[CentOS] CentOS-announce Digest, Vol 127, Issue 4

2015-09-09 Thread centos-announce-request 
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2015:1741 Important CentOS 6 haproxy Security Update
  (Johnny Hughes)
   2. CESA-2015:1742 Moderate CentOS 7 subversion   Security Update
  (Johnny Hughes)
   3. CESA-2015:1741 Important CentOS 7 haproxy Security Update
  (Johnny Hughes)
   4. CEBA-2015:1743 CentOS 7 radvd FASTTRACK BugFixUpdate
  (Johnny Hughes)


--

Message: 1
Date: Tue, 8 Sep 2015 19:57:39 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2015:1741 Important CentOS 6 haproxy
Security Update
Message-ID: <20150908195739.ga22...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2015:1741 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1741.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
d4fc2abb0dfd295ca7c60bf84a21d21307764c65861003dd3802499585a42d93  
haproxy-1.5.4-2.el6_7.1.i686.rpm

x86_64:
a5b21cea5b73ac1e468a5737fc034c6379c678baff3bd1f0cd175c2c1afef340  
haproxy-1.5.4-2.el6_7.1.x86_64.rpm

Source:
a68d2f70f31ae1f411bcd557a17b03e4f000491d8bde3c642551b885844d655e  
haproxy-1.5.4-2.el6_7.1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 2
Date: Tue, 8 Sep 2015 21:07:49 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2015:1742 Moderate CentOS 7 subversion
Security Update
Message-ID: <20150908210749.ga28...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2015:1742 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1742.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
1ac68982e8d6c3c4f08338e829f9b84b172f98107065097924fb229125151516  
mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm
1319d6c52f045e1e43bcb45c6508d3791a17a255c9226cbc943906de3b34eab0  
subversion-1.7.14-7.el7_1.1.i686.rpm
5761b0600d662fee4d1cc5c5507a5669648f1442d1f51751e54f773da8b9460f  
subversion-1.7.14-7.el7_1.1.x86_64.rpm
b883397028c9b71a8854f7dbbe7c5aff09cdd82b03444281d4cd3cedcfefc322  
subversion-devel-1.7.14-7.el7_1.1.i686.rpm
e48a1950a59d980de126d690fa3f8e1be52f6f0735e7a4ef7e613229e126a9fb  
subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm
965bcce500931a97b42cdc8ef89b5643ebfba5aff1d7aebeba4aef0a201a67d7  
subversion-gnome-1.7.14-7.el7_1.1.i686.rpm
44517d753fe363f67c81e4ad38bc41fc7119ba0bb658a43ebfa126b5e6e8a702  
subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm
304267248f354b87b4f04f41721a03ba1b9ad8930d1601109b828396f8ddeacc  
subversion-javahl-1.7.14-7.el7_1.1.i686.rpm
1d1ab0cae3f01ecf9f21c886fc0aa81d9ac0b909c4b8840afb379747a613bd38  
subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm
f7be0dc76695ba90e8c11b8f9bd62adf93e3c383f3329ff2dc318d4fea58e7c5  
subversion-kde-1.7.14-7.el7_1.1.i686.rpm
5cd4c89e73bc8173e04748558a03fd95730f0863fbed3b007620bdf35f5d5741  
subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm
26731c80577860969dee68da1009dd0816d54c149d8a8298f8213526c328a100  
subversion-libs-1.7.14-7.el7_1.1.i686.rpm
eb70a5a6f846a83489ffb5b30d163a536382f5a8260f8d998467a1f37a126258  
subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
e0a58ae9d270a340db24c7a1982b9245b86f55924e5f6f532d3670e98799a5c6  
subversion-perl-1.7.14-7.el7_1.1.i686.rpm
da31f9b3e092e50ecff8ae1c71e465b6b1099b9e057844ddc0699e970fb95683  
subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm
5abb5f007da2bc855a86c79778116d4521559cccbcee02ec2cec2edda9fe  
subversion-python-1.7.14-7.el7_1.1.x86_64.rpm
b954725e526255571c98895f67018d6e45de5d60656ae4909a81b3a24fa48e60  
subversion-ruby-1.7.14-7.el7_1.1.i686.rpm
99720bc6cff9a2499cb83927bec535a06401c1765234435b8a194f60a22c0e17  
subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm
2c9f4a74ee2c97a5c0c23aeef34ac10281ff04a6ed8c69934058309e1cc08cc8  
subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm

Source:
2a4bffe27a66fd5f06362c6c8f5544558ccd38d76cda59145a6e9033d252d452  
subversion-1.7.14-7.el7_1.1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 3
Date: Tue, 8 Sep 2015 21:08:02 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2015:1741 Import

[CentOS] Working with PEM content

2015-09-09 Thread Alice Wonder 

Hi,

If I need to script some management of text files with PEM content, are 
there already some tools that exist that do this safely?


e.g.

somecert.pem that might contain

-BEGIN CERTIFICATE-
blah blah
-END CERTIFICATE-
-BEGIN DH PARAMETERS-
more blah
-END DH PARAMETERS-

What I would like is a utility that can read that file, remove the DH 
parameters, write new file, validate new file is valid PEM contents, and 
give exit status 0 on success.


Could be done with standard scripting methods but I'm guessing a perl or 
python tool already exists that won't have me hitting myself when I make 
a stupid scripting mistake.


Google and Bing lately though seem to be getting harder and harder for 
me to use to find that kind of stuff.


Suggestions?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Nginx with php-fpm is not work

2015-09-09 Thread Martin Zhou 
Hi, everybody,

 

This is a new system environment.

 

I was using YUM to install Nginx and php-fpm, every time I try to access the
page, php-fpm will be crash. Php-fpm error log as below, please help me fix
it. Thanks.

 

PHP-fpm log:

[09-Sep-2015 12:25:25] NOTICE: Terminating ...

[09-Sep-2015 12:25:25] NOTICE: exiting, bye-bye!

[09-Sep-2015 12:25:26] NOTICE: fpm is running, pid 20339

[09-Sep-2015 12:25:26] NOTICE: ready to handle connections

[09-Sep-2015 12:27:07] WARNING: [pool www] child 20343 exited on signal 11
(SIGSEGV) after 101.435499 seconds from start

[09-Sep-2015 12:27:07] NOTICE: [pool www] child 20348 started

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BackupPC problem - wrong user

2015-09-09 Thread Timothy Murphy 
anax wrote:

> On 2015-09-08 12:18, Timothy Murphy wrote:
>> I recently moved BackupPC from CentOS-6 to CentOS-7.
>> But when I browse to localhost/BackupPC I'm told
>>Error: Wrong user: my userid is 48[apache], instead of 984(backuppc)
>>
>> As far as I can tell, the BackupPC settings are exactly the same
>> as they were before the move.
>>
>> It seems htttpd is running the program as user apache
>> rather than backuppc, as required.
>> Is there a simple setting in /etc/httpd/ that will tell httpd
>> to run as a different user?

> Hi Tim
> if you try with suexec?

Thanks for the suggestion.
I had actually seen suexec mentioned,
but on looking for a simple example of suexec in action
I could only find ones referring to CGI scripts.

I found the official document 
extraordinarily complicated, and it was not clear if this program
can actually be applied to BackupPC, since it refers throughout to CGI.

I guess I'll start by changing
  User apache
  Group apache
in /etc/httpd/conf/httpd.conf
and then later see if I can make sense of suexec .


-- 
Timothy Murphy  
gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Saving session with terminal window open upon logout

2015-09-09 Thread Gilbert Sebenste 

On Tue, 8 Sep 2015, Gilbert Sebenste wrote:


Hello everyone,

I tried Googling this, looking through admin notes...and I couldn't find 
this. And I know someone smart out here has the answer!


When I log out of a user account, I want it to, when I log back in,
have a terminal window pop up on my Gnome windows display, as I did
before I logged out.

How do I save a session before or as I log out? I am running
Centos 6.7, 64-bit.

Gilbert


Someone sent me (someone by the name of Mark) a personal reply; would you 
resend it, as I am experiencing technical difficulties here. Thanks!


Gilbert

***
Gilbert Sebenste
(My opinions only!)  **
***
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7.1.1503 + Dovecot + IPA

2015-09-09 Thread Kanwar Ranbir Sandhu 
On Tue, 2015-09-08 at 13:53 -0700, Alice Wonder wrote:
> You could try rebuilding this src.rpm -
> 
> http://awel.domblogger.net/7/libre/src/repoview/dovecot.html
> 
> That's what I use for Dovecot on CentOS 7 but I build it against 
> LibreSSL so you probably don't want my binary RPM but the src.rpm
> will 
> build against stock CentOS OpenSSL just fine w/o modification.
> 
> I don't know if it will fix your issue but it is latest release that
> the 
> dovecot list claims has the issue fixed.

Thanks for the offer, but I need to know if anyone else has encountered
the problem I'm having. I'm having a hard time believing no one else
has run into this.

Is there a point in creating a bug report about this in the CentOS
tracker since we'd have to wait for someone to report it to Red Hat
(and for them to fix it) first?

Ranbir

-- 
Kanwar R.S. Sandhu

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Error installing Kmymoney

2015-09-09 Thread CS DBA 
Hi All;

I'm runing a new install of CentOS 7, enabled the epel repo and ran:

# yum install kmymoney

I get this:

Resolving Dependencies
--> Running transaction check
---> Package kmymoney.x86_64 0:4.6.6-1.el7 will be installed
--> Processing Dependency: kmymoney-libs(x86-64) = 4.6.6-1.el7 for package:
kmymoney-4.6.6-1.el7.x86_64
--> Processing Dependency: libkmm_widgets.so.4()(64bit) for package:
kmymoney-4.6.6-1.el7.x86_64
--> Processing Dependency: libkmm_plugin.so.4()(64bit) for package:
kmymoney-4.6.6-1.el7.x86_64
--> Processing Dependency: libkmm_mymoney.so.4()(64bit) for package:
kmymoney-4.6.6-1.el7.x86_64
--> Processing Dependency: libcalligrakdchart.so.13()(64bit) for package:
kmymoney-4.6.6-1.el7.x86_64
--> Running transaction check
---> Package kmymoney.x86_64 0:4.6.6-1.el7 will be installed
--> Processing Dependency: libcalligrakdchart.so.13()(64bit) for package:
kmymoney-4.6.6-1.el7.x86_64
---> Package kmymoney-libs.x86_64 0:4.6.6-1.el7 will be installed
--> Finished Dependency Resolution
Error: Package: kmymoney-4.6.6-1.el7.x86_64 (epel)
   Requires: libcalligrakdchart.so.13()(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest


I cant seem to get past this, using --skip-broken does not work.

Anyone have any suggestions?

Thanks in advance...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CUPS not generating a printcap file

2015-09-09 Thread Vanhorn, Mike 

According to all of the documentation I can find, an /etc/printcap file
(or whatever filename is specified with the Printcap directive) is
generated by cupsd ever time a printer is added or removed. On all of my
CentOS 6.7 systems, this is NOT happening. I can restart cups and add or
remove printers over and over and it still doesn't generate the printcap
file. 

Is this a known issue, or is there some way that CentOS is blocking this
from happening?

---
Mike VanHorn
Senior Computer Systems Administrator
College of Engineering and Computer Science
Wright State University
265 Russ Engineering Center
937-775-5157
michael.vanh...@wright.edu
http://www.cecs.wright.edu/~mvanhorn/



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Error installing Kmymoney

2015-09-09 Thread Leonard den Ottolander 
On Wed, 2015-09-09 at 08:40 -0600, CS DBA wrote:
> --> Finished Dependency Resolution
> Error: Package: kmymoney-4.6.6-1.el7.x86_64 (epel)
>Requires: libcalligrakdchart.so.13()(64bit)
>  You could try using --skip-broken to work around the problem
>  You could try running: rpm -Va --nofiles --nodigest
> 
> 
> I cant seem to get past this, using --skip-broken does not work.
> 
> Anyone have any suggestions?

Apparently the calligra-* packages in EPEL got updated but kmymoney was
not rebuild against these new libraries. The current calligra-dkchart
packages provides libcalligrakdchart.so.14.

You should file this as a bug in RH bugzilla. Point out kmymoney needs
to be rebuilt against the new calligra-* libraries.

You could try rebuilding from srpm against the recent calligra-*
libraries, but I have no idea how much dependencies you will have to
build to accomplish this.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Working with PEM content

2015-09-09 Thread Alice Wonder 
cat ${CERT} |sed '/^-BEGIN DH PARAMETERS-$/,/^-END DH 
PARAMETERS-$/d' > ${TMPFILE}


(one line) seems to work every time as long as it is well formed.

On 09/09/2015 05:12 AM, Alice Wonder wrote:

Hi,

If I need to script some management of text files with PEM content, are
there already some tools that exist that do this safely?

e.g.

somecert.pem that might contain

-BEGIN CERTIFICATE-
blah blah
-END CERTIFICATE-
-BEGIN DH PARAMETERS-
more blah
-END DH PARAMETERS-

What I would like is a utility that can read that file, remove the DH
parameters, write new file, validate new file is valid PEM contents, and
give exit status 0 on success.

Could be done with standard scripting methods but I'm guessing a perl or
python tool already exists that won't have me hitting myself when I make
a stupid scripting mistake.

Google and Bing lately though seem to be getting harder and harder for
me to use to find that kind of stuff.

Suggestions?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Error installing Kmymoney

2015-09-09 Thread CS DBA 



On 09/09/2015 09:27 AM, Leonard den Ottolander wrote:

On Wed, 2015-09-09 at 08:40 -0600, CS DBA wrote:

--> Finished Dependency Resolution
Error: Package: kmymoney-4.6.6-1.el7.x86_64 (epel)
Requires: libcalligrakdchart.so.13()(64bit)
  You could try using --skip-broken to work around the problem
  You could try running: rpm -Va --nofiles --nodigest


I cant seem to get past this, using --skip-broken does not work.

Anyone have any suggestions?

Apparently the calligra-* packages in EPEL got updated but kmymoney was
not rebuild against these new libraries. The current calligra-dkchart
packages provides libcalligrakdchart.so.14.

You should file this as a bug in RH bugzilla. Point out kmymoney needs
to be rebuilt against the new calligra-* libraries.

You could try rebuilding from srpm against the recent calligra-*
libraries, but I have no idea how much dependencies you will have to
build to accomplish this.

Regards,
Leonard.

Thanks, I'll submit a bug. Tried to compile it myself locally, way too 
many dependencies, didn't get too far



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Working with PEM content

2015-09-09 Thread Gordon Messmer 

On 09/09/2015 05:12 AM, Alice Wonder wrote:
If I need to script some management of text files with PEM content, 
are there already some tools that exist that do this safely? 


"openssl" provides commands that should be able to process the PEM 
components in-place.


For instance, if you want to extract the certificate, only, from a PEM 
file, you can:

  openssl x509 -in somecert.pem -out cert-only.pem

...and for the private key:
  openssl rsa -in somecert.pem -out key-only.pem

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum list-sec CVE

2015-09-09 Thread Raymond Durand 
2015-09-03 12:56 GMT+02:00 Karanbir Singh :

> On 02/09/15 19:27, Raymond Durand wrote:
> > Hi,
> >
> > Is the command
> > #yum list-sec cves
> >
> > still compatible with Centos7?
> >
> this should not have worked with any version of CentOS, you can do some
> scraping and feeding into a local repo instance, but please validate the
> content and the checks reported therein - we do no CVE validation in
> CentOS Buildsystems.
>
>
Ok thanks.
# yum updateinfo list --security

should work and return the security updates with other references then,
right?



>
> --
> Karanbir Singh
> +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
> GnuPG Key : http://www.karan.org/publickey.asc
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7.1.1503 + Dovecot + IPA

2015-09-09 Thread Mike 


On Tue, 8 Sep 2015, Kanwar Ranbir Sandhu wrote:


Hi Everyone,





My question is simply this: does anyone else have
dovecot-2.2.10-4.el7_0.1.x86_64 working with GSSAPI auth against an IPA
server? IPA is also running on CentOS 7.1.1503.


Yep, I have it working. It's been almost 6 months since I set it up so 
don't recall many details other than it was NOT trivial :). Have only 
used alpine and thunderbird clients, both work fine.


-- Mike

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum list-sec CVE

2015-09-09 Thread Jim Perrin 


On 09/09/2015 12:32 PM, Raymond Durand wrote:

> Ok thanks.
> # yum updateinfo list --security
> 
> should work and return the security updates with other references then,
> right?


No. We don't validate the CVEs, so we also don't include the repodata,
as that would lead people to think we do.


-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] automounter with users home directories on centos 7.

2015-09-09 Thread Jason Welsh 
Has anyone gotten this to work? Im studing for my rhce and was trying to 
get this to work and its just not working like it shows in the book im 
going by.
So basically I have two centos 7 servers running under kvm.. One is the 
nfs server, one is the nfs client.. I have been mounting up other NFS 
shares on the client and they work fine.. The automounter also seems to 
mount direct mounts fine as well.. But when I try to do home 
directories, it just doesnt work..

on my server (named server1), Im exporting /home as
/homeserver2(rw,sync,no_root_squash)

on my client, ive got
[root@server2 ~]# grep home /etc/auto.master
/home/etc/auto.home --timeout=120
and
[root@server2 ~]# cat /etc/auto.home
*-rw,soft,intrserver1:/home/&
[root@server2 ~]#

and on server1, ive got the selinux enabled, but have the following 
booleans set.

[root@server1 ~]# getsebool -a | grep nfs_
nfs_export_all_ro --> on
nfs_export_all_rw --> on
use_nfs_home_dirs --> on
[root@server1 ~]#

so when I try to switch to my user on server2 (client), I get
[root@server2 ~]# su - user1
Last login: Wed Sep  9 16:25:27 EDT 2015 on pts/0
su: warning: cannot change directory to /home/user1: No such file or 
directory

-bash-4.2$

and theres nothing in the logs that I can find as to why the automount  
isnt working..

[root@server2 ~]# showmount -e server1
Export list for server1:
/home server2

I generated a log (on both server) with sealert, but it shows
found 0 alerts in /var/log/audit/audit.log

any ideas?


--
Jason

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] automounter with users home directories on centos 7.

2015-09-09 Thread Pete Geenhuizen 

Not tried automount with Centos 7 nor with selinux.

With that said autofs relies on nfs mounting to work, so have you 
started there by attempting to manually mount /home?


Another place to look is at the hostname.  I've had problems where auto 
mount doesn't like the short name and insists on using a FQDN, to get 
around that you could try using the IP address rather than the hostname.


On 09/09/15 16:31, Jason Welsh wrote:

showmount -e


--
If money can fix it, it's not a problem.
 -- Click and Clack the Tappet brothers

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] setting up solr/tomcat gives 404 page

2015-09-09 Thread Tim Dunphy 
Hey all,

 I tried following a few guides and I'm struggling with trying to setup
apache solr 4.10 under apache tomcat 7.0.64 along with the drupal config
necessary to get that this working with drupal.

The latest guide I followed was this one which seemed like it might work:

http://duntuk.com/how-install-apache-solr-46-apache-tomcat-7-use-drupal

I followed everything to the letter and ended up with a 404 status page
when I hit http://ipaddress:8080/solr

I think the answer lies in putting the renaming the 'collection1' core to
the right location under the name 'drupal'. But how to do that seems to be
left out of that tutorial.

In the tomcat logs I just see the following:

100.116.32.93 - - [09/Sep/2015:16:52:56 -0400] "GET /solr HTTP/1.1" 404 959

Which isn't very informative!!

Any chance I can get some help in getting this working?

Thanks,
Tim


-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] automounter with users home directories on centos 7.

2015-09-09 Thread James A. Peltier 
- Original Message -
| Not tried automount with Centos 7 nor with selinux.
| 
| With that said autofs relies on nfs mounting to work, so have you
| started there by attempting to manually mount /home?
| 
| Another place to look is at the hostname.  I've had problems where auto
| mount doesn't like the short name and insists on using a FQDN, to get
| around that you could try using the IP address rather than the hostname.
| 
| On 09/09/15 16:31, Jason Welsh wrote:
| > showmount -e
| 
| --
| If money can fix it, it's not a problem.
|   -- Click and Clack the Tappet brothers

/home is a directory by default on all GNU/Linux hosts.  If you plan to use it 
as a mount point then you need to remove the directory and then start autofs 
otherwise there will be a conflict.
-- 
James A. Peltier
IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone   : 604-365-6432
Fax : 778-782-3045
E-Mail  : jpelt...@sfu.ca
Website : http://www.sfu.ca/itservices
Twitter : @sfu_rcg
Powering Engagement Through Technology
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rsync question

2015-09-09 Thread Carl E. Hartung 
On Wed, 9 Sep 2015 05:51:38 -0700 (PDT)
Mark Milhollan wrote:

> On Tue, 8 Sep 2015, Carl E. Hartung wrote:
> >On Tue, 8 Sep 2015 10:25:33 -0700 (PDT) Mark Milhollan wrote:
> 
> >> -e specifies the *local* transport command to use
> >
> >What?! Straight from the documentation:
> >
> >"   -e, --rsh=COMMAND   specify the remote shell to use"
> 
> If only one can properly interpret the meaning...  COMMAND is the
> local command to run to obtain a remote (non-interactive) shell, so
> it isn't that the remote shell program (invoked once the transport is
> connected) is being specified, i.e., it is which `remsh' to use.  The
> -p and -l provided thereby may be necessary, since the one is not the
> default and the other isn't known to us to be the same as the local
> user, which you glossed over as if one never has a need to specify.
> 
> Orthogonal to Robert's problem, the switch from default use of rsh to 
> ssh has made it a requirement for (good) automation to always supply
> a -e to ensure the correct command is used to account for all
> potential versions of rsync that may be used.
> 
> >> , and in this case it also specifies the remote port (613) and user
> >> (root).  Granted one should probably use their ssh configuration to
> >> do that but it isn't realy "wrong" (to be questioned) to do it via
> >> options.
> >
> >I didn't explicitly state that it was "wrong," just implied
> >(correctly) that it was unnecessary.
> 
> Potentially unnecessary.  Just because you might see putting the port 
> and user in the ssh config file as the right thing to do, and which I 
> also do whenever possible, doesn't mean Robert necessarily wants to
> or can do so, and after all -e does exist.  Your questioning its use
> as you did implied using it is wrong, to which I object.  Luckily you
> decided to reply to the list quoting me so eventually Robert was
> supplied with the clue you didn't provide, that it might be
> pre-configured.
> 
> 
> /mark

Mark, I would prefer it if you would please send your replies to the
list and not to me personally. I *do* get them if you send them to the
list.

All of these fine grained points you've made regarding options that are
"required for (good) automation" are irrelevant. Robert's post
concerned invoking rsync manually "for backup purposes" -- not for
"automation" as you're envisioning. He wrote "This is not an automated
system.  It is typically a onetime thing ..."

Moreover, my "Why '-e'?" query was paired with a second very specific
question: "Are these systems running disparate operating systems?" The
implication seems pretty clear to me -- not that '-e' was somehow
"wrong" but simply likely unnecessary in his scenario. I stand by that
somewhat informal (less strict than you) evaluation unless and until we
learn that he's actually operating on truly disparate systems.

regards,

Carl
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] bind chroot, bind mounts and selinux

2015-09-09 Thread Tom Robinson 
Hi All,

I'm migrating a CentOS 6 bind instance (chrooted) to a CentOS 7 box and am 
curious of people's
opinions on chrooting vs selinux as a way of securing bind.

The bind-chroot on CentOS 7 also comes with a script 
(/usr/libexec/setup-named-chroot.sh) that sets
up the much maligned systemd and, through bind mounts, creates and extra level 
of chroot hierarchy
giving:

/var/named/chroot/var/named/chroot/var/named

which seems totally unnecessary.

I'm sure that bind-chroot would be happy enough running without the bind mounts 
but would I be
loosing anything in terms of security?

Also, would I bother with chrooting at all if selinux can secure the 
environment for me?

My own opinions aside what do others think and has anyone had experience with 
this?

Kind regards,
Tom

-- 

Tom Robinson
IT Manager/System Administrator

MoTeC Pty Ltd

121 Merrindale Drive
Croydon South
3136 Victoria
Australia

T: +61 3 9761 5050
F: +61 3 9761 5051   
E: tom.robin...@motec.com.au




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rsync question

2015-09-09 Thread Robert Moskowitz 



On 09/09/2015 08:17 PM, Carl E. Hartung wrote:

On Wed, 9 Sep 2015 05:51:38 -0700 (PDT)
Mark Milhollan wrote:


On Tue, 8 Sep 2015, Carl E. Hartung wrote:

On Tue, 8 Sep 2015 10:25:33 -0700 (PDT) Mark Milhollan wrote:

-e specifies the *local* transport command to use

What?! Straight from the documentation:

"   -e, --rsh=COMMAND   specify the remote shell to use"

If only one can properly interpret the meaning...  COMMAND is the
local command to run to obtain a remote (non-interactive) shell, so
it isn't that the remote shell program (invoked once the transport is
connected) is being specified, i.e., it is which `remsh' to use.  The
-p and -l provided thereby may be necessary, since the one is not the
default and the other isn't known to us to be the same as the local
user, which you glossed over as if one never has a need to specify.

Orthogonal to Robert's problem, the switch from default use of rsh to
ssh has made it a requirement for (good) automation to always supply
a -e to ensure the correct command is used to account for all
potential versions of rsync that may be used.


, and in this case it also specifies the remote port (613) and user
(root).  Granted one should probably use their ssh configuration to
do that but it isn't realy "wrong" (to be questioned) to do it via
options.

I didn't explicitly state that it was "wrong," just implied
(correctly) that it was unnecessary.

Potentially unnecessary.  Just because you might see putting the port
and user in the ssh config file as the right thing to do, and which I
also do whenever possible, doesn't mean Robert necessarily wants to
or can do so, and after all -e does exist.  Your questioning its use
as you did implied using it is wrong, to which I object.  Luckily you
decided to reply to the list quoting me so eventually Robert was
supplied with the clue you didn't provide, that it might be
pre-configured.


/mark

Mark, I would prefer it if you would please send your replies to the
list and not to me personally. I *do* get them if you send them to the
list.

All of these fine grained points you've made regarding options that are
"required for (good) automation" are irrelevant. Robert's post
concerned invoking rsync manually "for backup purposes" -- not for
"automation" as you're envisioning. He wrote "This is not an automated
system.  It is typically a onetime thing ..."

Moreover, my "Why '-e'?" query was paired with a second very specific
question: "Are these systems running disparate operating systems?" The
implication seems pretty clear to me -- not that '-e' was somehow
"wrong" but simply likely unnecessary in his scenario. I stand by that
somewhat informal (less strict than you) evaluation unless and until we
learn that he's actually operating on truly disparate systems.


Fedora22 and Centos7.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind chroot, bind mounts and selinux

2015-09-09 Thread Robert Moskowitz 
I went through the chroot/selinux review when Centos6 came out.  I went 
with selinux and no chroot.


I don't have too much of an issue with systemd; I am learning it as I go.

I am putting up a Samba4 AD with Bind-DLZ backend.  The Samba wiki 
explicitly calls out no chroot and kind of explains why.


so I come out on the selinux side.

On 09/09/2015 09:09 PM, Tom Robinson wrote:

Hi All,

I'm migrating a CentOS 6 bind instance (chrooted) to a CentOS 7 box and am 
curious of people's
opinions on chrooting vs selinux as a way of securing bind.

The bind-chroot on CentOS 7 also comes with a script 
(/usr/libexec/setup-named-chroot.sh) that sets
up the much maligned systemd and, through bind mounts, creates and extra level 
of chroot hierarchy
giving:

/var/named/chroot/var/named/chroot/var/named

which seems totally unnecessary.

I'm sure that bind-chroot would be happy enough running without the bind mounts 
but would I be
loosing anything in terms of security?

Also, would I bother with chrooting at all if selinux can secure the 
environment for me?

My own opinions aside what do others think and has anyone had experience with 
this?

Kind regards,
Tom



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 + Dell Latitude E6420 laptop = thermalshutdown

2015-09-09 Thread deoren 
> On 6/23/2015 7:22 AM, johan.vermeulen7 at telenet.be wrote:
> > Hello All,
> >
> > installing these laptops went ok, but indeed, they shutdown on logon.
> > When coming back up, I get a bios warning about temperature.
> > On my first attempt on installing Nvidia driver, I wrecked the laptop.
> > To be continued.
> >
> > greetings, Johan
>
>
> Hi,
>
> Thanks for your feedback. I can't say I'm "happy" that someone else is
> having the same problem, but I'm relieved that it's not just something
> odd with the setup I am using.
>
> Any luck? I'm hoping to have a chance to look more into this myself in
> the next few weeks once some other projects calm down. Ironically my
> next step was going to be going after an updated video card driver.
>
> Hello Deoren,
>
> adding elrepo and installing kmod-nvidia seems to have solved the issue.
> I hope this works for you as wel.
>
> greetings, Johan

Thanks for the feedback. I'm a little late getting around to it, but I
got a chance yesterday to look at this again and followed the steps to
enable the ELRepo repository and installed the `kmod-nvidia` package.

Once I did so, I was given a warning that there was a conflict with
libglamoregl and to see the wiki page for more details. I looked on the
site and found this page:

  http://elrepo.org/tiki/kmod-nvidia

which covered not only that issue (basically run `yum remove
xorg-x11-glamor`) but also emphasized that 'kmod-nvidia' might not work
for some older chipsets and that the 'nvidia-detect' package should be
installed and run to check for compatibility.

I did so and got this output:

  kmod-nvidia
  Optimus hardware detected: An Intel display controller was detected
  Either disable the Intel display controller in the BIOS
  or use the bumblebee driver to suport Optimus hardware


Now that the 'kmod-nvidia' driver was installed I rebooted the laptop to
load it upon boot. Since I had rebooted, I checked my BIOS settings and
sure enough I had the 'Enable Optimus' box selected. Figuring myself
clever (ha), I disabled the option and attempted to boot the laptop. I
got a blinking cursor against a black background and the password prompt
to decrypt the disk and finish booting was never given.

Since Ctrl+Alt+Del didn't appear to work, I held the power button and
forced the laptop off. I then re-enabled the option and when the laptop
next booted I got the password prompt to decrypt the disk and the laptop
got to the point where Gnome should have loaded, but the system went no
further. My notes are unclear at this point whether I was referring to
the login window not displaying or whether it did and just logging into
the desktop environment didn't work.

I then installed the 'bumblebee' package and I was able to login without
locking up the system.

I then wiped the laptop, disabled the Optimus support in BIOS and did a
clean installation making sure to use the same settings for the new
installation as the old.

The system booted up and I logged into KDE with no issues and the laptop
remained powered on. Presumably the Optimus option was the issue all along.

In summary:

* If I have the Optimus option enabled I need to enable the ELRepo
repository and install the kmod-nvidia (presumably) and bumblebee packages.

* If I have the Optimus option disabled it appears that I don't need to
do anything else other than install CentOS 7 normally and use it.

Thanks again for your help with this.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind chroot, bind mounts and selinux

2015-09-09 Thread Tom Robinson 
Hi Robert,

Thanks for your response.

On 10/09/15 13:02, Robert Moskowitz wrote:
> I went through the chroot/selinux review when Centos6 came out.  I went with 
> selinux and no chroot.
>
> I don't have too much of an issue with systemd; I am learning it as I go.
I must admit that I'm not that perturbed by systemd either. Reminds a little of 
Solaris SMF.

>
> I am putting up a Samba4 AD with Bind-DLZ backend.  The Samba wiki explicitly 
> calls out no chroot
> and kind of explains why.
Yes, I have already set this up on a CentOS 6 instance and have that working. 
But that is on a
private network. The subject of this post relates to a public facing name 
server so it's a little
more exposed.

Some people would argue that chroot isn't a security mechanism.

>
> so I come out on the selinux side.

My feeling is that selinux should be enough security.

Anyone else care to comment?


>
> On 09/09/2015 09:09 PM, Tom Robinson wrote:
>> Hi All,
>>
>> I'm migrating a CentOS 6 bind instance (chrooted) to a CentOS 7 box and am 
>> curious of people's
>> opinions on chrooting vs selinux as a way of securing bind.
>>
>> The bind-chroot on CentOS 7 also comes with a script 
>> (/usr/libexec/setup-named-chroot.sh) that sets
>> up the much maligned systemd and, through bind mounts, creates and extra 
>> level of chroot hierarchy
>> giving:
>>
>> /var/named/chroot/var/named/chroot/var/named
>>
>> which seems totally unnecessary.
>>
>> I'm sure that bind-chroot would be happy enough running without the bind 
>> mounts but would I be
>> loosing anything in terms of security?
>>
>> Also, would I bother with chrooting at all if selinux can secure the 
>> environment for me?
>>
>> My own opinions aside what do others think and has anyone had experience 
>> with this?
>>
>> Kind regards,
>> Tom
>>
>>
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos