Re: [CentOS] Centos 6.6, apparent xfs corruption

[Nicholas Geovanis]

James Peltier wrote:
> Do you have any XFS optimizations enabled in /etc/fstab such logbsize,
nobarrier, etc?

None.

> is the filesystem full?  What percentage of the file system is availabl
e?

There are 2 xfs filesystems:

/dev/mapper/vg_gries01-LogVol00  3144200 1000428   2143773  32% /opt/splunk
/dev/mapper/vg_gries00-LogVol00  307068  267001 40067  87%
/opt/splunk/hot

You'll notice that the larger just crossed the 1TB boundary.

Thanks.Nick Geovanis
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS6 - Break in attempt? What is the Exploit?

[James B. Byrne]

On Mon, September 21, 2015 15:37, m.r...@5-cent.us wrote:
> Gordon Messmer wrote:
>>
>>> > In other words, the
>>> >hostkeys would be identical.
>>
>> I think what the error indicates is that a client tried to connect
>> to SSH, and the host key there did not match the fingerprint in the
>> client's "known_hosts" database.
>>
>>> It seems to me that someone attempted an ssh connection while
>>> spoofing our internal address.  Is such a thing even possible?
>>> If so then how does it work?
>>
>> In the situation as you've described it, probably not.
>>
>> It would be best to go to your logs themselves for the full
>>> log entry and context, rather than relying on a report that
>>> summarizes log entries.
>
> Looks like someone trying to break in. You *are* running fail2ban, are
> you not? If not, you need to install and fire it up, now.

Yes, we run fail2ban.  No, fail2ban did not catch this because the
number of attempts was below the threshold for a single IP.

The logwatch message reported is incomplete.  Our address was the
destination address.  The source address was not reported by logwatch
but it was logged in the syslog and it was not an internal address. 
It did belong to an organisation that bills itself as "a leader in
enterprise security. . .".

We have contacted them requesting an explanation of the probe.  It
could have been an error on someone's part. I suppose.

We see a lot of cracker traffic from Chile, Romania, Russia and the
Ukraine.  China was such a PITA that eventually we simply cut off that
range of addresses from reaching us by any ports other than 25/80/443
so we do not even see it any more, except via proxy.  Taiwan is nearly
in the same boat and Vietnam is next in the queue.

-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: closing a port on home router

[Bowie Bailey]

On 9/12/2015 9:44 PM, Fred Smith wrote:


yes, there is port forwarding, of course. I'm forwarding a different
port to 22 on my desktop, and want to close 22 on the router so it won't
also allow access to 22 on my desktop.


If you have not set up forwarding for port 22 on the router, it is 
already closed.  You do not need to do anything.


If you want to verify this, just try to connect to port 22 from outside 
your network and see what happens.


--
Bowie
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: closing a port on home router

[Fred Smith]

On Tue, Sep 22, 2015 at 03:11:53PM -0400, Bowie Bailey wrote:
> On 9/12/2015 9:44 PM, Fred Smith wrote:
> >
> >yes, there is port forwarding, of course. I'm forwarding a different
> >port to 22 on my desktop, and want to close 22 on the router so it won't
> >also allow access to 22 on my desktop.
> 
> If you have not set up forwarding for port 22 on the router, it is
> already closed.  You do not need to do anything.
> 
> If you want to verify this, just try to connect to port 22 from
> outside your network and see what happens.
> 
> -- 
> Bowie

Actually, connecting to port 22 works fine, or did until my last hacking
session on the router. Which is why I wanted to make it inaccessible.

My current "solution" is to forward 22 on the WAN side of the router to
9 on the LAN side of the router. since 9 on the LAN side has no services
attached, the incoming connection fails. which is what I wanted.

-- 
---
Under no circumstances will I ever purchase anything offered to me as
the result of an unsolicited e-mail message. Nor will I forward chain
letters, petitions, mass mailings, or virus warnings to large numbers
of others. This is my contribution to the survival of the online
community.
 --Roger Ebert, December, 1996
- The Boulder Pledge -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] PV AMI for CentOS 7

[Jo Rhett]

Is there any chance we could get a PV AMI for CentOS 7 to match the HVM version 
at 
https://aws.amazon.com/marketplace/pp/B00O7WM7QW/ref=srh_res_product_title?ie=UTF8&sr=0-2&qid=1442957668341

We have prepurchased reserved instances based on older PV machines (m1, c1, 
etc) It would be very very helpful to have a PV AMI so we could migrate to 
CentOS 7 on those image types.

https://bugs.centos.org/view.php?id=9499 


-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: closing a port on home router

[John R Pierce]

On 9/22/2015 1:45 PM, Fred Smith wrote:

Actually, connecting to port 22 works fine, or did until my last hacking
session on the router. Which is why I wanted to make it inaccessible.


if you're forwarding WAN port , I do not understand what your router 
is doing with port 22, unless the router itself is also running a sshd




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: closing a port on home router

[Fred Smith]

On Tue, Sep 22, 2015 at 03:09:18PM -0700, John R Pierce wrote:
> On 9/22/2015 1:45 PM, Fred Smith wrote:
> >Actually, connecting to port 22 works fine, or did until my last hacking
> >session on the router. Which is why I wanted to make it inaccessible.
> 
> if you're forwarding WAN port , I do not understand what your
> router is doing with port 22, unless the router itself is also
> running a sshd

well, not , but another port I won't identify here, and it
is forwarded to 22 on my linux box. The idea was to put ssh on an
unusual port. but I couldn't figure out how to close port 22, which
was open by default on the router, apparently. I still don't see any
way in its UI to do it, and didn't especially want to have to write
a custom firewall rule. So I just forwarded WAN/22 to port 9 on
the LAN side of the router.

-- 
---
 .Fred Smith   /  
( /__  ,__.   __   __ /  __   : / 
 //  /   /__) /  /  /__) .+'   Home: fre...@fcshome.stoneham.ma.us 
//  (__ (___ (__(_ (___ / :__ 781-438-5471 
 Jude 1:24,25 -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] vlc: changing volume setting of vlc changes master volume of kmix

[g]

greetings,

using:
CentOS 6.7  current
KDE 4.3.4
VLC media player 2.0.8 Twoflower
KMix 3.5


this problem started happening last week.

any changing of volume setting of vlc changes master volume of kmix.

logging out of kde does not correct. rebooting does.


anyone else see this or know of solution?


tia.


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] vlc: when vlc closes after playing a video, screen is blanked.

[g]

greetings,

using:
CentOS 6.7 current
KDE 4.3.4
VLC media player 2.0.8 Twoflower


for several months, when vlc closes after play a video, screen is blanked.

this happens for _any_ type video.

only way to stop blanking is via;

 System Settings > Display > Power Control

then;

 [X] Enable display power management

click [Apply] button, then;

 [ ] Enable display power management

click [Apply] button.


anyone else see this or know of solution?


tia.


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] ekiga: having problems getting ekiga to make connections

[g]

greetings,

using:
CentOS 6.7  current
KDE 4.3.4
ekiga 3.2.6

i am having problems getting ekiga to make any type of connection.

i have gone thru documentation and troubleshooting manuals with out finding
reason other than;

~]$ ekiga -d 4 2>&1 | grep "PDU is likely too large"
~]$ echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout \
bash: /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout: \
No such file or directory

~]$ echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream \
bash: /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream: \
No such file or directory

as close as above path goes, it is;

   /proc/sys/net/ipv4/

there is no 'netfilter' directory.

what am i missing and misunderstanding?

tia.


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: closing a port on home router

[Always Learning]

On Tue, 2015-09-22 at 18:52 -0400, Fred Smith wrote:

> well, not , but another port I won't identify here, and it
> is forwarded to 22 on my linux box.

Could an 'idea' also be to close permanently port 22 and configure SSH
to use a completely different port ?

Inviting hackers by having a functioning, in one way or another, port 22
is asking for trouble.


-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: closing a port on home router

[Fred Smith]

On Wed, Sep 23, 2015 at 03:32:21AM +0100, Always Learning wrote:
> 
> On Tue, 2015-09-22 at 18:52 -0400, Fred Smith wrote:
> 
> > well, not , but another port I won't identify here, and it
> > is forwarded to 22 on my linux box.
> 
> Could an 'idea' also be to close permanently port 22 and configure SSH
> to use a completely different port ?
> 
> Inviting hackers by having a functioning, in one way or another, port 22
> is asking for trouble.

Paul, thanks for the comment. what you suggest is what my original
post was asking about.

Now, the externally visible port is not 22. my original post was asking
for advice on tweaking the router to close 22, since I could find no
method for that in the router's UI. not wanting to have to write iptables
rules for the router, I found another method that effectively shuts off
port 22. 22 IS NOT OPEN to the world any more.


-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
  "For him who is able to keep you from falling and to present you before his 
 glorious presence without fault and with great joy--to the only God our Savior
 be glory, majesty, power and authority, through Jesus Christ our Lord, before
 all ages, now and forevermore! Amen."
- Jude 1:24,25 (niv) -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: closing a port on home router

[Always Learning]

On Tue, 2015-09-22 at 22:52 -0400, Fred Smith wrote:


> Paul, thanks for the comment. what you suggest is what my original
> post was asking about.
> 
> Now, the externally visible port is not 22. my original post was asking
> for advice on tweaking the router to close 22, since I could find no
> method for that in the router's UI. not wanting to have to write iptables
> rules for the router, I found another method that effectively shuts off
> port 22. 22 IS NOT OPEN to the world any more.

Hi Fred,

That is great. When I started on Linux that was one  of the very first
things I did. Every machine, including servers, has port 22 replaced by
a unique alternative port. Port 22 is also blocked in IPtables.

There is an army of dangerous nutters attempting to break-in to
everything. They often mask their attacks using compromised Windoze
computers all around the world. 


-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: closing a port on home router

[Arun Khan]

On Sun, Sep 13, 2015 at 4:46 AM, Fred Smith
 wrote:
> Hi all!
>
> I'm wanting to close port 22 (ssh) on my home router, and I don't see any
> facilities in its GUI for doing that.
>

man sshd_config; this option is perhaps your solution "ListenAddress."
 So explicitly mention your LAN port(s).


ListenAddress
 Specifies the local addresses sshd(8) should listen on.
The following forms may be used:

   ListenAddress host|IPv4_addr|IPv6_addr
   ListenAddress host|IPv4_addr:port
   ListenAddress [host|IPv6_addr]:port

 If port is not specified, sshd will listen on the address
and all prior Port options specified.  The
 default is to listen on all local addresses.  Multiple
ListenAddress options are permitted.  Addition-
 ally, any Port options must precede this option for
non-port qualified addresses.


HTH
-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Updating intel graphics driver on CentOS7

[C. L. Martinez]

Hi all,

 Is it possible to upgrade intel X11 org driver on CentOS7?? Maybe
with elrepo's packages:
http://elrepo.org/linux/extras/el7/x86_64/RPMS/xorg-x11-drv-intel-2.99.916-1.el7.elrepo.x86_64.rpm??

 It seems it doesn't exists driver in the upstream: https://01.org/linuxgraphics

Thanks,
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Updating intel graphics driver on CentOS7

[Ned Slider]

On 23/09/15 07:00, C. L. Martinez wrote:
> Hi all,
> 
>  Is it possible to upgrade intel X11 org driver on CentOS7?? Maybe
> with elrepo's packages:
> http://elrepo.org/linux/extras/el7/x86_64/RPMS/xorg-x11-drv-intel-2.99.916-1.el7.elrepo.x86_64.rpm??
> 

Yes.

>  It seems it doesn't exists driver in the upstream: 
> https://01.org/linuxgraphics
> 

The upstream is actually at http://xorg.freedesktop.org

If you read the notes, and look at the stack that driver bundle is based
upon, you will see it uses the same (latest) X11 driver as the elrepo
package above:

https://01.org/linuxgraphics/downloads/2015q2-intel-graphics-stack-release

Hope that helps.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos