Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C.L. Martinez]

On 10/13/2015 05:38 PM, Gordon Messmer wrote:

On 10/13/2015 07:39 AM, C. L. Martinez wrote:

Nop, because binary logs (using journalctl) are disabled in this host
... But under /var/log/messages, there is no error ...


If you haven't reconfigured rsyslogd to use the uxsock source, disabling
the journal will also disable the legacy logging system. If your cron
log is actually empty, then you probably aren't getting any logs at all.

Start by turning your logging system back on.  It's the best source of
data that you have at this point.



Correct Gordon, but I have enabled uxsock under rsyslog.conf to avoid 
the situation that you have explained.


Thanks.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C.L. Martinez]

On 10/13/2015 05:49 PM, m.r...@5-cent.us wrote:

zep wrote:

On 10/13/2015 09:54 AM, C. L. Martinez wrote:

I haven't entries in conrtab's users file at this moment, but I have
done a test: * * * * * ls -la, and it is not triggered. But like I say
before, installed system cronjobs like logwatch task are not triggered


I'd say that crontab doesn't actually prove that the job isn't being
triggered, it just proves there's an email config/sending/something
problem.

if you change that to to something like

* * * * * touch /var/tmp/cron-test-file

does it create and keep changing the date on the file?



Dumb question: is there anything in /etc/cron.*?

 mark


Yes:

-rw---  1 root root   0 Jul 27 10:57 /etc/cron.deny
-rw-r--r--. 1 root root 451 Jun  9  2014 /etc/crontab

/etc/cron.d:
total 28
drwxr-xr-x.   2 root root   72 Sep 25 09:10 .
drwxr-xr-x. 115 root root 8192 Oct 14 09:19 ..
-rw-r--r--1 root root  128 Jul 27 10:57 0hourly
-rw-r--r--1 root root  108 Mar  6  2015 raid-check
-rw---1 root root  235 Mar  6  2015 sysstat
-rw-r--r--1 root root  187 Jan 27  2014 unbound-anchor

/etc/cron.daily:
total 40
drwxr-xr-x.   2 root root98 Sep 25 09:11 .
drwxr-xr-x. 115 root root  8192 Oct 14 09:19 ..
-rwxr-xr-x.   1 root root   434 Jun 10  2014 0logwatch
-rwxr-xr-x.   1 root root   332 Mar  9  2015 0yum-daily.cron
-rwx--.   1 root root   180 Jul 31  2013 logrotate
-rwxr-xr-x.   1 root root   618 Mar 17  2014 man-db.cron

/etc/cron.hourly:
total 20
drwxr-xr-x.   2 root root   44 Sep 25 09:10 .
drwxr-xr-x. 115 root root 8192 Oct 14 09:19 ..
-rwxr-xr-x1 root root  392 Jul 27 10:57 0anacron
-rwxr-xr-x.   1 root root  362 Mar  9  2015 0yum-hourly.cron

/etc/cron.monthly:
total 12
drwxr-xr-x.   2 root root6 Jun  9  2014 .
drwxr-xr-x. 115 root root 8192 Oct 14 09:19 ..

/etc/cron.weekly:
total 12
drwxr-xr-x.   2 root root6 Jun  9  2014 .
drwxr-xr-x. 115 root root 8192 Oct 14 09:19 ..

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C.L. Martinez]

On 10/13/2015 02:59 PM, Jonathan Billings wrote:

On Tue, Oct 13, 2015 at 02:39:24PM +, C. L. Martinez wrote:

Nop, because binary logs (using journalctl) are disabled in this host
... But under /var/log/messages, there is no error ...


How did you disable journald?



Changing Storage's option under /etc/systemd/journald.conf to none.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C.L. Martinez]

On 10/13/2015 04:44 PM, zep wrote:



On 10/13/2015 09:54 AM, C. L. Martinez wrote:

I haven't entries in conrtab's users file at this moment, but I have
done a test: * * * * * ls -la, and it is not triggered. But like I say
before, installed system cronjobs like logwatch task are not triggered
... ___ CentOS mailing
list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos


I'd say that crontab doesn't actually prove that the job isn't being
triggered, it just proves there's an email config/sending/something problem.

if you change that to to something like

* * * * * touch /var/tmp/cron-test-file

does it create and keep changing the date on the file?



Nothing ... There is not cron-test-file under /var/tmp ...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Help needed in CentOS 6.7 installation

[Amar]

Hi,

I have a high-end (32 GB RAM, 2 TB hard-disk) machine where I wanted to 
install CentOS 6.7 operating system. I am also using a nvidia 1 GB GPU 
from ASUS.


With all this, I am not able to instal CentOS 6.7, The last message that 
shows on my screen, when I try installing, is "[drm] Initialized i915 
1.6.0 20140905 for :00:02.0 on mirror 1".


Any suggestions?

Regards
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help needed in CentOS 6.7 installation

[Johnny Hughes]

On 10/14/2015 05:09 AM, Amar wrote:
> Hi,
> 
> I have a high-end (32 GB RAM, 2 TB hard-disk) machine where I wanted to
> install CentOS 6.7 operating system. I am also using a nvidia 1 GB GPU
> from ASUS.
> 
> With all this, I am not able to instal CentOS 6.7, The last message that
> shows on my screen, when I try installing, is "[drm] Initialized i915
> 1.6.0 20140905 for :00:02.0 on mirror 1".
> 
> Any suggestions?

Which ISO are you booting and how are you booting it (Internal DVD, USB
DVD, USB Key, etc.)

Maybe try a LiveCD / LiveDVD (if you have not).

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[Johnny Hughes]

On 10/14/2015 04:36 AM, C.L. Martinez wrote:
> On 10/13/2015 04:44 PM, zep wrote:
>>
>>
>> On 10/13/2015 09:54 AM, C. L. Martinez wrote:
>>> I haven't entries in conrtab's users file at this moment, but I have
>>> done a test: * * * * * ls -la, and it is not triggered. But like I say
>>> before, installed system cronjobs like logwatch task are not triggered
>>> ... ___ CentOS mailing
>>> list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
>>
>> I'd say that crontab doesn't actually prove that the job isn't being
>> triggered, it just proves there's an email config/sending/something
>> problem.
>>
>> if you change that to to something like
>>
>> * * * * * touch /var/tmp/cron-test-file
>>
>> does it create and keep changing the date on the file?
>>
> 
> Nothing ... There is not cron-test-file under /var/tmp ...

Try it will /usr/bin/touch .. you may not have environment variables
like PATH set.




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[Jonathan Billings]

On Wed, Oct 14, 2015 at 09:24:00AM +, C.L. Martinez wrote:
> On 10/13/2015 02:59 PM, Jonathan Billings wrote:
> >How did you disable journald?
> Changing Storage's option under /etc/systemd/journald.conf to none.

While Storage=none is supposed to forward on messages to syslog, it
might be worth checking to see what process owns /dev/log:
# lsof /dev/log


-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C.L. Martinez]

On 10/14/2015 01:56 PM, Jonathan Billings wrote:

lsof /dev/log


Uhmm ... that is not what I expect:

lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
  Output information may be incomplete.
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root   27u  unix 0x880250ea0f00  0t0 1436 /dev/log
systemd-j 263 root5u  unix 0x880250ea0f00  0t0 1436 /dev/log

In theory, rsyslog is listenning to uxsock and imjournal:

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see 
http://www.rsyslog.com/doc/troubleshoot.html


 MODULES 

# The imjournal module bellow is now used as a message source instead of 
imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via 
logger command)

$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark  # provides --MARK-- message capability
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] redistribution of isolinux binaries

[Brian Reichert]

On Tue, Oct 13, 2015 at 09:58:14PM -0500, Johnny Hughes wrote:
> The binary program that creates the .efi file is
> /usr/lib/anaconda-runtime/mk-images and it uses
> /usr/lib/anaconda-runtime/mk-images.efi
> 
> Those are part of the anaconda-runtime package, the source code for
> which is provided by the lastest anaconda source RPM.
> 
> Currently, the latest one is here:
> 
> http://vault.centos.org/6.7/os/Source/SPackages/anaconda-13.21.239-1.el6.centos.src.rpm

Great; I think that covers everything I've been pestering the list
about.

Again, thanks for all of the responses. :)

> Thanks,
> Johnny Hughes

-- 
Brian Reichert  
BSD admin/developer at large
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] redistribution of isolinux binaries

[Michael Hennebry]

On Tue, 13 Oct 2015, Johnny Hughes wrote:


Before answering more questions ... I really should point out that if
you are modifying the CentOS Linux ISOs and distributing them to others
while still calling them CentOS Linux, you are likely in violation of
our Trademark rules:

https://www.centos.org/legal/trademarks/


You can call it DimeOS or even DollarOS.

--
Michael   henne...@web.cs.ndsu.nodak.edu
"Sorry but your password must contain an uppercase letter, a number,
a haiku, a gang sign, a heiroglyph, and the blood of a virgin."
 --  someeecards
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Incoming rsync connection attempts

[Jeff Boyce]

Greetings -

In my logwatch report this morning I noticed reference to an attempt to 
connect to rsync from an external IP address.  It doesn't appear that 
the connection was successful based on correlating information between 
/var/log/secure and /var/log/messages.  But I am looking for some 
suggestions for implementing more preventative measures, if necessary.  
The log information from the last few attempts are shown below.


/var/log/secure
Oct 13 00:14:08 Bison xinetd[2232]: START: rsync pid=15306 
from=180.97.106.36

Oct 13 01:55:51 Bison xinetd[2232]: START: rsync pid=15343 from=85.25.43.94
Oct 13 23:25:35 Bison xinetd[2232]: START: rsync pid=16548 
from=114.119.37.86


/var/log/messages
Oct 13 00:14:08 Bison rsyncd[15306]: rsync: unable to open configuration 
file "/etc/rsyncd.conf": No such file or directory (2)
Oct 13 00:14:08 Bison rsyncd[15306]: rsync error: syntax or usage error 
(code 1) at clientserver.c(923) [receiver=3.0.5]
Oct 13 01:55:51 Bison rsyncd[15343]: rsync: unable to open configuration 
file "/etc/rsyncd.conf": No such file or directory (2)
Oct 13 01:55:51 Bison rsyncd[15343]: rsync error: syntax or usage error 
(code 1) at clientserver.c(923) [receiver=3.0.5]
Oct 13 23:25:35 Bison rsyncd[16548]: rsync: unable to open configuration 
file "/etc/rsyncd.conf": No such file or directory (2)
Oct 13 23:25:35 Bison rsyncd[16548]: rsync error: syntax or usage error 
(code 1) at clientserver.c(923) [receiver=3.0.5]


There is no /etc/rsyncd.conf file present on the system, so I can see 
why the connection wasn't successful.  Our backups get pushed to this 
one from other servers using rsync.


This is on a RHEL 3.9 box (Dell PE2600, year 2004) that is primarily 
used as backup storage within our LAN.  I will retire it when it dies, 
until then it runs fairly maintenance free.  I do have a public IP 
address assigned to the WAN because we have a vsftp server running on it 
for transferring files back and forth to a few clients, and I 
occasionally access the server remotely.  I am wondering if there is 
anything relatively simple that I can do to address these attempted 
connections, until I have time to move our vsftp server from it and 
remove the public IP address from the WAN? Thanks.


Jeff

--

Jeff Boyce
Meridian Environmental


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] tcp wrappers Question..

[Jason Welsh]

hey folks, I keep seeing this on the internet

"The user name lookup feature of TCP Wrappers uses identd to identify 
the username of the remote host. By default, this feature is disabled, 
as identd may appear hung when there are a large number of TCP connections."


but I cant seem to find out how/where to enable said feature.

Jason


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[Gordon Messmer]

On 10/14/2015 07:09 AM, C.L. Martinez wrote:

Uhmm ... that is not what I expect:

lsof: WARNING: can't stat() fuse.gvfsd-fuse file system 
/run/user/1000/gvfs

  Output information may be incomplete.
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root   27u  unix 0x880250ea0f00  0t0 1436 /dev/log
systemd-j 263 root5u  unix 0x880250ea0f00  0t0 1436 /dev/log


So, the obvious next step is to make sure journald isn't holding that 
socket.  That's outside my experience, but I'd imagine that you can:


systemctl disable systemd-journald.service
systemctl stop systemd-journald.service

Then you'll need to restart rsyslog and verify that it owns /dev/log.


In theory, rsyslog is listenning to uxsock and imjournal:


Only one process can have a socket open at a time.  Since journald holds 
/dev/log, rsyslog can't, which is why your cron log is empty.



 MODULES 
# The imjournal module bellow is now used as a message source instead 
of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. 
via logger command)

$ModLoad imjournal # provides access to the systemd journal


There's no real point in using imjournal if journald isn't running.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tcp wrappers Question..

[John R Pierce]

On 10/14/2015 11:39 AM, Jason Welsh wrote:

hey folks, I keep seeing this on the internet

"The user name lookup feature of TCP Wrappers uses identd to identify 
the username of the remote host. By default, this feature is disabled, 
as identd may appear hung when there are a large number of TCP 
connections."


but I cant seem to find out how/where to enable said feature.


authd or identd has to be enabled on the CLIENTS, and its a completely 
untrustworthy system.   the user information is sent in cleartext with 
no validation, and if the remote client is under someone elses control 
they can install a authd/identd that replies with anything they wish.


in centos6, at least, to install and enable authd, do...

# yum install authd

# chkconfig auth on



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tcp wrappers Question..

[Gordon Messmer]

On 10/14/2015 11:39 AM, Jason Welsh wrote:
but I cant seem to find out how/where to enable said feature. 


See the man pages for hosts_options and hosts_access.  It is rare for 
systems to support RFC 931 and common for firewalls to drop requests 
(creating long delays in connections), so user name lookup is probably 
only useful within a private network of systems that you control, on 
which you have enabled identd on each client system.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tcp wrappers Question..

[Jason Welsh]

understood.  this is just on a local network.. thanks for the info

On 10/14/2015 03:20 PM, Gordon Messmer wrote:

On 10/14/2015 11:39 AM, Jason Welsh wrote:
but I cant seem to find out how/where to enable said feature. 


See the man pages for hosts_options and hosts_access.  It is rare for 
systems to support RFC 931 and common for firewalls to drop requests 
(creating long delays in connections), so user name lookup is probably 
only useful within a private network of systems that you control, on 
which you have enabled identd on each client system.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] copying to a local mirror / repository

[Richer, Mark (CIV)]

I am using CentOS on a private network which can’t access the Internet so I 
want to create a local repository of packages on one or more DVDs, and get it 
installed on the private network. Someone had done this for CentOS 7, but not 
for CentOS 6. I have a VM running 6 so I am trying to create it for the 
previous major version.  I thought there would be some obvious instructions on 
the preferred/recommended method for doing this, but I have failed to find them.

Can anyone respond with any useful links on how best to do this or provide the 
recommended set of steps. I have seen various postings on this topic, but not 
anything official from the CentOS community.

thanks much,
Mark


MARK H RICHER, MS CS
Faculty Research Associate
Computer Science Department
Naval Postgraduate School - National Capital Region (NCR)
703-275-8533 (o) 571.303.9498 (m) mhric...@nps.edu





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] copying to a local mirror / repository

[Johnny Hughes]

On 10/14/2015 04:49 PM, Richer, Mark (CIV) wrote:
> I am using CentOS on a private network which can’t access the Internet so I 
> want to create a local repository of packages on one or more DVDs, and get it 
> installed on the private network. Someone had done this for CentOS 7, but not 
> for CentOS 6. I have a VM running 6 so I am trying to create it for the 
> previous major version.  I thought there would be some obvious instructions 
> on the preferred/recommended method for doing this, but I have failed to find 
> them.
> 
> Can anyone respond with any useful links on how best to do this or provide 
> the recommended set of steps. I have seen various postings on this topic, but 
> not anything official from the CentOS community.
> 
> thanks much,
> Mark

For CentOS-7 this is quite easy, mount the everything ISO and point to
it.  (Note, it is TOO BIG to fit on a DVD, so it needs to be on a thumb
drive .. something that will hold at least 7.2 GB)

We roll a new ISO every month, you can get the latest one here:

http://buildlogs.centos.org/rolling/7/isos/x86_64/

Currently CentOS-7-x86_64-Everything-1509-01.iso

For 6, it is a bit harder, but not overly hard.  Pick a mirror that is
close from here:

https://www.centos.org/download/mirrors/

Rsync the /6/ tree from that mirror, excluding the ISOs if you do not
want them.  As an example, I will pick the mirrors.kernel.org for this
example ... this command:

rsync mirrors.kernel.org::centos/6/

shows this results:

drwxr-xr-x  27 2014/10/19 16:36:15 SCL
drwxrwxr-x  42 2015/07/28 04:57:54 centosplus
drwxrwxr-x  27 2015/05/18 11:02:50 cloud
drwxr-xr-x  42 2014/10/19 16:36:15 contrib
drwxrwxr-x  42 2015/08/05 07:44:48 cr
drwxr-xr-x  42 2014/10/19 16:36:15 extras
drwxr-xr-x  42 2014/10/19 16:36:15 fasttrack
drwxrwxr-x  42 2015/08/10 11:56:29 isos
drwxr-xr-x  42 2015/07/25 08:20:23 os
drwxrwxr-x  42 2015/08/03 05:39:35 updates
drwxr-xr-x  27 2014/10/19 16:36:15 xen4


So, you can exlude all except the trees you want, and rsync the rest.

Put the os and updates directories (also bigger than 4.7  GB) on a drive
and mount it somewhere on the other network.

You can also do the same thing with the 7/ directory.

With both the 6 or 7 directories, you just use apache to show the
directories and and update from them by pointing to that location on
your remote network.





signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 + Updates (HVM) AMI Breaks on attached instance storage

[Robert Bush]

Where do i file a bug report for a centOS 6 ami on aws?

Thanks,
Robert
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] selinux commands fail on low memory box

[Tim Dunphy]

Hey all,

 I have 3 web servers hosted at Digital Ocean that all have the same amount
of memory at 512MB.  They're all running CentOS 7.

They are low powered apache servers and don't really need more than that.
All they're doing is serving the web, no database on those hosts at all.

On the first two hosts I seem to have no trouble running SELinux related
commands. It's only on the 3rd web server where I seem to have any trouble
at all running the SELinux commands I want to keep the box secure.

On box #3 all SElinux commands end up the same way. For example:

[root@ops3:~] #semodule -i newrelic.pp
Killed

And that happened when I had about 280MB free:

[root@ops3:~] #free -m
  totalusedfree  shared  buff/cache
available
Mem:490  96 286  28 107
285
Swap: 0   0   0

Typically what I'll do is stop all the main services on this machine to
free up some memory to run the command I want. But to no avail! The
commands die with the same errors every time. Whereas on the other two
hosts I can run the same commands with only as little as 30 or 40MB free!

So would this be some inherent flaw with this box? That the only way to get
around it is to scrap it and build a replacement?

Not that hard to do. But before I took that measure I was wondering if
there was any hocus-pocus I could try that I might not be aware of that
could alleviate this scenario.

Thanks,
Tim

-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux commands fail on low memory box

[Eero Volotinen]

How about adding some swap into system?

--
Eero

2015-10-15 4:40 GMT+03:00 Tim Dunphy :

> Hey all,
>
>  I have 3 web servers hosted at Digital Ocean that all have the same amount
> of memory at 512MB.  They're all running CentOS 7.
>
> They are low powered apache servers and don't really need more than that.
> All they're doing is serving the web, no database on those hosts at all.
>
> On the first two hosts I seem to have no trouble running SELinux related
> commands. It's only on the 3rd web server where I seem to have any trouble
> at all running the SELinux commands I want to keep the box secure.
>
> On box #3 all SElinux commands end up the same way. For example:
>
> [root@ops3:~] #semodule -i newrelic.pp
> Killed
>
> And that happened when I had about 280MB free:
>
> [root@ops3:~] #free -m
>   totalusedfree  shared  buff/cache
> available
> Mem:490  96 286  28 107
> 285
> Swap: 0   0   0
>
> Typically what I'll do is stop all the main services on this machine to
> free up some memory to run the command I want. But to no avail! The
> commands die with the same errors every time. Whereas on the other two
> hosts I can run the same commands with only as little as 30 or 40MB free!
>
> So would this be some inherent flaw with this box? That the only way to get
> around it is to scrap it and build a replacement?
>
> Not that hard to do. But before I took that measure I was wondering if
> there was any hocus-pocus I could try that I might not be aware of that
> could alleviate this scenario.
>
> Thanks,
> Tim
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux commands fail on low memory box

[Tim Dunphy]

>
> How about adding some swap into system?


Not a bad idea, Eero! That worked.

[root@ops3:~] #cat /proc/swaps
FilenameTypeSizeUsed
 Priority
/swapfile   file1048572 712 -1

[root@ops3:~] #semodule -i newrelic.pp
[root@ops3:~] #

Thanks!
Tim

On Thu, Oct 15, 2015 at 12:19 AM, Eero Volotinen 
wrote:

> How about adding some swap into system?
>
> --
> Eero
>
> 2015-10-15 4:40 GMT+03:00 Tim Dunphy :
>
> > Hey all,
> >
> >  I have 3 web servers hosted at Digital Ocean that all have the same
> amount
> > of memory at 512MB.  They're all running CentOS 7.
> >
> > They are low powered apache servers and don't really need more than that.
> > All they're doing is serving the web, no database on those hosts at all.
> >
> > On the first two hosts I seem to have no trouble running SELinux related
> > commands. It's only on the 3rd web server where I seem to have any
> trouble
> > at all running the SELinux commands I want to keep the box secure.
> >
> > On box #3 all SElinux commands end up the same way. For example:
> >
> > [root@ops3:~] #semodule -i newrelic.pp
> > Killed
> >
> > And that happened when I had about 280MB free:
> >
> > [root@ops3:~] #free -m
> >   totalusedfree  shared  buff/cache
> > available
> > Mem:490  96 286  28 107
> > 285
> > Swap: 0   0   0
> >
> > Typically what I'll do is stop all the main services on this machine to
> > free up some memory to run the command I want. But to no avail! The
> > commands die with the same errors every time. Whereas on the other two
> > hosts I can run the same commands with only as little as 30 or 40MB free!
> >
> > So would this be some inherent flaw with this box? That the only way to
> get
> > around it is to scrap it and build a replacement?
> >
> > Not that hard to do. But before I took that measure I was wondering if
> > there was any hocus-pocus I could try that I might not be aware of that
> > could alleviate this scenario.
> >
> > Thanks,
> > Tim
> >
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos