[CentOS] yum update error

[Timothy Murphy]

For some reason all the perl man pages cause yum errors like
-
Transaction Check Error:
  file /usr/share/man/man1/c2ph.1.gz from install of
  perl-5.8.8-32.el5_5.2.x86_64 conflicts with file from package
  perl-5.8.8-32.el5_5.1.i386
-

1. I don't really see how the man pages can cause conflicts;
2. More importantly, how should I deal with this?
[I've updated everything else with yum --exclude=perl* update.]

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum update error

[Timo Schoeler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

thus Timothy Murphy spake:
> For some reason all the perl man pages cause yum errors like
> -
> Transaction Check Error:
>   file /usr/share/man/man1/c2ph.1.gz from install of
>   perl-5.8.8-32.el5_5.2.x86_64 conflicts with file from package
>   perl-5.8.8-32.el5_5.1.i386
> -
> 
> 1. I don't really see how the man pages can cause conflicts;
> 2. More importantly, how should I deal with this?
> [I've updated everything else with yum --exclude=perl* update.]

Ran into this, too, recently. I don't know whether it's the
'recommended' way, but removing perl-5.8.8-32.el5_5.1.i386 (on a 64bit
machine), which was possible without removing anything else, and then
updating (which included the installion of perl-5.8.8-32.el5_5.2.x86_64
fixed it for me.

HTH,

Timo



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)

iD4DBQFMsvEDfg746kcGBOwRAugdAJdyBoSwrHhfdq9wGOcT4I4+MwdAAKCkj4qa
gcaDmDsde71I8W0JC/2oaQ==
=Uo2F
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] security updates

[Ritika Garg]

I can't understand exactly what these security updates do? Why is there a
need to have a security update?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security updates

[Timo Schoeler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

thus Ritika Garg spake:
> I can't understand exactly what these security updates do? Why is there a
> need to have a security update?

YMMD.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFMswD6fg746kcGBOwRAtvVAJ9HWjA7ZOMw2TdtFECGbNFGA2L4FQCffE4q
vDimM5oXWRFSF/gQPwbGZQw=
=smyX
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security updates

[Giles Coochey]

On Mon, October 11, 2010 13:36, Ritika Garg wrote:
> I can't understand exactly what these security updates do? Why is there a
> need to have a security update?
> ___

What is your IP? :-D

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security updates

[sync]

I have the same problem on it . Isn't the CentOS very safe?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security updates

[Ralph Angenendt]

Am 11.10.10 14:30, schrieb sync:
> I have the same problem on it . Isn't the CentOS very safe?

Okay, I'll bite.

>From time to time there are bugs found in the software which CentOS
ships. These bugs can lead your code to crash, your machine to be denied
of service as the process which has the bug takes up all system
ressources or even can lead to others being able to run code on your
system (which some bugs being able to do so as root).

Security updates fix those flaws in the Software which CentOS ships, so
you are advised to install those.

Regards,

Ralph
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security updates

[Ben McGinnes]

On 11/10/10 11:30 PM, sync wrote:
> I have the same problem on it . Isn't the CentOS very safe?

*Sigh*

If you don't update it then it won't remain so.  It's like buying a
brand new deadlock for the door to your house and then leaving the door
wide open when you go out.  Chances are that sooner or later your stuff
will get stolen and the place will get trashed.


Regards,
Ben

-- 
Ben McGinnes  http://www.adversary.org/  Twitter: benmcginnes
Systems Administrator, Writer, ICT Consultant
Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x371AC5BFA04AE313



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security updates

[Robert Heller]

At Mon, 11 Oct 2010 20:30:04 +0800 CentOS mailing list  
wrote:

> 
> 
> 
> I have the same problem on it . Isn't the CentOS very safe?

If you apply ALL of the security updates as they become available.  ALL
O/Ss have security updates from time-to-time (what do you think those
MS-Windows 'Service Packs' are?).

In the case of CentOS (and Linux in general), the security updates are
generally released *before* some cracker writes an exploit, where as
with MS-Windows the updates show up like 6 months *after* some cracker
has trashed a zillion PCs and recuited them into an army of zombies
and incorporated them into a botnet.

The reason for the more timely updates with Linux is that it is open
source, and "with enough eyeballs, all bugs are shallow" (I am not
totally sure if this is a quote from Eric Raymond or Linus Torvalds). 
There are *lots and lots* of people looking over the code looking for
mistakes (bugs).  There are *always* bugs in any non-trivial piece of
software -- no non-trivial piece of software is perfectly bug free.  Us
programmers *try* to write the best code we can, but sometimes stuff
slips through the cracks...  The operating system itself (the kernel) is
a very complex piece of code.  Plus there are all of the additional bits
and pieces that people use for everyday tasks, many of these pieces of
software are fairly complex all on their own.

Also, since Linux is not a monolithic blob (like MS-Windows), much of
the everyday software is maintained by a whole batch of different people
and each piece of software has a different schedule of update releases,
so there are updates (security and otherwise) released at different
times.  Red Hat / the CentOS team release these updates as soon as they
become available (and have been quality tested, etc.).

> 
> MIME-Version: 1.0
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
>  

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
hel...@deepsoft.com   -- http://www.deepsoft.com/ModelRailroadSystem/
 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum update error

[John Doe]

From: Timothy Murphy 

> For some reason all the perl man pages cause yum errors  like
> -
> Transaction Check  Error:
>   file /usr/share/man/man1/c2ph.1.gz from install of
>perl-5.8.8-32.el5_5.2.x86_64 conflicts with file from package
>perl-5.8.8-32.el5_5.1.i386
> -
> 1. I  don't really see how the man pages can cause conflicts;
> 2. More importantly,  how should I deal with this?

Simply because both packages contain several identical (as in filepath) files...
You try to install two versions of the perl package at the same time.
You have an old i386 version and try to install a newer x86_64.
I think I would remove the old i386 version and install the newer x86_64.

JD


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security updates

[John Doe]

From: Giles Coochey 

> On Mon, October 11, 2010 13:36, Ritika Garg wrote:
> > I can't understand  exactly what these security updates do? Why is there a
> > need to have a  security update?
> What is your IP?  :-D

Keep this information secret, but I think his IP is 127.0.0.1 ...
And there's no firewall!!!  ;P

JD


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security updates

[Morten P.D. Stevens]

On Mon, Oct 11, 2010 at 2:30 PM, sync  wrote:
> I have the same problem on it . Isn't the CentOS very safe?

CentOS (RHEL 5) is one of the most secure operating systems worldwide.

Best regards,

Morten
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] recommended way to install source rpms?

[Patrick Lists]

On 10/11/2010 07:10 AM, Mathieu Baudier wrote:
[snip]
> - install 'mock' (IMPORTANT: install the one from CentOS, exclude the
> one from EPEL in your repo file)

Would you mind giving a hint why one should not use mock from EPEL? 
Afaict the mock version in the CentOS repo is 0.6.13 which was released 
years ago and the one in EPEL is 1.0.7 which is current.

Thanks,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] recommended way to install source rpms?

[Mathieu Baudier]

> Would you mind giving a hint why one should not use mock from EPEL?

Because the one in CentOS will, out of the box, pull out and properly
configure the CentOS buildsys package, which itself is a meta-package
whose dependencies are the minimal set required to create a chroot
build environment:
http://dev.centos.org/centos/buildsys/5/

My understanding (to be confirmed/infirmed by CentOS developers) is
that this is the tool actually used to build CentOS.

> Afaict the mock version in the CentOS repo is 0.6.13 which was released
> years ago and the one in EPEL is 1.0.7 which is current.

Yes, that's what I thought first as well, but the one from CentOS
worked, while the one from EPEL did not (for the purpose of building
CentOS RPMS => I don't say that EPEL's mock is broken).

I tried to tweak it a bit, but in the end all that you need is a
cleanly prepared chroot and the CentOS mock is good enough for that.
(there is probably a way to get the EPEL one to work as well.)

Hence the need to exclude the mock from EPEL in the repo file,
otherwise it updates the one from CentOS.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] recommended way to install source rpms?

[R P Herrold]

On Mon, 11 Oct 2010, Patrick Lists wrote:

> Would you mind giving a hint why one should not use mock from EPEL?
> Afaict the mock version in the CentOS repo is 0.6.13 which was released
> years ago and the one in EPEL is 1.0.7 which is current.

ehh??

mock-1.1.5-1orc.src.rpm from upstream Raw Hide

The mock inplementaion is a moving target --- I do not 
know the particulars of why the other party recommmended 
using THE ONE CENTOS BUILT ON for CentOS, but ...

-- Russ herrold
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] recommended way to install source rpms?

[Phil Schaffner]

Robert P. J. Day wrote on 10/10/2010 05:56 PM:
...
> http://wiki.centos.org/PackageManagement/SourceInstalls
> 
> seems just a touch on the hysterical side.  i don't disagree that
> installing packages from the source rpm is probably a questionable
> idea.  but that doesn't justify simply not explaining how to do it
> easily.

I think you missed the main point of that page.  It is about (not) 
installing from source tarballs, although using packages from a reliable 
repo if available is good advice anyway.  Perhaps that page would 
benefit from a link to

http://wiki.centos.org/HowTos/RebuildSRPM

That is only one hop away via the RPMs link that is on the 
SourceInstalls page.

Any comments on the latter page are welcome, but probably best done on 
the centos-docs list.

Phil
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 68, Issue 5

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2010:0749 Important CentOS 5 x86_64 poppler  Update
  (Karanbir Singh)
   2. CESA-2010:0749 Important CentOS 5 i386 popplerUpdate
  (Karanbir Singh)
   3. CEBA-2010:0646 CentOS 5 i386 ghostscript Update (Karanbir Singh)
   4. CEBA-2010:0646 CentOS 5 x86_64 ghostscript Update (Karanbir Singh)
   5. CESA-2010:0742 Moderate CentOS 5 i386 postgresql84 Update
  (Karanbir Singh)
   6. CESA-2010:0742 Moderate CentOS 5 x86_64   postgresql84 Update
  (Karanbir Singh)
   7. CESA-2010:0753 Important CentOS 5 i386kdegraphics Update
  (Karanbir Singh)
   8. CESA-2010:0753 Important CentOS 5 x86_64  kdegraphics Update
  (Karanbir Singh)
   9. CESA-2010:0720 Moderate CentOS 5 x86_64 mikmodUpdate
  (Karanbir Singh)
  10. CESA-2010:0720 Moderate CentOS 5 i386 mikmod  Update
  (Karanbir Singh)
  11. CEBA-2010:0708  CentOS 5 i386 openais Update (Karanbir Singh)
  12. CEBA-2010:0708  CentOS 5 x86_64 openais Update (Karanbir Singh)
  13. CEBA-2010:0744  CentOS 5 x86_64 tomcat5 Update (Karanbir Singh)
  14. CEBA-2010:0744  CentOS 5 i386 tomcat5 Update (Karanbir Singh)


--

Message: 1
Date: Sun, 10 Oct 2010 22:51:57 +
From: Karanbir Singh 
Subject: [CentOS-announce] CESA-2010:0749 Important CentOS 5 x86_64
poppler Update
To: centos-annou...@centos.org
Message-ID: <20101010225157.ga27...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2010:0749 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2010-0749.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
66ee1357503afe32ee034b91227b70a2  poppler-0.5.4-4.4.el5_5.14.i386.rpm
7ab9a8bd9cfeef80a442752d82c47def  poppler-0.5.4-4.4.el5_5.14.x86_64.rpm
53db13b9adb9b228d624742055b24cf7  poppler-devel-0.5.4-4.4.el5_5.14.i386.rpm
b4e1cbd5ba5e8f803b8658a26db16ad6  poppler-devel-0.5.4-4.4.el5_5.14.x86_64.rpm
c78b951572d13fe19127ade4e919fe2c  poppler-utils-0.5.4-4.4.el5_5.14.x86_64.rpm

Source:
ec88eeda73820877e07c58c1196d633e  poppler-0.5.4-4.4.el5_5.14.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net



--

Message: 2
Date: Sun, 10 Oct 2010 22:51:57 +
From: Karanbir Singh 
Subject: [CentOS-announce] CESA-2010:0749 Important CentOS 5 i386
poppler Update
To: centos-annou...@centos.org
Message-ID: <20101010225157.ga27...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2010:0749 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2010-0749.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
72e449e8db5b17a87cdba060c072b823  poppler-0.5.4-4.4.el5_5.14.i386.rpm
9481379357221f0c0daffc056b2667b8  poppler-devel-0.5.4-4.4.el5_5.14.i386.rpm
60fd980c99575fa30f2921f260be9d52  poppler-utils-0.5.4-4.4.el5_5.14.i386.rpm

Source:
ec88eeda73820877e07c58c1196d633e  poppler-0.5.4-4.4.el5_5.14.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net



--

Message: 3
Date: Sun, 10 Oct 2010 22:55:17 +
From: Karanbir Singh 
Subject: [CentOS-announce] CEBA-2010:0646 CentOS 5 i386 ghostscript
Update
To: centos-annou...@centos.org
Message-ID: <20101010225517.ga27...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2010:0646 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2010-0646.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
9c3052568673423d60d3a49eb020338d  ghostscript-8.15.2-9.12.el5_5.i386.rpm
2e0f8d86ddd2a6441d8c495cef043dff  ghostscript-devel-8.15.2-9.12.el5_5.i386.rpm
d926844618e6cf2b8e41363a9418e124  ghostscript-gtk-8.15.2-9.12.el5_5.i386.rpm

Source:
eac3fccca99f7d85dcdf0e93485ac02b  ghostscript-8.15.2-9.12.el5_5.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net



--

Message: 4
Date: Sun, 10 Oct 2010 22:55:17 +
From: Karanbir Singh 
Subject: [CentOS-announce] CEBA-2010:0646 CentOS 5 x86_64 ghostscript
Update
To: centos-annou...@centos.org
Mess

Re: [CentOS] recommended way to install source rpms?

[Lamar Owen]

On Sunday, October 10, 2010 05:56:47 pm Robert P. J. Day wrote:
> frankly, the wiki page on downloading from source: 
> http://wiki.centos.org/PackageManagement/SourceInstalls 
> seems just a touch on the hysterical side.  

For certain uses and certain software stacks from source is the only sane way.  
For other stacks and uses the opposite is true.  Plone from the Plone.org 
UnifiedInstaller is one stack where you simply want to stay with a from-source 
managed-by-zc.buildout setup, not from RPM's.  It is one of the very few cases 
where this is so.  In that case you have to balance support from the OS versus 
support from the Plone upstream; in the case of Plone upstream is preferred.  
YMMV.

> i don't disagree that
> installing packages from the source rpm is probably a questionable
> idea.  but that doesn't justify simply not explaining how to do it
> easily.

The referenced wiki page has nothing to do with rebuilding a source RPM, but 
has to do with the 'traditional' ./configure&&make&& sudo make install mantra 
that is a support nightmare.

Properly controlling from source-rpm builds is a sane activity, as long as you 
take the responsibility for the package, set the EVR for the RPM properly, etc. 
 Good info on how to do this is in the Fedora developer docs.  EPEL contains 
all the rpm developer tools you need, so enable EPEL, load rpmdevtools, and 
have fun.  Support is in your own hands, of course.  When there are specific 
options I need (like building a package with a non-default set of compile-time 
arguments or modules) I'll do this myself, and keep all the changes in my own 
setup with EVR >  the CentOS package EVR (twiddling epoch, though really really 
ugly, is quite effective to make you package always win the comparison).

But I packaged PostgreSQL for five years, and am not a novice.  I'm not as in 
practice as I once was, but I do try to keep up with most of the current ways 
of doing things.  And I always try to start with the CentOS base package where 
possible.

>   my plan is to install yum-utils to get yumdownloader, add the repo
> file suggested above, then have students:
> 
>   $ yumdownloader --source 
> 
> so they can examine the source of some packages.  is the approach i'm
> suggesting reasonable?  thanks.

Very reasonable for a learning tool, which is what your question was really 
asking.  Not as reasonable for a production server.

Do use the Fedora/EPEL rpmdevtools, though.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] recommended way to install source rpms?

[Patrick Lists]

On 10/11/2010 05:12 PM, R P Herrold wrote:
> On Mon, 11 Oct 2010, Patrick Lists wrote:
>
>> Would you mind giving a hint why one should not use mock from EPEL?
>> Afaict the mock version in the CentOS repo is 0.6.13 which was released
>> years ago and the one in EPEL is 1.0.7 which is current.
>
> ehh??
>
> mock-1.1.5-1orc.src.rpm from upstream Raw Hide

I'm aware of the 1.1 branch but the mock website says that 1.1 is for 
"F-13+". Doesn't that excludes CentOS?

> The mock inplementaion is a moving target --- I do not
> know the particulars of why the other party recommmended
> using THE ONE CENTOS BUILT ON for CentOS, but ...

Sorry but I don't get it. Are you saying that mock from EPEL or the 
Rawhide one you mentioned work equally fine on CentOS (5.5) and all 
cover the buildsys requirement that Mathieu mentioned?

Regards,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Went with OpenDNS for now

[Lanny Marcus]

On Mon, Sep 20, 2010 at 4:49 PM, Ron Blizzard  wrote:
>>> A few weeks ago I asked about firewalls and family filters. Lanny
>>> Marcus, I believe, suggested OpenDNS. Just wanted to thank him (and
>>> everyone here) for their suggestions.
>> 
>> Ron: My pleasure. Usually, I am the one receiving help from the list.
>> Glad you found OpenDNS useful.  Lanny
>
> I've already set it up at my brother's house, it has to be the easiest
> family filtering solution for multiple computers. The only downside is
> this allows me to put off learning anything about Linux servers...
> again.

Ron: Again, you are welcome.  One morning last week, we had no DNS. I
told my wife, that's virtually impossible with OpenDNS. Called Tech
Support of our ISP and they told me their international connectivity
was down. For us, the nearest OpenDNS service is in Miami and that's
where the underwater cable to the USA ends.

The next morning, no DNS.  For some reason, after 20 1/2 months, the
DNS/DNS Caching in our IPCop box died.   :-)

I suggest everyone consider using OpenDNS, in their homes and offices.  Lanny
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] recommended way to install source rpms?

[R P Herrold]

On Mon, 11 Oct 2010, Patrick Lists wrote:

> On 10/11/2010 05:12 PM, R P Herrold wrote:
>> The mock inplementaion is a moving target --- I do not
>> know the particulars of why the other party recommmended
>> using THE ONE CENTOS BUILT ON for CentOS, but ...

> Sorry but I don't get it. Are you saying that mock from EPEL or the
> Rawhide one you mentioned work equally fine on CentOS (5.5) and all
> cover the buildsys requirement that Mathieu mentioned?

not at all -- I am saying that mock is a moving target as to 
bugs, features, and approach if you move beyond the one we 
ship in (as I recall) 'extras'

In such cases the proper support venue regarding mock use is 
elsewhere, as we at centos are focused on supporting what we 
ship, rather than trying to know an answer for all bugs in all 
variations of all software everywhere

-- Russ herrold
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Automated Reply from Dieter Thiel =

[Dieter Thiel]

Abwesenheitsnotiz:

Vielen Dank für Ihre Nachricht. Ich bin ab dem 22.10. wieder im Büro erreichbar.

In dringenden Fällen wenden Sie sich bitte an Herrn Ostermann,
Email .

Vielen Dank!


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] One server not showing SSH port, the other is.

[Dotan Cohen]

I have two CentOS servers running SSH on two different non-standard
ports. So far as I can tell, they have identical /etc/ssh/sshd_config
files with the exception of the different port (both are 22xx).
However, when running nmap on them, one betrays the port that SSH is
running on, and the other does not. I have shut down iptables on both
machines and the behaviour remains this way. What could be the cause?
Specifically, how can I hide the port that SSH is running on?

I'm sorry that I cannot provide the IP addresses, the owner of the
servers doesn't want that! I also know how silly it is to do "stealth"
ports but I'm not the one making the decision!

Thanks!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] One server not showing SSH port, the other is.

[Gordon Messmer]

On 10/11/2010 04:21 PM, Dotan Cohen wrote:
> However, when running nmap on them, one betrays the port that SSH is
> running on, and the other does not. I have shut down iptables on both
> machines and the behaviour remains this way. What could be the cause?

You're probably not running a full port scan with nmap.  One of the 
systems is using a port that nmap includes in its quick scan set, and 
the other does not.

> Specifically, how can I hide the port that SSH is running on?

You can't.  If that port is open, a full nmap scan will reveal it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] One server not showing SSH port, the other is.

[Joseph L. Casale]

>However, when running nmap on them, one betrays the port that SSH is running 
>on, and the other does not.

What does betray mean?

>I have shut down iptables on both machines and the behaviour remains this way. 
>What could be the cause?

Public facing machines w/ iptables off?

>Specifically, how can I hide the port that SSH is running on?

So if you want it hidden, you want it not to accept connections from other 
machines?
#iptables -L

See what's allowed, then if you're not iptable savvy, install/run 
system-config-security.
Then do not permit connections to that port, unless you provide more info, like 
do you
Have internal trusted interfaces etc, you will be locked out.

>I'm sorry that I cannot provide the IP addresses, the owner of the servers 
>doesn't want that! I also know how silly it is to do "stealth"
>ports but I'm not the one making the decision!

Probably good thing you haven't exposed a possibly bad config.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Why WOL? ( WAS: Re: Getting Wake on lan to work )

[Drew]

On a semi-related subtopic,

Why do I want WoL? What concrete examples are there where it's useful?

I understand what it is and how it works but the "why" has eluded me.


-- 
Drew

"Nothing in life is to be feared. It is only to be understood."
--Marie Curie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] One server not showing SSH port, the other is.

[Ryan Manikowski]

 On 10/11/2010 7:44 PM, Joseph L. Casale wrote:
>
>> Specifically, how can I hide the port that SSH is running on?
>> I'm sorry that I cannot provide the IP addresses, the owner of the servers 
>> doesn't want that! I also know how silly it is to do "stealth"
>> ports but I'm not the one making the decision!

One method to obscure the presence of the ssh daemon would be to use
port knocking:

http://dotancohen.com/howto/portknocking.html


Honestly (and this is mere opinion), the other person (who wants to hide
ssh-the owner) is being paranoid. Use strong passwords, run ssh on an
alternate port, don't expose unneeded services to the outside world, and
install something like fail2ban to block ssh attackers.

If they need higher security then set up openvpn.

-- 
 Ryan Manikowski

 r...@devision.us | 716.771.2282

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Why WOL? ( WAS: Re: Getting Wake on lan to work )

[Chad Woolley]

On Mon, Oct 11, 2010 at 4:41 PM, Drew  wrote:
> On a semi-related subtopic,
>
> Why do I want WoL? What concrete examples are there where it's useful?
>
> I understand what it is and how it works but the "why" has eluded me.

You want to VNC or SSH into a remote workstation that happens to be asleep.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Why WOL? ( WAS: Re: Getting Wake on lan to work )

[Joseph L. Casale]

>I understand what it is and how it works but the "why" has eluded me.

You need to do maintenance on hardware and you don't want it running
wasting power or it happen to be off such as the case with many client boxes?

You need to start a node and you don't want it running wasting power while
you don't need it?

You need to do * and you don't want it running wasting power while
you don't need it?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] LDAP Mail Notice

[sync]

Hi, all :

I have a thought of  writing the script to implement the LDAP mail
noticerecently.

That's to say , after creating the new account and his passwd , then how to
send an E-mail to notice him?

By the way , I used the LDAP tool called 389 LDAP or openldap  recently .



Could someone give me some suggestions ?


Thanks in advance.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Scanner missing again

[Mark]

A while back I posted about my new HP J3600 scan/fax/copy/print-er and how
it was visible to the root but not me as an ordinary user.  I had no trouble
configuring it as a printer, but the scanner was invisible to xsane until I
added my user id to the lp group.

Now it's gone again, except that it is visible as a usb device to me as a
normal user, but xsane can't seem to find it any more.

Since this was working on the 2.6.18-194.11.4 kernel, I rebooted that one,
but it exhibited the same behavior, so I wrote off the new (...17.1) kernel
as innocent.  However, I am getting an error during startup on hpssd - it
complains about python-dbus being missing.  I can't find that either, but
there _is_ a dbus-python 0.70 installed and it wants a version > 0.80, so I
hauled down 0.83, built it and installed it and that didn't seem to help.

I will try that when I have a few minutes to take the system down again, but
in the mean time, can anyone hazard a guess at what's wrong?

$ lsusb
Bus 001 Device 001: ID :
Bus 002 Device 006: ID 03f0:3112 Hewlett-Packard
Bus 002 Device 004: ID 22b8:2ac2 Motorola PCS
Bus 002 Device 001: ID :
Bus 002 Device 002: ID 04f9:0033 Brother Industries, Ltd
Bus 002 Device 003: ID 03f0:0205 Hewlett-Packard ScanJet 3300c

It's Bus 2, Dev 6.  There is nothing in any of the /var/log/* files to
indicate any kind of problem for yesterday, when the problem appeared, other
than my fumbled three attempts to input the password for 'sudo xsane'.

What's interesting is this:

$ sane-find-scanner

  # sane-find-scanner will now attempt to detect your scanner. If the
  # result is different from what you expected, first make sure your
  # scanner is powered up and properly connected to your computer.

  # No SCSI scanners found. If you expected something different, make sure
that
  # you have loaded a kernel SCSI driver for your SCSI adapter.

found USB scanner (vendor=0x03f0 [HP], product=0x3112 [Officejet J3600
series]) at libusb:002:005
found USB scanner (vendor=0x03f0 [Hewlett-Packard], product=0x0205 [HP
ScanJet 3300C]) at libusb:002:004
  # Your USB scanner was (probably) detected. It may or may not be supported
by
  # SANE. Try scanimage -L and read the backend's manpage.

  # Not checking for parallel port scanners.

  # Most Scanners connected to the parallel port or other proprietary ports
  # can't be detected by this program.

  # You may want to run this program as root to find all devices. Once you
  # found the scanner devices, be sure to adjust access permissions as
  # necessary.

So, sane-find-scanner finds the scanner, but xsane does not???  (For the
record, on the 11.4 kernel, sane-find-scanner could _not_ find the scanner,
but that was before I installed the newer dbus-python.)

This was working perfectly a few days ago.  I'm not sure where else to
look

TIA,
Mark
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LDAP Mail Notice

[Sean Hart]

>
> I have a thought of  writing the script to implement the LDAP mail 
> noticerecently.
>
> That's to say , after creating the new account and his passwd , then 
> how to send an E-mail to notice him?
>
> By the way , I used the LDAP tool called 389 LDAP or openldap  recently .
>
>
>
> Could someone give me some suggestions ?
>

What precisely are you looking to do?  Are you trying to write a script 
to create a user and email them?  If so, I've definitely done that.  I 
put together a bunch of tools a while back if you are looking for some 
building blocks (including a send mail to user sub and a lot of 
retrieve/set LDAP attributes).  A lot of this was put together from 
other stuff I found on the web in my years of LDAP administration.

Disclaimer: I'm a self taught perl guy, so I don't know all of the 
tricks, etc

http://xrayspx.com/part-3-subroutines

If you give me a better idea of exactly what you are looking for I'm 
sure I could whip something up.

Cheers,
Sean
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] One server not showing SSH port, the other is.

[Eero Volotinen]

2010/10/12 Ryan Manikowski :
>  On 10/11/2010 7:44 PM, Joseph L. Casale wrote:
>>
>>> Specifically, how can I hide the port that SSH is running on?
>>> I'm sorry that I cannot provide the IP addresses, the owner of the servers 
>>> doesn't want that! I also know how silly it is to do "stealth"
>>> ports but I'm not the one making the decision!
>
> One method to obscure the presence of the ssh daemon would be to use
> port knocking:
>
> http://dotancohen.com/howto/portknocking.html
>
>
> Honestly (and this is mere opinion), the other person (who wants to hide
> ssh-the owner) is being paranoid. Use strong passwords, run ssh on an
> alternate port, don't expose unneeded services to the outside world, and
> install something like fail2ban to block ssh attackers.

Just disable password authentication on ssh and use only keyfiles ..

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LDAP Mail Notice

[sync]

On Tue, Oct 12, 2010 at 12:50 PM, Sean Hart wrote:

>
> >
> > I have a thought of  writing the script to implement the LDAP mail
> > noticerecently.
> >
> > That's to say , after creating the new account and his passwd , then
> > how to send an E-mail to notice him?
> >
> > By the way , I used the LDAP tool called 389 LDAP or openldap  recently .
> >
> >
> >
> > Could someone give me some suggestions ?
> >
>
> What precisely are you looking to do?  Are you trying to write a script
> to create a user and email them?  If so, I've definitely done that.  I
> put together a bunch of tools a while back if you are looking for some
> building blocks (including a send mail to user sub and a lot of
> retrieve/set LDAP attributes).  A lot of this was put together from
> other stuff I found on the web in my years of LDAP administration.
>

Thanks for your reply ...

What you said is right . I'm trying to write a script to create the new
account and his password and then can email them .

By the way , My Mail server is not the Linux Server(CentOS) , it is the
Windows 2003 Server . So how can I do that ?


Thanks ...






> Disclaimer: I'm a self taught perl guy, so I don't know all of the
> tricks, etc
>
> http://xrayspx.com/part-3-subroutines
>
> If you give me a better idea of exactly what you are looking for I'm
> sure I could whip something up.
>
> Cheers,
> Sean
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LDAP Mail Notice

[John R Pierce]

  On 10/11/10 10:34 PM, sync wrote:
>  What you said is right . I'm trying to write a script to create the 
> new account and his password and then can email them .
>
> By the way , My Mail server is not the Linux Server(CentOS) , it is 
> the Windows 2003 Server . So how can I do that ?

hire a windows scripting programmer who's familiar with whatever email 
server you're running, and whatever LDAP service you're using.

you're way WAY off topic for this list.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LDAP Mail Notice

[sync]

On Tue, Oct 12, 2010 at 1:56 PM, sync  wrote:

>
>
> On Tue, Oct 12, 2010 at 1:36 PM, John R Pierce wrote:
>
>>  On 10/11/10 10:34 PM, sync wrote:
>>
>>>  What you said is right . I'm trying to write a script to create the new
>>> account and his password and then can email them .
>>>
>>> By the way , My Mail server is not the Linux Server(CentOS) , it is the
>>> Windows 2003 Server . So how can I do that ?
>>>
>>
>> hire a windows scripting programmer who's familiar with whatever email
>> server you're running, and whatever LDAP service you're using.
>>
>> you're way WAY off topic for this list.
>>
>>
>>
> Maybe what i said is not clear, because my English is too pool . Please
> forgive me if  my expression is not precise.
>
>
>  The following  is my environment :
>
> Workspace Environment : CentOS 5.5  64bits  , Using Openldap Server  or 389
> LDAP Server
>
> Mail Server :  Windows  Mail Server
>
> I am looking for the method that after I create the new account on the
> Openldap Server , then use the script to auto send an
> E-mail to him . Of course,  these actions may  used  into  one script .
>
> For example :
>
> If I create the new account called Tim on LDAP Server  , and his password
> is 123456 , and his mail address is t...@test.com
> Then will send an E-mail to him to notice his information , like his name
> and his passowrd.
>
>
> So Would someone can give some suggestions ?
>
>
>
>
>
>
>
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Openwebmail emergency (Perl)

[Jussi Hirvi]

After system update yesterday, Openwebmail now gives an error:

> Undefined subroutine &Compress::Zlib::memGzip called at 
> /var/www/cgi-bin/openwebmail/shares/ow-shared.pl line 1175.

I tried to do

perl -MCPAN -e shell
install Compress::Zlib

But it says Compress::Zlib is up-to-date. What do to?? I cannot find an 
answer by googling.

- Jussi

-- 
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
jussi.hi...@greenspot.fi * http://www.greenspot.fi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LDAP Mail Notice

[Sean Hart]

Maybe what i said is not clear, because my English is too pool .
Please forgive me if  my expression is not precise.


Doesn't matter what mail server you use, email is email.



 The following  is my environment :

Workspace Environment : CentOS 5.5  64bits  , Using Openldap
Server  or 389 LDAP Server

Mail Server :  Windows  Mail Server

For example :

If I create the new account called Tim on LDAP Server  , and his
password is 123456 , and his mail address is t...@test.com

Then will send an E-mail to him to notice his information , like
his name and his passowrd.


So Would someone can give some suggestions ?

Before we go any further on this, I'd like to give a very serious 
warning.  It is NEVER a good idea to email a password.  Email is, by 
definition, insecure.


I'm not familiar with 389 LDAP Server, and after a quick look, it would 
make sense for me to read up on it.  Anyhow, my advice is going to come 
from the OpenLDAP side of things.


I would:

  1. Set up OpenLDAP (make sure to get a real certificate and require
 TLS/SSL)
  2. If using Samba, set up the smbldap tools
 (http://en.wikipedia.org/wiki/Smbldap-Tools), can be useful even
 if not using samba...
  3. Start script (I'd use perl, since it's what I'm most familiar with)
1. Generate username (either collect from input or generate somehow
2. Generate password (There's a sub for that on the page
   referenced earlier)
3. Contemplate making sure that the username is unique, and
   group membership, etc.
4. call smbldap-useradd to add the user (add stuff like -m for
   the mail address, check the smbldap-useradd documentation
   for handy switches
5. Compose body of email to user (this is probably mostly
   static, but you will most likely want to substitute some
   variables like username, etc
6. send the email (sub on the page earlier)
7. I repeat, please don't email passwords...  have them call
   you for them or something...  email is the least secure
   thing on the damn planet
  4. Sit back and have a beer, cuz yer done

I'm happy to help if you need more.

Cheers,
Sean

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Openwebmail emergency (Perl)

[Jussi Hirvi]

Ok, more information. I have Openwebmail 2.52. I tried to install 2.53 
with yum, and get the following. This points to what the conflict is 
about. But I still don't know how to fix this.
- Jussi

Installing:
  openwebmail  i386 2.53-3 
 openwebmail   2.4 M
Installing for dependencies:
  openwebmail-data i386 2.53-3 
 openwebmail   7.3 M
  perl-Compress-Zlib   noarch   2.015-1.el5.rf 
 rpmforge   34 k
  perl-suidperli386 4:5.8.8-32.el5_5.2 
 updates62 k

Transaction Summary
===
Install   4 Package(s)
Upgrade   0 Package(s)

Total size: 9.9 M
Total download size: 62 k
Is this ok [y/N]: y
Downloading Packages:
perl-suidperl-5.8.8-32.el5_5.2.i386.rpm 
 |  62 kB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test


Transaction Check Error:
   file /usr/lib/perl5/vendor_perl/5.8.8/Compress/Zlib.pm from install 
of perl-Compress-Zlib-2.015-1.el5.rf.noarch conflicts with file from 
package perl-IO-Compress-2.030-2.el5.rf.noarch
   file /usr/share/man/man3/Compress::Zlib.3pm.gz from install of 
perl-Compress-Zlib-2.015-1.el5.rf.noarch conflicts with file from 
package perl-IO-Compress-2.030-2.el5.rf.noarch




-- 
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
jussi.hi...@greenspot.fi * http://www.greenspot.fi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] One server not showing SSH port, the other is.

[Sean Hart]

> Just disable password authentication on ssh and use only keyfiles ..
>
> --
My initial thought exactly.  Keys, and require passwords on the keys 
too.  Although if you want to be wicked paranoid, knocking + keys would 
work too.

~Sean
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Openwebmail emergency (Perl)

[Sean Hart]

> Transaction Check Error:
> file /usr/lib/perl5/vendor_perl/5.8.8/Compress/Zlib.pm from install
> of perl-Compress-Zlib-2.015-1.el5.rf.noarch conflicts with file from
> package perl-IO-Compress-2.030-2.el5.rf.noarch
> file /usr/share/man/man3/Compress::Zlib.3pm.gz from install of
> perl-Compress-Zlib-2.015-1.el5.rf.noarch conflicts with file from
> package perl-IO-Compress-2.030-2.el5.rf.noarch
>
Not sure if this will help... Have you tried updating perl-IO-Compress?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Openwebmail emergency (Perl)

[Jussi Hirvi]

It seems Openwebmail is using Perl-Compress-Zlib from rpmforce, but in 
Centos this is obsoleted by Perl-IO-Compress, and there is a conflict.

This I got when I tried to install the rpmforce package:

[r...@mail log]# yum install perl-Compress-Zlib
Loaded plugins: fastestmirror, installonlyn
Loading mirror speeds from cached hostfile
  * addons: ftp.funet.fi
  * base: ftp.funet.fi
  * extras: ftp.funet.fi
  * rpmforge: wftp.tu-chemnitz.de
  * updates: ftp.funet.fi
Setting up Install Process
Package perl-Compress-Zlib is obsoleted by perl-IO-Compress, trying to 
install perl-IO-Compress-2.030-2.el5.rf.noarch instead
Package perl-IO-Compress-2.030-2.el5.rf.noarch already installed and 
latest version
Nothing to do

- Jussi

On 12.10.2010 9.38, Jussi Hirvi wrote:
> Ok, more information. I have Openwebmail 2.52. I tried to install 2.53
> with yum, and get the following. This points to what the conflict is
> about. But I still don't know how to fix this.
> - Jussi
>
> Installing:
>openwebmail  i386 2.53-3
>   openwebmail   2.4 M
> Installing for dependencies:
>openwebmail-data i386 2.53-3
>   openwebmail   7.3 M
>perl-Compress-Zlib   noarch   2.015-1.el5.rf
>   rpmforge   34 k
>perl-suidperli386 4:5.8.8-32.el5_5.2
>   updates62 k
>
> Transaction Summary
> ===
> Install   4 Package(s)
> Upgrade   0 Package(s)
>
> Total size: 9.9 M
> Total download size: 62 k
> Is this ok [y/N]: y
> Downloading Packages:
> perl-suidperl-5.8.8-32.el5_5.2.i386.rpm
>   |  62 kB 00:00
> Running rpm_check_debug
> Running Transaction Test
> Finished Transaction Test
>
>
> Transaction Check Error:
> file /usr/lib/perl5/vendor_perl/5.8.8/Compress/Zlib.pm from install
> of perl-Compress-Zlib-2.015-1.el5.rf.noarch conflicts with file from
> package perl-IO-Compress-2.030-2.el5.rf.noarch
> file /usr/share/man/man3/Compress::Zlib.3pm.gz from install of
> perl-Compress-Zlib-2.015-1.el5.rf.noarch conflicts with file from
> package perl-IO-Compress-2.030-2.el5.rf.noarch
>
>
>
>


-- 
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
jussi.hi...@greenspot.fi * http://www.greenspot.fi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos