Re: [CentOS] repos...
Am 18.09.2014 um 22:02 schrieb John R Pierce : > is rpmforge now considered 'friendly' with EPEL? > > I normally only use EPEL as an addition repo, but one package I want to > install on this one system is ffmpeg, and I'm finding it on rpmforge only... > but its install wants to mix epel and rpmforge packages... > > Installing: > ffmpeg x86_64 0.6.5-1.el6.rf rpmforge 2.7 M > Installing for dependencies: > a52dec x86_64 0.7.4-8.el6.rf rpmforge 89 k > dirac-libs x86_64 1.0.2-4.el6 epel 335 k > faac x86_64 1.26-1.el6.rf rpmforge 140 k > ffmpeg-libpostproc x86_64 0.6.5-1.el6.rf rpmforge > 24 k > libdc1394 x86_64 2.1.2-3.4.el6 base 117 k > librtmp x86_64 2.3-1.el6.rf rpmforge 106 k > libva x86_64 1.0.15-1.el6 epel 53 k > opencore-amr x86_64 0.1.2-1.el6.rf rpmforge 417 k > orc x86_64 0.4.16-6.el6 epel 146 k > schroedinger x86_64 1.0.10-1.el6.rf rpmforge 591 k > x264 x86_64 0.0.0-0.4.2010.el6.rf rpmforge > 1.0 M > > which to me seems kinda scary, as I remember getting into conflicts between > these in the past. I suggest to use the priority yum plugin. BTW - rpmforge is no longer maintained. -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] repos...
On 9/19/2014 1:19 AM, Leon Fauster wrote: BTW - rpmforge is no longer maintained. I actually meant to say, repoforge, which for all practical purposes is the successor of rpmforge, including the repo identifier name it uses. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] repos...
Am 19.09.2014 um 10:25 schrieb John R Pierce : > On 9/19/2014 1:19 AM, Leon Fauster wrote: >> BTW - rpmforge is no longer maintained. > > I actually meant to say, repoforge, which for all practical purposes is the > successor of rpmforge, including the repo identifier name it uses. http://lists.repoforge.org/pipermail/users/2014-May/029506.html http://wiki.centos.org/AdditionalResources/Repositories -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with WRT54GL router
ken wrote: >> Just wondering if you've ever done a firmware update? sometimes >> even the manufacturer will issue a bug fix firmware update, shocking >> as that may seem! :) > > I'd agree with this, especially considering heartbleed. And for-profit > companies normally don't expend resources (which reduce profits) to > issue software updates without good reason-- "business reasons". Do you mean a Linksys update, or WRT update? I don't think there has been a Linksys update for years. I've never tried updating WRT, is it possible? -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 115, Issue 13
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CEBA-2014:1254 CentOS 7 firefox BugFix Update (Johnny Hughes)
2. CEBA-2014:1257 CentOS 7 NetworkManager BugFix Update
(Johnny Hughes)
3. CEBA-2014:1259 CentOS 7 ca-certificates BugFixUpdate
(Johnny Hughes)
--
Message: 1
Date: Thu, 18 Sep 2014 13:58:42 +
From: Johnny Hughes
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2014:1254 CentOS 7 firefox BugFix
Update
Message-ID: <20140918135842.ga22...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2014:1254
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1254.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
d5883d98b4afbe17851eec1aff24b677565ca51581d11f6c1cdc1824d236d5ca
firefox-31.1.0-6.el7.centos.i686.rpm
b6c334bdc9e6c8daf4e9fffcebcbb6e9e9d348764d02dd5e365be316557c072f
firefox-31.1.0-6.el7.centos.x86_64.rpm
Source:
59d180c8a5d7d8c194ee94b12c780cf93675b0042a0a099ffdac616da2c7550f
firefox-31.1.0-6.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Thu, 18 Sep 2014 13:59:02 +
From: Johnny Hughes
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2014:1257 CentOS 7 NetworkManager
BugFix Update
Message-ID: <20140918135902.ga22...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2014:1257
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1257.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
847bb9d768c39421827c2906611d03fc6f811eb7264032ce8a461cf1961ebc39
NetworkManager-0.9.9.1-26.git20140326.4dba720.el7_0.i686.rpm
e8fad07ad86f86e69d5a06898ff884152bd7cd54e5b96a62c171d20c9a59508d
NetworkManager-0.9.9.1-26.git20140326.4dba720.el7_0.x86_64.rpm
1bc47d61149154e854a4d90488df629a19d1ff203ecda0214c2e1f78e3c73312
NetworkManager-config-server-0.9.9.1-26.git20140326.4dba720.el7_0.x86_64.rpm
2aa752e78b331768104bd32cb0d49e24d8cba8b09621b923a726409e91d7a434
NetworkManager-devel-0.9.9.1-26.git20140326.4dba720.el7_0.i686.rpm
ee3f61a7b18284635bd92ef0b95b72c48278f5f5b29a5beb6ef051bd26fabae0
NetworkManager-devel-0.9.9.1-26.git20140326.4dba720.el7_0.x86_64.rpm
7b628f57542bad4a4860cbb298711ed97560efaea4982485defd34fc45e7690b
NetworkManager-glib-0.9.9.1-26.git20140326.4dba720.el7_0.i686.rpm
4e31f1a50413f9047642845218c4475a9c383b1f1c26667c5d3ab42f5b42af70
NetworkManager-glib-0.9.9.1-26.git20140326.4dba720.el7_0.x86_64.rpm
d5925d1984ca51520afb521cacdb6c3f1cc62eb0223b730cdb7d0abace3847cc
NetworkManager-glib-devel-0.9.9.1-26.git20140326.4dba720.el7_0.i686.rpm
17357f3eaafadf84557a15fefebbcaa90dbdfe3a8d42a2d9780748f050e25f23
NetworkManager-glib-devel-0.9.9.1-26.git20140326.4dba720.el7_0.x86_64.rpm
919fe4f311bb44defc1894b9c021b97db6e9349ab1527722b91879684b45f57e
NetworkManager-tui-0.9.9.1-26.git20140326.4dba720.el7_0.x86_64.rpm
Source:
8f2b7cd94bf5a5aec803edac9fa12e5c5251bbd414ba3d542ee404f16d1cd952
NetworkManager-0.9.9.1-26.git20140326.4dba720.el7_0.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 3
Date: Thu, 18 Sep 2014 13:59:14 +
From: Johnny Hughes
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2014:1259 CentOS 7 ca-certificates
BugFix Update
Message-ID: <20140918135914.ga22...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2014:1259
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1259.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
cf41b6841eb8f29c1fda67c24f7fbdcb3a9aea8c5711267776bfa4f2638f7fa8
ca-certificates-2014.1.98-70.0.el7_0.noarch.rpm
Source:
beaf1e658a826f8261087129c3049e43a0f571f1d58e5477b7c98885ddd7525a
ca-certificates-2014.1.98-70.0.el7_0.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
___
CentOS-announce mailing list
centos-annou...@c
Re: [CentOS] Problem with WRT54GL router
On 09/19/2014 06:37 AM Timothy Murphy wrote: ken wrote: Just wondering if you've ever done a firmware update? sometimes even the manufacturer will issue a bug fix firmware update, shocking as that may seem! :) I'd agree with this, especially considering heartbleed. And for-profit companies normally don't expend resources (which reduce profits) to issue software updates without good reason-- "business reasons". Do you mean a Linksys update, or WRT update? I don't think there has been a Linksys update for years. I've never tried updating WRT, is it possible? Both (as each is relevant to a different situation), although of course the term "business reasons" obviously doesn't apply to dd-wrt. From what I've read on the dd-wrt forums, some of its distributions contain code which is vulnerable to heartbleed, so you might want to check the version installed on your router. As far as I know, the only way to update this firmware is to get an updated version of it and install it on top of (overwriting) the previous firmware version in pretty much the same way as you installed dd-wrt on top of the commercial firmware that came with the router. In short, you're just doing the install again with a newer firmware version. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] process identification
I am running CentOS 6.5. I know this is not a CentOS specific problem. Netstat shows several open ports and no pid. tcp0 0 *:48720 *:* LISTEN - tcp0 0 *:43422 *:* LISTEN - udp0 0 *:50216 *:* - How can I identify what application is using these ports? Richard ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
On Fri, Sep 19, 2014 at 08:45:53AM -0500, kqt4a...@gmail.com wrote: > I am running CentOS 6.5. I know this is not a CentOS specific problem. > Netstat shows several open ports and no pid. > > tcp0 0 *:48720 *:* LISTEN > - tcp0 0 *:43422 *:* LISTEN > - > udp0 0 *:50216 *:* - > > > How can I identify what application is using these ports? I'd try lsof. -- Fred Smith -- fre...@fcshome.stoneham.ma.us - The eyes of the Lord are everywhere, keeping watch on the wicked and the good. - Proverbs 15:3 (niv) - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
On Fri, 19 Sep 2014, Reindl Harald wrote: Am 19.09.2014 um 15:45 schrieb kqt4a...@gmail.com: I am running CentOS 6.5. I know this is not a CentOS specific problem. Netstat shows several open ports and no pid. tcp0 0 *:48720 *:* LISTEN - tcp0 0 *:43422 *:* LISTEN - udp0 0 *:50216 *:* alias netstat='/bin/netstat --numeric-hosts --numeric-ports --notrim --programs -u -t' /bin/netstat [root@openvas:~]$ /bin/netstat --numeric-hosts --numeric-ports --notrim --programs -u -t -l Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 5454/openvasmd tcp0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 5473/openvassd tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5438/gsad tcp0 0 0.0.0.0:10022 0.0.0.0:* LISTEN 1177/sshd This netstat show exactly the same. Lsof does not show these ports. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
On 09/19/2014 03:58 PM, kqt4a...@gmail.com wrote: > On Fri, 19 Sep 2014, Reindl Harald wrote: >> Am 19.09.2014 um 15:45 schrieb kqt4a...@gmail.com: >>> I am running CentOS 6.5. I know this is not a CentOS specific problem. >>> Netstat shows several open ports and no pid. >>> >>> tcp0 0 *:48720 *:* LISTEN - >>> tcp0 0 *:43422 >>> *:* LISTEN - >>> udp0 0 *:50216 *:* >> >> alias netstat='/bin/netstat --numeric-hosts --numeric-ports --notrim >> --programs -u -t' >>/bin/netstat > This netstat show exactly the same. Lsof does not show these ports. This looks like these port are opened by kernel, not by a process, for example like nfs. regards Ulf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
On Fri, 19 Sep 2014, Reindl Harald wrote: Am 19.09.2014 um 15:58 schrieb kqt4a...@gmail.com: On Fri, 19 Sep 2014, Reindl Harald wrote: Am 19.09.2014 um 15:45 schrieb kqt4a...@gmail.com: I am running CentOS 6.5. I know this is not a CentOS specific problem. Netstat shows several open ports and no pid. tcp0 0 *:48720 *:* LISTEN - tcp0 0 *:43422 *:* LISTEN - udp0 0 *:50216 *:* alias netstat='/bin/netstat --numeric-hosts --numeric-ports --notrim --programs -u -t' /bin/netstat [root@openvas:~]$ /bin/netstat --numeric-hosts --numeric-ports --notrim --programs -u -t -l Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 5454/openvasmd tcp0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 5473/openvassd tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5438/gsad tcp0 0 0.0.0.0:10022 0.0.0.0:* LISTEN 1177/sshd This netstat show exactly the same boah then call it as root, for a unprivileged user it shows only executeable and PID of own processes for good reasons Lsof does not show these ports because you just have no permissions My bad I should have said. My original commands were sudo netstat -tulpn | less sudo lsof | less I have several CentOS 6.5 machines and only one shows these odd ports. I have also run chkrootkit and used clamscan to check filesystems. It may be harmless but my curiosity is killing me. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
On Fri, 19 Sep 2014, Ulf Volmer wrote: On 09/19/2014 03:58 PM, kqt4a...@gmail.com wrote: On Fri, 19 Sep 2014, Reindl Harald wrote: Am 19.09.2014 um 15:45 schrieb kqt4a...@gmail.com: I am running CentOS 6.5. I know this is not a CentOS specific problem. Netstat shows several open ports and no pid. tcp0 0 *:48720 *:* LISTEN - tcp0 0 *:43422 *:* LISTEN - udp0 0 *:50216 *:* alias netstat='/bin/netstat --numeric-hosts --numeric-ports --notrim --programs -u -t' /bin/netstat This netstat show exactly the same. Lsof does not show these ports. This looks like these port are opened by kernel, not by a process, for example like nfs. How can I know for sure? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
lsof -i -P | grep LISTEN > -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf > Of > kqt4a...@gmail.com > Sent: viernes, 19 de septiembre de 2014 11:15 > To: CentOS mailing list > Subject: Re: [CentOS] process identification > > On Fri, 19 Sep 2014, Reindl Harald wrote: > > > > > Am 19.09.2014 um 15:58 schrieb kqt4a...@gmail.com: > >> On Fri, 19 Sep 2014, Reindl Harald wrote: > >> > >>> Am 19.09.2014 um 15:45 schrieb kqt4a...@gmail.com: > I am running CentOS 6.5. I know this is not a CentOS specific problem. > Netstat shows several open ports and no pid. > > tcp0 0 *:48720 *:* LISTEN - > tcp0 0 > *:43422 > *:* LISTEN - > udp0 0 *:50216 *:* > >>> > >>> alias netstat='/bin/netstat --numeric-hosts --numeric-ports --notrim > >>> --programs -u - > t' > >>>/bin/netstat > >>> > >>> [root@openvas:~]$ /bin/netstat --numeric-hosts --numeric-ports --notrim > >>> --programs - > u -t -l > >>> Aktive Internetverbindungen (Nur Server) > >>> Proto Recv-Q Send-Q Local Address Foreign Address > >>> State > PID/Program name > >>> tcp0 0 127.0.0.1:9390 0.0.0.0:* > >>> LISTEN > 5454/openvasmd > >>> tcp0 0 127.0.0.1:9391 0.0.0.0:* > >>> LISTEN > 5473/openvassd > >>> tcp0 0 0.0.0.0:443 0.0.0.0:* > >>> LISTEN > 5438/gsad > >>> tcp0 0 0.0.0.0:10022 0.0.0.0:* > >>> LISTEN > 1177/sshd > >> > >> This netstat show exactly the same > > > > boah then call it as root, for a unprivileged user it shows only > > executeable and PID of own processes for good reasons > > > >> Lsof does not show these ports > > > > because you just have no permissions > > > > > > My bad I should have said. My original commands were > sudo netstat -tulpn | less > sudo lsof | less > I have several CentOS 6.5 machines and only one shows these odd ports. > I have also run chkrootkit and used clamscan to check filesystems. > It may be harmless but my curiosity is killing me. > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
On 09/19/2014 04:15 PM, Richard Ray wrote: > On Fri, 19 Sep 2014, Ulf Volmer wrote: >> This looks like these port are opened by kernel, not by a process, for >> example like nfs. >> > > How can I know for sure? For NFS it is simple, use 'rpcinfo -p'. regards Ulf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of kqt4a...@gmail.com Sent: viernes, 19 de septiembre de 2014 11:15 To: CentOS mailing list Subject: Re: [CentOS] process identification On Fri, 19 Sep 2014, Reindl Harald wrote: Am 19.09.2014 um 15:58 schrieb kqt4a...@gmail.com: On Fri, 19 Sep 2014, Reindl Harald wrote: Am 19.09.2014 um 15:45 schrieb kqt4a...@gmail.com: I am running CentOS 6.5. I know this is not a CentOS specific problem. Netstat shows several open ports and no pid. tcp0 0 *:48720 *:* LISTEN - tcp0 0 *:43422 *:* LISTEN - udp0 0 *:50216 *:* alias netstat='/bin/netstat --numeric-hosts --numeric-ports --notrim --programs -u - t' /bin/netstat [root@openvas:~]$ /bin/netstat --numeric-hosts --numeric-ports --notrim --programs - u -t -l Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 5454/openvasmd tcp0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 5473/openvassd tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5438/gsad tcp0 0 0.0.0.0:10022 0.0.0.0:* LISTEN 1177/sshd This netstat show exactly the same boah then call it as root, for a unprivileged user it shows only executeable and PID of own processes for good reasons Lsof does not show these ports because you just have no permissions My bad I should have said. My original commands were sudo netstat -tulpn | less sudo lsof | less I have several CentOS 6.5 machines and only one shows these odd ports. I have also run chkrootkit and used clamscan to check filesystems. It may be harmless but my curiosity is killing me. On Fri, 19 Sep 2014, Francisco Puente wrote: lsof -i -P | grep LISTEN Returns none of the questionable ports ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
On Fri, 19 Sep 2014, Ulf Volmer wrote: On 09/19/2014 04:15 PM, Richard Ray wrote: On Fri, 19 Sep 2014, Ulf Volmer wrote: This looks like these port are opened by kernel, not by a process, for example like nfs. How can I know for sure? For NFS it is simple, use 'rpcinfo -p'. Great that shows 2 of them $ sudo rpcinfo -p program vers proto port service 104 tcp111 portmapper 103 tcp111 portmapper 102 tcp111 portmapper 104 udp111 portmapper 103 udp111 portmapper 102 udp111 portmapper 1000241 udp 55364 status 1000241 tcp 38528 status 1000211 udp 50216 nlockmgr 1000213 udp 50216 nlockmgr 1000214 udp 50216 nlockmgr 1000211 tcp 48720 nlockmgr 1000213 tcp 48720 nlockmgr 1000214 tcp 48720 nlockmgr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
On Fri, September 19, 2014 9:14 am, kqt4a...@gmail.com wrote: > On Fri, 19 Sep 2014, Reindl Harald wrote: > >> >> Am 19.09.2014 um 15:58 schrieb kqt4a...@gmail.com: >>> On Fri, 19 Sep 2014, Reindl Harald wrote: >>> Am 19.09.2014 um 15:45 schrieb kqt4a...@gmail.com: > I am running CentOS 6.5. I know this is not a CentOS specific > problem. > Netstat shows several open ports and no pid. > > tcp0 0 *:48720 *:* LISTEN - > tcp0 0 *:43422 > *:* LISTEN - > udp0 0 *:50216 *:* alias netstat='/bin/netstat --numeric-hosts --numeric-ports --notrim --programs -u -t' /bin/netstat [root@openvas:~]$ /bin/netstat --numeric-hosts --numeric-ports --notrim --programs -u -t -l Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 5454/openvasmd tcp0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 5473/openvassd tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5438/gsad tcp0 0 0.0.0.0:10022 0.0.0.0:* LISTEN 1177/sshd >>> >>> This netstat show exactly the same >> >> boah then call it as root, for a unprivileged user it shows only >> executeable and PID of own processes for good reasons >> >>> Lsof does not show these ports >> >> because you just have no permissions >> >> > > My bad I should have said. My original commands were > sudo netstat -tulpn | less > sudo lsof | less > I have several CentOS 6.5 machines and only one shows these odd ports. > I have also run chkrootkit and used clamscan to check filesystems. > It may be harmless but my curiosity is killing me. > Just a side note: on [suspected] compromised machine you can not trust any output of any commands. Say, I'd like to know which ports are open (listening to _external_ interfaces). I would scan that box from external machine: turn off firewall on the box in question, make sure firewall on the box you are scanning it from is not restricting outgoing traffic, then from external box scan the box in question (make sure network switches are not filtering anything), e.g.[as root; or add sudo in front of commands]: nmap -p 1- host.example.com nmap -p U:1- host.example.com then you can compare these with what internal commands (netstat, lsof) give you on suspect box and you will know if the box is hiding open ports from you (then it is solid suspect). There may be weird situation if you only use internal commands for comparison: the box showing less number of open ports (which you may consider clean reference box) is in fact compromised and is hiding information from you. Paranoia here is your friend. Good luck! Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
Valeri Galtsev wrote: > On Fri, September 19, 2014 9:14 am, kqt4a...@gmail.com wrote: >> On Fri, 19 Sep 2014, Reindl Harald wrote: >>> Am 19.09.2014 um 15:58 schrieb kqt4a...@gmail.com: On Fri, 19 Sep 2014, Reindl Harald wrote: > Am 19.09.2014 um 15:45 schrieb kqt4a...@gmail.com: >> I am running CentOS 6.5. I know this is not a CentOS specific >> problem. >> Netstat shows several open ports and no pid. >> >> tcp0 0 *:48720 *:* LISTEN >> - >> tcp0 0 *:43422 >> *:* LISTEN - >> udp0 0 *:50216 *:* > > alias netstat='/bin/netstat --numeric-hosts --numeric-ports --notrim > --programs -u -t' >/bin/netstat > > [root@openvas:~]$ /bin/netstat --numeric-hosts --numeric-ports > --notrim --programs -u -t -l > Aktive Internetverbindungen (Nur Server) > Proto Recv-Q Send-Q Local Address Foreign Address > State PID/Program name > tcp0 0 127.0.0.1:9390 0.0.0.0:* > LISTEN 5454/openvasmd > tcp0 0 127.0.0.1:9391 0.0.0.0:* > LISTEN 5473/openvassd > tcp0 0 0.0.0.0:443 0.0.0.0:* > LISTEN 5438/gsad > tcp0 0 0.0.0.0:10022 0.0.0.0:* > LISTEN 1177/sshd This netstat show exactly the same >> My bad I should have said. My original commands were >> sudo netstat -tulpn | less >> sudo lsof | less >> I have several CentOS 6.5 machines and only one shows these odd ports. >> I have also run chkrootkit and used clamscan to check filesystems. >> It may be harmless but my curiosity is killing me. Here's a suggestion: look at /etc/sysconfig/iptables. Make sure that it looks the way it's supposed to. Then you could put in a rule to kill one or more of those questionable ports, and service iptables restart, and see what happens. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] process identification
On Fri, September 19, 2014 9:59 am, Valeri Galtsev wrote: > > On Fri, September 19, 2014 9:14 am, kqt4a...@gmail.com wrote: >> On Fri, 19 Sep 2014, Reindl Harald wrote: >> >>> >>> Am 19.09.2014 um 15:58 schrieb kqt4a...@gmail.com: On Fri, 19 Sep 2014, Reindl Harald wrote: > Am 19.09.2014 um 15:45 schrieb kqt4a...@gmail.com: >> I am running CentOS 6.5. I know this is not a CentOS specific >> problem. >> Netstat shows several open ports and no pid. >> >> tcp0 0 *:48720 *:* LISTEN >> - >> tcp0 0 *:43422 >> *:* LISTEN - >> udp0 0 *:50216 *:* > > alias netstat='/bin/netstat --numeric-hosts --numeric-ports --notrim > --programs -u -t' >/bin/netstat > > [root@openvas:~]$ /bin/netstat --numeric-hosts --numeric-ports > --notrim --programs -u -t -l > Aktive Internetverbindungen (Nur Server) > Proto Recv-Q Send-Q Local Address Foreign Address > State PID/Program name > tcp0 0 127.0.0.1:9390 0.0.0.0:* > LISTEN 5454/openvasmd > tcp0 0 127.0.0.1:9391 0.0.0.0:* > LISTEN 5473/openvassd > tcp0 0 0.0.0.0:443 0.0.0.0:* > LISTEN 5438/gsad > tcp0 0 0.0.0.0:10022 0.0.0.0:* > LISTEN 1177/sshd This netstat show exactly the same >>> >>> boah then call it as root, for a unprivileged user it shows only >>> executeable and PID of own processes for good reasons >>> Lsof does not show these ports >>> >>> because you just have no permissions >>> >>> >> >> My bad I should have said. My original commands were >> sudo netstat -tulpn | less >> sudo lsof | less >> I have several CentOS 6.5 machines and only one shows these odd ports. >> I have also run chkrootkit and used clamscan to check filesystems. >> It may be harmless but my curiosity is killing me. >> > > Just a side note: on [suspected] compromised machine you can not trust any > output of any commands. Say, I'd like to know which ports are open > (listening to _external_ interfaces). I would scan that box from external > machine: turn off firewall on the box in question, make sure firewall on > the box you are scanning it from is not restricting outgoing traffic, then > from external box scan the box in question (make sure network switches are > not filtering anything), e.g.[as root; or add sudo in front of commands]: > > nmap -p 1- host.example.com > nmap -p U:1- host.example.com > > then you can compare these with what internal commands (netstat, lsof) > give you on suspect box and you will know if the box is hiding open ports > from you (then it is solid suspect). There may be weird situation if you > only use internal commands for comparison: the box showing less number of > open ports (which you may consider clean reference box) is in fact > compromised and is hiding information from you. Paranoia here is your > friend. > One more side note: when checking open ports using internal commands make sure to stop firewall (iptables). Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Help test OpenStack on CentOS 7
CentOS/OpenStack enthusiasts, please come help us test OpenStack on CentOS7, October 1 & 2. There's more detail in this blog post: http://community.redhat.com/blog/2014/09/rdo-juno-test-day/ The test day details are at https://openstack.redhat.com/RDO_test_day_Juno_milestone_3 We'll be using #RDO on the Freenode IRC network for discussion/questions during the event. Thanks! -- Rich Bowen - rbo...@redhat.com OpenStack Community Liaison http://openstack.redhat.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] yum updates not working
I think my software updates are not working. I know a Firefox update was announced yesterday but when I try sudo yum update I get a message saying that no packages are marked for update. I tried sudo yum clean all but I still get the same response. Any suggestions? Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum updates not working
On 9/19/2014 11:06 AM, Joseph Godino wrote: I think my software updates are not working. I know a Firefox update was announced yesterday but when I try sudo yum update I get a message saying that no packages are marked for update. I tried sudo yum clean all but I still get the same response. Any suggestions? that announcement yesterday was specific for CentOS 7, is that what you're running ? -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum updates not working
On Fri, Sep 19, 2014 at 1:06 PM, Joseph Godino wrote: > I think my software updates are not working. I know a Firefox update was > announced yesterday but when I try sudo yum update I get a message > saying that no packages are marked for update. I tried sudo yum clean > all but I still get the same response. > Any suggestions? A 'yum info firefox' should show what is installed and what is available in the repo if that is dfiferent. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Firefox-31 STARTTLS cipher strengh degraded?
Has anyone else experienced a degraded symmetric key exchange when using FF-31 vice FF24? When I use FF24 then I get a symmetric type of AES-256 (Very Strong) rating in Calomel 0.62. When I switch to FF31 and connect to exactly the same server host and url then in Calomel 0.62 I see this instead: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (Very Weak). I am not altering any of the configuration options in FF between version trials. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum updates not working
Yes, I'm running CentOS 7. On Fri, 2014-09-19 at 11:08 -0700, John R Pierce wrote: > On 9/19/2014 11:06 AM, Joseph Godino wrote: > > I think my software updates are not working. I know a Firefox update was > > announced yesterday but when I try sudo yum update I get a message > > saying that no packages are marked for update. I tried sudo yum clean > > all but I still get the same response. > > Any suggestions? > > that announcement yesterday was specific for CentOS 7, is that what > you're running ? > > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum updates not working
On Fri, 2014-09-19 at 13:10 -0500, Les Mikesell wrote: > On Fri, Sep 19, 2014 at 1:06 PM, Joseph Godino wrote: > > I think my software updates are not working. I know a Firefox update was > > announced yesterday but when I try sudo yum update I get a message > > saying that no packages are marked for update. I tried sudo yum clean > > all but I still get the same response. > > Any suggestions? > > A 'yum info firefox' should show what is installed and what is > available in the repo if that is dfiferent. It appears I have Firefox 28. I though the update was for Firefox 31. The output of yum info firefox follows. [jgodino@nebkheprure Desktop]$ yum info firefox Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirror.clarkson.edu * epel: fedora.mirror.nexicom.net * extras: mirror.raystedman.net * nux-dextop: mirror.li.nux.ro * updates: mirror.lug.udel.edu Installed Packages Name: firefox Arch: x86_64 Version : 24.8.0 Release : 1.el7.centos Size: 87 M Repo: installed >From repo : updates Summary : Mozilla Firefox Web browser URL : http://www.mozilla.org/projects/firefox/ License : MPLv1.1 or GPLv2+ or LGPLv2+ Description : Mozilla Firefox is an open-source web browser, designed for : standards compliance, performance and portability. Available Packages Name: firefox Arch: i686 Version : 24.8.0 Release : 1.el7.centos Size: 48 M Repo: updates/7/x86_64 Summary : Mozilla Firefox Web browser URL : http://www.mozilla.org/projects/firefox/ License : MPLv1.1 or GPLv2+ or LGPLv2+ Description : Mozilla Firefox is an open-source web browser, designed for : standards compliance, performance and portability. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ifconfig ipv6:permission denied.
On 18-09-2014 13:57, James Hogarth wrote: On 18 Sep 2014 09:07, "dE" wrote: On 09/17/14 21:03, Marcelo Ricardo Leitner wrote: One more test. Please check sysctl -a | grep disable_ipv6 output And if it's =1, set it to 0. When NetworkManager is running, it may disable ipv6 on the interface if its not configured via NM... Yes, that was it. Thanks!! But this's the default? The installer should be checked for this. The default is not to disable ipv6 so something in your environment actively did this. Well... NM needs to put the interface UP so it can reliably monitor the link state. But that was turning ipv6 addr auto-config on and was considered a security issue and thus NM started disabling ipv6 on such (non-configured via NM but monitored) interface to avoid the address auto-configuration from happening, yet causing this. The fix (to be able to bring it up without ipv6 address autoconfig) needed kernel & NM patches and show be available on 7.0.z very soon. This does, however, leave me somewhat confused as to how you claimed there was a fc00::1001 address on there and you were adding the additional address when you saw the refused message... Such address was on the host, no? Cheers, Marcelo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lost packets - Bond
On 17-09-2014 13:28, Eduardo Augusto Pinto wrote: Guys, good afternoon I'm using in my bond interfaces as active backup, in theory, should assume an interface (or work) only when another interface is down. But I'm just lost packets on the interface that is not being used and is generating packet loss on bond. What can that be? Follow my settings bond [root@x ~]# ifconfig bond0 ; ifconfig eth0 ; ifconfig eth1 bond0 Link encap:Ethernet HWaddr 2C:59:E5:3C:71:68 inet addr:10.104.x.x Bcast:10.104.172.255 Mask:255.255.255.0 UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:38386574 errors:0 dropped:1295024 overruns:0 frame:0 TX packets:34733102 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:23626317629 (22.0 GiB) TX bytes:21028389425 (19.5 GiB) eth0 Link encap:Ethernet HWaddr 2C:59:E5:3C:71:68 UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:37091397 errors:0 dropped:0 overruns:0 frame:0 TX packets:34732869 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:23524827730 (21.9 GiB) TX bytes:21028299937 (19.5 GiB) eth1 Link encap:Ethernet HWaddr 2C:59:E5:3C:71:68 UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:1295179 errors:0 dropped:1294944 overruns:0 frame:0 TX packets:237 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:101490019 (96.7 MiB) TX bytes:90360 (88.2 KiB) [root@x ~]# [root@x ~]# cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: fault-tolerance (active-backup) Primary Slave: None Currently Active Slave: eth0 MII Status: up MII Polling Interval (ms): 1000 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth0 MII Status: up Speed: 1 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 2c:59:e5:3c:71:68 Slave queue ID: 0 Slave Interface: eth1 MII Status: up Speed: 1 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 2c:59:e5:3c:71:6c Slave queue ID: 0 [root@x ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0 DEVICE=bond0 IPADDR=10.104.x.x NETMASK=255.255.255.0 ONBOOT=yes BOOTPROTO=none USERCTL=no BONDING_OPTS="mode=1 miimon=1000" In /var/log/messages I have a lot martian source [root@x ~]# tail -f /var/log/messages Sep 17 13:26:38 x kernel: IPv4: martian source 10.104.172.0 from 0.0.0.0, on dev bond0 Sep 17 13:26:38 x kernel: ll header: : ff ff ff ff ff ff 00 00 00 00 5b 00 08 00..[... Sep 17 13:26:39 x kernel: IPv4: martian source 10.104.172.0 from 0.0.0.0, on dev bond0 Sep 17 13:26:39 x kernel: ll header: : ff ff ff ff ff ff 00 00 00 00 5b 01 08 00..[... Sep 17 13:26:39 x kernel: IPv4: martian source 10.104.172.0 from 0.0.0.0, on dev bond0 Sep 17 13:26:39 x kernel: ll header: : ff ff ff ff ff ff 00 00 00 00 5b 00 08 00..[... Sep 17 13:26:39 x kernel: IPv4: martian source 10.104.172.0 from 0.0.0.0, on dev bond0 Sep 17 13:26:39 x kernel: ll header: : ff ff ff ff ff ff 00 00 00 00 5b 00 08 00..[... Sep 17 13:26:39 x kernel: IPv4: martian source 10.104.172.0 from 0.0.0.0, on dev bond0 Sep 17 13:26:39 x kernel: ll header: : ff ff ff ff ff ff 00 00 00 00 5b 01 08 00..[... Sep 17 13:26:43 x kernel: net_ratelimit: 69 callbacks suppressed Thks If memory serves, all those martians are accounted as drops. Please check that number of drops against netstat -s output, there will be a line for martian source drops. Hope the numbers match (at least closely). Yet, broadcasts using such source address are not expected, are they? Marcelo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
