Re: [CentOS] Possible to use multiple disk to bypass I/O wait?

[Gordon Messmer]

On 06/09/2011 08:21 PM, Emmanuel Noobadmin wrote:
> But now that you brought it up, I'm wondering if that would had been
> pointless. If the kernel considers KVM opening the diskfile and
> holding onto it as a single access, regardless of how many subsequent
> reads/writes there are, then this wouldn't make a difference would it?

atime and mtime are updated for *every* read and write operation, not 
for the open() of the file.

That aside, if you're running KVM I strongly recommend using LVM rather 
than file-backed VM guests.  It's more work to set up, but you'll see 
drastically better IO performance in the guests.  One system that I 
measured had a write speed of around 8 MB/s for sequential block output 
on file-backed VMs.  LVM backed VMs wrote at around 56 MB/s for 
sequential block output.

You should *never* used file-backed VMs for production systems.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Ljubomir Ljubojevic]

Robert Spangler wrote:
> On Thursday 09 June 2011 17:34, the following was written:
> 
>>  How to configure sshd to required both ssh public key and user
>>  password also? yes, stupid, but required on my setup..
> 
> Have you thought about securing your ssh keys with a pasword? I do that here 
> so if someone would happen to get a hold of my keys they still could not use 
> them.  I am guessing that is why you are looking for both keys and passwords.
> 
> 
Not really. My view is so he can authenticate from his own PC without 
the need to type the password, but if he is on someone else's system he 
whould use regular password. That is what I would like to be able to do.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Daniel Heitmann]

> Not really. My view is so he can authenticate from his own PC without
> the need to type the password, but if he is on someone else's system he
> whould use regular password. That is what I would like to be able to do.
That is possible for the root-Account. You can allow sshd to log you in 
as root via public key without forcing you to login as an unprivileged 
user first. You can do this by changing your sshd_config:
PermitRootLogin without-password

I am not sure if this is possible for regular logins too. Sorry.
-- 
Gruß/Regards,
Daniel Heitmann

gpg id: B251006E | ascii: http://horrendum.de/gpg.asc | twitter: @dictvm

Proprietary attachments instantly go to /dev/null.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Markus Falb]

On 10.6.2011 10:35, Ljubomir Ljubojevic wrote:
> Robert Spangler wrote:
>> On Thursday 09 June 2011 17:34, the following was written:
>>
>>>  How to configure sshd to required both ssh public key and user
>>>  password also? yes, stupid, but required on my setup..
>>
>> Have you thought about securing your ssh keys with a pasword? I do that here 
>> so if someone would happen to get a hold of my keys they still could not use 
>> them.  I am guessing that is why you are looking for both keys and passwords.
>>
>>
> Not really. My view is so he can authenticate from his own PC without 
> the need to type the password, but if he is on someone else's system he 
> whould use regular password. That is what I would like to be able to do.

And why are you not able to ? Standard ssh setup falls back to password
authentication if no key available.

If you dont want type password every time use ssh-agent (there is a
aequivalent thing in windows provided by putty I think but forgot its
name). You will need to type the passphrase only once.

-- 
Kind Regards, Markus Falb



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] pam_succeed_if

[John Doe]

From: Daniel De Marco 

> auth        required      pam_env.so
> auth        sufficient    pam_unix.so nullok try_first_pass
> auth        requisite    pam_succeed_if.so uid >= 500 quiet
> auth        required      pam_deny.so
> What's the use of the pam_succeed_if line? It will only be reached if
> the pam_unix doesn't succeed and from my understanding it will prevent
> system accounts from logging in. Is it useless or am I missing
> something?

Pure speculation:
1. pam_unix just allows/disallows to go further in the checks.
2. succeed_if only let users accounts login
3. everything else, deny.

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] pam_succeed_if

[John Hodrien]

On Fri, 10 Jun 2011, John Doe wrote:


From: Daniel De Marco 


auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite    pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so
What's the use of the pam_succeed_if line? It will only be reached if
the pam_unix doesn't succeed and from my understanding it will prevent
system accounts from logging in. Is it useless or am I missing
something?


Pure speculation:
1. pam_unix just allows/disallows to go further in the checks.
2. succeed_if only let users accounts login
3. everything else, deny.


Isn't it redundant as is, but makes a whole lot more sense once you have a
network login in there.

If you succeed on pam_unix, you're done.  So a local account doesn't need
further checks.  The next check ensures that a non-local source (say NIS/LDAP)
doesn't allow logins to system accounts (UID<500).  Since you've got none, it
makes no difference, since you either fail on that line, or you fail on the
pam_deny.

Just imagine an ldap lookup after the pam_succeed_if line.  It's presumably
left in because it makes authconfig's life easier, and doesn't really matter
anyway.

jh___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Vim scripting - cursor motion

[John Doe]

From: Jussi Hirvi 

>     :% s/\t/","/g
> Then I should add something to the beginning of file (line 1, char 1).
> And append something to the end of the file (last line, last char). But 
> I cannot find a way to do this. Should I move the cursor (and how?), or 
> what?

echo "First Line" > NEWFILE
cat FILE | tr '\t' ',' >> NEWFILE    or   sed 's/\t/,/g' FILE >> NEWFILE
echo "Last Line" >> NEWFILE

or

awk ' BEGIN { print "First Line"; } { gsub(/\t/, ",", $0);print $0; } END { 
print  "Last Line"; } ' FILE > NEWFILE

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cloning LVM

[Markus Falb]

On 8.6.2011 15:33, Christopher Hearn wrote:
> On Jun 8, 2011, at 9:25 AM, Ross Walker wrote:

>> If you can create your /boot partition on sector 2048 and make sure it is in 
>> megabytes and not cylinders that would make sure that it is aligned with 
>> both RAID chunks and memory pages.

> No idea what this means.

See http://en.wikipedia.org/wiki/Advanced_Format

-- 
Kind Regards, Markus Falb



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Nicolas Ross]

> How to configure sshd to required both ssh public key and user
> password also? yes, stupid, but required on my setup..

If you want 2 factor authentication, you can add yubikeys. They are little 
usb dongle that provides one-time-password. And the server-side for those is 
open-source if you don't want to use their authentication servers. And they 
are relatively cheap.

We use these here on our border servers to increase security.

Regards, 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Ljubomir Ljubojevic]

Markus Falb wrote:
> On 10.6.2011 10:35, Ljubomir Ljubojevic wrote:
>> Robert Spangler wrote:
>>> On Thursday 09 June 2011 17:34, the following was written:
>>>
  How to configure sshd to required both ssh public key and user
  password also? yes, stupid, but required on my setup..
>>> Have you thought about securing your ssh keys with a pasword? I do that 
>>> here 
>>> so if someone would happen to get a hold of my keys they still could not 
>>> use 
>>> them.  I am guessing that is why you are looking for both keys and 
>>> passwords.
>>>
>>>
>> Not really. My view is so he can authenticate from his own PC without 
>> the need to type the password, but if he is on someone else's system he 
>> whould use regular password. That is what I would like to be able to do.
> 
> And why are you not able to ? Standard ssh setup falls back to password
> authentication if no key available.
> 
> If you dont want type password every time use ssh-agent (there is a
> aequivalent thing in windows provided by putty I think but forgot its
> name). You will need to type the passphrase only once.
> 

I should have been little more precise. The truth is I never found time 
to try/solve it, always something else to do. But I *would* like to set 
it up. I already have direct root access to my units via ssh, and I have 
denyhosts guarding me from crackers, so it is not something I can not 
live without.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Eero Volotinen]

2011/6/10 Nicolas Ross :
>> How to configure sshd to required both ssh public key and user
>> password also? yes, stupid, but required on my setup..
>
> If you want 2 factor authentication, you can add yubikeys. They are little
> usb dongle that provides one-time-password. And the server-side for those is
> open-source if you don't want to use their authentication servers. And they
> are relatively cheap.
>
> We use these here on our border servers to increase security.

is this easy to ingrate with openssh server on centos 5.x ?

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] pam_succeed_if

[Daniel De Marco]

* John Hodrien  [06/10/2011 05:43]:
> If you succeed on pam_unix, you're done.  So a local account doesn't need
> further checks.  The next check ensures that a non-local source (say NIS/LDAP)
> doesn't allow logins to system accounts (UID<500).  Since you've got none, it
> makes no difference, since you either fail on that line, or you fail on the
> pam_deny.

Yeah, I guess that with a non-local source it may make sense...

Thanks, Daniel.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Les Mikesell]

On 6/10/2011 3:35 AM, Ljubomir Ljubojevic wrote:
> Robert Spangler wrote:
>> On Thursday 09 June 2011 17:34, the following was written:
>>
>>>   How to configure sshd to required both ssh public key and user
>>>   password also? yes, stupid, but required on my setup..
>>
>> Have you thought about securing your ssh keys with a pasword? I do that here
>> so if someone would happen to get a hold of my keys they still could not use
>> them.  I am guessing that is why you are looking for both keys and passwords.
>>
>>
> Not really. My view is so he can authenticate from his own PC without
> the need to type the password, but if he is on someone else's system he
> whould use regular password. That is what I would like to be able to do.

That's just normal behavior when both are enabled.  If the key works, 
you don't get the password prompt.  But even in the 'ultrasecure' 
scenario of requiring both, do you really want people typing their 
passwords on equipment that might have a keylogger running?

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Vim scripting - cursor motion

[flapeccino]

Jussi

There is a good article on vimscript here:
http://www.ibm.com/developerworks/linux/library/l-vimscript-1/index.html)
Sent via BlackBerry by AT&T
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Vim scripting - cursor motion

[flapeccino]

Sorry there was a typo, the correct URL is:

http://www.ibm.com/developerworks/linux/library/l-vim-script-1/index.html
Sent via BlackBerry by AT&T

-Original Message-
From: flapecc...@gmail.com
Date: Fri, 10 Jun 2011 15:39:12 
To: CentOS mailing list
Reply-To: flapecc...@gmail.com
Subject: Re: [CentOS] Vim scripting - cursor motion

Jussi

There is a good article on vimscript here:
http://www.ibm.com/developerworks/linux/library/l-vimscript-1/index.html)
Sent via BlackBerry by AT&T
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Eero Volotinen]

2011/6/10 Les Mikesell :
> On 6/10/2011 3:35 AM, Ljubomir Ljubojevic wrote:
>> Robert Spangler wrote:
>>> On Thursday 09 June 2011 17:34, the following was written:
>>>
   How to configure sshd to required both ssh public key and user
   password also? yes, stupid, but required on my setup..
>>>
>>> Have you thought about securing your ssh keys with a pasword? I do that here
>>> so if someone would happen to get a hold of my keys they still could not use
>>> them.  I am guessing that is why you are looking for both keys and 
>>> passwords.
>>>
>>>
>> Not really. My view is so he can authenticate from his own PC without
>> the need to type the password, but if he is on someone else's system he
>> whould use regular password. That is what I would like to be able to do.
>
> That's just normal behavior when both are enabled.  If the key works,
> you don't get the password prompt.  But even in the 'ultrasecure'
> scenario of requiring both, do you really want people typing their
> passwords on equipment that might have a keylogger running?

Yes, because of compliancy requirements. ssh public key does not
support expiring public keys. (maybe you can use cron job to delete too
old public keys from server?)


--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Devin Reade]

Another option that you might want to look at is putting up an OpenBSD
gateway running authpf (see ).

The model there is an outside user has to open up an ssh shell
to the authpf gateway before they are allowed to access services 
inside the network.  If their gateway shell goes away, so does their
access.  If you require password / secure token / whatever auth
on the gateway, then you do that once and then you can use ssh-key
auth to get to your inside machines as much as you'd like.

Authpf can be used to allow/restrict access to arbitrary network
services; it's not limited to just ssh.  The shell the user gets
on the authpf gateway is not usable for anything else; it just
sits there until the user logs out, so it can't be used to 
crack the gateway or internal machines.

Devin

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Nicolas Ross]

>> If you want 2 factor authentication, you can add yubikeys. They are 
>> little
>> usb dongle that provides one-time-password. And the server-side for those 
>> is
>> open-source if you don't want to use their authentication servers. And 
>> they
>> are relatively cheap.
>>
>> We use these here on our border servers to increase security.
>
> is this easy to ingrate with openssh server on centos 5.x ?

There is 2 rpm in epel (libyubikey and pam_yubico) that make it pretty easy 
to integrate into openssh (via pam). 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Vim scripting - cursor motion

[Jussi Hirvi]

On 10.6.2011 18.39, flapecc...@gmail.com wrote:
> There is a good article on vimscript here:
> http://www.ibm.com/developerworks/linux/library/l-vimscript-1/index.html)

Sorry there was a typo, the correct URL is:
http://www.ibm.com/developerworks/linux/library/l-vim-script-1/index.html

Thanks, I found that already, and it is a good one. But it didn't help 
me solve my problem about cursor motions.

Maybe my question is wrong - maybe I should just use line ranges in 
commands, for example for the first line:
:1,1s/foo/bar/g
and for the last line:
:$,$s/foo/bar/g

- Jussi
-- 
Jussi Hirvi * Green Spot
Suvilahdenkatu 1 B 78 * 00500 Helsinki * Finland
Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
jussi.hi...@greenspot.fi * http://www.greenspot.fi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Vim scripting - cursor motion

[Les Mikesell]

On 6/10/2011 1:03 PM, Jussi Hirvi wrote:
> On 10.6.2011 18.39, flapecc...@gmail.com wrote:
>> There is a good article on vimscript here:
>> http://www.ibm.com/developerworks/linux/library/l-vimscript-1/index.html)
>
> Sorry there was a typo, the correct URL is:
> http://www.ibm.com/developerworks/linux/library/l-vim-script-1/index.html
>
> Thanks, I found that already, and it is a good one. But it didn't help
> me solve my problem about cursor motions.
>
> Maybe my question is wrong - maybe I should just use line ranges in
> commands, for example for the first line:
>   :1,1s/foo/bar/g
> and for the last line:
>   :$,$s/foo/bar/g

I thought the point of using vim instead of something more appropriate 
for scripting was that you already knew how to use it.  Why not do:
vim -W script testfile
and go through the motions you know (which can include 1G to go to the 
1st line and G to go to the last).
Then run
vim -s script realfile
to do the same actions again.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Ljubomir Ljubojevic]

Devin Reade wrote:
> Another option that you might want to look at is putting up an OpenBSD
> gateway running authpf (see ).
> 
> The model there is an outside user has to open up an ssh shell
> to the authpf gateway before they are allowed to access services 
> inside the network.  If their gateway shell goes away, so does their
> access.  If you require password / secure token / whatever auth
> on the gateway, then you do that once and then you can use ssh-key
> auth to get to your inside machines as much as you'd like.
> 
> Authpf can be used to allow/restrict access to arbitrary network
> services; it's not limited to just ssh.  The shell the user gets
> on the authpf gateway is not usable for anything else; it just
> sits there until the user logs out, so it can't be used to 
> crack the gateway or internal machines.
> 
That is not something to strive for. What about my WISP network? how 
would I protect multiple systems not at the single location and with 
multiple incoming paths? Adding another box it worst of all options.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Ljubomir Ljubojevic]

Les Mikesell wrote:

> That's just normal behavior when both are enabled.  If the key works, 
> you don't get the password prompt.  But even in the 'ultrasecure' 
> scenario of requiring both, do you really want people typing their 
> passwords on equipment that might have a keylogger running?
> 

One scenario is business customers I maintain. They are almost all on my 
network, and I have servers I maintain/admin 400 km away that are not 
mine. When I am logged there, or on-site, I often need to pull some data 
from my main server. Sometimes FTP is enough, but sometimes I need to 
use SFTP or SCP to access sensitive scripts, or to login (when I am 
on-site on far away network).

How do you propose that I use key only auth? to copy my sensitive key 
onto their system? Or is it better to in that case just use password 
auth? I avoid using my passwords on infected systems, or without proper 
protection, but on safe systems it is better to use passwords then keys.

And of course, I have a brother with root access that does not own a 
laptop. And if I even tried to force him to use keys for every 
connection, I would have blue eye in matter of days ;-)

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Craig White]

On Jun 10, 2011, at 12:04 PM, Ljubomir Ljubojevic wrote:

> Les Mikesell wrote:
> 
>> That's just normal behavior when both are enabled.  If the key works, 
>> you don't get the password prompt.  But even in the 'ultrasecure' 
>> scenario of requiring both, do you really want people typing their 
>> passwords on equipment that might have a keylogger running?
>> 
> 
> One scenario is business customers I maintain. They are almost all on my 
> network, and I have servers I maintain/admin 400 km away that are not 
> mine. When I am logged there, or on-site, I often need to pull some data 
> from my main server. Sometimes FTP is enough, but sometimes I need to 
> use SFTP or SCP to access sensitive scripts, or to login (when I am 
> on-site on far away network).
> 
> How do you propose that I use key only auth? to copy my sensitive key 
> onto their system? Or is it better to in that case just use password 
> auth? I avoid using my passwords on infected systems, or without proper 
> protection, but on safe systems it is better to use passwords then keys.
> 
> And of course, I have a brother with root access that does not own a 
> laptop. And if I even tried to force him to use keys for every 
> connection, I would have blue eye in matter of days ;-)

put your private key(s) on a USB flash drive and use the '-i' option w/ ssh

Heavily recommend that you use passwords to protect your keys though

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Les Mikesell]

On 6/10/2011 2:09 PM, Craig White wrote:
>
> On Jun 10, 2011, at 12:04 PM, Ljubomir Ljubojevic wrote:
>
>> Les Mikesell wrote:
>>
>>> That's just normal behavior when both are enabled.  If the key works,
>>> you don't get the password prompt.  But even in the 'ultrasecure'
>>> scenario of requiring both, do you really want people typing their
>>> passwords on equipment that might have a keylogger running?
>>>
>>
>> One scenario is business customers I maintain. They are almost all on my
>> network, and I have servers I maintain/admin 400 km away that are not
>> mine. When I am logged there, or on-site, I often need to pull some data
>> from my main server. Sometimes FTP is enough, but sometimes I need to
>> use SFTP or SCP to access sensitive scripts, or to login (when I am
>> on-site on far away network).
>>
>> How do you propose that I use key only auth? to copy my sensitive key
>> onto their system? Or is it better to in that case just use password
>> auth? I avoid using my passwords on infected systems, or without proper
>> protection, but on safe systems it is better to use passwords then keys.
>>
>> And of course, I have a brother with root access that does not own a
>> laptop. And if I even tried to force him to use keys for every
>> connection, I would have blue eye in matter of days ;-)
> 
> put your private key(s) on a USB flash drive and use the '-i' option w/ ssh
>
> Heavily recommend that you use passwords to protect your keys though

If you knew someone was going to do that on a machine you controlled, 
would you be able to capture both the key and the password keystrokes?

A one-time password might be a better approach.  We use juniper's ssl 
vpn with keyfob cryptocards for remote connections but another part of 
the company maintains it and I don't know what it costs.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Vim scripting - cursor motion

[flapeccino]

Jussi

I tried various ways but it seems the only way to insert a line from a
script is to use the append() function  (do help append) specifying the line
number as a parameter.

I tried it on with an example script "moo.vim" as shown below

flapeccino@T4410 ~
$ cat moo.vim
:1,$s/  /,/g
:call append(0,"This is the first line")
:call append(line('$'),"This is the last line")
:w foox
:q!
flapeccino@T4410 ~
$ cat foo
one two three   four
1   2   3   4
ichini  san shi
flapeccino@T4410 ~
$ vi -s moo.vim foo
flapeccino@T4410 ~
$ cat foox
This is the first line
one,two,three,four
1,2,3,4
ichi,ni,san,shi
This is the last line
flapeccino@T4410 ~


BTW thank you for this, I have been using vi for a very long time, and I
never realized until now that  at least in its vim incarnation it has such a
powerful scripting language.  I've used sed/awk/perl but never happily and
always felt an inferiority complex to the emac brethrens showing off with
their emac lisp macros.  It must be a deficiency but my fingers never could
do emacs.



On Fri, Jun 10, 2011 at 11:42 AM, Les Mikesell wrote:

> On 6/10/2011 1:03 PM, Jussi Hirvi wrote:
> > On 10.6.2011 18.39, flapecc...@gmail.com wrote:
> >> There is a good article on vimscript here:
> >>
> http://www.ibm.com/developerworks/linux/library/l-vimscript-1/index.html)
> >
> > Sorry there was a typo, the correct URL is:
> >
> http://www.ibm.com/developerworks/linux/library/l-vim-script-1/index.html
> >
> > Thanks, I found that already, and it is a good one. But it didn't help
> > me solve my problem about cursor motions.
> >
> > Maybe my question is wrong - maybe I should just use line ranges in
> > commands, for example for the first line:
> >   :1,1s/foo/bar/g
> > and for the last line:
> >   :$,$s/foo/bar/g
>
> I thought the point of using vim instead of something more appropriate
> for scripting was that you already knew how to use it.  Why not do:
> vim -W script testfile
> and go through the motions you know (which can include 1G to go to the
> 1st line and G to go to the last).
> Then run
> vim -s script realfile
> to do the same actions again.
>
> --
>   Les Mikesell
>lesmikes...@gmail.com
>  ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

[Devin Reade]

--On Friday, June 10, 2011 08:55:47 PM +0200 Ljubomir Ljubojevic
 wrote:

> Devin Reade wrote:
>> Another option that you might want to look at is putting up an OpenBSD
>> gateway running authpf (see ).
[snip]
> That is not something to strive for.

Depends on the requirements.

> What about my WISP network? how 
> would I protect multiple systems not at the single location and with 
> multiple incoming paths? Adding another box it worst of all options.

The OP (to which I was responding) didn't say anything about such a
configuration.  I'm not suggesting that authpf solves all the world's
problems.  Would one gateway protect disjoint networks? No.  But on the
other hand, multihomed networks are just fine.

Having lots of tools in your toolbox lets you pick the best one for
the job.  If it's not the right tool, don't use it.  But that doesn't
reflect on the tool, just on it's applicability to the task at hand.

Devin

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] C6 LiveCD top 5 apps

[nux]

Regarding http://twitter.com/CentOS/statuses/79336297579282432

I don't have a twitter account so I'm spamming the list since it looks on 
topic :)

I'd like to see on the LiveCD the following:
1. latest dd_rescue
2. latest gparted
3. ntfs-3g
4. screen
5. mc

How about you?

--
Nux!
www.nux.ro

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] C6 LiveCD top 5 apps

[R P Herrold]

On Sat, 11 Jun 2011, n...@nux.ro wrote:

> I'd like to see on the LiveCD the following:
> 1. latest dd_rescue
> 2. latest gparted
> 3. ntfs-3g
> 4. screen
> 5. mc

CentOS 6 Live CD would composed of packges from the 
distribution's packages --- 'latest' is not a criteria there; 
as to something with 'ntfs' I do not know the containing 
package, but it's not likely:

[herrold@xps400 centos-qa]$ find 
/var/ftp/pub/mirror/centos/centos-qa -name "*ntfs*"
[herrold@xps400 centos-qa]$

'screen' and 'mc' are possible as each is a relatively small, 
TUI package without major dependencies

just my $0.02

-- Russ herrold
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C6 LiveCD top 5 apps

[Cody Jackson]

On Sat, 11 Jun 2011, n...@nux.ro wrote:

> I'd like to see on the LiveCD the following:
> 1. latest dd_rescue
> 2. latest gparted
> 3. ntfs-3g
> 4. screen
> 5. mc

I agree with most of this list except I don't use dd_rescue very much;
screen and gparted are the two that I would find most useful. mc is
nice as well.

Cheers,
Cody Jackson

On 6/10/11, R P Herrold  wrote:
> On Sat, 11 Jun 2011, n...@nux.ro wrote:
>
>> I'd like to see on the LiveCD the following:
>> 1. latest dd_rescue
>> 2. latest gparted
>> 3. ntfs-3g
>> 4. screen
>> 5. mc
>
> CentOS 6 Live CD would composed of packges from the
> distribution's packages --- 'latest' is not a criteria there;
> as to something with 'ntfs' I do not know the containing
> package, but it's not likely:
>
> [herrold@xps400 centos-qa]$ find
> /var/ftp/pub/mirror/centos/centos-qa -name "*ntfs*"
> [herrold@xps400 centos-qa]$
>
> 'screen' and 'mc' are possible as each is a relatively small,
> TUI package without major dependencies
>
> just my $0.02
>
> -- Russ herrold
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Possible to use multiple disk to bypass I/O wait?

[Emmanuel Noobadmin]

On 6/10/11, Gordon Messmer  wrote:
> atime and mtime are updated for *every* read and write operation, not
> for the open() of the file.

Ok. In any case, the combination of atime and ionice on the cronjob
seems to have helped, no locked up in the past 24 hours. But it is a
Saturday here so that might just be due to light usage, keeping
fingers crossed.

> That aside, if you're running KVM I strongly recommend using LVM rather
> than file-backed VM guests.  It's more work to set up, but you'll see
> drastically better IO performance in the guests.  One system that I
> measured had a write speed of around 8 MB/s for sequential block output
> on file-backed VMs.  LVM backed VMs wrote at around 56 MB/s for
> sequential block output.
>
> You should *never* used file-backed VMs for production systems.

The irony of it was that I decided to go with qcow2 because I thought
that would save overheads from an additional LVM layer but provided
snapshot capabilities too :(

Since I don't have enough spare space left on this particular system,
I'll probably have to get them to agree to add an extra disk to do the
LVM volumes, then figure out how to migrate the VM over from file to
raw/partition.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C6 LiveCD top 5 apps

[nux]

R P Herrold writes:

> CentOS 6 Live CD would composed of packges from the 
> distribution's packages

Why? What's wrong with a few extra packages from EPEL?

It's not like I'm asking for games or eye candy stuff.

My 2 lei

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos