Re: [CentOS] 6.0 Media problems

[John Hodrien]

On Mon, 29 Aug 2011, John R Pierce wrote:

> On 08/29/11 3:20 AM, ken wrote:
>
> You can continue to run EL 5 on it for years to come.  Or choose any
> number of other Linux distributions which target down rev hardware.

Or just do what I did.  Put an EL5 install on (which runs nicely).  Download
the El6 live CD, and chroot into that (to use the newer yum).  Using that yum,
do a yum install of EL6 into a new partition (I've previously used anaconda
for this, but this time I used yum).  Install a kernel that doesn't need PAE:

[epel-kernel-nonpae]
name=Non-PAE kernel build for el6/i686
baseurl=http://repos.fedorapeople.org/repos/lkundrak/kernel-nonpae/epel-$releasever/$basearch/
enabled=1
skip_if_unavailable=1
gpgcheck=0

Twiddle the grub config, reboot, and be happy that your machine (in my case a
6 year old 1.1GHz Pentium M based laptop) runs CentOS 6 beautifully.

If you want to run linux on old hardware, you need to bring your own linux
knowledge to bear.

jh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mail.centos.org : packets to strange ports

[Karanbir Singh]

On 08/30/2011 01:29 AM, Always Learning wrote:
>
> Reading a daily Logwatch report I noticed mail.centos.org
> sending packets to my outgoing mail server. The packets were blocked by
> IPtables.
>

issues of this nature should be reported at bugs.centos.org against the 
infrastructure project.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix not set top start after upgrade

[John Doe]

From: Micha Silver 

> I noticed that after the lastest yum update on CentOS 5.6 we get Postfix
> 2.3.3, but the status of the postfix service (chkconfig --list postfix)
> changes to off. So after a reboot, it doesn't start automatically. 
> I don't recall this ever happening before. Is this by design? A
> packaging error?

I did not see any chkconfig off in the rpm script...
  $ rpm -q --scripts postfix | grep chkconfig
  /sbin/chkconfig --add postfix
      /sbin/chkconfig --del postfix

JD

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] (c 5.6) Running 2 versions of Apache ?

[Brent L. Bates]

 If they are looking for Micro$loth specific pages, I redirect them to
Micro$loth's Web site.  I figure if they want Micro$loth stuff, may as well
send them to the source.  :-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Update to CentOS 6.0 without CD/DVD reader

[John Doe]

From: Timothy Murphy 

> John Doe wrote:
>>  From: Timothy Murphy 
>>>  I've installed a substitute box - and HP MicroServer -
>>>  which by a miracle has CentOS-5.6 installed on it.
>>>  Now I'm wondering what is the best way to install CentOS-6,
>>>  given that there is no CD/DVD driver on this machine.
>>  You could also add the setup grub entry to your grub, and put the ISO
>>  files on a local HD (that will not be overwritten).
> Could you be a bit more precise, please.
> What do you mean by the "setup grub entry"?

I really think it would be easier to make a USB key/disk...
But, I tried the following yearsss ago... so did not test if it is still 
working...
Copy DVD files to HD (if netinstall, you don't need to copy isos):
  cp /mnt/cdrom/syslinux/vmlinuz /boot/vmlinuz-c6
  cp /mnt/cdrom/syslinux/initrd.img /boot/initrd-c6.img
  mkdir -p /path/to/c6/images
  cp /mnt/cdrom/images/install.img /path/to/c6/images/
  cp *.iso /path/to/c6/
Add the entry to your grub (change the root to match your setup):
  title CentOS 6 Install
      root (hd0,0)
      kernel vmlinuz-c6
      initrd initrd-c6.img
You could maybe also directly specify where the images/isos are:
  repo=hd:sd??:/path/to/c6
And be sure that "/path/to/c6" is not formated as you install...
Again, not tested at all...
And I guess you will have 1 try only... if it fails somewhere in 
the middle of the install, you won't have a 2nd chance

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 IPv6: neighbor and restart network

[Helmut Drodofsky]

Hallo,
 
for using the ipv6 neighbor functions, I have to execute commands like
ip -6 neigh add proxy 2001::211:d8ff:fe97:3273 dev eth0
to publish the ip of computers in the subnet.
 
To execute them on reboot, I have included these commands in /etc/rc.d/rc.local
 
Also after each restart of the network, I have to execute these commands too.
 
So: how can I always execute 
 
/etc/rc.d/rc.local
 
after 
 
service network restart
 
My idea:
Is it possible to rename /etc/network to /etc/network_original and to create a 
new shell script /etc/network to execute both?
 
Other/better advice?
 
Thank you for help in advance.
 
Helmut
 
 
 ___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix not set top start after upgrade

[Micha Silver]

  
  
On 30/08/2011 13:33, John Doe wrote:

  From: Micha Silver 


  
I noticed that after the lastest yum update on CentOS 5.6 we get Postfix
2.3.3, but the status of the postfix service (chkconfig --list postfix)
changes to off. So after a reboot, it doesn't start automatically. 
I don't recall this ever happening before. Is this by design? A
packaging error?

  
  
I did not see any chkconfig off in the rpm script...
  $ rpm -q --scripts postfix | grep chkconfig
  /sbin/chkconfig --add postfix
      /sbin/chkconfig --del postfix



What about that last line? It would remove postfix from chkconfig
management, and remove all links in rc*.d, no??

Thanks,
Micha

  
JD

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

This mail was received via Mail-SeCure System.






  

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[ken]

On 08/30/2011 04:32 AM John Hodrien wrote:
> On Mon, 29 Aug 2011, John R Pierce wrote:
> 
>> On 08/29/11 3:20 AM, ken wrote:
>>
>> You can continue to run EL 5 on it for years to come.  Or choose any
>> number of other Linux distributions which target down rev hardware.
> 
> Or just do what I did.  Put an EL5 install on (which runs nicely).  Download
> the El6 live CD, and chroot into that (to use the newer yum).  Using that yum,
> do a yum install of EL6 into a new partition (I've previously used anaconda
> for this, but this time I used yum).  Install a kernel that doesn't need PAE:
> 
> [epel-kernel-nonpae]
> name=Non-PAE kernel build for el6/i686
> baseurl=http://repos.fedorapeople.org/repos/lkundrak/kernel-nonpae/epel-$releasever/$basearch/
> enabled=1
> skip_if_unavailable=1
> gpgcheck=0
> 
> Twiddle the grub config, reboot, and be happy that your machine (in my case a
> 6 year old 1.1GHz Pentium M based laptop) runs CentOS 6 beautifully.
> 
> If you want to run linux on old hardware, you need to bring your own linux
> knowledge to bear.

John,

It's refreshing to receive an on-topic, intelligent and civil response,
one worthy of replying to.  And kudos for crafting this solution!

Can I ask, how long have you been running this configuration?  And have
you noticed in this time any problems related to the non-PAE kernel?
Also, do you run server apps on your laptop, e.g.. apache, mysqld, sshd,
cups, postfix, mailman?  It might be easier just to send the output of
"chkconfig --list |grep -w on"... to me privately if you have security
concerns.

Thanks++,
ken
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[Karanbir Singh]

On 08/29/2011 02:22 AM, ken wrote:
>> > From the 6.0 Release Notes here:
>>
>> "The i386 DVD is just a bit too large to fit on normal single layer
>> DVD+R media. It can be burnt successfully on DVD-R or dual-layer media."
>>
> Thanks, Jorge.  That's what I suspected.  Yeah, I have the DVD+R/W.
>
> It would be nice if the download page mentioned that.  Save people some
> time and effort.
>

Where / which page would you have expected to see this ?

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[Karanbir Singh]

On 08/30/2011 09:32 AM, John Hodrien wrote:
> [epel-kernel-nonpae]
> name=Non-PAE kernel build for el6/i686
> baseurl=http://repos.fedorapeople.org/repos/lkundrak/kernel-nonpae/epel-$releasever/$basearch/

this would be a fantastic resource to have in CentOS-6-Extras or Plus, 
so I went to look and that kernel has not had any updates since release. 
What are the chances that you might be willing to reach out and see if 
he is willing to do this on a more regular basis - and we can workout 
howto get CentOS running with it.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] [C6] Some typical apps missing?

[Marko Vojinovic]

Hi everyone! :-)

I just installed CentOS 6 on one of my desktop machines, and yum now
tells me that some of my favorite apps are not present in any of the
repositories I configured. To name a few: ktorrent, kile, krusader,
pavucontrol, mplayerplug-in (or is it now gecko-mediaplayer), xine,
xmms, and so on... All these apps were readily available for C5, and I
used them happily.

I am mostly surprised with the absence of *any* torrent client, bar
the rtorrent (which doesn't have a man page and I have no idea how to
use it). Also kile, krusader and pavucontrol are quite basic and
common apps...

The configured repositories are: base, updates, extras, rpmforge,
elrepo, as reported by yum.

What am I missing?

I would also be grateful if anyone has a suggestion for a reasonable
(and available) substitute for any of these apps. I usually prefer
KDE4 apps, but will use anything that works. I found some (rtorrent,
mozilla-vlc, gnome-volume-control), but I am not exactly thrilled with
their quality, so I'm hoping someone has a better suggestion. Google
didn't want to be my friend this time, all hits were related to C5...
;-)

TIA, :-)
Marko
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix not set top start after upgrade

[John Doe]

From: Micha Silver 
> On 30/08/2011 13:33, John Doe wrote: 
>From: Micha Silver  
>>I noticed that after the lastest yum update on CentOS 5.6 we get Postfix
2.3.3, but the status of the postfix service (chkconfig --list postfix)
changes to off. So after a reboot, it doesn't start automatically. 
I don't recall this ever happening before. Is this by design? A
packaging error? 
>>I did not see any chkconfig off in the rpm script...
  $ rpm -q --scripts postfix | grep chkconfig
  /sbin/chkconfig --add postfix
      /sbin/chkconfig --del postfix 
>What about that last line? It would remove postfix from chkconfig
management, and remove all links in rc*.d, no??


I would expect the last line to be called when you uninstall, not when you 
update...

Maybe it could be the "alternatives ...--initscript postfix"?


JD

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [C6] Some typical apps missing?

[Peter Kjellström]

On Tuesday, August 30, 2011 02:56:35 PM Marko Vojinovic wrote:
> Hi everyone! :-)
> 
> I just installed CentOS 6 on one of my desktop machines, and yum now
> tells me that some of my favorite apps are not present in any of the
> repositories I configured. To name a few: ktorrent, kile, krusader,
> pavucontrol, mplayerplug-in (or is it now gecko-mediaplayer), xine,
> xmms, and so on... All these apps were readily available for C5, and I
> used them happily.
> 
> I am mostly surprised with the absence of *any* torrent client, bar
> the rtorrent (which doesn't have a man page and I have no idea how to
> use it). Also kile, krusader and pavucontrol are quite basic and
> common apps...
> 
> The configured repositories are: base, updates, extras, rpmforge,
> elrepo, as reported by yum.
> 
> What am I missing?

Maybe you wanted EPEL not elrepo? EPEL has at least ktorrent.

/Peter
 
> I would also be grateful if anyone has a suggestion for a reasonable
> (and available) substitute for any of these apps. I usually prefer
> KDE4 apps, but will use anything that works. I found some (rtorrent,
> mozilla-vlc, gnome-volume-control), but I am not exactly thrilled with
> their quality, so I'm hoping someone has a better suggestion. Google
> didn't want to be my friend this time, all hits were related to C5...
> ;-)
> 
> TIA, :-)
> Marko


signature.asc
Description: This is a digitally signed message part.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [C6] Some typical apps missing?

[b.j. mcclure]

On Tue, 2011-08-30 at 14:56 +0200, Marko Vojinovic wrote:
> Hi everyone! :-)
> 
> I just installed CentOS 6 on one of my desktop machines, and yum now
> tells me that some of my favorite apps are not present in any of the
> repositories I configured. To name a few: ktorrent, kile, krusader,
> pavucontrol, mplayerplug-in (or is it now gecko-mediaplayer), xine,
> xmms, and so on... All these apps were readily available for C5, and I
> used them happily.
> 
> I am mostly surprised with the absence of *any* torrent client, bar
> the rtorrent (which doesn't have a man page and I have no idea how to
> use it). Also kile, krusader and pavucontrol are quite basic and
> common apps...
> 
> The configured repositories are: base, updates, extras, rpmforge,
> elrepo, as reported by yum.
> 
> What am I missing?
> 
> I would also be grateful if anyone has a suggestion for a reasonable
> (and available) substitute for any of these apps. I usually prefer
> KDE4 apps, but will use anything that works. I found some (rtorrent,
> mozilla-vlc, gnome-volume-control), but I am not exactly thrilled with
> their quality, so I'm hoping someone has a better suggestion. Google
> didn't want to be my friend this time, all hits were related to C5...
> ;-)
> 
> TIA, :-)
> Marko

I use Vuze for bittorrent.  Used to be called Azureus.  Download here:
http://azureus.sourceforge.net/download.php 
HTH.

B.J.

CentOS Linux release 6.0 (Final)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing 6.0 via USB

[David Lemcoe]

Have you taken a look at UNetBootin? I literally never have issues with that
software, no matter what iso I throw at it.

On Sun, Aug 28, 2011 at 9:08 AM, Karanbir Singh wrote:

> On 08/26/2011 09:41 PM, Kenneth Porter wrote:
> > I'm using LiveUSB-Creator to create a bootable USB drive from
> > CentOS-6.0-i386-netinstall.iso, and it gives me an error at startup:
> >
>
> I've done a bunch of usb driven installs so far with centos-6, i386 and
> x86_64 and had zero issues just using dd to get the netinstall image
> onto the usb and booting, installing.
>
> - KB
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] resize2fs

[Dennis Jacobfeuerborn]

On 08/30/2011 04:54 AM, Ed Morrison wrote:
> Hi All:
>
> I am trying to resize a centos (5.2) VM drive.  I use VMware and I have
> increased the size of the drive by 40G.  I am running resize2fs on
> /dev/sdb1 (which is my root partition)  but when I do I get this error:
>
> [root@centos ~]# resize2fs /dev/sdb1 120G
> resize2fs 1.39 (29-May-2006)
> The containing partition (or device) is only 19970795 (4k) blocks.
> You requested a new size of 31457280 blocks.
>
> How can I change the block size?
>
> I have also tried to use gparted live cd but it will not allow me to
> increase the size even though it sees 40g of unused space.  I can only
> create a new partition.
>
> Any help would be appreciated.

After having resized the virtual drive have you also resized the partitions 
inside the VM? Doing a "fdisk /dev/sdb" will probably show you a 40G drive 
but the partitions will still have the old size and you need to extend them 
before you can extend the filesystems on them.

Regards,
   Dennis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upstart file format

[John Doe]

From: Michael D. Berger 

>>>  Where can I find documentation on the new format of the files in
>>>  /etc/init.d/?

You have a bit more info with:
  man 5 init
And google says:
  http://www.fedora.redhat.com/wiki/Packaging:SysVInitScript#LSB_Header

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[Mehdi MAACHE]

Le 30/08/2011 14:48, Karanbir Singh a écrit :
> On 08/29/2011 02:22 AM, ken wrote:
  From the 6.0 Release Notes here:
>>> "The i386 DVD is just a bit too large to fit on normal single layer
>>> DVD+R media. It can be burnt successfully on DVD-R or dual-layer media."
>>>
>> Thanks, Jorge.  That's what I suspected.  Yeah, I have the DVD+R/W.
>>
>> It would be nice if the download page mentioned that.  Save people some
>> time and effort.
>>
> Where / which page would you have expected to see this ?
>
> - KB
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
Here :

http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.0#head-710e17fe8ed8c98a1fe4faee4e11e2135df09fff

In "4. Known Issues" : "The i386 DVD is just a bit too large to fit on 
normal single layer DVD+R media. It can be burnt successfully on DVD-R 
or dual-layer media"

MM
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 5.6 : No YUM Updates ?

[Always Learning]

Always Used to seeing regular GUI notices of updates, I also noticed the
absence of any. 

Applications
System Tools
Software Updater

produces none. Neither does

yum update

yet there was on this List a recent warning about about an Apache
vulnerability.




-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [C6] Some typical apps missing?

[wwp]

Hello Marko,


On Tue, 30 Aug 2011 14:56:35 +0200 Marko Vojinovic  wrote:

> Hi everyone! :-)
> 
> I just installed CentOS 6 on one of my desktop machines, and yum now
> tells me that some of my favorite apps are not present in any of the
> repositories I configured. To name a few: ktorrent, kile, krusader,
> pavucontrol, mplayerplug-in (or is it now gecko-mediaplayer), xine,
> xmms, and so on... All these apps were readily available for C5, and I
> used them happily.
> 
> I am mostly surprised with the absence of *any* torrent client, bar
> the rtorrent (which doesn't have a man page and I have no idea how to
> use it). Also kile, krusader and pavucontrol are quite basic and
> common apps...
> 
> The configured repositories are: base, updates, extras, rpmforge,
> elrepo, as reported by yum.
> 
> What am I missing?
> 
> I would also be grateful if anyone has a suggestion for a reasonable
> (and available) substitute for any of these apps. I usually prefer
> KDE4 apps, but will use anything that works. I found some (rtorrent,
> mozilla-vlc, gnome-volume-control), but I am not exactly thrilled with
> their quality, so I'm hoping someone has a better suggestion. Google
> didn't want to be my friend this time, all hits were related to C5...
> ;-)

As audacious is crashing at startup here, I've got back to xmms, found here:
  http://puias.math.ias.edu/wiki/YumRepositories6
(apparently it's down, I guess it's temporary).

For torrents, I installed transmission from the sources.

I didn't succeed in making firefox to make use of mplayer, apparently
it uses totem, more or less efficiently.

For the sake of the archives, gnome-volume-control comes w/ the
gnome-media package.


You might need to check at atrpms repo for other software.


Regards,

-- 
wwp


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] new memory not getting regonized

[Dennis Jacobfeuerborn]

On 08/27/2011 09:12 PM, sylvan.dcu...@gmail.com wrote:
> Dear Dennis,
>
> Thanks a lot for the wise reply.. really did boost my knowledge..
> honestly was unware of the fact that dom0 is just like another VM ...
> Anyway I had never restricted dom0 mem and since my 4 vms were working fine
> with no issues
> i never bothered much.

Yes, this is different from KVM where the VMs really are just normal 
processes on the host system and the host system itself isn't a VM.

On a Xen system if you look at /etc/grub.conf you'll notice that it looks 
slightly different than on a non-virtualized system. Specifically you'll 
find the following line:
kernel /xen.gz-2.6.18-164.el5

That's the actual hypervisor and really the host system and once started it 
will basically start dom0 and give it special privileges. So Dom0 and the 
DomU's all run on top of the actual hypervisor.

> It was only after I added more 32 gb to existing 32 gb i did realise the
> above issue..

Apparently dom0 has a 32G limit but that shouldn't be an issue unless you 
actually really require more than 32G specifically for dom0 and not the VMs.

> anyway I will try to restrict my dom0 to 1 GB ... and check it out.

Remember that the problems with the dynamic memory management are most 
likely fixed nowadays so the limitation is not strictly necessary. But then 
1G will probably be more than enough for dom0 so it doesn't really hurt either.

> but just still a litle confused why xm top & xm info shows 65gb
> and top , free and cat /proc/meminfo shows 32 gb

The xm tools show you the actual physical memory in the system while the 
/proc/meminfo shows you only the memory visible to dom0 which as I 
mentioned above is apparently limited to 32G.

Regards,
   Dennis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.6 : No YUM Updates ?

[Gianluca Varisco]

Il 8/30/11 3:24 PM, Always Learning ha scritto:
>
> Always Used to seeing regular GUI notices of updates, I also noticed the
> absence of any.
>
>   Applications
>   System Tools
>   Software Updater
>
> produces none. Neither does
>
>   yum update
>
> yet there was on this List a recent warning about about an Apache
> vulnerability.
>
>
>
>

Please have a look there:

https://bugzilla.redhat.com/show_bug.cgi?id=732928

Gian

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.6 : No YUM Updates ?

[Always Learning]

Hi Gian,


> Please have a look there:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=732928


Thank you. However my concern is the apparent absence of regular Centos
5.6 updates (revisions and improvements). Accustomed to regularly seeing
the updates GUI inform me of new updates, I have noticed its recent
inactivity.

Paul.

-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.6 : No YUM Updates ?

[Mohammadreza Ansari]

any patch for this bug?

On Tue, Aug 30, 2011 at 6:09 PM, Always Learning  wrote:

>
> Hi Gian,
>
>
> > Please have a look there:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=732928
>
>
> Thank you. However my concern is the apparent absence of regular Centos
> 5.6 updates (revisions and improvements). Accustomed to regularly seeing
> the updates GUI inform me of new updates, I have noticed its recent
> inactivity.
>
> Paul.
>
> --
> With best regards,
>
> Paul.
> England,
> EU.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.6 : No YUM Updates ?

[Karanbir Singh]

hi,


On 08/30/2011 02:47 PM, Mohammadreza Ansari wrote:
> any patch for this bug?
>  >
>  > https://bugzilla.redhat.com/show_bug.cgi?id=732928
>

follow that bugreport, patches and fix's into the distro will be 
announced there first.

Also, please dont top post.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[ken]

On 08/30/2011 08:48 AM Karanbir Singh wrote:
> On 08/29/2011 02:22 AM, ken wrote:
 From the 6.0 Release Notes here:
>>> "The i386 DVD is just a bit too large to fit on normal single layer
>>> DVD+R media. It can be burnt successfully on DVD-R or dual-layer media."
>>>
>> Thanks, Jorge.  That's what I suspected.  Yeah, I have the DVD+R/W.
>>
>> It would be nice if the download page mentioned that.  Save people some
>> time and effort.
>>
> 
> Where / which page would you have expected to see this ?
> 
> - KB

Karanbir,

 would be one
place.  But, given the way search engines might index pages, people
could bypass that page and land directly on the mirrors page,
, and so miss
the warning altogether.

For this reason, and because it's the only sure-fire way to get the
warning to those who would need it, it would be best if the directory
name and/or the ISO names themselves contained the warning, e.g.,
CentOS-6_0-PAE-required-*-.iso.

In addition, if it happens, per your other email in this thread, that
it's possible to offer another CentOS distribution which doesn't require
PAE, then we'd need a distinguishing name for those ISOs.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[Karanbir Singh]

hi Ken,

On 08/30/2011 03:04 PM, ken wrote:
>   would be one
> place.  But, given the way search engines might index pages, people
> could bypass that page and land directly on the mirrors page,
> , and so miss
> the warning altogether.

How about a Readme file ( please propose something ) that would go into 
the ISOS directory on all machines ? eg: 
http://centos.mirror.netelligent.ca/centos/6/isos/x86_64/

that might be a good place to have a url pointing at the release notes, 
perhaps a few workds on what the sha sums are and how people can verify 
them, and the various media formats ( livecd, dvd, cd, netinstall, 
torrents ).

If you want to put something together, we could add that in right away. 
And I'll add a note to the release process to make sure its updated, 
maintained into the future releases.

> In addition, if it happens, per your other email in this thread, that
> it's possible to offer another CentOS distribution which doesn't require
> PAE, then we'd need a distinguishing name for those ISOs.

right, that would be a bit of a journey down the road. Step 1 would be 
to find a solution to the PAE-needed issue, then make sure there is some 
mechanism in place ( manual or otherwise ) to carry that work forward 
into the updates, finally come up with a delivery ( install ) mechanism. 
It should just be a case of an alternative installer with the 
works-with-pae-absent kernel.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.6 : No YUM Updates ?

[m . roth]

Karanbir Singh wrote:
> On 08/30/2011 02:47 PM, Mohammadreza Ansari wrote:
>> any patch for this bug?
>>  >
>>  > https://bugzilla.redhat.com/show_bug.cgi?id=732928
>
> follow that bugreport, patches and fix's into the distro will be
> announced there first.

Thanks, Karanbir, for the quick response. Wonder how M$ would have
responded...? 

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [C6] Some typical apps missing?

[John Doe]

On Tue, 2011-08-30 at 14:56 +0200, Marko Vojinovic wrote:
>  I just installed CentOS 6 on one of my desktop machines, and yum now
>  tells me that some of my favorite apps are not present in any of the
>  repositories I configured. To name a few: ktorrent, kile, krusader,
>  pavucontrol, mplayerplug-in (or is it now gecko-mediaplayer), xine,
>  xmms, and so on... All these apps were readily available for C5, and I
>  used them happily.

Here are a few...

ctorrent.x86_64   1.3.4-14.dnh3.3.2.el6 epel    
gxine.x86_64  0.5.905-1.el6.rf  rpmforge
gxine-mozplugin.x86_64    0.5.11-20.el6 epel    
ktorrent.x86_64   3.3.4-1.el6   epel    
mplayer.x86_64    1.0-0.46.svn20100703.el6.rf   rpmforge
rtorrent.x86_64   0.8.9-1.el6.rf    rpmforge
smplayer.x86_64   0.6.8-1.el6.rf    rpmforge
xine-lib.x86_64   1.1.19-2.el6.rf   rpmforge
xine-lib-devel.x86_64 1.1.19-2.el6.rf   rpmforge
xine-lib-extras.i686  1.1.18.1-1.el6    epel    
xine-lib-extras.x86_64    1.1.18.1-1.el6    epel    
xine-skins.noarch 1.10-2.0.rf   rpmforge

Many of your apps don't seem to be readily available for C5; they were 
from third party repos.  So maybe wait for these repos to catch-up...

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [C6] Some typical apps missing?

[Les Mikesell]

2011/8/30 Peter Kjellström :
> On Tuesday, August 30, 2011 02:56:35 PM Marko Vojinovic wrote:
>> Hi everyone! :-)
>>
>> I just installed CentOS 6 on one of my desktop machines, and yum now
>> tells me that some of my favorite apps are not present in any of the
>> repositories I configured. To name a few: ktorrent, kile, krusader,
>> pavucontrol, mplayerplug-in (or is it now gecko-mediaplayer), xine,
>> xmms, and so on... All these apps were readily available for C5, and I
>> used them happily.
>>
>> I am mostly surprised with the absence of *any* torrent client, bar
>> the rtorrent (which doesn't have a man page and I have no idea how to
>> use it). Also kile, krusader and pavucontrol are quite basic and
>> common apps...
>>
>> The configured repositories are: base, updates, extras, rpmforge,
>> elrepo, as reported by yum.
>>
>> What am I missing?
>
> Maybe you wanted EPEL not elrepo? EPEL has at least ktorrent.
>

You probably definitely want EPEL, and also note that rpmforge has
been rearranged into several sections, some of which aren't enabled by
default in the stock rpmforge-release.  This is also true in 5.x now
but you may have installed your apps before the change.

-- 
  Les Mikesell
   lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question re: CentOS-6.0, KVM, and /dev/sr0

[James B. Byrne]

On Mon, August 29, 2011 10:46, James B. Byrne wrote:

>
> Warning: Unable to open /dev/sr0 read-write (Read-only
> file system).
>  /dev/sr0
> has been opened read-only.
> Error: /dev/sr0: unrecognised disk label

I discover that this is caused by a piece of OEM software
that is embedded in ROM in the LG DVD-RW drive that was
'formerly' installed on this system.  This device has been
replaced.

However, I am still concerned about what the rest of this
message means and its implications:

Warning: WARNING: the kernel failed to re-read the
partition table
on /dev/sda (Device or resource busy).  As a result, it
may not reflect all of your changes until after reboot.

I have tried using partprobe and /sbin/blockdev -rereadpt
/dev/sda and both report that the device /dev/sda/ is
busy.  Is this an artifact of using of SATA style disks or
has something changed between CentOS-5.6 and CentOS-6.0
that specifically relates to this problem?  On 5.6 I can
create new lvms, mount and use them without a reboot.  On
6.0 I cannot, for the moment at least, discover how this
is done.


-- 
***  E-Mail is NOT a SECURE channel  ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [C6] Some typical apps missing?

[m . roth]

Les Mikesell wrote:
> 2011/8/30 Peter Kjellström :
>> On Tuesday, August 30, 2011 02:56:35 PM Marko Vojinovic wrote:
>>> Hi everyone! :-)
>>>
>>> I just installed CentOS 6 on one of my desktop machines, and yum now
>>> tells me that some of my favorite apps are not present in any of the
>>> repositories I configured. To name a few: ktorrent, kile, krusader,

> You probably definitely want EPEL, and also note that rpmforge has
> been rearranged into several sections, some of which aren't enabled by
> default in the stock rpmforge-release.  This is also true in 5.x now
> but you may have installed your apps before the change.

And that rpmforge has been renamed to repoforge. Also, there's rpmfusion,
which is good.

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[Rob Kampen]

Karanbir Singh wrote:

hi Ken,

On 08/30/2011 03:04 PM, ken wrote:
  

  would be one
place.  But, given the way search engines might index pages, people
could bypass that page and land directly on the mirrors page,
, and so miss
the warning altogether.



How about a Readme file ( please propose something ) that would go into 
the ISOS directory on all machines ? eg: 
http://centos.mirror.netelligent.ca/centos/6/isos/x86_64/
  

Excellent idea - a simple README file with some basic how to knowledge.
I do not have enough knowledge to create this, I am more than happy to 
edit and make it read well and have it flow logically.
that might be a good place to have a url pointing at the release notes, 
perhaps a few workds on what the sha sums are and how people can verify 
them, and the various media formats ( livecd, dvd, cd, netinstall, 
torrents ).


If you want to put something together, we could add that in right away. 
And I'll add a note to the release process to make sure its updated, 
maintained into the future releases.


  

In addition, if it happens, per your other email in this thread, that
it's possible to offer another CentOS distribution which doesn't require
PAE, then we'd need a distinguishing name for those ISOs.



right, that would be a bit of a journey down the road. Step 1 would be 
to find a solution to the PAE-needed issue, then make sure there is some 
mechanism in place ( manual or otherwise ) to carry that work forward 
into the updates, finally come up with a delivery ( install ) mechanism. 
It should just be a case of an alternative installer with the 
works-with-pae-absent kernel.


- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
  
<>___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question re: CentOS-6.0, KVM, and /dev/sr0

[m . roth]

James B. Byrne wrote:
> On Mon, August 29, 2011 10:46, James B. Byrne wrote:

> However, I am still concerned about what the rest of this
> message means and its implications:
>
> Warning: WARNING: the kernel failed to re-read the
> partition table
> on /dev/sda (Device or resource busy).  As a result, it
> may not reflect all of your changes until after reboot.
>
> I have tried using partprobe and /sbin/blockdev -rereadpt
> /dev/sda and both report that the device /dev/sda/ is
> busy.  Is this an artifact of using of SATA style disks or
> has something changed between CentOS-5.6 and CentOS-6.0
> that specifically relates to this problem?  On 5.6 I can
> create new lvms, mount and use them without a reboot.  On
> 6.0 I cannot, for the moment at least, discover how this
> is done.

Were you doing it on /dev/sda?! If so, that was a *very* Bad Idea, since
/dev/sda is normally your /boot and /; of *course* it's busy, it's your
o/s, and doesn't want to be repartitioned, esp. while running.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[ken]

On 08/30/2011 10:10 AM Karanbir Singh wrote:
> hi Ken,
> 
> On 08/30/2011 03:04 PM, ken wrote:
>>   would be one
>> place.  But, given the way search engines might index pages, people
>> could bypass that page and land directly on the mirrors page,
>> , and so miss
>> the warning altogether.
> 
> How about a Readme file ( please propose something ) that would go into 
> the ISOS directory on all machines ? eg: 
> http://centos.mirror.netelligent.ca/centos/6/isos/x86_64/
> 
> that might be a good place to have a url pointing at the release notes, 
> perhaps a few workds on what the sha sums are and how people can verify 
> them, and the various media formats ( livecd, dvd, cd, netinstall, 
> torrents ).
> 
> If you want to put something together, we could add that in right away. 
> And I'll add a note to the release process to make sure its updated, 
> maintained into the future releases.
> 
>> In addition, if it happens, per your other email in this thread, that
>> it's possible to offer another CentOS distribution which doesn't require
>> PAE, then we'd need a distinguishing name for those ISOs.
> 
> right, that would be a bit of a journey down the road. Step 1 would be 
> to find a solution to the PAE-needed issue, then make sure there is some 
> mechanism in place ( manual or otherwise ) to carry that work forward 
> into the updates, finally come up with a delivery ( install ) mechanism. 
> It should just be a case of an alternative installer with the 
> works-with-pae-absent kernel.
> 
> - KB

Hi, KB,

Congratulations.  You parsed out my mixed up email.  I somehow replied
to one issue in the wrong email.  I shouldn't reply to email while
listening to news about hurricanes and floods and before I'm well into
my second cup of coffee.

As for the readme... or PRE-DOWNLOAD-README...


To burn this ISO to DVD, you need to use a DVD-RW drive and compatible
media.  Due to a difference in formatting, this ISO will not fit on a
DVD+ disk.

In addition, CentOS 6.0 requires a PAE-capable CPU.  This distribution
will not run otherwise.  On Linux do "cat /proc/cpuinfo|grep ^flags" to
see if "pae" is mentioned there.  If not, use a different distribution.

See the CentOS wiki for more information.  


Others might have other language to include.

Do we have translators for users who prefer something non-English?



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 78, Issue 6

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CEEA-2011:1214 CentOS 4 i386 tzdata update (Tru Huynh)
   2. CEEA-2011:1214 CentOS 4 x86_64 tzdata update (Tru Huynh)
   3. CESA-2011:1219 Moderate CentOS 4 i386 samba - security update
  (Tru Huynh)
   4. CESA-2011:1219 Moderate CentOS 4 x86_64 samba -   security
  update (Tru Huynh)


--

Message: 1
Date: Mon, 29 Aug 2011 23:11:43 +0200
From: Tru Huynh 
Subject: [CentOS-announce] CEEA-2011:1214 CentOS 4 i386 tzdata update
To: centos-annou...@centos.org
Message-ID: <20110829211143.ga25...@sillage.bis.pasteur.fr>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Enhancement Advisory CEEA-2011:1214

tzdata bugfix update for CentOS 4 i386:
https://rhn.redhat.com/errata/RHEA-2011-1214.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

i386:
updates/i386/RPMS/tzdata-2011h-2.el4.noarch.rpm

source:
updates/SRPMS/tzdata-2011h-2.el4.src.rpm

You may update your CentOS-4 i386 installations by running the command:

yum update tzdata

Tru
-- 
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20110829/fd82fe3c/attachment-0001.bin
 

--

Message: 2
Date: Mon, 29 Aug 2011 23:12:23 +0200
From: Tru Huynh 
Subject: [CentOS-announce] CEEA-2011:1214 CentOS 4 x86_64 tzdata
update
To: centos-annou...@centos.org
Message-ID: <20110829211223.gb25...@sillage.bis.pasteur.fr>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Enhancement Advisory CEEA-2011:1214

tzdata bugfix update for CentOS 4 x86_64:
https://rhn.redhat.com/errata/RHEA-2011-1214.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

x86_64:
updates/x86_64/RPMS/tzdata-2011h-2.el4.noarch.rpm

source:
updates/SRPMS/tzdata-2011h-2.el4.src.rpm

You may update your CentOS-4 x86_64 installations by running the command:

yum update tzdata

Tru
-- 
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20110829/59e39c6c/attachment-0001.bin
 

--

Message: 3
Date: Mon, 29 Aug 2011 23:13:06 +0200
From: Tru Huynh 
Subject: [CentOS-announce] CESA-2011:1219 Moderate CentOS 4 i386 samba
-   security update
To: centos-annou...@centos.org
Message-ID: <20110829211306.gc25...@sillage.bis.pasteur.fr>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2011:1219

samba security update for CentOS 4 i386:
https://rhn.redhat.com/errata/RHSA-2011-1219.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

i386:
updates/i386/RPMS/samba-3.0.33-0.34.el4.i386.rpm
updates/i386/RPMS/samba-client-3.0.33-0.34.el4.i386.rpm
updates/i386/RPMS/samba-common-3.0.33-0.34.el4.i386.rpm
updates/i386/RPMS/samba-swat-3.0.33-0.34.el4.i386.rpm

source:
updates/SRPMS/samba-3.0.33-0.34.el4.src.rpm

You may update your CentOS-4 i386 installations by running the command:

yum update samba

Tru
-- 
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20110829/f661daf7/attachment-0001.bin
 

--

Message: 4
Date: Mon, 29 Aug 2011 23:14:13 +0200
From: Tru Huynh 
Subject: [CentOS-announce] CESA-2011:1219 Moderate CentOS 4 x86_64
samba - security update
To: centos-annou...@centos.org
Message-ID: <20110829211413.gd25...@sillage.bis.pasteur.fr>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2011:1219

samba security update for CentOS 4 x86_64:
https://rhn.redhat.com/er

Re: [CentOS] Apache warns Web server admins of DoS attack tool

[Les Mikesell]

On Mon, Aug 29, 2011 at 6:38 PM, Scott Robbins  wrote:
>
>> The first look isn't promising - there is only a small amount of text
>> displayed and clicking through to get the rest doesn't recognize
>> mobile browsers so you always have to zoom in for a reasonable font
>> size when using the phone app.  And a large percent of the admittedly
>> small sample looks more like spam or off-topic than what we see here.
>> Is anyone interested in seeing things like:
>> "Atlantica online OG Realms Private Server"
>> or
>> "Does CentOS join Micorsoft strategy?"
>
> One of those was probably fairly quickly removed as spam.  The second
> one is really not typical of the forum.

OK, but even ignoring the content, the rss experience is very bad -
and it seems like the best hope to attract email users to reading the
forum (short of a gateway that would likely propagate the worst
features of both).   Is there any way to add selective feeds for each
section, get more content text included to make it less likely to have
to click through, and perhaps have a mobile view available if you do
click though on a mobile device?   Is anyone else even trying to use
rss regularly?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Secure a python http server

[admin lewis]

Hi,
I want to make secure my python http server.. what should i use ?
chroot ? there are something more secure ?
On my centos server I've SE enabled..then .. sandboxing ?
Thanks very much
lewis


-- 
Linux and Windows 2003/2008 Server.
http://predellino.blogspot.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] change LUKS filesystem password

[Always Learning]

On Thu, 2011-08-11 at 14:35 -0700, Paul Heinlein wrote:

> On Thu, 11 Aug 2011, ken wrote:
> 
> > How do you change the LUKS filesystem password?
> 
> [Caveat: this is sort of from memory; I don't have a luks-encrypted 
> device handy for testing...]
> 
> First, add a second key (password):
> 
>cryptsetup luksAddKey /dev/XXX
> 
> Then delete the original key
> 
>cryptsetup luksKillSlot /dev/XXX 0
> 
> You need to be careful to get the slot numbers correct. Use the 
> luksDump option to see how things are setup on your system.


luksKillSlot does not work for me on Centos 5.6. luksDelKey does.

Paul.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[Rob Kampen]

ken wrote:

On 08/30/2011 10:10 AM Karanbir Singh wrote:
  

hi Ken,

On 08/30/2011 03:04 PM, ken wrote:


  would be one
place.  But, given the way search engines might index pages, people
could bypass that page and land directly on the mirrors page,
, and so miss
the warning altogether.
  
How about a Readme file ( please propose something ) that would go into 
the ISOS directory on all machines ? eg: 
http://centos.mirror.netelligent.ca/centos/6/isos/x86_64/


that might be a good place to have a url pointing at the release notes, 
perhaps a few workds on what the sha sums are and how people can verify 
them, and the various media formats ( livecd, dvd, cd, netinstall, 
torrents ).


If you want to put something together, we could add that in right away. 
And I'll add a note to the release process to make sure its updated, 
maintained into the future releases.




In addition, if it happens, per your other email in this thread, that
it's possible to offer another CentOS distribution which doesn't require
PAE, then we'd need a distinguishing name for those ISOs.
  
right, that would be a bit of a journey down the road. Step 1 would be 
to find a solution to the PAE-needed issue, then make sure there is some 
mechanism in place ( manual or otherwise ) to carry that work forward 
into the updates, finally come up with a delivery ( install ) mechanism. 
It should just be a case of an alternative installer with the 
works-with-pae-absent kernel.


- KB



Hi, KB,

Congratulations.  You parsed out my mixed up email.  I somehow replied
to one issue in the wrong email.  I shouldn't reply to email while
listening to news about hurricanes and floods and before I'm well into
my second cup of coffee.

As for the readme... or PRE-DOWNLOAD-README...


To burn this ISO to DVD, you need to use a DVD-RW drive and compatible
media.  Due to a difference in formatting, this ISO will not fit on a
DVD+ disk.
  

It may be a DVD-R - does not need to be a RW

In addition, CentOS 6.0 requires a PAE-capable CPU.  This distribution
will not run otherwise.  On Linux do "cat /proc/cpuinfo|grep ^flags" to
see if "pae" is mentioned there.  If not, use a different distribution.

See the CentOS wiki for more information.  


Others might have other language to include.

Do we have translators for users who prefer something non-English?



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
  
<>___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] selinux & iptables

[Michael D. Berger]

In setting up my new CentOS 6 laptop, I replaced
/etc/sysconfig/iptables with my own, very restrictive
version.  I then tried to restart the iptables daemon,
but it reported that my new iptables was unreadable.
On a guess, I disabled selinux, and my problem was
solved.  Later, I re-enabled selinux and on reboot, it
had to go through a very long setup procedure.

Is there something better I could have done when
replacing iptables, so that I would not have to
disable selinux?

Thanks for your help.
Mike.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux & iptables

[Daniel J Walsh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/30/2011 03:08 PM, Michael D. Berger wrote:
> In setting up my new CentOS 6 laptop, I replaced 
> /etc/sysconfig/iptables with my own, very restrictive version.  I
> then tried to restart the iptables daemon, but it reported that my
> new iptables was unreadable. On a guess, I disabled selinux, and my
> problem was solved.  Later, I re-enabled selinux and on reboot, it 
> had to go through a very long setup procedure.
> 
> Is there something better I could have done when replacing
> iptables, so that I would not have to disable selinux?
> 
> Thanks for your help. Mike.
> 
> ___ CentOS mailing
> list CentOS@centos.org 
> http://lists.centos.org/mailman/listinfo/centos

Run restorecon on the files you changed.

restorecon -R -v /etc/sysconfig

Is all you probably needed.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5dNZIACgkQrlYvE4MpobPSygCgvb9bm6KEcIhv+VoR+uEAapeN
DwoAn2NTPyTykCcMpwwr9nfamgqgzifm
=PkaT
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux & iptables

[m . roth]

Michael D. Berger wrote:
> In setting up my new CentOS 6 laptop, I replaced
> /etc/sysconfig/iptables with my own, very restrictive
> version.  I then tried to restart the iptables daemon,
> but it reported that my new iptables was unreadable.
> On a guess, I disabled selinux, and my problem was
> solved.  Later, I re-enabled selinux and on reboot, it
> had to go through a very long setup procedure.
>
> Is there something better I could have done when
> replacing iptables, so that I would not have to
> disable selinux?

ll -Z /etc/sysconfig/iptables.orig
Look at the results, then
chcon or semanage to change
/etc/sysconfig/iptables.michael to match.

mark "or disable selinux"

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[John Hodrien]

On Tue, 30 Aug 2011, ken wrote:

> It's refreshing to receive an on-topic, intelligent and civil response,
> one worthy of replying to.  And kudos for crafting this solution!

It's a bit faffy, and doing a yum install rather than an anaconda install
means there was a little bit more niggly setup left to do.  But I'd have no
worries about doing it this way.

> Can I ask, how long have you been running this configuration?

Not ages, but you're not going to see any problems from this kernel change.

> And have you noticed in this time any problems related to the non-PAE
> kernel?  Also, do you run server apps on your laptop, e.g.. apache, mysqld,
> sshd, cups, postfix, mailman?  It might be easier just to send the output of
> "chkconfig --list |grep -w on"... to me privately if you have security
> concerns.

You can happily run anything you like, we're only talking about disabling PAE.
You're limiting yourself to ~3Gbytes of RAM, but given my laptop's hardware
only supports 1.25Gbytes maximum, that's not really a problem.  Seriously,
it's going to be able to do exactly what any other non-PAE enabled
distribution would be able to do.

jh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux & iptables

[Ned Slider]

On 30/08/11 20:08, Michael D. Berger wrote:
> In setting up my new CentOS 6 laptop, I replaced
> /etc/sysconfig/iptables with my own, very restrictive
> version.  I then tried to restart the iptables daemon,
> but it reported that my new iptables was unreadable.
> On a guess, I disabled selinux, and my problem was
> solved.  Later, I re-enabled selinux and on reboot, it
> had to go through a very long setup procedure.
>

Rather than disabling, you can put SELinux in permissive mode to 
troubleshoot. Permissive mode will warn but still allow all actions that 
would otherwise be blocked in enforcing mode.

When you disable SELinux and then later re-enable it, the whole file 
system will need to be relabeled at boot, and this is probably what took 
the time on your system. Switching between permissive and enforcing 
modes avoids this.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[John Hodrien]

On Tue, 30 Aug 2011, Karanbir Singh wrote:

> On 08/30/2011 09:32 AM, John Hodrien wrote:
>> [epel-kernel-nonpae]
>> name=Non-PAE kernel build for el6/i686
>> baseurl=http://repos.fedorapeople.org/repos/lkundrak/kernel-nonpae/epel-$releasever/$basearch/
>
> this would be a fantastic resource to have in CentOS-6-Extras or Plus,
> so I went to look and that kernel has not had any updates since release.
> What are the chances that you might be willing to reach out and see if
> he is willing to do this on a more regular basis - and we can workout
> howto get CentOS running with it.

Would it not just be easier to add a kernel-nonpae target to your CentOS-plus
kernel rpm with CONFIG_X86_PAE=n?  The kernel he's released has Xen disabled,
and the odd bit in modules that is compiled into the base kernel, but
otherwise looks the same.  Does Xen require PAE?

jh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Secure a python http server

[Steven Crothers]

You wrote the application... nobody can tell you how to secure code they've
never seen.

On Tue, Aug 30, 2011 at 1:16 PM, admin lewis  wrote:

> Hi,
> I want to make secure my python http server.. what should i use ?
> chroot ? there are something more secure ?
> On my centos server I've SE enabled..then .. sandboxing ?
> Thanks very much
> lewis
>
>
> --
> Linux and Windows 2003/2008 Server.
> http://predellino.blogspot.com/
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Steven Crothers
steven.croth...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Secure a python http server

[admin lewis]

2011/8/30 Steven Crothers :
> You wrote the application... nobody can tell you how to secure code they've
> never seen.
>
> On Tue, Aug 30, 2011 at 1:16 PM, admin lewis  wrote:
>>
>> Hi,
>> I want to make secure my python http server.. what should i use ?
>> chroot ? there are something more secure ?
>> On my centos server I've SE enabled..then .. sandboxing ?

http://mapproxy.org/

that's it..
lewis



-- 
Linux Server, Microsfot Windows 2003/2008 Server, Exchange 2007
http://predellino.blogspot.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.0 Media problems

[ken]

On 08/30/2011 03:20 PM John Hodrien wrote:
> On Tue, 30 Aug 2011, ken wrote:
> 
>> ...
> 
> It's a bit faffy, and doing a yum install rather than an anaconda install
> means there was a little bit more niggly setup left to do.  But I'd have no
> worries about doing it this way.

Though I'm glad those days are gone, I started out in Linux downloading
tarballs over a 2400 baud modem onto 3.5" floppies, patching and
compiling kernels, and figuring out dependencies by puzzling out error
messages.  A package management system was not even a future dream then.
 So I wouldn't recoil from your workaround, but it's too long a story to
tell my customers and less techy folk who come to me for advice.  Nor
would I tell them to ditch their "muttboxes" and bend over for the
hardware man when, as you've shown, and what a couple others here have
expressed in their absence of saying, none of that is necessary
technically.  So while your craft wouldn't be a big deal personally (if
no one else does, you should sketch it out on the wiki or somewhere),
there are others to consider.


>> Can I ask, how long have you been running this configuration?
> 
> Not ages, but you're not going to see any problems from this kernel change.
> 
>> And have you noticed in this time any problems related to the non-PAE
>> kernel?  Also, do you run server apps on your laptop, e.g.. apache, mysqld,
>> sshd, cups, postfix, mailman?  
> 
> You can happily run anything you like, we're only talking about disabling PAE.
> You're limiting yourself to ~3Gbytes of RAM, but given my laptop's hardware
> only supports 1.25Gbytes maximum, that's not really a problem.  Seriously,
> it's going to be able to do exactly what any other non-PAE enabled
> distribution would be able to do.
> 
> jh

Good to know.  Thanks.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache warns Web server admins of DoS attack tool

[Thomas Harold]

On 8/28/2011 12:37 PM, Les Mikesell wrote:
> On Sun, Aug 28, 2011 at 10:20 AM, Keith Roberts  wrote:
>>> The CentOS Forums are a very very good resource for many people and the
>>> people spending time managing and posting there are doing a very good
>>> job. I'm guessing you were unable to get value from the forums since
>>> your expectations and forums deliverables dont match. That's fine, but
>>> it does not imply that the entire forums are 'useless'.
>>
>> I'd say the forums have ALOT of usefull info, but the main
>> Centos activity is centered on IMHO this list - cannot speak
>> for the other centos lists, as I'm ONLY on this one for now.
>>
>
> The problem with forums is that if you have more than a couple of
> interests you kill the whole day bouncing around in a web browser
> logging into them and figuring out their user interface differences.
> Could the rss feed be made a little more obvious?  It might work to
> plug it into google reader or other feed consolidator.
>

Someday, perhaps we'll end up back on an authenticated version of NNTP, 
with support for bbcode, images, and the front end reader of your choice...

Maybe a merger of some sort between forums / email discussion threads 
and NNTP.  There are things that the web forum does well, things that 
NNTP does well and things that mailing lists do well.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache warns Web server admins of DoS attack tool

[Thomas Harold]

On 8/25/2011 7:05 PM, Always Learning wrote:
>
> On Thu, 2011-08-25 at 14:36 -0700, John R Pierce wrote:
>
>> On 08/25/11 1:45 PM, Always Learning wrote:
>>> I have broken-up the very large conf file (/etc/httpd/conf/httpd.conf)
>>> into 3 main parts. Part 1 is left in situ. Parts 2 and 3 are located
>>> elsewhere.
>
>> the existing EL httpd.conf includes /etc/httpd/conf.d/*.conf  and any
>> changes are expected to be made there rather than editing the stock file.
>
> Hi John,
>
> No Centos updates are likely to interfere with my Apache server options
> and virtual hosts. The existing /etc/httpd/conf/httpd.conf is large and
> laborious to read and fully understand especially with so many useful
> comments.
>
> 'including' the parts that do change and are not operating system
> dependant, meaning putting them somewhere which has no connection to the
> operating system, for example
>
>   /data/config/apache/server.conf
>   /data/config/apache/domain.*
>
> means, I believe, that if a change to one small file goes wrong then
> there is absolutely no danger to 'damaging' any of the other files and
> the source of the problem is quick and easy to identify. Thus 'change
> damage' is strictly limited to one small self-contained file and can not
> affect any of the other files.
>
> I have too much experience of so-called collateral damage inadvertently
> caused to other parts of a file being changed. It costs time and money
> to trace and diagnose problems, so economically it is a good idea to
> eliminate as much as possible non-involved configuration parameters.
>
> As you will have noticed Apache actually offers the ability to fragment
> configuration parameters to other files by supplying - for the benefit
> of people like me - the 'include' facility.  If Apache never wanted
> folks to use this useful facility, it would never have offered the
> 'include' ability.
>
> Anyone who has ever worked on the nightmare called Windoze will know
> that one tiny fault in the Registry can cause the entire operating
> system to malfunction. Spreading the risk with Apache configuration
> files is my chosen method to minimise potential disruption and it works
> very successfully for me on Centos 5.3, 5.4, 5.5, 5.6 and hopefully on
> 5.7 and 6.1 et al.
>

Which is why all of my server's config files are version controlled (I 
use FSVS with a SVN back-end repository, but there are dozens of tools).

Being able to diff your config files when you mangle it to the breaking 
point is a wonderful thing.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question re: CentOS-6.0, KVM, and /dev/sr0

[psprojectplann...@gmail.com]

On 29/08/2011 15:46, James B. Byrne wrote:
> I am experimenting with KVM and I wish to create a virtual machine
> image in a logical volume.  I can create the new lv without problem
> but when I go to format its file system then I get these warnings:
>
> Warning: WARNING: the kernel failed to re-read the partition table
> on /dev/sda (Device or resource busy).  As a result, it may not
> reflect all of your changes until after reboot.
> Warning: Unable to open /dev/sr0 read-write (Read-only file system).
>   /dev/sr0 has been opened read-only.
>
> When I take a look at things using parted I see this:
>
> # parted -l print
> Model: ATA WDC WD5000AAKS-0 (scsi)
> Disk /dev/sda: 500GB
> Sector size (logical/physical): 512B/512B
> Partition Table: msdos
>
> Number  Start   EndSize   Type File system  Flags
>   1  1049kB  525MB  524MB  primary  ext4 boot
>   2  525MB   500GB  500GB  primary   lvm
>
>
> Model: Linux device-mapper (linear) (dm)
> Disk /dev/mapper/vg_inet02-lv_guest01: 129GB
> Sector size (logical/physical): 512B/512B
> Partition Table: loop
>
> Number  Start  EndSize   File system  Flags
>   1  0.00B  129GB  129GB  ext4
>
>
> Model: Linux device-mapper (linear) (dm)
> Disk /dev/mapper/vg_inet02-lv_log: 1049MB
> Sector size (logical/physical): 512B/512B
> Partition Table: loop
>
> Number  Start  End SizeFile system  Flags
>   1  0.00B  1049MB  1049MB  ext4
>
>
> Model: Linux device-mapper (linear) (dm)
> Disk /dev/mapper/vg_inet02-lv_tmp: 8389MB
> Sector size (logical/physical): 512B/512B
> Partition Table: loop
>
> Number  Start  End SizeFile system  Flags
>   1  0.00B  8389MB  8389MB  ext4
>
>
> Model: Linux device-mapper (linear) (dm)
> Disk /dev/mapper/vg_inet02-lv_home: 4194MB
> Sector size (logical/physical): 512B/512B
> Partition Table: loop
>
> Number  Start  End SizeFile system  Flags
>   1  0.00B  4194MB  4194MB  ext4
>
>
> Model: Linux device-mapper (linear) (dm)
> Disk /dev/mapper/vg_inet02-lv_swap: 8321MB
> Sector size (logical/physical): 512B/512B
> Partition Table: loop
>
> Number  Start  End SizeFile system Flags
>   1  0.00B  8321MB  8321MB  linux-swap(v1)
>
>
> Model: Linux device-mapper (linear) (dm)
> Disk /dev/mapper/vg_inet02-lv_root: 53.7GB
> Sector size (logical/physical): 512B/512B
> Partition Table: loop
>
> Number  Start  End SizeFile system  Flags
>   1  0.00B  53.7GB  53.7GB  ext4
>
>
> Warning: Unable to open /dev/sr0 read-write (Read-only file system).
>   /dev/sr0
> has been opened read-only.
> Error: /dev/sr0: unrecognised disk label
>
> The host system is CentOS-6.0 with updates applied.  I did a manual
> disc configuration on initial install but I do not recall
> specifically dealing with /dev/sr0 at any point.
>
> Can anyone explain to me what is happening here and what I should
> do?  Am I constrained to reboot the server each time that I make
> changes to an LV?  Is there some configuration change I need make to
> the base system?
>
> The favour of a direct copy of any reply to the mailing list is
> requested as I am a digest subscriber.
>
You do not need to reboot every time you adjust a Logical Volume. Do you 
also need to format the file system for a KVM guest's Logical Volume?

I'm currently juggling servers to try and get a free machine to test KVM 
on Centos 6, but i have recently found, with another RHEL clone I'm 
testing, that if you do not set up the LogVol with virsh or i suppose 
virt-manager you will have issues getting the guest machines to run.

If you look at chapter 26.1.4.1 & 26.1.4.2  of the Red Hat Visualization 
Guide, for RHEL6, it explains how to use fdisk to create an partition 
for the Logical Volume, set it to a Linux LVM type and create the 
storage pool for the KVM guests (page 217 & 218).

On my current RHEL clone test system, to create the VolGroup / Storage 
pool i used the virsh commands on pages 222 & 223 of the Red Hat 
Visualization Guide (which were similar to the following):

# virsh pool-define-as guest_images_lvm logical - - /dev/cciss/c0d0p3 
libvirt_lvm /dev/libvirt_lvm
# virsh pool-build VolGroupGuests
# virsh pool-start guest_images_lvm
# virsh pool-autostart guest_images_lvm
# virsh pool-list --all

 Name State  Autostart
 -
 guest_images_lvm active yes

To create the actual logical volume for the virtual machine I used the 
following command:
# virsh --connect qemu:///system vol-create-as guest_images_lvm volume1 20G

I don't remember formatting a file system prior to installing the KVM 
guest, but new i am new to KVM and I'm experimenting as well.

jk



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux & iptables

[Phil Savoie]

On 08/30/2011 03:23 PM, Ned Slider wrote:
> On 30/08/11 20:08, Michael D. Berger wrote:
>> In setting up my new CentOS 6 laptop, I replaced
>> /etc/sysconfig/iptables with my own, very restrictive
>> version.  I then tried to restart the iptables daemon,
>> but it reported that my new iptables was unreadable.
>> On a guess, I disabled selinux, and my problem was
>> solved.  Later, I re-enabled selinux and on reboot, it
>> had to go through a very long setup procedure.

> Rather than disabling, you can put SELinux in permissive mode to 
> troubleshoot. Permissive mode will warn but still allow all actions that 
> would otherwise be blocked in enforcing mode.
> 

Further to this, chcon --reference  , then test
with selinux back in enforcing mode.


> When you disable SELinux and then later re-enable it, the whole file 
> system will need to be relabeled at boot, and this is probably what took 
> the time on your system. Switching between permissive and enforcing 
> modes avoids this.
> 


Regards,

Phil
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] (Centos 5.6) Server Time NTP Facility

[Always Learning]

Curiously examining some of the blocked IP addresses in the daily
Logwatch report, I notice strange sites attempting to connect to our
servers on port 123 (the time port).

I also notice our servers successfully contacting official time
references centres which are not those sites trying to connect to us. I
notice too the installed time software is listening on every available
IP. I can not identity any options in any configuration files to
turn-off this listening.

Why are unknown sites attempting to connect to our server to, I assume,
sample the time and how does one turn-off the software's listening on
every IP address, including 127.0.0.1 ?

Thanks,

Paul.






___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Update to CentOS 6.0 without CD/DVD reader

[Timothy Murphy]

John Doe wrote:

> And I guess you will have 1 try only... if it fails somewhere in
> the middle of the install, you won't have a 2nd chance

Thanks for your suggestion,
which I think is more or less the advice in
,
mentioned in another post.

I'll be installing CentOS-6 in a new partition,
so failure won't be very serious.


-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] (Centos 5.6) Server Time NTP Facility

[brian]

On 08/30/2011 07:58 PM, Always Learning wrote:
>
> Curiously examining some of the blocked IP addresses in the daily
> Logwatch report, I notice strange sites attempting to connect to our
> servers on port 123 (the time port).
>
> I also notice our servers successfully contacting official time
> references centres which are not those sites trying to connect to us. I
> notice too the installed time software is listening on every available
> IP. I can not identity any options in any configuration files to
> turn-off this listening.
>
> Why are unknown sites attempting to connect to our server to, I assume,
> sample the time and how does one turn-off the software's listening on
> every IP address, including 127.0.0.1 ?
>
> Thanks,
>
> Paul.
>

   You can use iptables to block that port for all but specified addresses...

   assuming you have iptables set up to deny (drop) all by default, simply 
adding


-A INPUT -s xxx.xxx.xxx.xxx/255.255.255.0 -i eth0 -p tcp -m tcp --dport 123 -j 
ACCEPT


   ...to your rule list will allow the specified net address(es) to contact you 
on port 123.  the above, of course, assumes your 
input port is eth0 (change that, if different on your system), and that the NTP 
server uses TCP protocol (change that to UDP, 
otherwise).  should be enough to get you started on the right track, anyway.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] (Centos 5.6) Server Time NTP Facility

[Always Learning]

On Tue, 2011-08-30 at 20:15 -0400, brian wrote:

> On 08/30/2011 07:58 PM, Always Learning wrote:
> >
> > Curiously examining some of the blocked IP addresses in the daily
> > Logwatch report, I notice strange sites attempting to connect to our
> > servers on port 123 (the time port).
> >
> > I also notice our servers successfully contacting official time
> > references centres which are not those sites trying to connect to us. I
> > notice too the installed time software is listening on every available
> > IP. I can not identity any options in any configuration files to
> > turn-off this listening.
> >
> > Why are unknown sites attempting to connect to our server to, I assume,
> > sample the time and how does one turn-off the software's listening on
> > every IP address, including 127.0.0.1 ?


>You can use iptables to block that port for all but specified addresses...
> 
>assuming you have iptables set up to deny (drop) all by default, simply 
> adding
> 
> 
> -A INPUT -s xxx.xxx.xxx.xxx/255.255.255.0 -i eth0 -p tcp -m tcp --dport 123 
> -j ACCEPT

I think the -i eth0 is not needed with only one physical network
interface. I don't use -m tcp and the instruction shown in your example
works well without the -m tcp.

Using IPtables caused the block ports with their IP addresses and their
packet details to appear in Logwatch. As a keen user of IPtables I am
currently looking at blocking some packets on their contents (-m
string ..) before trying the 'bad guy' site IP blocking determined
by hackers packets (-m recent ...)

However I am curious to know why strange sites contact our servers on
port 123 and why the installed Centos time software listens on every
available IP address.

Best regards,

Paul.
-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Always Learning]

On a VPS I wanted to add to IP tables:-

iptables -A  -p tcp -m string --algo bm --string 'login' -j DROP

I got:

iptables: Unknown error 18446744073709551615

uname -a =  2.6.35.4 #2  (don't know how this got installed)

lsmod | grep ipt = ipt_LOG   5419  2 

yum upgrade iptables* = nothing to install.

---

On a standalone server (C 5.6)

iptables -A  -p tcp -m string --algo bm --string 'login' -j DROP

is accepted.

uname -a =  2.6.18-274.el5 #1 

lsmod | grep ipt =
ipt_LOG39617  1 
iptable_filter 36161  1 
ip_tables  55457  1 iptable_filter
x_tables   50505  6
xt_string,xt_state,ipt_LOG,xt_tcpudp,ip_tables,ip6_tables



Appreciate suggestions on how to get kernel 2.6.35.4 to install the
whole IP tables package, especially the STRING and RECENT options (in
-m).

Thank you.

Paul.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Steve Walsh]

  On 08/31/2011 12:24 PM, Always Learning wrote:
> On a VPS I wanted to add to IP tables:-
>
> iptables -A  -p tcp -m string --algo bm --string 'login' -j DROP
>
> I got:
>
>   iptables: Unknown error 18446744073709551615
>
> uname -a =  2.6.35.4 #2  (don't know how this got installed)

I'm wagering that's not the full output of uname -a. As far as I'm 
aware, centos have never shipped a 2.6.35 kernel with any release, and 
that's the sort of error you get with a openVZ "stab" (or Stable) 
kernel, where unless the host provides you with the modules, there's not 
a lot you can do about it.


> 
>
>   Appreciate suggestions on how to get kernel 2.6.35.4 to install the
> whole IP tables package, especially the STRING and RECENT options (in
> -m).

Perhaps you might want to talk to your hosting company about what 
they're selling you, because it certainly isn't a 'pure' centos install.

Steve.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Always Learning]

On Wed, 2011-08-31 at 13:02 +1000, Steve Walsh wrote:

> I'm wagering that's not the full output of uname -a. As far as I'm 
> aware, centos have never shipped a 2.6.35 kernel with any release, and 
> that's the sort of error you get with a openVZ "stab" (or Stable) 
> kernel, where unless the host provides you with the modules, there's not 
> a lot you can do about it.

Centos 6 is, I believe, 2.6.32, so 2.6.35 is something strange. Google
shows that version in many data centres.

> Perhaps you might want to talk to your hosting company about what 
> they're selling you, because it certainly isn't a 'pure' centos install.

Have already done that. I'm getting about 6,000 web hits a day (all
wrong URLs) from a lunatic who I can stop in IP Tables but only if the
alleged Centos version is up-to-date.

Thank you.

Paul.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[John R. Dennison]

On Wed, Aug 31, 2011 at 04:07:44AM +0100, Always Learning wrote:
> 
> Have already done that. I'm getting about 6,000 web hits a day (all
> wrong URLs) from a lunatic who I can stop in IP Tables but only if the
> alleged Centos version is up-to-date.

Has nothing to do with being up-to-date; it has to do with no having the
necessary iptables facilities available.  Talk to your hoster.




John
-- 
In today's online world, what your mother told you is true, only more so:
people really can judge you by your friends.

-- Harold Abelson, MIT computer science professor, on personal information
that can be gleaned from social networking sites, NY Times, 17 March 2010


pgpuXOSZPtXqW.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Always Learning]

On Tue, 2011-08-30 at 22:11 -0500, John R. Dennison wrote:

> On Wed, Aug 31, 2011 at 04:07:44AM +0100, Always Learning wrote:
> > 
> > Have already done that. I'm getting about 6,000 web hits a day (all
> > wrong URLs) from a lunatic who I can stop in IP Tables but only if the
> > alleged Centos version is up-to-date.
> 
> Has nothing to do with being up-to-date; it has to do with no having the
> necessary iptables facilities available.  Talk to your hoster.

NO I will not. I have already emailed them.

The necessary IP Tables facilities are not available. Therefore,
contrary to your strange assertion "Has nothing to do with being
up-to-date" that IP Tables version is certain OUT-OF-DATE because the
modern parts have not been included !!!

Have a nice day.

Paul.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[John R. Dennison]

On Wed, Aug 31, 2011 at 04:17:36AM +0100, Always Learning wrote:
> 
> NO I will not. I have already emailed them.

Then you won't get the support.  Period.

> The necessary IP Tables facilities are not available. Therefore,
> contrary to your strange assertion "Has nothing to do with being
> up-to-date" that IP Tables version is certain OUT-OF-DATE because the
> modern parts have not been included !!!

It's not out of date.  OpenVZ / "stab" kernels don't support all ipt-*
modules by default; they have to be configured on a container basis.

You can argue and be wrong or you can contact your hoster and have the
modules you need enabled or you can find an alternate provider.  The
choice is yours.




John
-- 
The ability to focus attention on important things is a defining
characteristic of intelligence.

-- Robert J. Shiller (1946-), American economist, academic, and author,
   Irrational Exuberance (2006)


pgpon49uaBFSa.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Steve Walsh]

  On 08/31/2011 01:17 PM, Always Learning wrote:
> NO I will not. I have already emailed them.

wowjust...wow.

> The necessary IP Tables facilities are not available. Therefore,
> contrary to your strange assertion "Has nothing to do with being
> up-to-date" that IP Tables version is certain OUT-OF-DATE because the
> modern parts have not been included !!!

They have not been included, probably because you are running an openVZ 
'stab' kernel. Failing to give us the complete output in your initial 
post means that anyone helping you is taking blind guesses. As an 
example, here is the output of uname -a on my C6.0 system;

Linux omg.wtf.bbq.lol.au 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 
19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux

As you can see, it has a little bit more information that the output of 
the uname -a command you included in your original

If I google "iptables on openvz", I get the following link from their 
wiki - http://wiki.openvz.org/Setting_up_an_iptables_firewall, have you 
tried that path?

But, without the full information to start with, it's all conjecture.

Steve

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Always Learning]

On Tue, 2011-08-30 at 22:22 -0500, John R. Dennison wrote:

> On Wed, Aug 31, 2011 at 04:17:36AM +0100, Always Learning wrote:
> > 
> > NO I will not. I have already emailed them.
> 
> Then you won't get the support.  Period.

Utter rubbish. They are excellent either by phone or by email. 

> It's not out of date.  OpenVZ / "stab" kernels don't support all ipt-*
> modules by default; they have to be configured on a container basis.
> 
> You can argue and be wrong or you can contact your hoster and have the
> modules you need enabled or you can find an alternate provider.  The
> choice is yours.

Thank you for informing me the 'choice' is mine. Without such undoubted
inspirational wisdom I would never have known I had a choice. I am most
grateful to you.

How many occasions must I state I have emailed the service company
before you refrain from telling me to contact the "hoster" ?

Have a peaceful and relaxing evening and a very nice day tomorrow.


Paul.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[John R. Dennison]

On Wed, Aug 31, 2011 at 04:30:37AM +0100, Always Learning wrote:
> 
> Thank you for informing me the 'choice' is mine. Without such undoubted
> inspirational wisdom I would never have known I had a choice. I am most
> grateful to you.

The choice is indeed yours.  You can 1) listen to those that know what
they are talking about and probably have 50 years of combined experience;
or 2) remain in the dark and clueless.

> How many occasions must I state I have emailed the service company
> before you refrain from telling me to contact the "hoster" ?

How many times must you argue when you ask for assistance [1] and have it
provided for you, free of charge.

If you want help at least be willing to consider the answers you are
given and not discount them out of hand because they don't fit the way
you wish things were.

[1] "Appreciate suggestions on how to get kernel 2.6.35.4 to install the
 whole IP tables package, especially the STRING and RECENT options
 (in -m)."




John
-- 
Creativity is allowing oneself to make mistakes.  Art is knowing which ones
to keep.

-- Scott Adams (1957-), American cartoonist and satirist,
   The Dilbert Principle (1996)


pgp01yQMP7cbo.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Always Learning]

On Wed, 2011-08-31 at 13:30 +1000, Steve Walsh wrote:

> They have not been included, probably because you are running an openVZ 
> 'stab' kernel. Failing to give us the complete output in your initial 
> post means that anyone helping you is taking blind guesses.

That you for the useful enlightenment. I was unaware it was an OpenVZ. I
thought is was XEN on Ubuntu.

>  As an example, here is the output of uname -a on my C6.0 system;
> 
> Linux omg.wtf.bbq.lol.au 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 
> 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux
>
> As you can see, it has a little bit more information that the output
> of  he uname -a command you included in your original

Well I cut-out the unnecessary parts and produced a uname -r.
It was the kernel version that interested me. I just happened to know it
is 'Linux' and 'GNU' so did not need a reminder.

> If I google "iptables on openvz", I get the following link from their 
> wiki - http://wiki.openvz.org/Setting_up_an_iptables_firewall, have you 
> tried that path?

Of course not. My telepathy does not extend beyond half-way down Africa.
If I have known, but I did not know then, about Open VZ then I would
have typed that into Google.

> But, without the full information to start with, it's all conjecture.

I note from your web site you are in to marriage guidance too.

Have a nice day.

Paul.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Always Learning]

On Tue, 2011-08-30 at 22:41 -0500, John R. Dennison wrote:

> The choice is indeed yours.

Thanks for confirming that again. Its really nice of you to keep
reminding me.

>   You can 1) listen to those that know what
> they are talking about and probably have 50 years of combined experience;
> or 2) remain in the dark and clueless.

However good my hearing I have to admit that I can't hear you. I can
read your typing but I honestly can't hear you. Can you shout a little
louder and I'll listen very quietly ?

> How many times must you argue when you ask for assistance [1] and have it
> provided for you, free of charge.

Argue ?  You told me to talk to someone. I said 'no' because I had
already emailed them and received a Ticket number. Surely it should be
my choice how I communicate with a third party ?

> If you want help at least be willing to consider the answers you are
> given and not discount them out of hand because they don't fit the way
> you wish things were.

I always carefully consider answers and suggestions regardless of the
source.

> [1] "Appreciate suggestions on how to get kernel 2.6.35.4 to install the
>  whole IP tables package, especially the STRING and RECENT options
>  (in -m)."

Gee that is nice of you. But at the time I posted my problem I was not
aware 'the whole IP Tables package' had not been installed because I had
tried to install it using yum which reported nothing to install.


Paul.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[John R. Dennison]

On Wed, Aug 31, 2011 at 04:54:33AM +0100, Always Learning wrote:
> 
> Thanks for confirming that again. Its really nice of you to keep
> reminding me.

Sigh.

Can you please stop barking?  Your need to get the last word in on EVERY
thread is more than a little annoying.  Just to end this, you can be
"right" if you want, it's fine by me.




John

-- 
Technology makes it possible for people to gain control over everything,
except over technology.

-- John Tudor


pgpxjSfHLhkji.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Always Learning]

On Tue, 2011-08-30 at 23:08 -0500, John R. Dennison wrote:

> Sigh.
> 
> Can you please stop barking? 

Are you a dog lover ?  I like dogs too. They usually bark at strangers.

Paul.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: help with email list reading programs w/ best features to read the centos and other lists that can filter people etc

[R - elists]

we need to filter out various peoples posts on this list

would some kind soul(s) please direct us in locating the best email list
reading programs w/ the best features to read the centos and other lists.

the CentOS list signal/noise ratio is so bad that we need something better
than just outlook like clients or whatever

appropriate windows and linux recommendations would be most appreciated

thank you in advance

 - rh

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: help with email list reading programs w/ best features to read the centos and other lists that can filter people etc

[Christopher Chan]

On Wednesday, August 31, 2011 12:46 PM, R - elists wrote:
>
> we need to filter out various peoples posts on this list
>
> would some kind soul(s) please direct us in locating the best email list
> reading programs w/ the best features to read the centos and other lists.

It's not an email program but I think it has the best filtering 
capabilities of all - the brain.

>
> the CentOS list signal/noise ratio is so bad that we need something better
> than just outlook like clients or whatever

Huh? What signal/noise ratio? I don't see any of the usual "can't be 
bother to read manuals/to use google" suspects...unless you're 
complaining about our most recent top poster...

>
> appropriate windows and linux recommendations would be most appreciated
>

How about mutt as a client?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: help with email list reading programs w/ best features to read the centos and other lists that can filter people etc

[Frank Cox]

On Tue, 30 Aug 2011 21:46:53 -0700
R - elists wrote:

> we need to filter out various peoples posts on this list
> 
> would some kind soul(s) please direct us in locating the best email list
> reading programs w/ the best features to read the centos and other lists.
> 
> the CentOS list signal/noise ratio is so bad that we need something better
> than just outlook like clients or whatever

Hello Mr. Elists (or may I call you R?)

Most email clients are capable of filtering incoming mail by subject, sender,
and other fields.  I note that you are using MS Outlook and I have absolutely
no experience with that program, but any email client I've used in the past
several years has allowed filtering in some manner.

My personal favourite email client is Sylpheed (which is available for both
Linux and Windows -- you can find a pre-compiled Sylpheed rpm for Centos 5 and
Centos 6 on my website if you're interested) and it can easily be used to
filter and sort email by just about any field that you choose to use.

With Sylpheed, you can set it up to filter "Sender=Whoever" to "Trash" or
"Delete from Server" if you want.  Just look under the Configuration - Filter
Settings menu; it's pretty self-explanatory.

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] (Centos 5.6) Server Time NTP Facility

[James Hogarth]

> However I am curious to know why strange sites contact our servers on
> port 123 and why the installed Centos time software listens on every
> available IP address.
>

For your first part either people probing you or have you checked to see if
a previous admin had joined the ntp.org pool with your hosts?

For your second part man ntp.conf and look at your ntp.conf configuration.
If memory serves default is to listen on all addresses and allow sync but no
query, peer, modify, etc.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos