
c90241d386d2b0faa14ef472bd6433dd openCryptoki-2.2.4-22.el5_5.1.i386.rpm
c701f002e13b6f2cf9d80bdd204a23c5 openCryptoki-devel-2.2.4-22.el5_5.1.i386.rpm
Source:
e1c510c0ed30783a18ab126a118064ad openCryptoki-2.2.4-22.el5_5.1.src.rpm
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@
Re: [CentOS] Was: Re: looking for cool, post-install things, is custom software
Keith Roberts wrote: > On Fri, 17 Sep 2010, m.r...@5-cent.us wrote: >> From: m.r...@5-cent.us >> Les Mikesell wrote: >>> On 9/17/2010 3:30 PM, m.r...@5-cent.us wrote: >> Actually, my manager just laid something on me this morning: the new >> release of Adobe's 64-bit flash for Linux. I suppose I need to get it >> from Adobe, then find who's running 64 bit and not 32 bit > > Can you find that out via TCP/IP, or not ? Nahhh, I'll start out with a script we have that lets me send a command to all, what, nearly 200 machines we administer. I figure the command will be something like "rpm -qa | grep slash | grep 64", though I may have to look at the format flag for rpm to force it to give the architecture. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto enter a password to mount windows share in Places
Denis wrote: > Akemi Yagi wrote: >> On Thu, Sep 16, 2010 at 12:05 PM, Denis wrote: >>> Hi - using gnome I am trying to use Places -> Connect to Server to >>> mount a windows share. I can do: >>> >>> smbclient //disk.site.edu/uname$ -U uname%passwd >>> >>> but have not been able to transfer that infomation into the GUI that > the next person to have be able to access. I guess I am looking for > something that would function like NIS. I guess an option is to run NIS > and then a person can have the some of this customized for the user. Um, you want some security for their mounts, then you want to run NIS? That's long been known as very insecure, back from when the 'Net was a much kinder place. I hate to say LDAP, but mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Transferring system to new drive
Timothy Murphy wrote: > Timothy Murphy wrote: > >> Marcelo M. Garcia wrote: >> I was thinking of copying the old root partition with sudo cp -a -P /* /mnt/hd >> >>> I think the command rsync is a better approach for this task. It has >>> much more features, for example, you can exclude certain files. >> >> Thanks for the suggestion. > > Thanks for all the responses. > > Further to my query, > I'm wondering if one can safely copy partitions > (in particular the root partition / ) > while the system is running. > > The reason that I ask is that I'm slightly afraid > the machine will not re-boot into single-user mode > with the present OS on the sick disk. I've done a number of machines - actually, I'll be doing another one Monday. What we do is mkdir /new /boot/new mkdir /old /boot/old rsync -HPaxvz --exclude olddrve-or-machine:/old olddriveormachine:/. /new/. and ditto for /boot - note you need the /. Then zsh load files/modules (I forget the exact line, and it's all at work), but you need this, can't do it, AFAIK, with other shells. cd /boot mv * old/ mv old/new/* . cd / mv * old/ mv old/new/* . mv old/lost+found . sync sync Then edit /etc/sysconfig/network-scripts/ifcfg-eth? as needed, and also /boot/grub/grub.conf, and /boot/grub/device.map, and finally grub-install /dev/sd And reboot. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] securing centos 5.2 for public usage
Roland RoLaNd wrote: > > i Just finished setting up an apache service on a centos 5.2 VM machine. > > i need to secure this machine as i'm soon to be setting a public IP over > it where i'd be opening up the following services: > > 1. http > 2. https > 3. ssh > > > Things i've done so far: > > 1. stopped root ssh access in sshd.conf > 2. tried configuring PAM so i get a more secure ssh passwords (dictionary > wise) as well as tried setting up a 2 times authentication failure for the > account to be disabled for 12 hours (i couldnl't succeed in setting this > up) > 3. disabled port forwarding (to deny outsiders to tunnel through the > server inside my network) couldn't succeed with this either. > Well, you could set selinux enforcing (AUGH!!!). Another possibility is run Bastille Linux on it to harden it. I really like the latter - I used it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes, this is years ago), and used that as my firewall/router, and in something like 9 years online, on broadband, to the best of my knowledge, I never had an intrusion. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Software RAID + LVM + Grub
Entering those commands exactly worked, but I'm not sure why it worked. So, it's progress. I need to find some good reference on GRUB, which seems difficult because most things I can find are about GRUB2, and CentOS has 0.97 On Sat, 18 Sep 2010 17:42:59 +0200 Timo Schoeler wrote: > On 09/18/2010 05:13 PM, Matthew Topper wrote: > > I'm playing with software RAID and LVM in some virtual machines and > > I've run into an issue that I can't find a good answer to in the > > docs. > > > > I have the following RAID setup: > > > > md0: sda1 and sdb1, RAID 1. This is /boot > > > > md1: sda2 and sdb2, RAID 1. This is a PV for LVM. > > > > VolGroup00, this is the volume group and md1 is the only PV in it. > > > > LogVol00 is swap > > LogVol01 is / > > LogVol02 is /home > > > > So, I tested to see what happens if I disable sdb in virtualbox. > > Machine booted find and I was able to see that part of the raid > > array was gone. > > > > I reattached the disk and rebuilt the array > > mdam --add /dev/md0 /dev/sdb1 > > mdam --add /dev/md1 /dev/sdb2 > > > > The array rebuilt without issue. But now, if I remove sda, the > > machine doesn't boot and grub complains. The question I have is > > how does one reinstall the boot sector at this point? I'm a little > > confused as far as to what device to install it on and what to > > specify as the root. > > > > This is grub.conf if it helps: > > > > default=0 > > timeout=5 > > splashimage=(hd0,0)/grub/splash.xpm.gz > > title CentOS (2.6.18-194.e15) > > root (hd0,0) > > kernel /vmlinuz-2.6.18-194.e15 ro > > root=/dev/VolGroup00/LogVol01 initrd /initrd-2.6.18-194.e15.img > > > > Grub has always been a little confusing for me, so I guess I don't > > understand. What do the two root entries specify? And again, my > > main question is how do I reinstall grub to the repaired disk? > > Sorry for the lengthy post, I'm trying to provide as much > > information as possible. > > http://wiki.centos.org/HowTos/CentOS5ConvertToRAID#head-fa2b73a28acdf965daa1e018962eaa8cbd94110c > > HTH, > > Timo :) > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] should vsftpd be disabled in favour of sftp for security reasons?
On 09/17/2010 02:51 AM, Robert P. J. Day wrote: > >(another in an ongoing list of things i just want to clarify for the > sake of future courses taught on centos.) > >from this RHEL doc page: > > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-openssh-server-config.html > > the reader is advised to, for the sake of security, remove/disable > vsftpd, ostensibly in favour of sftp/sftp-server. really? > >i can obviously see disallowing stuff like telnet and rsh and > rlogin, that's a no-brainer. but advising against vsftpd for the sake > of security? i'm not sure i see the logic in that. thoughts? > > rday > We use vsftpd as an FTPS only server in CHROOT mode. The only reason we don't user sftp instead is because it cannot (easily?) CHROOT users. Emmett ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for cool, post-install things to do on a centos 5.5 system
On Sep 17, 2010, at 3:39 AM, "Robert P. J. Day" wrote: > > (note: i asked this a few days ago but it *appears* that that post > was tossed due to getting excessive bounces from my account. so i'm > posting it again, apologies if you're seeing it a second time.) > > over the next several weeks, i'm teaching some courses in RHEL admin > but (unsurprisingly) i'll be using centos 5.5. it's a > decently-written, 3rd party course, all the generic, standard admin > topics but it does leave me about a 1/2 day to throw in any cool stuff > i want to add. > > so, any recommendations for neat things that people here have done > in the way of what can be added to or configured on a centos server > system? the course covers all the standard topics -- installation, > package management, service management, filesystem maintenance, that > sort of thing. so i'm looking for bonus, neat stuff that others here > do as a matter of course when putting together a centos system. > > logging utilities? intrusion detection? monitoring? anything that > leaps to mind that i can use to fill up a few more hours. i'm already > thinking of showing how to build and boot a new kernel. other ideas? > thanks. I haven't read the 80+ posts in entirety, so these might have been mentioned, but three ideas that could work: 1) RHEL for the security admin, where it goes in depth on hardening RHEL, intrusion detection and intrusion prevention. 2) RHEL for storage admins, software/hardware RAID, volume management and snapshots, NFS/CIFS network file systems, FCoE/iSCSI shared block devices. 3) RHEL for the network admin, firewalls, routers, bridges, traffic shaping, route load balancing, and network traffic monitoring. I think these can be expanded out some more, and while there might be some overlap they should be each more targeted then a broad course. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Maximum IP ranges
Hello,
Is there any maximum number of IP aliases or IP ranges that ifup can
handle? Right now i have about 12000 IPs assigned to the server and when
trying to assign range number 47 (ifup eth0-range47), i get his error:
/etc/sysconfig/network-scripts/ifup-post: line 21: 12733 Segmentation
fault /etc/sysconfig/network-scripts/ifup-aliases ${DEVICE} ${CONFIG}
Any advice is much appreciated.
Regards,
Radu
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Ac1dB1tch3z Vs Linux Kernel x86_64 0day
Are there any 64bit CentOS5 kernels available that are immune against the exploit mentioned in the subject? Turning off 32bit support is no option to me.. Gerhard Schneider P.S.: Source code can be found at http://seclists.org/fulldisclosure/2010/Sep/268 and is working "well" on 2.6.18-194.11.3.el5.centos.plus -- Gerhard Schneider Institute of Lightweight Design and e-Mail: g...@ilsb.tuwien.ac.at Structural Biomechanics (E317) Tel.: +43 664 60 588 3171 Vienna University of Technology / Austria Fax:+43 1 58801 31799 A-1040 Wien, Gusshausstrasse 27-29 http://www.ilsb.tuwien.ac.at/~gs/ signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Went with OpenDNS for now
A few weeks ago I asked about firewalls and family filters. Lanny Marcus, I believe, suggested OpenDNS. Just wanted to thank him (and everyone here) for their suggestions. Eventually I would like to learn about firewalls, but I don't really want to run another machine at this time. OpenDNS is trivial to set up on the router and looks to be just about exactly what I wanted. Thanks. Sorry to have dropped out of the other thread without thanking everyone or reporting the results -- I just last night dug up the thread (google search) and saw the OpenDNS suggestion. -- RonB -- Using CentOS 5.5 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] securing centos 5.2 for public usage
2010/9/18 Roland RoLaNd : > Dear all, > > i Just finished setting up an apache service on a centos 5.2 VM machine. > > i need to secure this machine as i'm soon to be setting a public IP over it > where i'd be opening up the following services: > > > 1. http > 2. https > 3. ssh > > > Things i've done so far: > > 1. stopped root ssh access in sshd.conf > 2. tried configuring PAM so i get a more secure ssh passwords (dictionary > wise) as well as tried setting up a 2 times authentication failure for the > account to be disabled for 12 hours (i couldnl't succeed in setting this up) > 3. disabled port forwarding (to deny outsiders to tunnel through the server > inside my network) couldn't succeed with this either. try reading CIS RHEL 1.2 guide. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] securing centos 5.2 for public usage
+1 for bastille... On 9/18/10, m.r...@5-cent.us wrote: > Roland RoLaNd wrote: >> >> i Just finished setting up an apache service on a centos 5.2 VM machine. >> >> i need to secure this machine as i'm soon to be setting a public IP over >> it where i'd be opening up the following services: >> >> 1. http >> 2. https >> 3. ssh >> >> >> Things i've done so far: >> >> 1. stopped root ssh access in sshd.conf >> 2. tried configuring PAM so i get a more secure ssh passwords (dictionary >> wise) as well as tried setting up a 2 times authentication failure for the >> account to be disabled for 12 hours (i couldnl't succeed in setting this >> up) >> 3. disabled port forwarding (to deny outsiders to tunnel through the >> server inside my network) couldn't succeed with this either. >> > Well, you could set selinux enforcing (AUGH!!!). Another possibility is > run Bastille Linux on it to harden it. I really like the latter - I used > it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes, > this is years ago), and used that as my firewall/router, and in something > like 9 years online, on broadband, to the best of my knowledge, I never > had an intrusion. > > mark > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] securing centos 5.2 for public usage
On Sat, Sep 18, 2010 at 12:26:04PM -0400, m.r...@5-cent.us wrote: > > Well, you could set selinux enforcing (AUGH!!!). Another possibility is > run Bastille Linux on it to harden it. I really like the latter - I used > it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes, > this is years ago), and used that as my firewall/router, and in something > like 9 years online, on broadband, to the best of my knowledge, I never > had an intrusion. Bastille Unix (renamed quite some time ago) has not been updated in two years and is no longer supported to the best of my knowledge; they announced an impending release in 2008 which never occured and nothing has been heard since that I know of. And why "AUGH!!!"? Selinux is enabled by default for a reason and, quite frankly, has no need to be disabled except in the most rare of corner cases; learning to properly make use of selinux will, in the long run, make your life much easier. I would never consider running an internet-facing host without selinux in enforcing mode. John -- If man does find the solution for world peace it will be the most revolutionary reversal of his record we have ever known. -- George C. Marshall (1880 - 1959), American military leader and statesman, creator of the Marshall Plan, the only US Army general to receive the Nobel Peace Prize, Biennial Report of the Chief of Staff, US Army, 1 September 1945 pgpYrBUcNlMsj.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ac1dB1tch3z Vs Linux Kernel x86_64 0day
On 18/09/10 20:11, Gerhard Schneider wrote: > > Are there any 64bit CentOS5 kernels available that are immune against > the exploit mentioned in the subject? Turning off 32bit support is no > option to me.. > > Gerhard Schneider > > P.S.: Source code can be found at > http://seclists.org/fulldisclosure/2010/Sep/268 and is working "well" on > 2.6.18-194.11.3.el5.centos.plus > > Not at present AFAIK. Red Hat are currently working on backporting a fix. You can track progress here: https://bugzilla.redhat.com/show_bug.cgi?id=634457 https://access.redhat.com/kb/docs/DOC-40265 Given CentOS tracks what Red Hat releases, there's not much CentOS can do until Red Hat release a fix and Red Hat are unlikely to rush a fix out of the door before it's been thoroughly tested. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ac1dB1tch3z Vs Linux Kernel x86_64 0day
Am 18.09.2010 21:11, schrieb Gerhard Schneider: > > Are there any 64bit CentOS5 kernels available that are immune against > the exploit mentioned in the subject? Turning off 32bit support is no > option to me.. > > Gerhard Schneider > > P.S.: Source code can be found at > http://seclists.org/fulldisclosure/2010/Sep/268 and is working "well" on > 2.6.18-194.11.3.el5.centos.plus > from Scientific Linux http://linux.web.cern.ch/linux/news.shtml#cve20103081 you can get a patched kernel from http://linuxsoft.cern.ch/cern/slc5X/x86_64/updates/testing/RPMS can be installed on CentOS and fixes the problem. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Software RAID + LVM + Grub
On Sat, Sep 18, 2010 at 2:41 PM, Matthew Topper wrote: > On Sat, 18 Sep 2010 17:42:59 +0200 Timo Schoeler > wrote: > >> On 09/18/2010 05:13 PM, Matthew Topper wrote: >> > I'm playing with software RAID and LVM in some virtual machines and >> > I've run into an issue that I can't find a good answer to in the >> > docs. >> > >> > I have the following RAID setup: >> > >> > md0: sda1 and sdb1, RAID 1. This is /boot >> > >> > md1: sda2 and sdb2, RAID 1. This is a PV for LVM. >> > >> > VolGroup00, this is the volume group and md1 is the only PV in it. >> > >> > LogVol00 is swap >> > LogVol01 is / >> > LogVol02 is /home >> > >> > So, I tested to see what happens if I disable sdb in virtualbox. >> > Machine booted find and I was able to see that part of the raid >> > array was gone. >> > >> > I reattached the disk and rebuilt the array >> > mdam --add /dev/md0 /dev/sdb1 >> > mdam --add /dev/md1 /dev/sdb2 >> > >> > The array rebuilt without issue. But now, if I remove sda, the >> > machine doesn't boot and grub complains. The question I have is >> > how does one reinstall the boot sector at this point? I'm a little >> > confused as far as to what device to install it on and what to >> > specify as the root. >> > >> > This is grub.conf if it helps: >> > >> > default=0 >> > timeout=5 >> > splashimage=(hd0,0)/grub/splash.xpm.gz >> > title CentOS (2.6.18-194.e15) >> > root (hd0,0) >> > kernel /vmlinuz-2.6.18-194.e15 ro >> > root=/dev/VolGroup00/LogVol01 initrd /initrd-2.6.18-194.e15.img >> > >> > Grub has always been a little confusing for me, so I guess I don't >> > understand. What do the two root entries specify? And again, my >> > main question is how do I reinstall grub to the repaired disk? >> >> http://wiki.centos.org/HowTos/CentOS5ConvertToRAID#head-fa2b73a28acdf965daa1e018962eaa8cbd94110c > > Entering those commands exactly worked, but I'm not sure why it > worked. So, it's progress. > > I need to find some good reference on GRUB, which seems difficult > because most things I can find are about GRUB2, and CentOS has 0.97 The commands installed grub into the mbr of sdb that way you can boot from either sda or sdb if the other is missing. You should always do that when booting from raid1 http://wiki.centos.org/HowTos/SoftwareRAIDonCentOS5 GRUB1 manual http://www.gnu.org/software/grub/manual/legacy/grub.html Good link (AFAIR) http://members.iinet.net.au/~herman546/p15.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NX and CentOS 5.5?
I am pulling my hair out here folks.. I am running CentOS 5.5 in command line only. Reason being I am standing up an IDS system on it. I have installed the NX client/node and server pkgs. I have installed the NX client for windows on a Vista box. When I attemtp to connect from the Vista to CentOS, I get this: NX> 203 NXSSH running with pid: 22080 NX> 285 Enabling check on switch command NX> 285 Enabling skip of SSH config files NX> 285 Setting the preferred NX options NX> 200 Connected to address: 192.168.1.70 on port: 22 NX> 202 Authenticating user: nx NX> 208 Using auth method: publickey NX> 204 Authentication failed. Now I have been googling and re-googling. Plenty of people have had the same issue, but I have yet to find a solution that works for me. Funny that most of the stuff I'm finding on google is 4-5 years old! I'm sure I am probably missing something so simple I will puke! I think I read that someone did an install and it worked right out of the box!! Incredible! I'd really like to see a CentOS - NX configuration guide but couldn't find one. Can someone just tell me how this should be configuredwhat changes do I need to make and to what config files? ssh (putty and WinSCP) works just fine for me in case you need to know. If you need any particular information, please let me know. Thanks. Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NX and CentOS 5.5?
On Sat, 2010-09-18 at 16:08 -0700, Raymond Jender wrote: > I am pulling my hair out here folks.. > > I am running CentOS 5.5 in command line only. Reason being I am > standing up an IDS system on it. > > I have installed the NX client/node and server pkgs. I have installed > the NX client for windows on a Vista box. When I attemtp to connect > from the Vista to CentOS, I get this: > > NX> 203 NXSSH running with pid: 22080 > NX> 285 Enabling check on switch command > NX> 285 Enabling skip of SSH config files > NX> 285 Setting the preferred NX options > NX> 200 Connected to address: 192.168.1.70 on port: 22 > NX> 202 Authenticating user: nx > NX> 208 Using auth method: publickey > NX> 204 Authentication failed. > > Now I have been googling and re-googling. Plenty of people have had > the same issue, but I have yet to find a solution that works for me. > Funny that most of the stuff I'm finding on google is 4-5 years old! > I'm sure I am probably missing something so simple I will puke! > > I think I read that someone did an install and it worked right out of > the box!! Incredible! > > I'd really like to see a CentOS - NX configuration guide but couldn't > find one. > > Can someone just tell me how this should be configuredwhat changes > do I need to > make and to what config files? > > ssh (putty and WinSCP) works just fine for me in case you need to > know. > > If you need any particular information, please let me know. > > Thanks. > > Ray > usually when that happens, that means you didn't copy the client.id_dsa.key from /etc/nxserver to the client and set that key in the client setup. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] should vsftpd be disabled in favour of sftp for security reasons?
On 19/09/2010, at 4:48 AM, Emmett Culley wrote: > On 09/17/2010 02:51 AM, Robert P. J. Day wrote: >> >>(another in an ongoing list of things i just want to clarify >> for the >> sake of future courses taught on centos.) >> >>from this RHEL doc page: >> >> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ >> Deployment_Guide/s1-openssh-server-config.html >> >> the reader is advised to, for the sake of security, remove/disable >> vsftpd, ostensibly in favour of sftp/sftp-server. really? >> >>i can obviously see disallowing stuff like telnet and rsh and >> rlogin, that's a no-brainer. but advising against vsftpd for the >> sake >> of security? i'm not sure i see the logic in that. thoughts? >> >> rday >> > We use vsftpd as an FTPS only server in CHROOT mode. The only > reason we don't user sftp instead is because it cannot (easily?) > CHROOT users. > > Emmett Possibly because FTP sends clear text passwords... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NX and CentOS 5.5?
>I am running CentOS 5.5 in command line only. Reason being I am standing up >an IDS system on it. > >I have installed the NX client/node and server pkgs. I have installed the NX >client for windows on a Vista box. When I attemtp to connect from the Vista >to CentOS, I get this: Huh? So no GUI, but you want NX? What's wrong with ssh? You do realize NX is for remote desktop display? Even if that works, you'd be using ssh to tunnel an ssh session? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
