[CentOS] Replacing gateway, is it bad idea?

[Fajar Priyanto]

Hi all,
I have plan to replace my Centos5.7 VM with newer version.
The VM works as our network gateway.

I want to ask from your experience, will it be a bad decision? My
concern is that since the Mac Address of the gateway will change, will
it disrupt the network?
How fast the Switches can recognize the new mac? Any other pitfall?

Thanks
Fajar.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Replacing gateway, is it bad idea?

[John R Pierce]

On 11/30/11 12:59 AM, Fajar Priyanto wrote:
> How fast the Switches can recognize the new mac? Any other pitfall?

within seconds.  or faster.  and the client's ARP caches expire nearly 
as fast.

its not the switches you care about as much as the DHCP leases for your 
clients.  if you can copy the dhcp leases file over, that will save a 
lot of grief.

-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Replacing gateway, is it bad idea?

[Fajar Priyanto]

On Wed, Nov 30, 2011 at 5:09 PM, John R Pierce  wrote:
> On 11/30/11 12:59 AM, Fajar Priyanto wrote:
>> How fast the Switches can recognize the new mac? Any other pitfall?
>
> within seconds.  or faster.  and the client's ARP caches expire nearly
> as fast.
>
> its not the switches you care about as much as the DHCP leases for your
> clients.  if you can copy the dhcp leases file over, that will save a
> lot of grief.
>

Thanks John, I feel a bit relief hearing that.
More over, the gateway is a pure one, no dhcp, no other services.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Replacing gateway, is it bad idea?

[Ljubomir Ljubojevic]

Vreme: 11/30/2011 10:13 AM, Fajar Priyanto piše:
> On Wed, Nov 30, 2011 at 5:09 PM, John R Pierce  wrote:
>> On 11/30/11 12:59 AM, Fajar Priyanto wrote:
>>> How fast the Switches can recognize the new mac? Any other pitfall?
>>
>> within seconds.  or faster.  and the client's ARP caches expire nearly
>> as fast.
>>
>> its not the switches you care about as much as the DHCP leases for your
>> clients.  if you can copy the dhcp leases file over, that will save a
>> lot of grief.
>>

I would suggest installing new gateway as new system, leaving old one to 
work until new one is ready. That way if something goes wrong you will 
still have old one to revert to. Just do not give in working IP's until 
you are ready to switch over.

-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hello

[LinuxIsOne]

On Tue, Nov 29, 2011 at 1:12 PM, Ljubomir Ljubojevic wrote:

I am accustomed to give precise answers and directions and expect people
> not to stray one bit so I can
> follow you in my mind (professional deformation and defense system),  so
> as long as you follow what I suggest I will help you land on the moon.
>

I am lucky then if you could do this, I would definitely follow your good
advices. I hope to get more from you. I am happy that you are having such
a  nice experience.

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Moving server

[Timothy Murphy]

I want to move my home server over to a new machine,
both running CentOS.
(The present server is running CentOS-5.7, the new one 6.0.)
I'm thinking of moving things over one at a time,
starting with email.
I'm running IMAP on the server,
with my email in ~/Maildir/ .
I'm wondering what exactly I need to copy to the new machine?

Any help or suggestions gratefully received.


-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Replacing gateway, is it bad idea?

[Dennis Jacobfeuerborn]

On 11/30/2011 10:09 AM, John R Pierce wrote:
> On 11/30/11 12:59 AM, Fajar Priyanto wrote:
>> How fast the Switches can recognize the new mac? Any other pitfall?
>
> within seconds.  or faster.  and the client's ARP caches expire nearly
> as fast.
>
> its not the switches you care about as much as the DHCP leases for your
> clients.  if you can copy the dhcp leases file over, that will save a
> lot of grief.
>

If you want to plug the new system in the same port the old system was 
plugged in before then depending on the switch and how it is configured it 
can take 30-60 seconds to change the switch port to a forwarding state. 
During that time the switch will send put out STP requests to determine if 
the newly attached device is also a switch. Once these time out it will 
assume the new device is a regular system and change the port to a 
forwarding state.

You can prevent this by enabline something like "PortFast" for that port 
which tells the switch to simply assume that only regular devices will be 
connected to that port and to immediately change the port to a forwarding 
state.

See for example:
http://www.omnisecu.com/cisco-certified-network-associate-ccna/what-is-spanning-tree-protocol-stp-portfast.htm

Regards,
   Dennis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving server

[ken]

On 11/30/2011 06:36 AM Timothy Murphy wrote:
> I want to move my home server over to a new machine,
> both running CentOS.
> (The present server is running CentOS-5.7, the new one 6.0.)
> I'm thinking of moving things over one at a time,
> starting with email.
> I'm running IMAP on the server,
> with my email in ~/Maildir/ .
> I'm wondering what exactly I need to copy to the new machine?
> 
> Any help or suggestions gratefully received.

If it were me, I'd copy the entire old machine (running 5.7) over to the 
new machine so that after the copy it was also running 5.7, then upgrade 
the new machine to 6.0.  ...unless you like making things more 
complicated than they need to be.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving server

[Johnny Hughes]

On 11/30/2011 06:18 AM, ken wrote:
> On 11/30/2011 06:36 AM Timothy Murphy wrote:
>> I want to move my home server over to a new machine,
>> both running CentOS.
>> (The present server is running CentOS-5.7, the new one 6.0.)
>> I'm thinking of moving things over one at a time,
>> starting with email.
>> I'm running IMAP on the server,
>> with my email in ~/Maildir/ .
>> I'm wondering what exactly I need to copy to the new machine?
>>
>> Any help or suggestions gratefully received.
> 
> If it were me, I'd copy the entire old machine (running 5.7) over to the 
> new machine so that after the copy it was also running 5.7, then upgrade 
> the new machine to 6.0.  ...unless you like making things more 
> complicated than they need to be.

An upgrade on the same machine from 5.7 to 6.x is not supported and
would always leave behind a bunch of old libraries, etc.

The way he is doing it is the correct way (at least as recommended by RH
for RHEL and by us for CentOS.

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/ch-upgrade-x86.html





signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving server

[Reindl Harald]

Am 30.11.2011 13:45, schrieb Johnny Hughes:
> On 11/30/2011 06:18 AM, ken wrote:
>> On 11/30/2011 06:36 AM Timothy Murphy wrote:
>>> I want to move my home server over to a new machine,
>>> both running CentOS.
>>> (The present server is running CentOS-5.7, the new one 6.0.)
>>> I'm thinking of moving things over one at a time,
>>> starting with email.
>>> I'm running IMAP on the server,
>>> with my email in ~/Maildir/ .
>>> I'm wondering what exactly I need to copy to the new machine?
>>>
>>> Any help or suggestions gratefully received.
>>
>> If it were me, I'd copy the entire old machine (running 5.7) over to the 
>> new machine so that after the copy it was also running 5.7, then upgrade 
>> the new machine to 6.0.  ...unless you like making things more 
>> complicated than they need to be.
> 
> An upgrade on the same machine from 5.7 to 6.x is not supported and
> would always leave behind a bunch of old libraries, etc.

yes you have to manually clean up something

but since i upgraded > 20 servers since F9 to F14 and
currently stzart upgrade to F15 via yum this should also
work on CentOS and is mostly more painless than searching
every piece of configuraion on a new machine

since this is a new machine while the old is still there it
would be not a problem to test what is happening, on my
environments all servers are virtual-machines what makes
it all relaxter with a full snapshot





signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Replacing gateway, is it bad idea?

[Les Mikesell]

On Wed, Nov 30, 2011 at 2:59 AM, Fajar Priyanto  wrote:
> Hi all,
> I have plan to replace my Centos5.7 VM with newer version.
> The VM works as our network gateway.
>
> I want to ask from your experience, will it be a bad decision? My
> concern is that since the Mac Address of the gateway will change, will
> it disrupt the network?
> How fast the Switches can recognize the new mac? Any other pitfall?

Switches normally flood all ports until a new mac is identified so
they will work as soon as the link comes up (which may take a few
seconds for spanning tree).  However, routers to adjacent subnets may
cache their arp table for up to 20 minutes.  You might have a problem
with inbound connections if you don't clear the arp table on whatever
is connected as the next hop.

-- 
  Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving server

[Les Mikesell]

On Wed, Nov 30, 2011 at 5:36 AM, Timothy Murphy  wrote:
> I want to move my home server over to a new machine,
> both running CentOS.
> (The present server is running CentOS-5.7, the new one 6.0.)
> I'm thinking of moving things over one at a time,
> starting with email.
> I'm running IMAP on the server,
> with my email in ~/Maildir/ .
> I'm wondering what exactly I need to copy to the new machine?

If you can run both machines during the conversion, I'd bring up the
new one, then rsync over the home directories and any other data,
making sure the related applications work.  If you make changes to the
IMAP server, there is an imapcopy utility that will move all mail to a
different type of server - or for a few accounts you can just recreate
the folder structure from a client, connect to both accounts and drag
the messages over, letting the servers take care of the
storage/formatting details.

-- 
  Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to make nodes in my local LAN see each other's names

[Timothy Madden]

On 29.11.2011 20:00, Craig White wrote:
>
> On Nov 29, 2011, at 9:14 AM, Timothy Madden wrote:
>
>> Hello
>>
>> Sorry for the (I guess) simple question, but:
>>
>> I have 7 computers under one 8-port router (D-Link DIR-100, firmware
>> v1.13EU) in my network (actually in a sub-network) and they do not see
>> each other's host names.
>>
>> The router has the 'DNS relay' option enabled, and all 7 computers use
>> the router as the DNS server, which in turn will forward DNS requests to
>> the ISP DNS server. That way I can understand that simple, plain,
>> default DNS is not enough for my boxes to see each-other's names.
>>
>> Windows has a nice (or not) way to resolve the problem: CIFS (Samba)
>> server names are automatically included in the name resolving procedure.
>> I know I can do the same with my CentOS boxes if I install samba on each
>> of them and add 'wins' to the 'hosts: ' line in /etc/nsswitch.conf, but
>> somehow I think installing cifs on every node just to get my local
>> machine names to resolve properly to the IP addresses is not the right
>> way to solve my problem ...
>>
>> What is the way to have all computers in my simple network know each
>> other by name ?
>>
>> Is it possible to have the name resolving procedure used by the system
>> automatically recognize a new machine added to my network, when I try to
>> access it with right host name, like WINS can ?
>>
>> Also, I hear Linux does not have, by default, a cache of resolved names
>> (like Windows does), and I find that to be a sad thing. Why should the
>> default be set so that I contact the ISP DNS server for each and every
>> web page I hit ?
>>
>> Is there an easy way to install a caching name server on my each
>> machine, and make sure my system is using /that server/ to resolve names ?
> 
> just to clarify some things...
>
> NETBIOS is a rather chatty (ie, noisy/traffic generating) for a local subnet. 
> Yes, this can be a convenient way of being able to refer to a computer by its 
> name and the price you pay for that convenience is a fair amount of broadcast 
> traffic by all computers that support this protocol (Windows, Macintosh or 
> Linux using NMBD).
>
> NETBIOS does not in any way provide DNS services. It is relegated to the 
> local subnet only and almost always what is designated as non-routed IP space 
> (10.x.x.x, 172.16.x.x, 192.168.x.x)
>
> UNIX/Linux has a reasonably simple method for maintaining DNS names in 
> /etc/hosts where you can simply set them, ie
> 192.168.1.1 srv1 srv1.mydomain
> 192.168.1.2 srv2 srv2.mydomain
> etc.
> You can also do this on Windows systems - edit 
> C:\Windows\System32\drivers\etc\hosts
>
> If you want Dynamic DNS on your LAN, you are going to find that the typical 
> home/SOHO routers are insufficient with short lease times, no memory storage 
> for previously registered DHCP addresses and no ability to actually provide 
> real DNS (other than forwarding to some other DNS server) and thus, no DDNS. 
> Thus if you really want to have dynamic DNS on your local LAN, you would want 
> to install bind and dhcp packages and configure them (not the easiest thing 
> to do but not entirely difficult either).

Thank you all for your answers.

Indeed, my router (D-Link DIR-100) only does DNS relay and nothing more.

It looks like I have to stick to CIFS for now. Editing hosts file 
manually looks too outdated for me, and I have to edit each hosts file 
on all my computers when a new computer is added (which just happened a 
few days ago). A dnsmasq server looks like a better way to handle my 
problem, but it already requires one of the machines to assume a server 
role: it needs a static IP and can not benefit from (its own) 
configuration services, and it must be running for all other machines to 
be running and see each other.

My subnet is Gigabit anyway, so I guess I think I will live with the 
extra traffic from NetBIOS.

I still have one problem, though: somehow my trick to include 'wins' in 
the 'hosts: ' line in /etc/nsswitch.conf only works when my box uses a 
static IP ! :( I guess `dhclient´ updates the DNS server lists and the 
'resolver' in a way that interferes with the name service switch 
mechanism (configured from /etc/nsswitch.conf).

Is there a way to get the name service switch to use wins, while the DNS 
configuration is handled by DHCP client ?

Thank you,
Timothy Madden

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving server

[Ljubomir Ljubojevic]

Vreme: 11/30/2011 01:53 PM, Reindl Harald piše:
> but since i upgraded>  20 servers since F9 to F14 and
> currently stzart upgrade to F15 via yum this should also
> work on CentOS and is mostly more painless than searching
> every piece of configuraion on a new machine
>
> since this is a new machine while the old is still there it
> would be not a problem to test what is happening, on my
> environments all servers are virtual-machines what makes
> it all relaxter with a full snapshot

Fedora upgrades every 6 months so changes are not so big. CentOS 5.x and 
CentOS 6.x are MUCH more different, there is number of packages that are 
obsoleted and replaced with packages of same effect but with different 
config files, file locations, etc.

Do what you like, but with such different changes, my servers will be 
freshly built and clean (I am slated to upgrade them in few weeks.)


-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS5 w winbind samba integrated w Win2k8 AD

[james]

Is anyone out there using CentOS5 integrated correctly with a Windows 2008 
domain so that active directory authentication can be used for samba 
shares? I have tried the newer RPM's from SERNET up to 3.5 and 3.6 without 
any luck. The usual behavior is wbinfo returns the active directory users 
and groups but 'getent passwd' only returns local users. I also tried 
compiling samba from source but could never get winbind to properly 
connect. 

I have tried this with Ubunutu and CentOS6 and both of those "just worked". 
So if this is working for anyone with CentOS5 would you be willing to share 
your samba version, samba conf and pam setup? I've put a lot of time into 
it and also worked with the samba mailing lists without any success.

Thanks


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving server

[Johnny Hughes]

On 11/30/2011 06:53 AM, Reindl Harald wrote:
> 
> 
> Am 30.11.2011 13:45, schrieb Johnny Hughes:
>> On 11/30/2011 06:18 AM, ken wrote:
>>> On 11/30/2011 06:36 AM Timothy Murphy wrote:
 I want to move my home server over to a new machine,
 both running CentOS.
 (The present server is running CentOS-5.7, the new one 6.0.)
 I'm thinking of moving things over one at a time,
 starting with email.
 I'm running IMAP on the server,
 with my email in ~/Maildir/ .
 I'm wondering what exactly I need to copy to the new machine?

 Any help or suggestions gratefully received.
>>>
>>> If it were me, I'd copy the entire old machine (running 5.7) over to the 
>>> new machine so that after the copy it was also running 5.7, then upgrade 
>>> the new machine to 6.0.  ...unless you like making things more 
>>> complicated than they need to be.
>>
>> An upgrade on the same machine from 5.7 to 6.x is not supported and
>> would always leave behind a bunch of old libraries, etc.
> 
> yes you have to manually clean up something
> 
> but since i upgraded > 20 servers since F9 to F14 and
> currently stzart upgrade to F15 via yum this should also
> work on CentOS and is mostly more painless than searching
> every piece of configuraion on a new machine
> 
> since this is a new machine while the old is still there it
> would be not a problem to test what is happening, on my
> environments all servers are virtual-machines what makes
> it all relaxter with a full snapshot

That is the fun thing about being an administrator ... you (we) get to
do things the way you (we) want and are comfortable with.

I manage a few servers myself and I am much more comfortable, if I have
a new machine, to start with only the new binaries on there an to move
things over.  Other people are likely more comfortable using the linux
upgradeany method from the install media.

To each their own.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] megaraid/PERC

[Ross Walker]

On Nov 29, 2011, at 3:35 PM, m.r...@5-cent.us wrote:

> I've got two drives from a now-dead server, they were RAIDed, a mirror,
> I'd assume. I need to see if there's anything on them I need to transfer
> to the replacement, so I just shoved them into another Dell server, with a
> PERC 5 controller - I think that's what the dead one had. I fired up
> MegaRAID storage manager... but can't see any way to tell it to recreate
> that RAID. Anyone done this?

Probably old news now, but in the PERC card's BIOS you want to import foreign 
config, save it and restart.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] megaraid/PERC

[m . roth]

Ross Walker wrote:
> On Nov 29, 2011, at 3:35 PM, m.r...@5-cent.us wrote:
>
>> I've got two drives from a now-dead server, they were RAIDed, a mirror,
>> I'd assume. I need to see if there's anything on them I need to transfer
>> to the replacement, so I just shoved them into another Dell server, with
>> a PERC 5 controller - I think that's what the dead one had. I fired up
>> MegaRAID storage manager... but can't see any way to tell it to recreate
>> that RAID. Anyone done this?
>
> Probably old news now, but in the PERC card's BIOS you want to import
> foreign config, save it and restart.

No, it's not old news - thanks! Btw, do you know if it's even possible to
do that via the MSM gui? I don't see anything like that in the menus.

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to make nodes in my local LAN see each other's names

[Lamar Owen]

On Wednesday, November 30, 2011 08:54:04 AM Timothy Madden wrote:
> Is there a way to get the name service switch to use wins, while the DNS 
> configuration is handled by DHCP client ?

Yes, there is (or at least should be).  While I know some will object strongly 
to doing it this way, here's how you might be able to do it:

1.) Follow http://bensbits.com/blog/2006/02/02/wins_name_resolution_for_linux/
2.) If not using NetworkManager, set PEERDNS=no in the appropriate 
/etc/sysconfig/network-scripts/ifcfg-ethX file
3.) If using NetworkManager, or using the GUI config tools, make sure the 
'Automatically Obtain DNS Information from provider' is *not* checked
4.) Set up /etc/resolv.conf to point DNS to your router (since that will not 
happen automatically) or set up the DNS servers in the GUI.

Now, I say 'might' simply because I've not personally tried it, since I have a 
local DNS server set up here and that would not match your particular setup, so 
even if I got it working you might not, since I do have a DNS server on the LAN.

Since you're using these systems as desktops, and since you didn't specify (at 
least not in this thread; if you did in another thread I apologize) which 
CentOS you are using, do note that CentOS 5 and CentOS 6 do things quite a bit 
differently.  So YMMV.

And please let us know how it turns out, especially for the benefit of those 
who might be searching this thread a year or two from now with your exact 
question  the second most annoying thing about typical e-mail list threads 
is that the OP often doesn't come back with what the solution was and to 
those OP's who do come back with a 'SOLVED' tag in the subject line (or just in 
the body of the e-mail) and describe what actually fixed their problem, I thank 
you.  (I've already in another thread told my opinion on what the most annoying 
thing about typical e-mail list threads is, so I'll not repeat that here).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Replacing gateway, is it bad idea?

[Lamar Owen]

On Wednesday, November 30, 2011 03:59:58 AM Fajar Priyanto wrote:
> How fast the Switches can recognize the new mac? Any other pitfall?

There are a couple of things I've run into, mostly in failover situations or in 
situations where a machine was moved from one switch to another.

ARP cache timeouts are an issue for seamless failover; VMware, to use one 
example of which I am very familiar, does a gratuitous ARP *reply* when doing 
vmotion from one host to another, and this seems to make the transition very 
short.  I have had cisco routers in particular hang on to ARP caches for a very 
long time; they aren't necessarily supposed to, but I've seen them hold on well 
past the configured ARP cache expiry (meaning a bug in IOS) and then requiring 
either a reload or a manual clearing of the ARP cache to pick it back up.

I've also seen cisco Catalyst switches (mostly older ones, like Catalyst 5000 
and 5500 series with SupIII/NFFC) hang on to MLS CAM entries if the gateway is 
replaced with a flow in progress and refuse to let go for a long time.  This 
could conceivably impact any MLS-based catalyst switch, including 6500 series.

I also have some 3Com Superstack II switches that have issues with hanging on 
to CAM entries long after a machine was moved.  The longest CAM expiry I've 
seen has been about three hours, but that was quite a while back when I had an 
ATM core in my network here (3Com CoreBuilder/CellPlex 7000 core, SS II's and 
Cisco Catalyst 5500's (with the LANE card; and I typically used the 
Truckee-based OC12 LANE cards for the various LANE servers since they had the 
best BUS performance, two orders of magnitude faster than the CB7000's) on the 
edge).  It was less disruptive in those days to just reboot the core and let 
everything reacquire and let PNNI reroute the VC's for the LANE components.

So be prepared to clear ARP caches (since gratuitous ARP is sometimes seen as 
an attack vector, although it works quite well for VMware vMotion, DRS, and HA) 
and CAM/TCAM entries if things go awry.

The RPMforge/repoforge repository includes the 'garp' package; on the new 
gateway you could have this garp package installed, and then run garp with the 
IP address of the old gateway immediately after stopping the old gateway's 
interface, and that might work.  But caution is advised, and YMMV, of course.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] checking package versions in various releases

[Alan McKay]

Hey folks,

I am sure there must be an easy way to do this.

I am currently running 5.3 and "yum info db4" tells me that they have
version 4.3.29.

Is that telling me that this is the version in 5.3?  Or that this is
the latest version in the 5.x stream?

If the former, then how do I find out what release of the db4 software
(sleepcat berkeley db) is in 5.7?

I don't want to "yum upgrade" just yet.  I have to research a number
of things before upgrading, and this is one of them.

thanks,
-Alan

-- 
“Don't eat anything you've ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] checking package versions in various releases

[Fabien Archambault]

On 11/30/2011 04:28 PM, Alan McKay wrote:
> Hey folks,
>
> I am sure there must be an easy way to do this.
>
> I am currently running 5.3 and "yum info db4" tells me that they have
> version 4.3.29.
>
> Is that telling me that this is the version in 5.3?  Or that this is
> the latest version in the 5.x stream?
>
> If the former, then how do I find out what release of the db4 software
> (sleepcat berkeley db) is in 5.7?
>
> I don't want to "yum upgrade" just yet.  I have to research a number
> of things before upgrading, and this is one of them.
>
> thanks,
> -Alan
>
If you have questions on the 5.7 version why not building a virtual 
machine and do tests on it?

Fabien
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Replacing gateway, is it bad idea?

[Fajar Priyanto]

On Wed, Nov 30, 2011 at 11:22 PM, Lamar Owen  wrote:
> So be prepared to clear ARP caches (since gratuitous ARP is sometimes seen as 
> an attack vector, although it works quite well for VMware vMotion, DRS, and 
> HA) and CAM/TCAM entries if things go awry.
>
> The RPMforge/repoforge repository includes the 'garp' package; on the new 
> gateway you could have this garp package installed, and then run garp with 
> the IP address of the old gateway immediately after stopping the old 
> gateway's interface, and that might work.  But caution is advised, and YMMV, 
> of course.

Thanks all for all the insights from your experience. Much appreciated.
I will do it during weekend when no users are working.
(this creates the saying about sysadmin: people work, we work. people
rest, we still work).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] checking package versions in various releases

[Bowie Bailey]

On 11/30/2011 10:31 AM, Fabien Archambault wrote:
> On 11/30/2011 04:28 PM, Alan McKay wrote:
>> Hey folks,
>>
>> I am sure there must be an easy way to do this.
>>
>> I am currently running 5.3 and "yum info db4" tells me that they have
>> version 4.3.29.
>>
>> Is that telling me that this is the version in 5.3?  Or that this is
>> the latest version in the 5.x stream?
>>
>> If the former, then how do I find out what release of the db4 software
>> (sleepcat berkeley db) is in 5.7?
>>
>> I don't want to "yum upgrade" just yet.  I have to research a number
>> of things before upgrading, and this is one of them.
>>
>> thanks,
>> -Alan
>>
> If you have questions on the 5.7 version why not building a virtual 
> machine and do tests on it?

To answer your question, "yum info" or "yum upgrade" will give you the
latest in the 5.x stream.

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to make nodes in my local LAN see each other's names

[Les Mikesell]

On Wed, Nov 30, 2011 at 7:54 AM, Timothy Madden  wrote:
>
> Thank you all for your answers.
>
> Indeed, my router (D-Link DIR-100) only does DNS relay and nothing more.

Errr, unless I'm looking at the wrong online manual, DNS relay does
_exactly_ what you want.  You just have to give it a local domain name
and fill in the dhcp reservation table with the related name/ip/mac
sets.  The fact that it wants a name in this table should have been a
hint.

After you've set that up, test it with 'dig @192.168.0.1 name.localdomain'.

> It looks like I have to stick to CIFS for now. Editing hosts file
> manually looks too outdated for me, and I have to edit each hosts file
> on all my computers when a new computer is added (which just happened a
> few days ago). A dnsmasq server looks like a better way to handle my
> problem, but it already requires one of the machines to assume a server
> role: it needs a static IP and can not benefit from (its own)
> configuration services, and it must be running for all other machines to
> be running and see each other.

The router should do the same thing.  Some d-links have bugs, though,
so test it and if it doesn't work, check if there is a firmware update
for your model.

> My subnet is Gigabit anyway, so I guess I think I will live with the
> extra traffic from NetBIOS.

The DIR-100 isn't gigabit, so the things connected to its ports are
going to 100M.  But, that's fast enough for a small net anyway.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] checking package versions in various releases

[Ljubomir Ljubojevic]

Vreme: 11/30/2011 04:28 PM, Alan McKay piše:
> Is that telling me that this is the version in 5.3?  Or that this is
> the latest version in the 5.x stream?

It's the latest version of the 5.x stream.

It looks like it was last changed in 5.5.

-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] checking package versions in various releases

[John Broome]

On Wed, Nov 30, 2011 at 09:28, Alan McKay  wrote:
> Hey folks,
>
> I am sure there must be an easy way to do this.
>
> I am currently running 5.3 and "yum info db4" tells me that they have
> version 4.3.29.
>
> Is that telling me that this is the version in 5.3?  Or that this is
> the latest version in the 5.x stream?
>
> If the former, then how do I find out what release of the db4 software
> (sleepcat berkeley db) is in 5.7?
>
> I don't want to "yum upgrade" just yet.  I have to research a number
> of things before upgrading, and this is one of them.


Browse a mirror:
http://mirror.wiredtree.com/centos/5/os/x86_64/CentOS/db4-4.3.29-10.el5_5.2.x86_64.rpm

It's very rare that point release update/upgrades within a major
version will b0rk anything.

That's the point of running an enterprise OS, there shouldn't be any
major changes within a release.

Testing in a VM like Fabien mentioned is also a pretty good idea.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] checking package versions in various releases

[John Broome]

On Wed, Nov 30, 2011 at 09:37, Bowie Bailey  wrote:
> On 11/30/2011 10:31 AM, Fabien Archambault wrote:
>> On 11/30/2011 04:28 PM, Alan McKay wrote:
>>> Hey folks,
>>>
>>> I am sure there must be an easy way to do this.
>>>
>>> I am currently running 5.3 and "yum info db4" tells me that they have
>>> version 4.3.29.
>>>
>>> Is that telling me that this is the version in 5.3?  Or that this is
>>> the latest version in the 5.x stream?
>>>
>>> If the former, then how do I find out what release of the db4 software
>>> (sleepcat berkeley db) is in 5.7?
>>>
>>> I don't want to "yum upgrade" just yet.  I have to research a number
>>> of things before upgrading, and this is one of them.
>>>
>>> thanks,
>>> -Alan
>>>
>> If you have questions on the 5.7 version why not building a virtual
>> machine and do tests on it?
>
> To answer your question, "yum info" or "yum upgrade" will give you the
> latest in the 5.x stream.

I suggested going directly to a mirror and check, just in case he had
the url to 5.3 hard coded in his .repo file.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] checking package versions in various releases

[Alan McKay]

Normally I would have a VM for this sort of thing but I still do not
have a machine available for that and I'm hesitant to put VMWare
Server on one of my production machines.   I'm new here and have
already flagged that I need a box for VMs - hoping to have something
in place by this time next week.

Thanks all for your help!


-- 
“Don't eat anything you've ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Replacing gateway, is it bad idea?

[Lamar Owen]

On Wednesday, November 30, 2011 10:32:24 AM Fajar Priyanto wrote:
> Thanks all for all the insights from your experience. Much appreciated.

You're quite welcome.  Please let us know how it went.

> I will do it during weekend when no users are working.
> (this creates the saying about sysadmin: people work, we work. people
> rest, we still work).

Indeed.  In my specific case, I schedule myself for Saturday work for this 
purpose, and schedule a day off during the week to compensate.  But I also know 
that my situation isn't representation of the general IT condition.

Hope it goes well.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to make nodes in my local LAN see each other's names

[John Doe]

On Wed, Nov 30, 2011 at 7:54 AM, Timothy Madden  

>  Indeed, my router (D-Link DIR-100) only does DNS relay and nothing more.

What about in "Network Setting / DHCP Client list & reservation"?
It lists "Host Name" entries...
http://www.scribd.com/doc/10073475/DIR100-Manual-En
Page 26

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] checking package versions in various releases

[John Broome]

On Wed, Nov 30, 2011 at 09:44, Alan McKay  wrote:
> Normally I would have a VM for this sort of thing but I still do not
> have a machine available for that and I'm hesitant to put VMWare
> Server on one of my production machines.   I'm new here and have
> already flagged that I need a box for VMs - hoping to have something
> in place by this time next week.


I'd be hesitant to put an EOL product on my production machines as well.

Look at xen, kvm, or virtualbox for your virt needs.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] checking package versions in various releases

[Alan McKay]

> I'd be hesitant to put an EOL product on my production machines as well.

Let me rephrase that - I am hesitant to put ANY virtualization on
these production machines.  Mainly because I am very new here and do
not know the environment very well yet.


-- 
“Don't eat anything you've ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] checking package versions in various releases

[Johnny Hughes]

On 11/30/2011 10:15 AM, Alan McKay wrote:
>> I'd be hesitant to put an EOL product on my production machines as well.
> 
> Let me rephrase that - I am hesitant to put ANY virtualization on
> these production machines.  Mainly because I am very new here and do
> not know the environment very well yet.
> 
> 
The answer to your question is this:

yum info will tell you 2 things.  The installed version and the latest
available version.

The installed version(s) are all versions of that on your machine ...
usually only kernel will have more than one.

The available version is the latest in the repos that you have active.
If you have your own repo then it would be the latest in your repo.  If
you use the default repos, then it would be the latest available for the
entire 5.x tree (currently 5.7).

You can also just look here to see the latest as well:

http://mirror.centos.org/centos/5/updates/

or if there are no updates for a package then here:

http://mirror.centos.org/centos/5/os/



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 81, Issue 14

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2011:1496 Important CentOS 4 i386 bind Update (Johnny Hughes)
   2. CESA-2011:1496 Important CentOS 4 x86_64 bind Update
  (Johnny Hughes)
   3. CEEA-2011:1500 CentOS 5 x86_64 ixgbe-kmod Update (Johnny Hughes)
   4. CEEA-2011:1500  CentOS 5 i386 ixgbe-kmod Update (Johnny Hughes)
   5. CESA-2011:1479 Important CentOS 5 x86_64 kernel   Update
  (Johnny Hughes)
   6. CESA-2011:1479 Important CentOS 5 i386 kernel Update
  (Johnny Hughes)
   7. CEBA-2011:1502 CentOS 5 i386 dump FASTTRACK Update (Johnny Hughes)
   8. CEBA-2011:1502 CentOS 5 x86_64 dump FASTTRACK Update
  (Johnny Hughes)
   9. CEBA-2011:1503 CentOS 5 i386 ecryptfs-utils   FASTTRACK Update
  (Johnny Hughes)
  10. CEBA-2011:1503 CentOS 5 x86_64 ecryptfs-utils FASTTRACK
  Update (Johnny Hughes)
  11. CEBA-2011:1501 CentOS 5 i386 expect FASTTRACK Update
  (Johnny Hughes)
  12. CEBA-2011:1501 CentOS 5 x86_64 expect FASTTRACK   Update
  (Johnny Hughes)
  13. CEBA-2011:1498 CentOS 5 i386 libusb FASTTRACK Update
  (Johnny Hughes)
  14. CEBA-2011:1498 CentOS 5 x86_64 libusb FASTTRACK   Update
  (Johnny Hughes)
  15. CEBA-2011:1493 CentOS 5 i386 mrtg FASTTRACK Update (Johnny Hughes)
  16. CEBA-2011:1493 CentOS 5 x86_64 mrtg FASTTRACK Update
  (Johnny Hughes)
  17. CEBA-2011:1497 CentOS 5 i386 procps FASTTRACK Update
  (Johnny Hughes)
  18. CEBA-2011:1497 CentOS 5 x86_64 procps FASTTRACK   Update
  (Johnny Hughes)
  19. CEBA-2011:1499 CentOS 5 i386 freeipmi FASTTRACK   Update
  (Johnny Hughes)
  20. CEBA-2011:1499 CentOS 5 x86_64 freeipmi FASTTRACK Update
  (Johnny Hughes)
  21. CEBA-2011:1505 CentOS 5 x86_64 system-config-bind FASTTRACK
  Update (Johnny Hughes)
  22. CEBA-2011:1505 CentOS 5 i386 system-config-bind   FASTTRACK
  Update (Johnny Hughes)


--

Message: 1
Date: Tue, 29 Nov 2011 18:31:45 +
From: Johnny Hughes 
Subject: [CentOS-announce] CESA-2011:1496 Important CentOS 4 i386 bind
Update
To: centos-annou...@centos.org
Message-ID: <2029183145.ga2...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2011:1496 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-1496.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
6198ad54e5335b9da5a6936970f098f2  bind-9.2.4-38.el4.i386.rpm
c24193ba99cdcf24f83f946e6489af38  bind-chroot-9.2.4-38.el4.i386.rpm
aa3844b507936e27969beed26ce20d25  bind-devel-9.2.4-38.el4.i386.rpm
4349043bdfcc126dad40c77d65f7098b  bind-libs-9.2.4-38.el4.i386.rpm
d123aab8e927a5e0cd7447104d1a156a  bind-utils-9.2.4-38.el4.i386.rpm

Source:
4a0c1e15d50a3b175ff8e7a4de9162ec  bind-9.2.4-38.el4.src.rpm


-- 
Tru Huynh
CentOS Project { http://www.centos.org/ }
irc: tru_tru, #cen...@irc.freenode.net



--

Message: 2
Date: Tue, 29 Nov 2011 18:31:45 +
From: Johnny Hughes 
Subject: [CentOS-announce] CESA-2011:1496 Important CentOS 4 x86_64
bindUpdate
To: centos-annou...@centos.org
Message-ID: <2029183145.ga2...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2011:1496 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-1496.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
115a0460f5625c5f6ffbf7b08ef58202  bind-9.2.4-38.el4.x86_64.rpm
6777aeb040f300843a566832e066c2cb  bind-chroot-9.2.4-38.el4.x86_64.rpm
45f2f1f97ae1e46b2ce9b971c8e33126  bind-devel-9.2.4-38.el4.x86_64.rpm
4349043bdfcc126dad40c77d65f7098b  bind-libs-9.2.4-38.el4.i386.rpm
bdff8d37f46e161cd33daea2c94166b9  bind-libs-9.2.4-38.el4.x86_64.rpm
e34cd4d28f1a54e021a21de30b5c2720  bind-utils-9.2.4-38.el4.x86_64.rpm

Source:
4a0c1e15d50a3b175ff8e7a4de9162ec  bind-9.2.4-38.el4.src.rpm


-- 
Tru Huynh
CentOS Project { http://www.centos.org/ }
irc: tru_tru, #cen...@irc.freenode.net



--

Message: 3
Date: Tue, 29 Nov 2011 18:50:23 +
From: Johnny Hughes 
Subject: [CentOS-announce] CEEA-2011:1500 CentOS 5 x86_64 ixgbe-kmod
Update
To: centos-annou...@centos.org
Message-ID: <2029185023.ga2...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Enhancement Advisory 2011:1500 

[CentOS] duqu

[m . roth]

There's an article on slashdot about the Duqu team wiping all their
intermediary c&c servers on 20 Oct. Interestingly, the report says that
they were all (?) not only linux, but CentOS. There's a suggestion of a
zero-day exploit in openssh-4.3, but both the original article, and
Kaspersky labs (who have a *very* interesting post of the story) consider
that highly unlikely, and the evidence points to brute-force attacks
against the root password. Then they update openssh and openssh-server.
And then, at some point, they apparently take an ubuntu/debian openssh
5.9p1 (then p2) source package, and install *that*

My manager suggest updating openssh to block other attackers (who actually
might screw their attack). It still seems odd to me to yum update, then
build the software from source.

Are your root passwords strong?

   mark

PS: Oh, yes:


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[Les Mikesell]

On Wed, Nov 30, 2011 at 12:05 PM,   wrote:
>
> Are your root passwords strong?

I've always wondered why something as complex as sshd doesn't do
anything to protect you from the simplest form of attack - like
rate-limiting failed attempts.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] megaraid/PERC

[m . roth]

Ross Walker wrote:
> On Nov 29, 2011, at 3:35 PM, m.r...@5-cent.us wrote:
>
>> I've got two drives from a now-dead server, they were RAIDed, a mirror,
>> I'd assume. I need to see if there's anything on them I need to transfer
>> to the replacement, so I just shoved them into another Dell server, with
>> a
>> PERC 5 controller - I think that's what the dead one had. I fired up
>> MegaRAID storage manager... but can't see any way to tell it to recreate
>> that RAID. Anyone done this?
>
> Probably old news now, but in the PERC card's BIOS you want to import
> foreign config, save it and restart.

Ok, no one else was using one of the two I have available (most are now
surplussed, so there's only a few left in service) is not being used at
the moment, so I rebooted, and went into the firmware. Foreign was greyed
out, unreachable, no matter what I did.

We're probably writing the drives off - there *shouldn't* be anything to
be recovered on them, but I was just tryin' to be sure

For my own amusement, I installed MegaCli 4, and am trying to puzzle my
way through the lack of documentation, only the output of MegaCLI64 -?

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[Johnny Hughes]

On 11/30/2011 12:05 PM, m.r...@5-cent.us wrote:
> There's an article on slashdot about the Duqu team wiping all their
> intermediary c&c servers on 20 Oct. Interestingly, the report says that
> they were all (?) not only linux, but CentOS. There's a suggestion of a
> zero-day exploit in openssh-4.3, but both the original article, and
> Kaspersky labs (who have a *very* interesting post of the story) consider
> that highly unlikely, and the evidence points to brute-force attacks
> against the root password. Then they update openssh and openssh-server.
> And then, at some point, they apparently take an ubuntu/debian openssh
> 5.9p1 (then p2) source package, and install *that*
> 
> My manager suggest updating openssh to block other attackers (who actually
> might screw their attack). It still seems odd to me to yum update, then
> build the software from source.
> 
> Are your root passwords strong?
> 
>mark
> 
> PS: Oh, yes:
> 

The problem with that theory is that Red Hat has backported patches for
all know exploits.

I am going to specifically research which exploit they think is being
used ...

Now, note that people were running 5.2 or 5.3, etc and not 5.7 like they
should have been, so there might well have been an openssh exploit
available ... just not a zero day one from 4.3.

I am very interested and will be researching this thoroughly.

My initial gut reaction is that they got in via a password though.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[m . roth]

Les Mikesell wrote:
> On Wed, Nov 30, 2011 at 12:05 PM,   wrote:
>>
>> Are your root passwords strong?
>
> I've always wondered why something as complex as sshd doesn't do
> anything to protect you from the simplest form of attack - like
> rate-limiting failed attempts.

Well, it does take time to respond to failed passwords, in my experience.
>From the example in the Kaspersky Labs post, either they tried over a
period of time (low-level persistent threat), or it was a stupidly weak
password (or had never been changed).

We also run fail2ban, that slows them down a *lot* more.

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[Rob Kampen]

Les Mikesell wrote:

On Wed, Nov 30, 2011 at 12:05 PM,   wrote:
  

Are your root passwords strong?



I've always wondered why something as complex as sshd doesn't do
anything to protect you from the simplest form of attack - like
rate-limiting failed attempts.

  

Passwords?? Why?
Remote root login via ssh?? Why?
This is why they invented cyphers and rsa and 3des etc - use these and 
it makes it MUCH harder for the black hackers.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[Les Mikesell]

On Wed, Nov 30, 2011 at 12:42 PM, Rob Kampen  wrote:
>
>> I've always wondered why something as complex as sshd doesn't do
>> anything to protect you from the simplest form of attack - like
>> rate-limiting failed attempts.
>>
>>
>
> Passwords?? Why?

Because they are there and enabled by default...

> Remote root login via ssh?? Why?

Because that is necessary (or a way to escalate to root) to do
anything useful like backups or remote administration.

> This is why they invented cyphers and rsa and 3des etc - use these and it
> makes it MUCH harder for the black hackers.

Sure, but you could just use a separate VPN to get in if you want to
make things complicated.  Ssh is mostly about being able to log in.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[Benjamin Donnachie]

On 30 Nov 2011, at 18:51, Les Mikesell  wrote:

> Ssh is mostly about being able to log in.

I've always adopted the policy of disabling root logins, making admins
use a separate account with public/private key authentication and then
requiring them to use su to elevate privileges.

Has the advantage that your logs will tell you who logged in and
performed an action rather than the vague 'root'.

Ben



Sent from my iPhone
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[John Hinton]

On 11/30/2011 1:55 PM, Benjamin Donnachie wrote:
> On 30 Nov 2011, at 18:51, Les Mikesell  wrote:
>
>> Ssh is mostly about being able to log in.
> I've always adopted the policy of disabling root logins, making admins
> use a separate account with public/private key authentication and then
> requiring them to use su to elevate privileges.
>
> Has the advantage that your logs will tell you who logged in and
> performed an action rather than the vague 'root'.
>
> Ben
>
How would you automate daily logins from another server to do something 
like rsync the entire /etc directory to a backup system?

-- 
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[Jim Perrin]

On Wed, Nov 30, 2011 at 1:01 PM, John Hinton  wrote:

>
> How would you automate daily logins from another server to do something
> like rsync the entire /etc directory to a backup system?
>

Key restrictions in authorized_keys
 from="10.10.10.10" command="rsync -azv blah/blah/." ssh-key-info-here

better than nothing.


-- 
During times of universal deceit, telling the truth becomes a revolutionary
act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[Les Mikesell]

On Wed, Nov 30, 2011 at 1:01 PM, John Hinton  wrote:
>
 On 11/30/2011 1:55 PM, Benjamin Donnachie wrote:
>
>>> Ssh is mostly about being able to log in.
>> I've always adopted the policy of disabling root logins, making admins
>> use a separate account with public/private key authentication and then
>> requiring them to use su to elevate privileges.
>>
>> Has the advantage that your logs will tell you who logged in and
>> performed an action rather than the vague 'root'.
>>

> How would you automate daily logins from another server to do something
> like rsync the entire /etc directory to a backup system?

You can set up a passwordless sudo that is passed as part of the ssh
command.   And I agree that this is likely to be a safer approach as
long as the private key which is much like a written-down password can
be protected well enough.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[Patrick Lists]

On 30-11-11 20:01, John Hinton wrote:
> On 11/30/2011 1:55 PM, Benjamin Donnachie wrote:
>> On 30 Nov 2011, at 18:51, Les Mikesell   wrote:
>>
>>> Ssh is mostly about being able to log in.
>> I've always adopted the policy of disabling root logins, making admins
>> use a separate account with public/private key authentication and then
>> requiring them to use su to elevate privileges.
>>
>> Has the advantage that your logs will tell you who logged in and
>> performed an action rather than the vague 'root'.
>>
>> Ben
>>
> How would you automate daily logins from another server to do something
> like rsync the entire /etc directory to a backup system?

Maybe the sshd_config option "PermitRootLogin forced-commands-only" 
could help? This allows root logins but limits which command(s) can be 
executed. There is a description of how this works here:
http://troy.jdmz.net/rsync/index.html

Regards,
Patrick

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] ipa-server

[Louis Lagendijk]

hi
I am a happy user of CentOS since Centos 4. I very much appreciate the
effort you guys are putting into Centos 6.

I am planning to play around with the ipa-server in Centos 6.1. Now I
noticed that ipa-server is in the cr-repository. In order to install
however the pki-ca and pki-silent packages are missing. The fact that
ipa-server is built suggests that these packages have been built. If so,
tit may be an oversight that these packages have not yet been pushed to
the repo. In that case it would be nice if they could be pushed.

If they are not yet ready, I will happily wait for them...(I understand
the complexity of the work involved!!!)

Thanks for the great distro!
Louis


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] duqu

[Rob Kampen]

Benjamin Donnachie wrote:

On 30 Nov 2011, at 18:51, Les Mikesell  wrote:

  

Ssh is mostly about being able to log in.



I've always adopted the policy of disabling root logins, making admins
use a separate account with public/private key authentication and then
requiring them to use su to elevate privileges.

Has the advantage that your logs will tell you who logged in and
performed an action rather than the vague 'root'.

  

+1

Ben



Sent from my iPhone
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] megaraid/PERC

[Ross Walker]

On Nov 30, 2011, at 1:39 PM, m.r...@5-cent.us wrote:

> Ross Walker wrote:
>> On Nov 29, 2011, at 3:35 PM, m.r...@5-cent.us wrote:
>> 
>>> I've got two drives from a now-dead server, they were RAIDed, a mirror,
>>> I'd assume. I need to see if there's anything on them I need to transfer
>>> to the replacement, so I just shoved them into another Dell server, with
>>> a
>>> PERC 5 controller - I think that's what the dead one had. I fired up
>>> MegaRAID storage manager... but can't see any way to tell it to recreate
>>> that RAID. Anyone done this?
>> 
>> Probably old news now, but in the PERC card's BIOS you want to import
>> foreign config, save it and restart.
> 
> Ok, no one else was using one of the two I have available (most are now
> surplussed, so there's only a few left in service) is not being used at
> the moment, so I rebooted, and went into the firmware. Foreign was greyed
> out, unreachable, no matter what I did.
> 
> We're probably writing the drives off - there *shouldn't* be anything to
> be recovered on them, but I was just tryin' to be sure

It may be the drives were software mirrored? Or maybe mirrored with a different 
controller like a PERC 'i' which works differently then the 'e' controllers.

I have heard of people setting their PERCs in pass-through mode and doing 
software RAID, or setting the drives up as a bunch of single disk RAID0 drives 
and doing software RAID, so I wouldn't rule it out.

See if there is a partition table on the disks or a whole disk LVM VG.

> For my own amusement, I installed MegaCli 4, and am trying to puzzle my
> way through the lack of documentation, only the output of MegaCLI64 -?

The MegaCli is the most archaic utility.

I have a storage server in one of my datacenters that has a PERC 6i and two 
PERC 6e controllers and I use a combination of MSM framework and MegaCli to 
manage it.

I'll do an rpm dump when I get a chance and list the Dell/LSI packages 
installed.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos