Re: [CentOS] Backup PC or other solution
On 5/10/2015 11:57 PM, Sorin Srbu wrote: . Why can't everybody follow the standards and use a comma when writing decimals. our standard is a . comma is a 1000s seperator. thats the best part about standards, there are so many to choose from!! -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backup PC or other solution
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of John R Pierce > Sent: den 11 maj 2015 09:25 > To: centos@centos.org > Subject: Re: [CentOS] Backup PC or other solution > > On 5/10/2015 11:57 PM, Sorin Srbu wrote: > > . Why can't everybody follow the standards and use a comma > when > > writing decimals. > > our standard is a . > > comma is a 1000s seperator. > > thats the best part about standards, there are so many to choose from!! Spot on. 8-D Thanks. -- //Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos6 & 7 : unable to print from webmail
Hello All, I have this problem in both Centos 6 and 7, with standard Firefox, version 31.6. I've tested this with Zarafa and Zimbra webmail. Certain mails cannot be printed. These are mails that have "untrusted" images somewhere in the body of the mail. As a workaround : If you forward the mail, and before you press send, you delete these images, you can print them. I hope I'm explaining this right. Note : if you ever wonder what a bunch of people complain about the most when you put them behind Linux machines, it's printing. Probably they all of a sudden they cannot complain any more about annoying pop-ups or viruses shutting them down completely. I see this Em in /var/log/messages : May 11 10:07:03 jvermeulen dbus[994]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.1" (uid=70 pid=985 comm="avahi-daemon: starting up ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.92" (uid=15587 pid=4069 comm="/usr/lib64/firefox/firefox ") May 11 10:07:03 jvermeulen dbus[994]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.1" (uid=70 pid=985 comm="avahi-daemon: starting up ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.92" (uid=15587 pid=4069 comm="/usr/lib64/firefox/firefox ") I tested this on Centos7 with Google Chrome, same issue. I have not tested this with newer Firefox versions. Some of my ( hopefully one day ex ) colleagues let me know this does work on Ubuntu. Thanks for any help on this. Greetings, Johan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld trouble opening a port
On 5/9/2015 3:24 PM, Tim Dunphy wrote: Hi Earl, The problem is you added the rule in runtime and when you reloaded it removed the rule that you added; therefore you need to use --permanent >or do not reload. Thanks! That worked. [root@appd:~] #firewall-cmd --zone=home --list-ports [root@appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent success [root@appd:~] #firewall-cmd --reload success [root@appd:~] #firewall-cmd --zone=home --list-ports 8181/tcp Just remember that the permanent command doesn't add the rule immediately, so it doesn't take effect *until* you reload. you can also do this: # firewall-cmd --zone=home --add-port=8181/tcp # # firewall-cmd --runtime-to-permanent That way, if you screw something up, you can simply reload (or reboot) to fix it. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Q: respecting .ssh/id_rsa
True true. I was just trying to keep it simple. Most people I deal with, I don't have time to explain rules. -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of James Hogarth Sent: Saturday, May 09, 2015 1:47 AM To: CentOS mailing list Subject: Re: [CentOS] Q: respecting .ssh/id_rsa On 8 May 2015 20:41, "Conley, Matthew M CTR GXM" < matthew.m.conley1@navy.mil> wrote: > > chmod 0700 .ssh > chmod 0600 .ssh/* > > Keys can fail if you don't have that setup correctly. > Also do: > grep sshd /var/log/audit/audit.log| audit2allow -m sshd # Will let you > see what modules it will create. > grep sshd /var/log/audit/audit.log| audit2allow -M sshd # Creates the > modules > > semodule -I sshd.pp > > grep ssh /var/log/audit/audit.log| audit2allow -m ssh # Will let you > see what modules it will create. > grep ssh /var/log/audit/audit.log| audit2allow -M ssh # Creates the > modules > > semodule -I ssh.pp > > sshd is the server; ssh is the client. > > No no no no no Blindly running audit2allow and creating modules weakens your security not enhances it. If you have not messed up your labeling then SSH will have no problem reading keys - SSH keys are fully supported under the policy shipped with CentOS. If you are mounting your home elsewhere do: semanage fcontext -a -e /home /mynewspecialhome restorecon -Rv /mynewspecialhome That will fix any selinux labelling issues of your home directories properly. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ldap host attribute is ignored
It's not normal to have pam_unix.so twice in each group. That said, I am not used to seeing nullok in these as well. (The environment I work in requires it removed, so that's why it's strange to see.) pam_systemd.so and md5? I wanted to clean this up a bit, but I am going to stop now, cause I see the reference of Centos 5 based info and CentOS 7 stuff. I will have to see what's changed between the both. Here's what I have thus far. #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired pam_env.so authsufficientpam_unix.so try_first_pass authrequisite pam_succeed_if.so uid >= 200 quiet_success authsufficientpam_sss.so use_first_pass authrequired pam_deny.so authoptional pam_gnome_keyring.so account required pam_unix.so broken_shadow try_first_pass account sufficientpam_succeed_if.so uid < 2000 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so account sufficientpam_localuser.so account required pam_sss.so use_first_pass account sufficientpam_localuser.so passwordrequisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= passwordsufficientpam_unix.so sha512 shadow try_first_pass use_authtok passwordsufficientpam_sss.so use_authtok passwordrequired pam_deny.so passwordrequisite pam_cracklib.so passwordoptional pam_gnome_keyring.souse_authtok passwordrequired pam_sss.so use_authtok session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so try_first_pass session sufficientpam_sss.so session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Jonathan Billings Sent: Saturday, May 09, 2015 4:25 PM To: CentOS mailing list Subject: Re: [CentOS] ldap host attribute is ignored On May 8, 2015, at 11:14 AM, Ulrich Hiller wrote: > > /etc/pam.d/system-auth: > --- > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > authrequired pam_env.so > authsufficientpam_unix.so nullok try_first_pass > authrequisite pam_succeed_if.so uid >= 200 quiet_success > authsufficientpam_sss.so use_first_pass > authrequired pam_deny.so > authrequiredpam_env.so > authoptionalpam_gnome_keyring.so > > account required pam_unix.so broken_shadow > account sufficientpam_succeed_if.so uid < 2000 quiet > account [default=bad success=ok user_unknown=ignore] pam_sss.so > account required pam_permit.so > account requisite pam_unix.so try_first_pass > account sufficient pam_localuser.so > account requiredpam_sss.so use_first_pass > account sufficient pam_localuser.so > > passwordrequisite pam_pwquality.so try_first_pass > local_users_only retry=3 authtok_type= > passwordsufficientpam_unix.so md5 shadow nullok try_first_pass > use_authtok > passwordsufficientpam_sss.so use_authtok > passwordrequired pam_deny.so > passwordrequisite pam_cracklib.so > passwordoptionalpam_gnome_keyring.souse_authtok > passwordsufficient pam_unix.so use_authtok nullok > shadow try_first_pass > passwordrequiredpam_sss.so use_authtok > > session optional pam_keyinit.so revoke > session required pam_limits.so > -session optional pam_systemd.so > session [success=1 default=ignore] pam_succeed_if.so service in > crond quiet use_uid > session required pam_unix.so > session sufficient pam_sss.so > session requiredpam_unix.so try_first_pass > session optionalpam_umask.so > session optionalpam_gnome_keyring.soauto_start > only_if=gdm,gdm-password,lxdm,lightdm -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld trouble opening a port
> > Just remember that the permanent command doesn't add the rule immediately, > so it doesn't take effect *until* you reload. > you can also do this: > # firewall-cmd --zone=home --add-port=8181/tcp > # > > # firewall-cmd --runtime-to-permanent > That way, if you screw something up, you can simply reload (or reboot) to > fix it. That's a very excellent point! I'll have to remember that. I've read a few guides on how to use firewall-cmd on CentOS 7, but I haven't seem this tip mentioned anywhere! So thanks for pointing that out! On Mon, May 11, 2015 at 9:18 AM, Bowie Bailey wrote: > On 5/9/2015 3:24 PM, Tim Dunphy wrote: > >> Hi Earl, >> >> The problem is you added the rule in runtime and when you reloaded it >>> removed the rule that you added; therefore you need to use --permanent >>> >or >>> do not reload. >>> >> Thanks! That worked. >> >> [root@appd:~] #firewall-cmd --zone=home --list-ports >> [root@appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent >> success >> [root@appd:~] #firewall-cmd --reload >> success >> [root@appd:~] #firewall-cmd --zone=home --list-ports >> 8181/tcp >> > > Just remember that the permanent command doesn't add the rule immediately, > so it doesn't take effect *until* you reload. > > you can also do this: > > # firewall-cmd --zone=home --add-port=8181/tcp > # > > # firewall-cmd --runtime-to-permanent > > That way, if you screw something up, you can simply reload (or reboot) to > fix it. > > -- > Bowie > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 Network Question
On 11-05-2015 00:57, david wrote: I have a question about the network and Centos 7 I am experimenting with two C7 installations: - On relatively new hardware, configured with fixed IP address in IPV4 only - on top of Windows, using VMWare, sharing my windows connection via Vmware's bridge with IPV4 only. On both configurations, I run a script every five minutes to test the network. The sequence is as follows: - Find the default interface using "ip route" - Find that interface's IP address by scanning the output of "ip route" for a match in interface. If the above tests fail to resolve, I issue "systemctl restart network", and post a mail message to myself. When this happens, the network does indeed come back correctly. If you are using fixed IP addresses, how is this check supposed to detect network failures? Actually I'm surprised that it's failing sometimes, as it should be pretty static. If that test is really that way, I would recommend saving those outputs for post analysis because the shouldn't be changing like that. Like, instead of ip route | grep, save it to a file using a known timestamp, grep on it and leave it there/mail it to you if it fails. Marcelo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] appdynamics php agent prevented by SELinux
> > That's a rather odd (personally, I think bad) place for a log (or > even logfile lock) and I'm not at all surprised that selinux is > keeping your application from writing there. I would check to see if > there is a setup/configuration option for your application to put > the log files and related in a more standard location (/var/log, > /var/run), where it is less likely to run into an issue. Yeah I agree that it's an unusual place to store log files. However I'm not aware of any way to change that location since it's an RPM install. Maybe a source install is possible. I'll do some googling. > > This isn't really a C7-specific issue/"problem". Yeah that's right. I said that poorly. I had just been dealing with an issue with systemctl priror to that which was due to it being a C7 machine. But really only because I had been using systemctl. What I'm most curious about is how Apache is reporting SELinux problems whether or not SELinux is enabled. Like I said earlier, if I have SELinux set to off, you still see those kind of messages relating to SELinux when you do a status on httpd. Odd. One thing I did try was to do a restorecon -R -v /usr/lib/appdynamics-php5/. Since it might not be easy to change paths I was hoping to find a way to solve this using SELinux.. Does anyone else have any suggestions on how to solve this? Thanks, Tim On Sun, May 10, 2015 at 10:20 PM, Richard < lists-cen...@listmail.innovate.net> wrote: > > > Original Message > > Date: Sunday, May 10, 2015 09:02:11 PM -0400 > > From: Tim Dunphy > > > > Hey guys, > > > > I've got another C7 problem I was hoping to solve. I > > installed appdynamics-php-agent-4.0.5.0-1.x86_64 on a C7.1 host. > > > > It's failing to communicate with it's controller on another host. > > And this is the interesting part. Whether or not I have SELinux > > enabled, I have apache reporting SELinux problems. > > > > [root@web1:~] #getenforce > > Permissive > > > > May 10 20:47:56 web1 python[25735]: SELinux is preventing > > /usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on > > the file /usr/lib/appdynamics-php5/logs/agent.log.lck. > > > > * Plugin catchall (100. > > That's a rather odd (personally, I think bad) place for a log (or > even logfile lock) and I'm not at all surprised that selinux is > keeping your application from writing there. I would check to see if > there is a setup/configuration option for your application to put > the log files and related in a more standard location (/var/log, > /var/run), where it is less likely to run into an issue. > > This isn't really a C7-specific issue/"problem". > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] appdynamics php agent prevented by SELinux
On Mon, May 11, 2015 9:47 am, Tim Dunphy wrote: >> >> That's a rather odd (personally, I think bad) place for a log (or >> even logfile lock) and I'm not at all surprised that selinux is >> keeping your application from writing there. I would check to see if >> there is a setup/configuration option for your application to put >> the log files and related in a more standard location (/var/log, >> /var/run), where it is less likely to run into an issue. > > > Yeah I agree that it's an unusual place to store log files. However I'm > not > aware of any way to change that location since it's an RPM install. If rpm is configured for _that_ location of log files, I would remove the repository this rpm comes from from configuration and will remember to never-never ever use that repository for anything. Just my $0.02 Valeri > Maybe > a > source install is possible. I'll do some googling. > > >> >> This isn't really a C7-specific issue/"problem". > > > Yeah that's right. I said that poorly. I had just been dealing with an > issue with systemctl priror to that which was due to it being a C7 > machine. > But really only because I had been using systemctl. > > What I'm most curious about is how Apache is reporting SELinux problems > whether or not SELinux is enabled. Like I said earlier, if I have SELinux > set to off, you still see those kind of messages relating to SELinux when > you do a status on httpd. > > Odd. One thing I did try was to do a restorecon -R -v > /usr/lib/appdynamics-php5/. > > Since it might not be easy to change paths I was hoping to find a way to > solve this using SELinux.. Does anyone else have any suggestions on how to > solve this? > > Thanks, > Tim > > On Sun, May 10, 2015 at 10:20 PM, Richard < > lists-cen...@listmail.innovate.net> wrote: > >> >> >> Original Message >> > Date: Sunday, May 10, 2015 09:02:11 PM -0400 >> > From: Tim Dunphy >> > >> > Hey guys, >> > >> > I've got another C7 problem I was hoping to solve. I >> > installed appdynamics-php-agent-4.0.5.0-1.x86_64 on a C7.1 host. >> > >> > It's failing to communicate with it's controller on another host. >> > And this is the interesting part. Whether or not I have SELinux >> > enabled, I have apache reporting SELinux problems. >> > >> > [root@web1:~] #getenforce >> > Permissive >> > >> > May 10 20:47:56 web1 python[25735]: SELinux is preventing >> > /usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on >> > the file /usr/lib/appdynamics-php5/logs/agent.log.lck. >> > >> > * Plugin catchall (100. >> >> That's a rather odd (personally, I think bad) place for a log (or >> even logfile lock) and I'm not at all surprised that selinux is >> keeping your application from writing there. I would check to see if >> there is a setup/configuration option for your application to put >> the log files and related in a more standard location (/var/log, >> /var/run), where it is less likely to run into an issue. >> >> This isn't really a C7-specific issue/"problem". >> >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] appdynamics php agent prevented by SELinux
> > If rpm is configured for _that_ location of log files, I would remove the > repository this rpm comes from from configuration and will remember to > never-never ever use that repository for anything. > > Just my $0.02 > Yeah I completely get where you're coming from there. However it's not an RPM from a repo. I downloaded the rpm from the appdynamics site itself. While it may be easy to say "well then just don't use appdynamics"! That's not a luxury I have. My company uses it and I need to get up to speed on how to work with it. So that's why I'm trying out this experiment. Thanks, Tim On Mon, May 11, 2015 at 11:22 AM, Valeri Galtsev wrote: > > On Mon, May 11, 2015 9:47 am, Tim Dunphy wrote: > >> > >> That's a rather odd (personally, I think bad) place for a log (or > >> even logfile lock) and I'm not at all surprised that selinux is > >> keeping your application from writing there. I would check to see if > >> there is a setup/configuration option for your application to put > >> the log files and related in a more standard location (/var/log, > >> /var/run), where it is less likely to run into an issue. > > > > > > Yeah I agree that it's an unusual place to store log files. However I'm > > not > > aware of any way to change that location since it's an RPM install. > > If rpm is configured for _that_ location of log files, I would remove the > repository this rpm comes from from configuration and will remember to > never-never ever use that repository for anything. > > Just my $0.02 > > Valeri > > > Maybe > > a > > source install is possible. I'll do some googling. > > > > > >> > >> This isn't really a C7-specific issue/"problem". > > > > > > Yeah that's right. I said that poorly. I had just been dealing with an > > issue with systemctl priror to that which was due to it being a C7 > > machine. > > But really only because I had been using systemctl. > > > > What I'm most curious about is how Apache is reporting SELinux problems > > whether or not SELinux is enabled. Like I said earlier, if I have SELinux > > set to off, you still see those kind of messages relating to SELinux when > > you do a status on httpd. > > > > Odd. One thing I did try was to do a restorecon -R -v > > /usr/lib/appdynamics-php5/. > > > > Since it might not be easy to change paths I was hoping to find a way to > > solve this using SELinux.. Does anyone else have any suggestions on how > to > > solve this? > > > > Thanks, > > Tim > > > > On Sun, May 10, 2015 at 10:20 PM, Richard < > > lists-cen...@listmail.innovate.net> wrote: > > > >> > >> > >> Original Message > >> > Date: Sunday, May 10, 2015 09:02:11 PM -0400 > >> > From: Tim Dunphy > >> > > >> > Hey guys, > >> > > >> > I've got another C7 problem I was hoping to solve. I > >> > installed appdynamics-php-agent-4.0.5.0-1.x86_64 on a C7.1 host. > >> > > >> > It's failing to communicate with it's controller on another host. > >> > And this is the interesting part. Whether or not I have SELinux > >> > enabled, I have apache reporting SELinux problems. > >> > > >> > [root@web1:~] #getenforce > >> > Permissive > >> > > >> > May 10 20:47:56 web1 python[25735]: SELinux is preventing > >> > /usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on > >> > the file /usr/lib/appdynamics-php5/logs/agent.log.lck. > >> > > >> > * Plugin catchall (100. > >> > >> That's a rather odd (personally, I think bad) place for a log (or > >> even logfile lock) and I'm not at all surprised that selinux is > >> keeping your application from writing there. I would check to see if > >> there is a setup/configuration option for your application to put > >> the log files and related in a more standard location (/var/log, > >> /var/run), where it is less likely to run into an issue. > >> > >> This isn't really a C7-specific issue/"problem". > >> > >> > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> http://lists.centos.org/mailman/listinfo/centos > >> > > > > > > > > -- > > GPG me!! > > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > > > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] appdynamics php agent prevented by SELinux
Am 11.05.2015 um 16:47 schrieb Tim Dunphy : >> That's a rather odd (personally, I think bad) place for a log (or >> even logfile lock) and I'm not at all surprised that selinux is >> keeping your application from writing there. I would check to see if >> there is a setup/configuration option for your application to put >> the log files and related in a more standard location (/var/log, >> /var/run), where it is less likely to run into an issue. > > > Yeah I agree that it's an unusual place to store log files. However I'm not > aware of any way to change that location since it's an RPM install. Maybe a > source install is possible. I'll do some googling. > > >> >> This isn't really a C7-specific issue/"problem". > > > Yeah that's right. I said that poorly. I had just been dealing with an > issue with systemctl priror to that which was due to it being a C7 machine. > But really only because I had been using systemctl. > > What I'm most curious about is how Apache is reporting SELinux problems > whether or not SELinux is enabled. Like I said earlier, if I have SELinux > set to off, you still see those kind of messages relating to SELinux when > you do a status on httpd. > > Odd. One thing I did try was to do a restorecon -R -v > /usr/lib/appdynamics-php5/. > > Since it might not be easy to change paths I was hoping to find a way to > solve this using SELinux.. Does anyone else have any suggestions on how to > solve this? what was mentioned was the run time configuration. Despite the install location some application allow to specify alternative argument, e.g. /usr/bin/mycomapp --logfile /var/log/mycomapp/mycomapp.log or via configuration file # grep LOGFILE /etc/mycomapp/mycomapp.conf LOGFILE=/var/log/mycomapp/mycomapp.log -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] appdynamics php agent prevented by SELinux
On Mon, May 11, 2015 10:38 am, Tim Dunphy wrote: >> >> If rpm is configured for _that_ location of log files, I would remove >> the >> repository this rpm comes from from configuration and will remember to >> never-never ever use that repository for anything. >> >> Just my $0.02 >> > > Yeah I completely get where you're coming from there. However it's not an > RPM from a repo. I downloaded the rpm from the appdynamics site itself. > While it may be easy to say "well then just don't use appdynamics"! > That's > not a luxury I have. My company uses it and I need to get up to speed on > how to work with it. So that's why I'm trying out this experiment. OK, then this is what I would do: create some benign place for that, say, /opt/appdynamics Then install rpm with "--root /opt/appdynamics" option. This will force rpm prepend all paths with "/opt/appdynamics". Instead of, say, putting something into /usr/lib, it will put this stuff into /opt/appdynamics/usr/lib (and will create missing paths there when necessary). So: rpm -ivh --root /opt/appdynamics/ [your appdynamics rpm name].rpm After that done, you may need to describe the paths to binaries, libraries there, say, by adding for libraries: echo "/opt/appdynamics" >> /etc/ld.so.conf /sbin/ldconfig -v and adding extra paths to, say, /etc/profile... I hope, this helps. Valeri > > Thanks, > Tim > > On Mon, May 11, 2015 at 11:22 AM, Valeri Galtsev > > wrote: > >> >> On Mon, May 11, 2015 9:47 am, Tim Dunphy wrote: >> >> >> >> That's a rather odd (personally, I think bad) place for a log (or >> >> even logfile lock) and I'm not at all surprised that selinux is >> >> keeping your application from writing there. I would check to see if >> >> there is a setup/configuration option for your application to put >> >> the log files and related in a more standard location (/var/log, >> >> /var/run), where it is less likely to run into an issue. >> > >> > >> > Yeah I agree that it's an unusual place to store log files. However >> I'm >> > not >> > aware of any way to change that location since it's an RPM install. >> >> If rpm is configured for _that_ location of log files, I would remove >> the >> repository this rpm comes from from configuration and will remember to >> never-never ever use that repository for anything. >> >> Just my $0.02 >> >> Valeri >> >> > Maybe >> > a >> > source install is possible. I'll do some googling. >> > >> > >> >> >> >> This isn't really a C7-specific issue/"problem". >> > >> > >> > Yeah that's right. I said that poorly. I had just been dealing with an >> > issue with systemctl priror to that which was due to it being a C7 >> > machine. >> > But really only because I had been using systemctl. >> > >> > What I'm most curious about is how Apache is reporting SELinux >> problems >> > whether or not SELinux is enabled. Like I said earlier, if I have >> SELinux >> > set to off, you still see those kind of messages relating to SELinux >> when >> > you do a status on httpd. >> > >> > Odd. One thing I did try was to do a restorecon -R -v >> > /usr/lib/appdynamics-php5/. >> > >> > Since it might not be easy to change paths I was hoping to find a way >> to >> > solve this using SELinux.. Does anyone else have any suggestions on >> how >> to >> > solve this? >> > >> > Thanks, >> > Tim >> > >> > On Sun, May 10, 2015 at 10:20 PM, Richard < >> > lists-cen...@listmail.innovate.net> wrote: >> > >> >> >> >> >> >> Original Message >> >> > Date: Sunday, May 10, 2015 09:02:11 PM -0400 >> >> > From: Tim Dunphy >> >> > >> >> > Hey guys, >> >> > >> >> > I've got another C7 problem I was hoping to solve. I >> >> > installed appdynamics-php-agent-4.0.5.0-1.x86_64 on a C7.1 host. >> >> > >> >> > It's failing to communicate with it's controller on another host. >> >> > And this is the interesting part. Whether or not I have SELinux >> >> > enabled, I have apache reporting SELinux problems. >> >> > >> >> > [root@web1:~] #getenforce >> >> > Permissive >> >> > >> >> > May 10 20:47:56 web1 python[25735]: SELinux is preventing >> >> > /usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on >> >> > the file /usr/lib/appdynamics-php5/logs/agent.log.lck. >> >> > >> >> > * Plugin catchall (100. >> >> >> >> That's a rather odd (personally, I think bad) place for a log (or >> >> even logfile lock) and I'm not at all surprised that selinux is >> >> keeping your application from writing there. I would check to see if >> >> there is a setup/configuration option for your application to put >> >> the log files and related in a more standard location (/var/log, >> >> /var/run), where it is less likely to run into an issue. >> >> >> >> This isn't really a C7-specific issue/"problem". >> >> >> >> >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> http://lists.centos.org/mailman/listinfo/centos >> >> >> > >> > >> > >> > -- >> > GPG me!! >> > >
Re: [CentOS] ldap host attribute is ignored
Hmmm, i have made now a complete new install but the problem persists: ldap authentication works, but the host attribute is ignored. I have installed CentOS7 64bit with KDE. I did not do any 'yum update' or install of extra packages so far. these pam and ldap packages are installed: openldap-devel-2.4.39-6.el7.x86_64 openssh-ldap-6.6.1p1-11.el7.x86_64 openldap-2.4.39-6.el7.x86_64 python-ldap-2.4.15-2.el7.x86_64 compat-openldap-2.3.43-5.el7.x86_64 openldap-clients-2.4.39-6.el7.x86_64 fprintd-pam-0.5.0-4.0.el7_0.x86_64 gnome-keyring-pam-3.8.2-10.el7.x86_64 pam-1.1.8-12.el7.x86_64 I ran authconfig-tui and set "use ldap", "use md5 password", "use shadow password", "use ldap authentication", "use tls", "server=ldap://myldapserver.com";, "basedn=o=XXX" my /etc/openldap/ldap.conf: BASE o=XXX URI ldap://myldapserver.com/ TLS_CACERTDIR /etc/ssl/certs SASL_NOCANONon My /etc/sssd/sssd.conf: [domain/default] ldap_uri = ldap://myldapserver.com/ ldap_search_base = ou=YYY,o=XXX ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = False ldap_tls_cacertdir = /etc/openldap/cacerts/ chpass_provider = ldap auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base = ou=YYY,o=XXX access_provider = ldap ldap_access_order = host ldap_user_authorized_host = host autofs_provider = ldap [sssd] services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [sudo] [autofs] [ssh] My /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid >= 200 quiet_success authsufficientpam_sss.so use_first_pass authrequired pam_deny.so account required pam_unix.so broken_shadow account sufficientpam_succeed_if.so uid < 2000 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so passwordrequisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_sss.so use_authtok passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so My /etc/pam.d/password-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid >= 200 quiet_success authsufficientpam_sss.so use_first_pass authrequired pam_deny.so account required pam_unix.so broken_shadow account sufficientpam_succeed_if.so uid < 2000 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so passwordrequisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_sss.so use_authtok passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so My /etc/nsswitch.conf: passwd: files sss shadow: files sss group: files sss hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:files services: files sss netgroup: files sss publickey: nisplus automount: files sss aliases:files nisplus nscd is NOT installed apart from the uid boundary interval in /etc/pam-d i left the files in this directory as they were created by authconfig. I did not copy anything from other systems. ldapsearch can read the user information. The user can again login, no matter of the contence of the ldap's host attribute. I feel a bit embarrassed now. but ... does anybody have another idea? With kind regards, ulrich ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS performance on CentOS 7
- Original Message - | I am setting up a file server with CentOS 7. I'm seeing | performance which is considerably slower than a similar | server running CentOS 6.6. A 3Gb directory can be copied | to/from the CentOS 6.6 server in about 50 seconds. The | same directory takes about 270 seconds to copy to/from | the CentOS 7 system. | | I see the same performance difference with NFS mounted | file systems or using scp, so it doesn't appear to be | an NFS issue. The MTU on the NICs on both systems is | 1500, and changing it to 6000 on the CentOS 7 system had | no effect. | | Anyone have any ideas what might cause this problem or | how to fix it? | | -- | Michael Eager ea...@eagercon.com | 1960 Park Blvd., Palo Alto, CA 94306 650-325-8077 Do you have IPTables or FirewallD turned on? Are you using NFSv3 or NFSv4? Are these machines on the same switch? Any errors seen in `netstat -i` output? There could be lots of reasons for this problem from cabling to switch/host misconfiguration. -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 604-365-6432 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ldap host attribute is ignored
one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm, i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > > these pam and ldap packages are installed: > openldap-devel-2.4.39-6.el7.x86_64 > openssh-ldap-6.6.1p1-11.el7.x86_64 > openldap-2.4.39-6.el7.x86_64 > python-ldap-2.4.15-2.el7.x86_64 > compat-openldap-2.3.43-5.el7.x86_64 > openldap-clients-2.4.39-6.el7.x86_64 > fprintd-pam-0.5.0-4.0.el7_0.x86_64 > gnome-keyring-pam-3.8.2-10.el7.x86_64 > pam-1.1.8-12.el7.x86_64 > > > I ran authconfig-tui and set "use ldap", "use md5 password", "use shadow > password", "use ldap authentication", "use tls", > "server=ldap://myldapserver.com";, "basedn=o=XXX" > > my /etc/openldap/ldap.conf: > BASE o=XXX > URI ldap://myldapserver.com/ > TLS_CACERTDIR /etc/ssl/certs > SASL_NOCANONon > > My /etc/sssd/sssd.conf: > [domain/default] > ldap_uri = ldap://myldapserver.com/ > ldap_search_base = ou=YYY,o=XXX > ldap_schema = rfc2307bis > id_provider = ldap > ldap_user_uuid = entryuuid > ldap_group_uuid = entryuuid > ldap_id_use_start_tls = True > enumerate = False > cache_credentials = False > ldap_tls_cacertdir = /etc/openldap/cacerts/ > chpass_provider = ldap > auth_provider = ldap > ldap_tls_reqcert = never > ldap_user_search_base = ou=YYY,o=XXX > access_provider = ldap > ldap_access_order = host > ldap_user_authorized_host = host > autofs_provider = ldap > > [sssd] > services = nss, pam, autofs > config_file_version = 2 > domains = default > > [nss] > > [pam] > > [sudo] > > [autofs] > > [ssh] > > > > My /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > authrequired pam_env.so > authsufficientpam_unix.so nullok try_first_pass > authrequisite pam_succeed_if.so uid >= 200 quiet_success > authsufficientpam_sss.so use_first_pass > authrequired pam_deny.so > > account required pam_unix.so broken_shadow > account sufficientpam_succeed_if.so uid < 2000 quiet > account [default=bad success=ok user_unknown=ignore] pam_sss.so > account required pam_permit.so > > passwordrequisite pam_pwquality.so try_first_pass > local_users_only retry=3 authtok_type= > passwordsufficientpam_unix.so md5 shadow nullok try_first_pass > use_authtok > passwordsufficientpam_sss.so use_authtok > passwordrequired pam_deny.so > > session optional pam_keyinit.so revoke > session required pam_limits.so > -session optional pam_systemd.so > session [success=1 default=ignore] pam_succeed_if.so service in > crond quiet use_uid > session required pam_unix.so > session optional pam_sss.so > > My /etc/pam.d/password-auth: > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > authrequired pam_env.so > authsufficientpam_unix.so nullok try_first_pass > authrequisite pam_succeed_if.so uid >= 200 quiet_success > authsufficientpam_sss.so use_first_pass > authrequired pam_deny.so > > account required pam_unix.so broken_shadow > account sufficientpam_succeed_if.so uid < 2000 quiet > account [default=bad success=ok user_unknown=ignore] pam_sss.so > account required pam_permit.so > > passwordrequisite pam_pwquality.so try_first_pass > local_users_only retry=3 authtok_type= > passwordsufficientpam_unix.so md5 shadow nullok try_first_pass > use_authtok > passwordsufficientpam_sss.so use_authtok > passwordrequired pam_deny.so > > session optional pam_keyinit.so revoke > session required pam_limits.so > -session optional pam_systemd.so > session [success=1 default=ignore] pam_succeed_if.so service in > crond quiet use_uid > session required pam_unix.so > session optional pam_sss.so > > > My /etc/nsswitch.conf: > passwd: files sss > shadow: files sss > group: files sss > hosts: files dns > bootparams: nisplus [NOTFOUND=return] files > ethers: files > netmasks: files > networks: files > protocols: files > rpc:files > services: files sss > netgroup: files sss > publickey: nisplus > automount: files sss > aliases:files nisplus > > nscd is NOT installed > > apart from the uid boundary interval in /etc/pam-d i left the files in > this directory as they were created by authconfig. I did not copy > anything from other systems. > > ldapsearch can read the user information. The user can again login, no > matter of the contence of the ldap's host attribute. > > I feel a bit embar
Re: [CentOS] ldap host attribute is ignored
I am still not understanding why your using MD5? Is it because everyone in InfoSec declared that everyone finally went from md5 to sha512 or what? -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Ulrich Hiller Sent: Monday, May 11, 2015 1:40 PM To: CentOS mailing list Subject: Re: [CentOS] ldap host attribute is ignored one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm, i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > > these pam and ldap packages are installed: > openldap-devel-2.4.39-6.el7.x86_64 > openssh-ldap-6.6.1p1-11.el7.x86_64 > openldap-2.4.39-6.el7.x86_64 > python-ldap-2.4.15-2.el7.x86_64 > compat-openldap-2.3.43-5.el7.x86_64 > openldap-clients-2.4.39-6.el7.x86_64 > fprintd-pam-0.5.0-4.0.el7_0.x86_64 > gnome-keyring-pam-3.8.2-10.el7.x86_64 > pam-1.1.8-12.el7.x86_64 > > > I ran authconfig-tui and set "use ldap", "use md5 password", "use > shadow password", "use ldap authentication", "use tls", > "server=ldap://myldapserver.com";, "basedn=o=XXX" > > my /etc/openldap/ldap.conf: > BASE o=XXX > URI ldap://myldapserver.com/ > TLS_CACERTDIR /etc/ssl/certs > SASL_NOCANONon > > My /etc/sssd/sssd.conf: > [domain/default] > ldap_uri = ldap://myldapserver.com/ > ldap_search_base = ou=YYY,o=XXX > ldap_schema = rfc2307bis > id_provider = ldap > ldap_user_uuid = entryuuid > ldap_group_uuid = entryuuid > ldap_id_use_start_tls = True > enumerate = False > cache_credentials = False > ldap_tls_cacertdir = /etc/openldap/cacerts/ chpass_provider = ldap > auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base = > ou=YYY,o=XXX access_provider = ldap ldap_access_order = host > ldap_user_authorized_host = host autofs_provider = ldap > > [sssd] > services = nss, pam, autofs > config_file_version = 2 > domains = default > > [nss] > > [pam] > > [sudo] > > [autofs] > > [ssh] > > > > My /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > authrequired pam_env.so > authsufficientpam_unix.so nullok try_first_pass > authrequisite pam_succeed_if.so uid >= 200 quiet_success > authsufficientpam_sss.so use_first_pass > authrequired pam_deny.so > > account required pam_unix.so broken_shadow > account sufficientpam_succeed_if.so uid < 2000 quiet > account [default=bad success=ok user_unknown=ignore] pam_sss.so > account required pam_permit.so > > passwordrequisite pam_pwquality.so try_first_pass > local_users_only retry=3 authtok_type= > passwordsufficientpam_unix.so md5 shadow nullok try_first_pass > use_authtok > passwordsufficientpam_sss.so use_authtok > passwordrequired pam_deny.so > > session optional pam_keyinit.so revoke > session required pam_limits.so > -session optional pam_systemd.so > session [success=1 default=ignore] pam_succeed_if.so service in > crond quiet use_uid > session required pam_unix.so > session optional pam_sss.so > > My /etc/pam.d/password-auth: > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > authrequired pam_env.so > authsufficientpam_unix.so nullok try_first_pass > authrequisite pam_succeed_if.so uid >= 200 quiet_success > authsufficientpam_sss.so use_first_pass > authrequired pam_deny.so > > account required pam_unix.so broken_shadow > account sufficientpam_succeed_if.so uid < 2000 quiet > account [default=bad success=ok user_unknown=ignore] pam_sss.so > account required pam_permit.so > > passwordrequisite pam_pwquality.so try_first_pass > local_users_only retry=3 authtok_type= > passwordsufficientpam_unix.so md5 shadow nullok try_first_pass > use_authtok > passwordsufficientpam_sss.so use_authtok > passwordrequired pam_deny.so > > session optional pam_keyinit.so revoke > session required pam_limits.so > -session optional pam_systemd.so > session [success=1 default=ignore] pam_succeed_if.so service in > crond quiet use_uid > session required pam_unix.so > session optional pam_sss.so > > > My /etc/nsswitch.conf: > passwd: files sss > shadow: files sss > group: files sss > hosts: files dns > bootparams: nisplus [NOTFOUND=return] files > ethers: files > netmasks: files > networks: files > protocols: files > rpc:files > services: files sss > netgroup: files sss > publickey: nisplus > automount: files sss > al
Re: [CentOS] NFS performance on CentOS 7
On Sat, 9 May 2015, Michael Eager wrote: I am setting up a file server with CentOS 7. I'm seeing performance which is considerably slower than a similar server running CentOS 6.6. A 3Gb directory can be copied to/from the CentOS 6.6 server in about 50 seconds. The same directory takes about 270 seconds to copy to/from the CentOS 7 system. I see the same performance difference with NFS mounted file systems or using scp, so it doesn't appear to be an NFS issue. The MTU on the NICs on both systems is 1500, and changing it to 6000 on the CentOS 7 system had no effect. Anyone have any ideas what might cause this problem or how to fix it? My first guess would be that stat() operations are the bottleneck. Are you using network authentication of some kind? If so, I'd try to identify differences in the authentication cache. For instance, CentOS 6 may be using nslcd or nscd, while CentOS 7 is using sssd or nslcd. Repeated UID/GID lookups absent effective cacheing will slow things down as you describe. -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ldap host attribute is ignored
Ok, i deactivated md5 in authconfig. And the problem persists. But i do not see the relation to my problem. The authentication works like charm. It is only the ldap's host attribute which is ignored. With kind regards, ulrich On 05/11/2015 07:48 PM, Conley, Matthew M CTR GXM wrote: > I am still not understanding why your using MD5? Is it because everyone in > InfoSec declared that everyone finally went from md5 to sha512 or what? > > > -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf > Of Ulrich Hiller > Sent: Monday, May 11, 2015 1:40 PM > To: CentOS mailing list > Subject: Re: [CentOS] ldap host attribute is ignored > > one more thing: firewalld service and selinux are deactivated. > > > On 05/11/2015 07:06 PM, Ulrich Hiller wrote: >> Hmmm, i have made now a complete new install but the problem >> persists: ldap authentication works, but the host attribute is ignored. >> >> I have installed CentOS7 64bit with KDE. >> I did not do any 'yum update' or install of extra packages so far. >> >> these pam and ldap packages are installed: >> openldap-devel-2.4.39-6.el7.x86_64 >> openssh-ldap-6.6.1p1-11.el7.x86_64 >> openldap-2.4.39-6.el7.x86_64 >> python-ldap-2.4.15-2.el7.x86_64 >> compat-openldap-2.3.43-5.el7.x86_64 >> openldap-clients-2.4.39-6.el7.x86_64 >> fprintd-pam-0.5.0-4.0.el7_0.x86_64 >> gnome-keyring-pam-3.8.2-10.el7.x86_64 >> pam-1.1.8-12.el7.x86_64 >> >> >> I ran authconfig-tui and set "use ldap", "use md5 password", "use >> shadow password", "use ldap authentication", "use tls", >> "server=ldap://myldapserver.com";, "basedn=o=XXX" >> >> my /etc/openldap/ldap.conf: >> BASE o=XXX >> URI ldap://myldapserver.com/ >> TLS_CACERTDIR /etc/ssl/certs >> SASL_NOCANONon >> >> My /etc/sssd/sssd.conf: >> [domain/default] >> ldap_uri = ldap://myldapserver.com/ >> ldap_search_base = ou=YYY,o=XXX >> ldap_schema = rfc2307bis >> id_provider = ldap >> ldap_user_uuid = entryuuid >> ldap_group_uuid = entryuuid >> ldap_id_use_start_tls = True >> enumerate = False >> cache_credentials = False >> ldap_tls_cacertdir = /etc/openldap/cacerts/ chpass_provider = ldap >> auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base = >> ou=YYY,o=XXX access_provider = ldap ldap_access_order = host >> ldap_user_authorized_host = host autofs_provider = ldap >> >> [sssd] >> services = nss, pam, autofs >> config_file_version = 2 >> domains = default >> >> [nss] >> >> [pam] >> >> [sudo] >> >> [autofs] >> >> [ssh] >> >> >> >> My /etc/pam.d/system-auth >> #%PAM-1.0 >> # This file is auto-generated. >> # User changes will be destroyed the next time authconfig is run. >> authrequired pam_env.so >> authsufficientpam_unix.so nullok try_first_pass >> authrequisite pam_succeed_if.so uid >= 200 quiet_success >> authsufficientpam_sss.so use_first_pass >> authrequired pam_deny.so >> >> account required pam_unix.so broken_shadow >> account sufficientpam_succeed_if.so uid < 2000 quiet >> account [default=bad success=ok user_unknown=ignore] pam_sss.so >> account required pam_permit.so >> >> passwordrequisite pam_pwquality.so try_first_pass >> local_users_only retry=3 authtok_type= >> passwordsufficientpam_unix.so md5 shadow nullok try_first_pass >> use_authtok >> passwordsufficientpam_sss.so use_authtok >> passwordrequired pam_deny.so >> >> session optional pam_keyinit.so revoke >> session required pam_limits.so >> -session optional pam_systemd.so >> session [success=1 default=ignore] pam_succeed_if.so service in >> crond quiet use_uid >> session required pam_unix.so >> session optional pam_sss.so >> >> My /etc/pam.d/password-auth: >> #%PAM-1.0 >> # This file is auto-generated. >> # User changes will be destroyed the next time authconfig is run. >> authrequired pam_env.so >> authsufficientpam_unix.so nullok try_first_pass >> authrequisite pam_succeed_if.so uid >= 200 quiet_success >> authsufficientpam_sss.so use_first_pass >> authrequired pam_deny.so >> >> account required pam_unix.so broken_shadow >> account sufficientpam_succeed_if.so uid < 2000 quiet >> account [default=bad success=ok user_unknown=ignore] pam_sss.so >> account required pam_permit.so >> >> passwordrequisite pam_pwquality.so try_first_pass >> local_users_only retry=3 authtok_type= >> passwordsufficientpam_unix.so md5 shadow nullok try_first_pass >> use_authtok >> passwordsufficientpam_sss.so use_authtok >> passwordrequired pam_deny.so >> >> session optional pam_keyinit.so revoke >> session required pam_limits.so >> -session optional pam_systemd.so >> session [success=1 default=ignore] pam_succeed_if.so service in >> crond quiet use_uid >> session required pam_unix.
Re: [CentOS] Backup PC or other solution
On 7/5/2015 5:01 μμ, Robert Nichols wrote: I use rdiff-backup, but I hesitate to recommend a tool that has been unsupported for over 6 years and does have quite a few bugs. I have had good experience with mondrescue (mondoarchive, mondorestore) for years. It's a free, active project. See: http://www.mondorescue.org/ We are backing-up about 20 production servers (using cron jobs) weekly. Bare-metal recovery has been successful as well as cloning. Their mailing list is helpful and polite. I has saved my neck many times during the last 5 years. Although I have no experience with mondorescue on Centos 7, I recommend it at least for the other versions. Nick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS performance on CentOS 7
On 09-05-2015 15:34, Michael Eager wrote: I am setting up a file server with CentOS 7. I'm seeing performance which is considerably slower than a similar server running CentOS 6.6. A 3Gb directory can be copied to/from the CentOS 6.6 server in about 50 seconds. The same directory takes about 270 seconds to copy to/from the CentOS 7 system. I see the same performance difference with NFS mounted file systems or using scp, so it doesn't appear to be an NFS issue. The MTU on the NICs on both systems is 1500, and changing it to 6000 on the CentOS 7 system had no effect. Anyone have any ideas what might cause this problem or how to fix it? You may test only your network performance, using iperf, iperf3 or netperf, and then test your disk IO (others may indicate tools for this). Currently you are measuring two big subsystems which can have its down issues and/or affect each other. By splitting the test you may get a better picture of what is better/worse. If you can sustain near line rate on iperf, the issue is probably somewhere else then. Marcelo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Bacula backup system
Hi there, In my last request I have asked info about backuppc and other backup solutions. After some test I have choosen bacula. Many people said it's too complex and try to make it works is a challenge. I've tested backuppc and I don't like it for a stupid reason... I must install on centos external software, configure a web server with cgi with suid enabled (apache does not have mod_perl) I must exchange ssh key or configure smb shares. On backuppc site is reported that there is no database because it is another point of failure. But to make backup pc working I need different softwares to make it work. With bacula I need pgsql (installed with 3 step) install bacula with yum and configure bacula. Bacula is amazing in it's configurantion...you must spend time for studying it but it is solid and powerfull. This is my choice and this not mean that backuppc is bad. Then after this...I'm new to bacula. On different sites, on bacula docs and on sample files, there is specified a job related to database (catalog) backup. The catalog is used to restore a backup. What do you think about backupping catalog on the same backup server? If the backup server dies, how I can restore catalog(s)? If server dies, I can restore without reinstall bacula? What solution do you use? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bacula backup system
On 5/11/2015 11:49 AM, Alessandro Baggi wrote: I must install on centos external software, configure a web server with cgi with suid enabled (apache does not have mod_perl) yum install httpd,mod_perl its all in the base repo of centos 6 at least. I must exchange ssh key or configure smb shares. how does bacula connect and authenticate with the host being backed up ? do you not have to install a bacula file service on each host, configure authentication and run this as a daemon or service ? I found that considerably more complex than the ssh key exchange required by backuppc. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ldap host attribute is ignored
On 05/11/2015 10:06 AM, Ulrich Hiller wrote: Hmmm, i have made now a complete new install but the problem persists: ldap authentication works, but the host attribute is ignored. Hate to say that we're running out of options. I had a CentOS 7 system similar to yours, with LDAP authentication. I added three lines to sssd.conf (for access provider, etc), restarted sssd, and users with no "host" attribute were denied. I didn't actually test users with a host attribute that didn't match, or with deny rules. So maybe there's a bug that needs to be looked at? Does authentication work for users that have no "host" attribute at all? I have installed CentOS7 64bit with KDE. I did not do any 'yum update' or install of extra packages so far. Update, see if that makes a difference. After that you'll probably have to turn up logging in sssd and check its logs to see what it's doing. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Vodafone K4203 Mobile Broadband on Centos7
Hello, I hope someone can hlep me take this hurdle towards using Centos7 I'm trying to get a usb 3-g dongle to work on Centos7 On Centos6 I can follow the instructions that come with the device to get it to work: 1. Insert stick 2. Dismiss all popups about running the auto install scripts 3. Open terminal 4. cd $HOME 5. mkdir vfinstall 6. cd vfinstall 7. (cd /media/"Vodafone Mobile Broadband" && tar -cvf - .) | tar -xf <96> 8. chmod +x autorun.sh install_linux 9. sudo ./autorun.sh 10. Type user password 11. Wait for last command to finish, then close terminal or just cd /media/Vodafone Mobile Broadband ./ install_linux I also tested the stick on Fedora21, it connects without installing anything. On Centos7 I see this: [root@jvermeulen ~]# dmesg | tail -n15 [ 2352.742416] usb 2-2: new high-speed USB device number 4 using ehci-pci [ 2352.865172] usb 2-2: New USB device found, idVendor=12d1, idProduct=1f1c [ 2352.865186] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2352.865193] usb 2-2: Product: HUAWEI Mobile [ 2352.865200] usb 2-2: Manufacturer: Vodafone(Huawei) [ 2352.865207] usb 2-2: SerialNumber: [ 2352.913434] usb-storage 2-2:1.0: USB Mass Storage device detected [ 2352.913791] scsi host6: usb-storage 2-2:1.0 [ 2353.930584] scsi 6:0:0:0: CD-ROM HUAWEI Mass Storage 2.31 PQ: 0 ANSI: 2 [ 2353.933129] sr 6:0:0:0: [sr1] scsi-1 drive [ 2353.935258] sr 6:0:0:0: Attached scsi CD-ROM sr1 [ 2354.156240] ISO 9660 Extensions: RRIP_1991A [ 2354.156261] SELinux: initialized (dev sr1, type iso9660), uses genfs_contexts [root@jvermeulen ~]# tail -f /var/log/messages May 11 21:05:04 jvermeulen kernel: usb 2-1: Product: HUAWEI Mobile May 11 21:05:04 jvermeulen kernel: usb 2-1: Manufacturer: Vodafone(Huawei) May 11 21:05:04 jvermeulen kernel: usb 2-1: SerialNumber: May 11 21:05:04 jvermeulen kernel: usb-storage 2-1:1.0: USB Mass Storage device detected May 11 21:05:04 jvermeulen kernel: scsi host5: usb-storage 2-1:1.0 May 11 21:05:04 jvermeulen mtp-probe: checking bus 2, device 3: "/sys/devices/pci:00/:00:1d.7/usb2/2-1" May 11 21:05:04 jvermeulen mtp-probe: bus: 2, device: 3 was not an MTP device May 11 21:05:05 jvermeulen kernel: scsi 5:0:0:0: CD-ROM HUAWEI Mass Storage 2.31 PQ: 0 ANSI: 2 May 11 21:05:05 jvermeulen kernel: sr 5:0:0:0: [sr2] scsi-1 drive May 11 21:05:06 jvermeulen udisksd[2765]: Mounted /dev/sr2 at /run/media/jvermeulen/Vodafone Mobile Mroadband on behalf of uid 15587 and the I see this EM: May 11 21:06:37 jvermeulen dbus-daemon: dbus[773]: [system] Rejected send message, 1 matched rules; type="method_call", sender=":1.12" (uid=0 pid=886 comm="/usr/sbin/NetworkManager --no-daemon ") interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" error name="(unset)" requested_reply="0" destination=":1.75" (uid=0 pid=3806 comm="/usr/sbin/ModemManager ") May 11 21:06:37 jvermeulen dbus[773]: [system] Rejected send message, 1 matched rules; type="method_call", sender=":1.12" (uid=0 pid=886 comm="/usr/sbin/NetworkManager --no-daemon ") interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" error name="(unset)" requested_reply="0" destination=":1.75" (uid=0 pid=3806 comm="/usr/sbin/ModemManager ") May 11 21:06:37 jvermeulen NetworkManager[886]: error creating ModemManager client: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.12" (uid=0 pid=886 comm="/usr/sbin/NetworkManager --no-daemon ") interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" error name="(unset)" requested_reply="0" destination=":1.75" (uid=0 pid=3806 comm="/usr/sbin/ModemManager ") Further attempts to install the software always lead to EM: you must run the install process as root. I contacted Vodafone support, their answer is they don't support Linux, even if they supply software for Linux on the Vodafone site. Any help would be greatly appreciated. Greetings, Johan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] appdynamics php agent prevented by SELinux
Tim Dunphy wrote: >> >> If rpm is configured for _that_ location of log files, I would remove >> the >> repository this rpm comes from from configuration and will remember to >> never-never ever use that repository for anything. >> >> Just my $0.02 > > Yeah I completely get where you're coming from there. However it's not an > RPM from a repo. I downloaded the rpm from the appdynamics site itself. > While it may be easy to say "well then just don't use appdynamics"! > That's not a luxury I have. My company uses it and I need to get up to speed on > how to work with it. So that's why I'm trying out this experiment. No, that's called "bug report", or "enhancement request". mark "and is done by amateurs, or 'subject matter experts', who think they know how to do the computer side" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ldap host attribute is ignored
> > Hate to say that we're running out of options. I had a CentOS 7 system > similar to yours, with LDAP authentication. I added three lines to > sssd.conf (for access provider, etc), restarted sssd, and users with no > "host" attribute were denied. I didn't actually test users with a host > attribute that didn't match, or with deny rules. So maybe there's a bug > that needs to be looked at? Does authentication work for users that > have no "host" attribute at all? yes, it works for users that have no "host" attribute at all > >> I have installed CentOS7 64bit with KDE. >> I did not do any 'yum update' or install of extra packages so far. > > Update, see if that makes a difference. i did it, rebooted it. No differnce > > After that you'll probably have to turn up logging in sssd and check its > logs to see what it's doing. That's a good hint. I'll do that tomorrow. With kind regards, ulrich ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bacula backup system
On c7 I can't find mod_perl. Configuring bacula client requires only few lines...with bacula you need only bacula pkgs and one database. With backuppc there are different services to install and configure...some external to centos base. In c7, without mod_perl I must run cgi with suid... Ok bacula is more complex (complexity I mean for its configuration) but It is better organized and less messy. To install backuppc perl is required, to install File::Rsync from cpan I must install gcc. Then installing bacula on server/client and configure them from base repo is less complex and more pratical then download, compile, configure. The complexity is not on ssh key exchange or smb share (sorry for this mistake) but for installation procedure of backuppc is less pratical for me. Then when you learn how to use a software, like samba, for you (i think) samba is the simpliest software to use and configure...but when you use samba, you need only samba pkgs and they work. Il 11/mag/2015 21:05, "John R Pierce" ha scritto: > On 5/11/2015 11:49 AM, Alessandro Baggi wrote: > >> I must install on centos external >> software, configure a web server with cgi with suid enabled (apache does >> not have mod_perl) >> > > yum install httpd,mod_perl > > its all in the base repo of centos 6 at least. > > > I must exchange ssh key or configure smb shares. >> > > > how does bacula connect and authenticate with the host being backed up ? > do you not have to install a bacula file service on each host, configure > authentication and run this as a daemon or service ? I found that > considerably more complex than the ssh key exchange required by backuppc. > > > > > -- > john r pierce, recycling bits in santa cruz > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 7 MATE flakey mouse
I'm using the MATE desktop (via 'yum groupinstall "MATE Desktop"') on CentOS 7. I'm finding the mouse to be rather flakey in the sense that: - in MATE Terminal, clicking on text and dragging the mouse (in order to highlight the text and copy it to the X cut & paste buffer) will sometimes drop the highlight (thus not copying anything), or stop and restart the highlight (thus copying the wrong text). - double clicking in MATE terminal to do highlight and copy in by-words mode often grabs the wrong text In all other versions of xterm-like terminals since the dawn of time, these kinds of operations have been rock-solid. Now they're unpredictable. Is anyone else seeing this kind of behavior? Devin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 MATE flakey mouse
I just realized that more than MATE Terminal is affected. For example, if I'm using firefox on a long web page, click the scrollbar and quickly scroll through the page, then sometimes it behaves like after a bit I've released the mouse button: Instead of scrolling, the mouse (which is now outside of the scroll bar area) starts highlighting text instead. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 MATE flakey mouse
On Mon, 11 May 2015 14:42:36 -0600 Devin Reade wrote: > I just realized that more than MATE Terminal is affected. For > example, if I'm using firefox on a long web page, click the scrollbar > and quickly scroll through the page, then sometimes it behaves like > after a bit I've released the mouse button: Instead of scrolling, > the mouse (which is now outside of the scroll bar area) starts > highlighting text instead. Do you have a wireless mouse? If so, have you replaced the battery lately? -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 MATE flakey mouse
--On Monday, May 11, 2015 02:47:53 PM -0600 Frank Cox wrote: Do you have a wireless mouse? If so, have you replaced the battery lately? USB mouse. Solid under CentOS 6. Different motherboard, et al, though. I guess I could try some hardware swaps or switching to another window manager to see what changes, if anything. desktop changes getting in the way of real work Devin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bacula backup system
Am 11.05.2015 um 20:49 schrieb Alessandro Baggi : > Hi there, > In my last request I have asked info about backuppc and other backup > solutions. After some test I have choosen bacula. Many people said it's too > complex and try to make it works is a challenge. I've tested backuppc and I > don't like it for a stupid reason... I must install on centos external > software, configure a web server with cgi with suid enabled (apache does > not have mod_perl) I must exchange ssh key or configure smb shares. On > backuppc site is reported that there is no database because it is another > point of failure. But to make backup pc working I need different softwares > to make it work. With bacula I need pgsql (installed with 3 step) install > bacula with yum and configure bacula. Bacula is amazing in it's > configurantion...you must spend time for studying it but it is solid and > powerfull. This is my choice and this not mean that backuppc is bad. > > Then after this...I'm new to bacula. > > On different sites, on bacula docs and on sample files, there is specified > a job related to database (catalog) backup. > The catalog is used to restore a backup. > What do you think about backupping catalog on the same backup server? The scenario is a baremetal recovery for example. For this the "volumes" (e.g .tapes, hdd) should be at hand, and to help the restore process also the "catalog" ... > If the backup server dies, how I can restore catalog(s)? the catalog is just a db dump ... so restoring a catalog implies setting a db service up. This helps to browse the meta data and to find the right volume for restoring data. > If server dies, I can restore without reinstall bacula? its possible to "manually" dump your files from your volumes but that is less flexible. We use a process for baremetal restores where we boot a live-system with an "bacula" service enabled and import then the newest catalog. > What solution do you use? Check your use cases. In any case, the catalog helps to restore files. Therefore after "all" bacula jobs we have a catalog job to make sure that we have a current catalog on the volumes, additionally we store the catalog dump outside of the volumes (RunAfterJob). -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bacula backup system
On 5/11/2015 1:28 PM, Alessandro Baggi wrote: To install backuppc perl is required, to install File::Rsync from cpan I must install gcc. never met a unix that didn't come with Perl already installed, or as a base option Using CPAN on a package-based distribution can lead to conflicts, rather, you should install cpan modules from a repository, for instance,perl-File-RsyncP is in EPEL, same as BackupPC, so when I yum --enablerepo=epel install BackupPC, it installs all prerequisites. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bacula backup system
--On Monday, May 11, 2015 02:26:17 PM -0700 John R Pierce wrote: never met a unix that didn't come with Perl already installed, or as a base option SunOS-4 :) Didn't have emacs, either, nor an ANSI-C compiler. And the OS came on QIC-150 tape (ie: 150 MB total capacity). Not that that defeats the argument ... Devin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bacula backup system
Good times. (Sent from iPhone, so please accept my apologies in advance for any spelling or grammatical errors.) > On May 11, 2015, at 5:11 PM, Devin Reade wrote: > > --On Monday, May 11, 2015 02:26:17 PM -0700 John R Pierce > wrote: > >> never met a unix that didn't come with Perl already installed, or as a >> base option > > SunOS-4 :) > > Didn't have emacs, either, nor an ANSI-C compiler. And the OS came > on QIC-150 tape (ie: 150 MB total capacity). > > Not that that defeats the argument ... > > Devin > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 MATE flakey mouse
On Mon, May 11, 2015 at 02:38:21PM -0600, Devin Reade wrote: > I'm using the MATE desktop (via 'yum groupinstall "MATE Desktop"') on > CentOS 7. I'm finding the mouse to be rather flakey in the sense > that: > - in MATE Terminal, clicking on text and dragging the mouse (in order >to highlight the text and copy it to the X cut & paste buffer) will >sometimes drop the highlight (thus not copying anything), or >stop and restart the highlight (thus copying the wrong text). > > - double clicking in MATE terminal to do highlight and copy in >by-words mode often grabs the wrong text > > In all other versions of xterm-like terminals since the dawn of time, > these kinds of operations have been rock-solid. Now they're unpredictable. > > Is anyone else seeing this kind of behavior? Not me. I remember seeing a thread, somewhere (possibly a Fedora list, maybe) a few months ago about well-used Logitech mice giving multiple clicks for a single depression of a button. What you describe sounds kinda like that, to me. Do you have another mouse to try it with? -- Fred Smith -- fre...@fcshome.stoneham.ma.us - "For him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy--to the only God our Savior be glory, majesty, power and authority, through Jesus Christ our Lord, before all ages, now and forevermore! Amen." - Jude 1:24,25 (niv) - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] appdynamics php agent prevented by SELinux
Well, I was having a heck of a time with the rpm install in terms of
customizing the install directory.
So I thought the easy way out might be to go for a source install. Which I
tried and this was the output from the install:
[root@web1:/opt/AppDynamics/appdynamics-php-agent] #./install.sh
appd.jokefire.com 443 beta.jokefire.com "Web Front End" web1.jokefire.com
Install script for AppDynamics PHP Agent
4.0.5.0GA.8351.c72adcc398473f98f9cb976a652747d94c617ec9
Found PHP installation in /bin
Detected PHP Version:
PHP 5.4.40 (cli) (built: Apr 15 2015 15:44:44)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
PHP version id:5.4
PHP extensions directory: /usr/lib64/php/modules
PHP ini directory: /etc/php.d
Controller Host: appd.mydomain.com
Controller Port: 443
Application Name: beta.mydomain.com
Tier Name: Web Front End
Node Name: web1.mydomain.com
Account Name:
Access Key:
SSL Enabled: false
HTTP Proxy Host:
HTTP Proxy Port:
HTTP Proxy User:
HTTP Proxy Password File:
Writing
'/opt/AppDynamics/appdynamics-php-agent/php/conf/appdynamics_agent_log4cxx.xml'
Writing '/etc/php.d/appdynamics_agent.ini'
Writing
'/opt/AppDynamics/appdynamics-php-agent/proxy/conf/controller-info.xml'
rm -f "/usr/lib64/php/modules/appdynamics_agent.so"
ln -s "/opt/AppDynamics/appdynamics-php-agent/php/modules/
appdynamics_agent_php_5.4.so" "/usr/lib64/php/modules/appdynamics_agent.so"
Writing '/opt/AppDynamics/appdynamics-php-agent/proxy/runProxy'
That seemed a little more like it! At least it's out of the way and in a
directory that's a little easier to control - /opt. And also I was able to
specify some important information like what appd controller I was using
etc that I wasn't using a source install.
However, I found that really strange SELinux just followed me to the new
location. Sigh...
[root@web1:~] #systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: active (running) since Mon 2015-05-11 22:31:36 EDT; 26s ago
Process: 14829 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited,
status=0/SUCCESS)
Process: 25728 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
(code=exited, status=0/SUCCESS)
Main PID: 14840 (httpd)
Status: "Total requests: 19; Current requests/sec: 1.2; Current traffic:
614 B/sec"
CGroup: /system.slice/httpd.service
├─14840 /usr/sbin/httpd -DFOREGROUND
├─14844 /usr/sbin/httpd -DFOREGROUND
├─14845 /usr/sbin/httpd -DFOREGROUND
├─14846 /usr/sbin/httpd -DFOREGROUND
├─14848 /usr/sbin/httpd -DFOREGROUND
├─14849 /usr/sbin/httpd -DFOREGROUND
├─14850
/opt/AppDynamics/appdynamics-php-agent/proxy/jre/bin/java -server -Xmx300m
-Xms50m -classpath
/opt/AppDynamics/appdynamics-php-agent/proxy/conf/logging:/opt/AppDynamics/appdynamics-p...
├─14905 /usr/sbin/httpd -DFOREGROUND
├─32210 /usr/bin/newrelic-daemon -A -s -p
/var/run/newrelic-daemon.pid -l /var/log/newrelic/newrelic-daemon.log -d
verbosedebug
└─32211 /usr/bin/newrelic-daemon -A -s -p
/var/run/newrelic-daemon.pid -l /var/log/newrelic/newrelic-daemon.log -d
verbosedebug
May 11 22:31:38 web1 python[14832]: SELinux is preventing
/opt/AppDynamics/appdynamics-php-agent/proxy/jre/bin/java from unlink
access on the file testfile7644450607057334348.tmp.
* Plugin catchall_labels (83.8
confidence) suggests ***...
May 11 22:31:38 web1 python[14832]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from block_suspend access on
the capability2 Unknown.
* Plugin catchall (100.
confidence) suggests **...
May 11 22:31:39 web1 python[14832]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the
directory lib.
* Plugin catchall (100.
confidence) suggests **...
May 11 22:31:39 web1 python[14832]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
libjzmq.so.0.
* Plugin catchall (100.
confidence) suggests **...
May 11 22:31:39 web1 python[14832]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from setattr access on the
file libjzmq.so.0.
* Plugin catchall (100.
confidence) suggests **...
May 11 22:31:40 web1 python[14832]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from setattr access on the
directory tp.
* Plugin catchall (100.
confidence) suggests **...
May 11 22:31:40 web1 python[14832]: SELinux
Re: [CentOS] appdynamics php agent prevented by SELinux
> On 12 May 2015, at 03:39, Tim Dunphy wrote: >* Plugin catchall_labels (83.8 > confidence) suggests ***... > May 11 22:31:38 web1 python[14832]: SELinux is preventing > /usr/lib/appdynamics-php5/proxy/jre/bin/java from block_suspend access on > the capability2 Unknown. > Why is that odd? Well mainly because I have SELinux off at the moment. > > [root@web1:~] #getenforce 0 > Permissive This means SELinux is ON in a kind of testing mode. It is only reporting what would be blocked and not "enforcing" anything. So the messages are basically informing you that you WILL have problems IF you enable enforcing mode. Checking AppDynamic PHP agent it does not support SELinux (which is insanely poor for the license cost!) so best you can do is ignore the messages. It may be better to contact their support channels for help too rather then here if you need any more. Disabling SELinux completely should stop the messages appearing completely, though I advise against anything but enforcing mode. Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bacula backup system
John, are you using c6? I have c7 and epel, nux repo and can't find this packages on these repo. Only backuppc on nux repo. Il 11/mag/2015 23:26, "John R Pierce" ha scritto: > On 5/11/2015 1:28 PM, Alessandro Baggi wrote: > >> To install backuppc perl is required, >> to install File::Rsync from cpan I must install gcc. >> > > never met a unix that didn't come with Perl already installed, or as a > base option > > Using CPAN on a package-based distribution can lead to conflicts, rather, > you should install cpan modules from a repository, for instance, > perl-File-RsyncP is in EPEL, same as BackupPC, so when I yum > --enablerepo=epel install BackupPC, it installs all prerequisites. > > > > > > -- > john r pierce, recycling bits in santa cruz > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
