[CentOS] CentOS 7.5 Nautilus 100% reproducible crash.
Good day When trying to add an 'Other Locations' in Nautilus CentOS 7.5, Nautilus always 100% of the time crash with a kernel error. Here is a short video showing the workflow: https://youtu.be/dPmTDBRqL_I This did not happen in 7.4 Both 7.4 and 7.5 runs on VirtualBox 5.2.12 - but as stated before, this did not happen in 7.4 I also did a fresh clean install of both 7.4 and 7.5, and 7.5 exhibits this behaviour irrespective if it was updated or freshly installed. Kind regards, George Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. This email has been scanned for viruses and malware, and automatically archived by Mimecast SA (Pty) Ltd, an innovator in Software as a Service (SaaS) for business. Mimecast Unified Email Management (UEM) offers email continuity, security, archiving and compliance with all current legislation. To find out more, visit http://www.mimecast.co.za/uem. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.5 Nautilus 100% reproducible crash.
Pardon me, but I forgot to add that right after this crash, htop as root shows the VBoxClient service running maxed on one core until system is rebooted. Not sure if it is CentOS bug or VirtualBox bug because this did not happen in 7.4 on same version of VirtualBox, and unfortunately I don't have access to a bare metal machine on which to install and test. -Original Message- From: CentOS On Behalf Of George Labuschagne Sent: Wednesday, 23 May 2018 10:27 To: centos@centos.org Subject: [CentOS] CentOS 7.5 Nautilus 100% reproducible crash. Good day When trying to add an 'Other Locations' in Nautilus CentOS 7.5, Nautilus always 100% of the time crash with a kernel error. Here is a short video showing the workflow: https://youtu.be/dPmTDBRqL_I This did not happen in 7.4 Both 7.4 and 7.5 runs on VirtualBox 5.2.12 - but as stated before, this did not happen in 7.4 I also did a fresh clean install of both 7.4 and 7.5, and 7.5 exhibits this behaviour irrespective if it was updated or freshly installed. Kind regards, George Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. This email has been scanned for viruses and malware, and automatically archived by Mimecast SA (Pty) Ltd, an innovator in Software as a Service (SaaS) for business. Mimecast Unified Email Management (UEM) offers email continuity, security, archiving and compliance with all current legislation. To find out more, visit http://www.mimecast.co.za/uem. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 159, Issue 5
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2018:1650 Important CentOS 6 java-1.8.0-openjdk Security Update (Johnny Hughes) 2. CESA-2018:1647 Important CentOS 6 java-1.7.0-openjdk Security Update (Johnny Hughes) 3. CESA-2018:1651 Important CentOS 6 kernel Security Update (Johnny Hughes) 4. CEEA-2018:1580 CentOS 6 microcode_ctl Enhancement Update (Johnny Hughes) 5. CESA-2018:1660 Important CentOS 6 qemu-kvmSecurity Update (Johnny Hughes) 6. CESA-2018:1648 Important CentOS 7 java-1.7.0-openjdk Security Update (Johnny Hughes) 7. CESA-2018:1649 Important CentOS 7 java-1.8.0-openjdk Security Update (Johnny Hughes) 8. CESA-2018:1632 Important CentOS 7 libvirt Security Update (Johnny Hughes) 9. CEEA-2018:1670 CentOS 7 kmod-redhat-megaraid_sas Enhancement Update (Johnny Hughes) 10. CESA-2018:1633 Important CentOS 7 qemu-kvmSecurity Update (Johnny Hughes) 11. CESA-2018:1629 Important CentOS 7 kernel Security Update (Johnny Hughes) -- Message: 1 Date: Tue, 22 May 2018 15:30:51 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2018:1650 Important CentOS 6 java-1.8.0-openjdk Security Update Message-ID: <20180522153051.ga26...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2018:1650 Important Upstream details at : https://access.redhat.com/errata/RHSA-2018:1650 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 16e4d5e87d86917c4a83de7453f2e47bc6c6faf32e0a229b7ce9d23743ca486e java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.i686.rpm 964d244503359ffc9318a86f88e54702fed480548a3ce722b7b8b8f90cbeef67 java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9.i686.rpm 28bcf8c76bd5c4a3f5a016a67ca63194b01a1723a0378b8c6ed12570223dd0b0 java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9.i686.rpm f4106b1d20f7ee4ec8b6476f0d718f5d95c321728b269fc15efcc5bb66aa2f75 java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9.i686.rpm 7427e6e699b08a8bb5e1298ec1b992d7274dae2a3656ae09f49e561fd3abe4b8 java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9.i686.rpm c1474a917f2faa95ed2b02fe2a6fe6bc8a75e8dde9841441669ca2129f3173c8 java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9.i686.rpm d83ce825883006f6d4aef80287a15c555240deddc48ffee19facb21f29b8d410 java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9.i686.rpm 8c636de2790963c949589da73de653487413a847fe16598617ed386569b45afe java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9.i686.rpm 5b2d1fb9e85b32e93d3ba8bf26724de66ab4c17fdf958e9d4eff20cd7934af79 java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el6_9.noarch.rpm db05ab3a4560bb4d371e0b7b5d2910bb3bc57e7e8579bc7ad24fcf85383a517d java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el6_9.noarch.rpm 2ff81225cfd6580c37444f6e45d85b202e59b11cb00e9f77b82854358b2fc4f1 java-1.8.0-openjdk-src-1.8.0.171-8.b10.el6_9.i686.rpm 59e2300cc1cb1616cbcddedd0d0b678220dc4b9b8a8b89cd8b5984cae754b6a2 java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el6_9.i686.rpm x86_64: cfd199e9f55d560947c14244de85063a806b6b82c25ca6475c20102c3c1be622 java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.x86_64.rpm 7a9a3d48c0b9014f6374ce154ddeae093ddfefd4ac64ddfcc8be1270667d8522 java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm 028d4f919ec462a1324f1ae88bc767ed856735cf00437077879e92681d6c0fbb java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9.x86_64.rpm 10408ac3bdd9a7700666bdd0c44f060b739a3eacb06936a1e0544388dc819c2b java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm 8040a83ae91597474aac1bf0656e0198c9839843d3138034485984a8c2c5df61 java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9.x86_64.rpm 2b5c23ae4b00ff3931517af959e82b559c7317151e2d55df555dd9a2d11af09c java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm 7b59c90f22dd00d72be06b476f4edaa1837d9a9fb3f43500aec2415964cfea6b java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9.x86_64.rpm 6ad39d3aab8da51b425c01ae4a72098bcf37928ddc1cbb88b5511439f5fd0407 java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm 5b2d1fb9e85b32e93d3ba8bf26724de66ab4c17fdf958e9d4eff20cd7934af79 java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el6_9.noarch.rpm db05ab3a4560bb4d371e0b7b5d2910bb3bc57e7e8579bc7ad24fcf85383a517d java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el6_9.noarch.rpm ce669b94c3569c25f020f7178
[CentOS] Vsftpd vs. iptables firewall script
Hi, I'm currently setting up a local FTP server, to receive disk images sent with G4L (Ghost4Linux). This server has been running Slackware Linux before, and the Vsftpd setup was relatively simple. With CentOS things seem to be slightly different, so I'm currently trying to work things out. For the moment, two things seem to be creating problems, the simple iptables firewall and SELinux. When I disable the firewall and SELinux, Vsftp works as expected. So far so good. Now let's tackle this one dragon at a time. First the firewall. I'm starting with a very simple firewall script that looks somewhat like this. I'm linking to the template, I won't copy/paste the whole thing here. https://github.com/kikinovak/centos-7-server-lan/blob/master/config/firewall/firewall-standalone.sh Under Slackware, the iptables rule for a local FTP server looked like this: modprobe ip_conntrack iptables -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT I tried this, but to no avail. Can't connect to my server. I googled a bit, and I found out that there seem to be quite many different answers about the subject of "how do I configure my firewall for Vsftpd". Any suggestions ? Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] KVM won't boot after update to 1804
Hi Everyone, I have a server that I recently applied all updates to to bring it to 1804. After rebooting the server, it would no longer boot and is instead dropping into a dracut shell. Here's a snippet of the output printed to the console (lines will likely wrap): [ 184.163787] dracut-initqueue[256]: Warning: dracut-initqueue timeout - starting timeout scripts [ 184.672525] dracut-initqueue[256]: Warning: dracut-initqueue timeout - starting timeout scripts [ 185.183111] dracut-initqueue[256]: Warning: dracut-initqueue timeout - starting timeout scripts [ 185.183395] dracut-initqueue[256]: Warning: Could not boot. [ 185.281196] dracut-initqueue[256]: Warning: /dev/centos_webman03/root does not exist [ 185.282204] dracut-initqueue[256]: Warning: /dev/centos_webman03/swap does not exist [ 185.283205] dracut-initqueue[256]: Warning: /dev/mapper/centos_webman11-root does not exist Starting Dracut Emergency Shell... Warning: /dev/centos_webman03/root does not exist Warning: /dev/centos_webman03/swap does not exist Warning: /dev/mapper/centos_webman11-root does not exist Generating "/run/initramfs/rdsosreport.txt" Entering emergency mode. Exit the shell to continue. Type "journalctl" to view system logs. You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot after mounting them and attach it to a bug report. dracut:/# After some monkeying around with the minimal ISO and rescue mode and google searches, I finally found the combination of commands I needed to get the system to find the "missing" devices and finish booting: dracut:/# lvm vgchange -a y 6 logical volume(s) in volume group "centos_webman11" now active dracut:/# ln -s /dev/mapper/centos_webman11-root /dev/root dracut:/# exit logout [ 469.036109] dracut-initqueue[256]: Warning: Not all disks have been found. [ 469.037349] dracut-initqueue[256]: Warning: You might want to regenerate your initramfs. [ OK ] Started Plymouth switch root service. [ OK ] Started Cleanup udevd DB. [ OK ] Reached target Switch Root. Starting Switch Root... Welcome to CentOS Linux 7 (Core)! [snip] Re-runining grub2-mkconfig doesn't fix the issue: rebooting the server still resulted in it dropping into a dracut shell. I tried reinstalling grub2 and that didn't fix it either. How do I fix this problem? Does anyone have any idea about what caused this in the first place? -- Ranbir ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd vs. iptables firewall script
Hi, Try "iptables -I INPUT" for your FTP rule. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Nicolas Kovacs" > To: "CentOS mailing list" > Sent: Wednesday, 23 May, 2018 15:24:45 > Subject: [CentOS] Vsftpd vs. iptables firewall script > Hi, > > I'm currently setting up a local FTP server, to receive disk images sent > with G4L (Ghost4Linux). > > This server has been running Slackware Linux before, and the Vsftpd > setup was relatively simple. > > With CentOS things seem to be slightly different, so I'm currently > trying to work things out. For the moment, two things seem to be > creating problems, the simple iptables firewall and SELinux. > > When I disable the firewall and SELinux, Vsftp works as expected. So far > so good. > > Now let's tackle this one dragon at a time. First the firewall. I'm > starting with a very simple firewall script that looks somewhat like > this. I'm linking to the template, I won't copy/paste the whole thing here. > > https://github.com/kikinovak/centos-7-server-lan/blob/master/config/firewall/firewall-standalone.sh > > Under Slackware, the iptables rule for a local FTP server looked like this: > > modprobe ip_conntrack > iptables -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT > > I tried this, but to no avail. Can't connect to my server. I googled a > bit, and I found out that there seem to be quite many different answers > about the subject of "how do I configure my firewall for Vsftpd". > > Any suggestions ? > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : i...@microlinux.fr > Tél. : 04 66 63 10 32 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM won't boot after update to 1804
On Wed, 2018-05-23 at 10:29 -0400, Ranbir wrote: > > Warning: /dev/centos_webman03/root does not exist > Warning: /dev/centos_webman03/swap does not exist > Warning: /dev/mapper/centos_webman11-root does not exist > > dracut:/# lvm vgchange -a y > 6 logical volume(s) in volume group "centos_webman11" now active > dracut:/# ln -s /dev/mapper/centos_webman11-root /dev/root > dracut:/# exit > logout > > How do I fix this problem? Does anyone have any idea about what > caused > this in the first place? Ah, crap. I just figured out what the problem is. I had changed the name of the VG and didn't update the grub2 config to reflect that change. So, of course, no amount of grub2 updating was going to fix the problem because the devices that had "webman03" truly didn't exist (they now had "webman11" in them). After fixing that mistake, the server booted up just fine. Sorry for the noise! -- Ranbir ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd vs. iptables firewall script
Le 23/05/2018 à 16:36, Nux! a écrit : > Try "iptables -I INPUT" for your FTP rule. Doesn't work. I redirected all my errors to /var/log/messages, so here's what I get when I try to connect Filezilla to that server. May 23 16:48:58 c7-server kernel: +++ IPv4 packet rejected +++ IN=enp0s3 OUT= MAC=08:00:27:00:00:03:d4:85:64:b2:b2:1b:08:00 SRC=192.168.2.2 DST=192.168.2.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30737 DF PROTO=TCP SPT=51474 DPT=38714 WINDOW=29200 RES=0x00 SYN URGP=0 I'm clueless here. -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd vs. iptables firewall script
> Doesn't work. I redirected all my errors to /var/log/messages, so here's > what I get when I try to connect Filezilla to that server. > > May 23 16:48:58 c7-server kernel: +++ IPv4 packet rejected +++ IN=enp0s3 > OUT= MAC=08:00:27:00:00:03:d4:85:64:b2:b2:1b:08:00 SRC=192.168.2.2 > DST=192.168.2.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30737 DF PROTO=TCP > SPT=51474 DPT=38714 WINDOW=29200 RES=0x00 SYN URGP=0 > FTP uses two ports - in active mode the server uses 21 for command and 20 for data after the initial connection. In passive mode it uses 21 for command and a high random port number for data. What is happening is that you are blocking the high port number. (Yes, I know that's a gross simplification.) You could use active transfer and open port 20, or you could use passive, which is more "secure", and allow connections to high port numbers. Search for active vs passive ftp for more info. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd vs. iptables firewall script
On 23 May 2018 at 10:24, Nicolas Kovacs wrote: > Hi, > > I'm currently setting up a local FTP server, to receive disk images sent > with G4L (Ghost4Linux). > > This server has been running Slackware Linux before, and the Vsftpd > setup was relatively simple. > > With CentOS things seem to be slightly different, so I'm currently > trying to work things out. For the moment, two things seem to be > creating problems, the simple iptables firewall and SELinux. > > When I disable the firewall and SELinux, Vsftp works as expected. So far > so good. > > Now let's tackle this one dragon at a time. First the firewall. I'm > starting with a very simple firewall script that looks somewhat like > this. I'm linking to the template, I won't copy/paste the whole thing here. > > https://github.com/kikinovak/centos-7-server-lan/blob/master/config/firewall/firewall-standalone.sh > > Under Slackware, the iptables rule for a local FTP server looked like this: > > modprobe ip_conntrack > iptables -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT > > I tried this, but to no avail. Can't connect to my server. I googled a > bit, and I found out that there seem to be quite many different answers > about the subject of "how do I configure my firewall for Vsftpd". > OK looking at this, try changing the script as follows: # Connexions établies $IPT -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT # SSH $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 22 -j ACCEPT # FTP $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT > Any suggestions ? > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : i...@microlinux.fr > Tél. : 04 66 63 10 32 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd vs. iptables firewall script
On 23 May 2018 at 11:05, Stephen John Smoogen wrote: > On 23 May 2018 at 10:24, Nicolas Kovacs wrote: >> Hi, >> >> I'm currently setting up a local FTP server, to receive disk images sent >> with G4L (Ghost4Linux). >> >> This server has been running Slackware Linux before, and the Vsftpd >> setup was relatively simple. >> >> With CentOS things seem to be slightly different, so I'm currently >> trying to work things out. For the moment, two things seem to be >> creating problems, the simple iptables firewall and SELinux. >> >> When I disable the firewall and SELinux, Vsftp works as expected. So far >> so good. >> >> Now let's tackle this one dragon at a time. First the firewall. I'm >> starting with a very simple firewall script that looks somewhat like >> this. I'm linking to the template, I won't copy/paste the whole thing here. >> >> https://github.com/kikinovak/centos-7-server-lan/blob/master/config/firewall/firewall-standalone.sh >> >> Under Slackware, the iptables rule for a local FTP server looked like this: >> >> modprobe ip_conntrack >> iptables -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT >> >> I tried this, but to no avail. Can't connect to my server. I googled a >> bit, and I found out that there seem to be quite many different answers >> about the subject of "how do I configure my firewall for Vsftpd". >> > > OK looking at this, try changing the script as follows: > > # Connexions établies > $IPT -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT > > # SSH > $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 22 -j ACCEPT > > # FTP > $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT > > > I forgot to say why. The RELATED is used to say that it is ok that the ftp extra ports are kept track of. Without it they are dropped as you are seeing. -- Stephen J Smoogen. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd vs. iptables firewall script
Nicolas Kovacs wrote: > Le 23/05/2018 à 16:36, Nux! a écrit : >> Try "iptables -I INPUT" for your FTP rule. > > Doesn't work. I redirected all my errors to /var/log/messages, so here's > what I get when I try to connect Filezilla to that server. > > May 23 16:48:58 c7-server kernel: +++ IPv4 packet rejected +++ IN=enp0s3 > OUT= MAC=08:00:27:00:00:03:d4:85:64:b2:b2:1b:08:00 SRC=192.168.2.2 > DST=192.168.2.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30737 DF PROTO=TCP > SPT=51474 DPT=38714 WINDOW=29200 RES=0x00 SYN URGP=0 > > I'm clueless here. Oh, hell, it just hit me: are you using C7? If so, start out by running firewall-cmd --list-all mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd vs. iptables firewall script
Nicolas Kovacs wrote: > Hi, > > I'm currently setting up a local FTP server, to receive disk images sent > with G4L (Ghost4Linux). > > This server has been running Slackware Linux before, and the Vsftpd > setup was relatively simple. > > With CentOS things seem to be slightly different, so I'm currently > trying to work things out. For the moment, two things seem to be > creating problems, the simple iptables firewall and SELinux. > > When I disable the firewall and SELinux, Vsftp works as expected. So far > so good. > > Now let's tackle this one dragon at a time. First the firewall. I'm A suggestion: once you've got the firewall issue dealt with, set selinux into permissive mode; *then* you can figure out what it's complaining about, while at the same time, your system will be available. Once you've fixed those issues, then you can make it enforcing. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd vs. iptables firewall script
Le 23/05/2018 à 17:01, Pete Biggs a écrit : > You could use active transfer and open port 20, or you could use > passive, which is more "secure", and allow connections to high port > numbers. > > Search for active vs passive ftp for more info. That helped, thanks. I added the following to /etc/vsftpd/vsftpd.conf: pasv_enable=YES pasv_min_port=50001 pasv_max_port=50010 My firewall script now has the following stanza for FTP: # FTP $MOD ip_conntrack_ftp $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 50001:50010 -j ACCEPT So the firewall problem seems solved. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd vs. iptables firewall script
Le 23/05/2018 à 16:58, m.r...@5-cent.us a écrit : > A suggestion: once you've got the firewall issue dealt with, set selinux > into permissive mode; *then* you can figure out what it's complaining > about, while at the same time, your system will be available. Once you've > fixed those issues, then you can make it enforcing. This is always my approach. Turns out the solution was rather simple here. After switching SELinux to permissive mode and connecting to the server, I did this: # sealert -a /var/log/audit/audit.log The problem here was that I got a small tsunami of suggestions. But in the middle of this flood, I got a boolean to set, so on a hunch, I tried that: # setsebool -P ftpd_full_access 1 Turns out this solved all SELinux-related problems. So Vsftp works perfectly now with my custom Iptables firewall *and* SELinux in enforcing mode. Cheers & thanks for all your suggestions. Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd vs. iptables firewall script
Nicolas Kovacs wrote: > Le 23/05/2018 à 16:58, m.r...@5-cent.us a écrit : >> A suggestion: once you've got the firewall issue dealt with, set selinux >> into permissive mode; *then* you can figure out what it's complaining >> about, while at the same time, your system will be available. Once >> you've >> fixed those issues, then you can make it enforcing. > > This is always my approach. Turns out the solution was rather simple > here. After switching SELinux to permissive mode and connecting to the > server, I did this: > > # sealert -a /var/log/audit/audit.log > > The problem here was that I got a small tsunami of suggestions. But in ARGH! No. We get entries in /var/log/messages that tell you run run sealert *with* a given number. I just highlight, copy and run that, not try to read the whole audit log. mark > the middle of this flood, I got a boolean to set, so on a hunch, I tried > that: > > # setsebool -P ftpd_full_access 1 > > Turns out this solved all SELinux-related problems. So Vsftp works > perfectly now with my custom Iptables firewall *and* SELinux in > enforcing mode. > > Cheers & thanks for all your suggestions. > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : i...@microlinux.fr > Tél. : 04 66 63 10 32 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] rpm spec version : higher version is seen as older
Hi! I have a very puzzling problem : one rpm with version 1.2.5 and one with 1.3.1 (spec file does not have Epoch defined) trying to install i get this : [root@storage02 aliprod]# rpm -Uvh xrootd-alicetokenacc-1.3.1-1.el6.x86_64.rpm Preparing...### [100%] package xrootd-alicetokenacc-1:1.2.5-1.el6.x86_64 (which is newer than xrootd-alicetokenacc-1.3.1-1.el6.x86_64) is already installed the rpm information : rpm -qi xrootd-alicetokenacc Name: xrootd-alicetokenacc Relocations: (not relocatable) Version : 1.2.5 Vendor: (none) Release : 1.el6 Build Date: Wed 17 Jun 2015 02:25:13 AM EEST Install Date: Mon 22 Jun 2015 01:12:34 PM EEST Build Host: issaf.spacescience.ro Group : System Environment/DaemonsSource RPM: xrootd-alicetokenacc-1.2.5-1.el6.src.rpm Size: 1125309 License: none Signature : (none) Summary : Alice Token Authorization Acc plugin Description : An authorization plugin for xrootd using the Alice Token authorization envelope. and rpm -qip xrootd-alicetokenacc-1.3.1-1.el6.x86_64.rpm Name: xrootd-alicetokenacc Relocations: (not relocatable) Version : 1.3.1 Vendor: (none) Release : 1.el6 Build Date: Wed 23 May 2018 12:31:05 AM EEST Install Date: (not installed) Build Host: el6build Group : CERN IT-STSource RPM: xrootd-alicetokenacc-1.3.1-1.el6.src.rpm Size: 1373710 License: none Signature : (none) Summary : Alice Token Authorization Acc plugin Description : An authorization plugin for xrootd using the Alice Token authorization envelope. any idea why this could happen? AFAIK the solution would be the introduction of "Epoch: 1" but i seen that this is usually acceptable only as last resort.. So, any ideas about this problem? Thank you!! Adrian ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpm spec version : higher version is seen as older
On Wed, May 23, 2018 at 08:07:52PM +0300, Adrian Sevcenco wrote: > Hi! I have a very puzzling problem : > one rpm with version 1.2.5 and one with 1.3.1 (spec file does not have > Epoch defined) > > trying to install i get this : > [root@storage02 aliprod]# rpm -Uvh > xrootd-alicetokenacc-1.3.1-1.el6.x86_64.rpm > Preparing...### > [100%] > package xrootd-alicetokenacc-1:1.2.5-1.el6.x86_64 (which is > newer than xrootd-alicetokenacc-1.3.1-1.el6.x86_64) is already installed Yeah, "has epoch" is always newer than "doesn't have epoch". You can see from the "1:" in 1:1.2.5 that that package *does* have Epoch defined. > any idea why this could happen? > AFAIK the solution would be the introduction of "Epoch: 1" but i seen > that this is usually acceptable only as last resort.. Looks like you're *already* in that state. I guess you can think of this as an example of why it's a last resort, because once done once, you're stuck. But now, there you are. -- Matthew Miller Fedora Project Leader ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpm spec version : higher version is seen as older
On 05/23/2018 10:05 PM, Matthew Miller wrote: > On Wed, May 23, 2018 at 08:07:52PM +0300, Adrian Sevcenco wrote: >> Hi! I have a very puzzling problem : >> one rpm with version 1.2.5 and one with 1.3.1 (spec file does not have >> Epoch defined) >> >> trying to install i get this : >> [root@storage02 aliprod]# rpm -Uvh >> xrootd-alicetokenacc-1.3.1-1.el6.x86_64.rpm >> Preparing...### >> [100%] >> package xrootd-alicetokenacc-1:1.2.5-1.el6.x86_64 (which is >> newer than xrootd-alicetokenacc-1.3.1-1.el6.x86_64) is already installed > > Yeah, "has epoch" is always newer than "doesn't have epoch". You can > see from the "1:" in 1:1.2.5 that that package *does* have Epoch > defined. well, this is what is really puzzling : it it the same spec file without any epoch defined.. difference being that first one was build in 2015 on el6 and the last one was built now on up to date el6 ... >> any idea why this could happen? >> AFAIK the solution would be the introduction of "Epoch: 1" but i seen >> that this is usually acceptable only as last resort.. > > Looks like you're *already* in that state. I guess you can think of > this as an example of why it's a last resort, because once done once, > you're stuck. But now, there you are. yeah, i will add the epoch to the spec file ... very puzzling why it is there though.. Thanks! Adrian ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 7 + KDE : Dolphin weirdness
Hi, I'm running CentOS 7 + KDE on my workstation. Since the latest big batch of updates, Dolphin behaves a bit weirdly. When I download a .zip archive and then right click and "Extract here", the extracted files don't show. I have to hit F5 to refresh the current directory view and display the new files. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 + KDE : Dolphin weirdness
On 24/05/18 07:50, Nicolas Kovacs wrote: Hi, I'm running CentOS 7 + KDE on my workstation. Since the latest big batch of updates, Dolphin behaves a bit weirdly. When I download a .zip archive and then right click and "Extract here", the extracted files don't show. I have to hit F5 to refresh the current directory view and display the new files. Cheers, Niki I have noticed that for a while - pre the last major update; the directory file list does not update with changes unless I do an F5 update - Nautilus does not have this problem. I suspect there is a notification somewhere in the OS that is not being picked up by Dolphin - amazing how annoying this is, yet it wasn't that many years ago when this was normal behavior. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.5 Nautilus 100% reproducible crash.
I upgraded to the epelrepo's version of the 4.16 ml kernel. This did not resolve the 100% Nautilus crash in 7.5, although the machine feels a lot speedier overall. Like previously stated this worked in 7.4 in the same version of VirtualBox. Please let me know if I can supply any more specific info that may be of assistance. Kind regards, George -Original Message- From: CentOS On Behalf Of George Labuschagne Sent: Wednesday, 23 May 2018 10:33 To: 'CentOS mailing list' Subject: Re: [CentOS] CentOS 7.5 Nautilus 100% reproducible crash. Pardon me, but I forgot to add that right after this crash, htop as root shows the VBoxClient service running maxed on one core until system is rebooted. Not sure if it is CentOS bug or VirtualBox bug because this did not happen in 7.4 on same version of VirtualBox, and unfortunately I don't have access to a bare metal machine on which to install and test. -Original Message- From: CentOS On Behalf Of George Labuschagne Sent: Wednesday, 23 May 2018 10:27 To: centos@centos.org Subject: [CentOS] CentOS 7.5 Nautilus 100% reproducible crash. Good day When trying to add an 'Other Locations' in Nautilus CentOS 7.5, Nautilus always 100% of the time crash with a kernel error. Here is a short video showing the workflow: https://youtu.be/dPmTDBRqL_I This did not happen in 7.4 Both 7.4 and 7.5 runs on VirtualBox 5.2.12 - but as stated before, this did not happen in 7.4 I also did a fresh clean install of both 7.4 and 7.5, and 7.5 exhibits this behaviour irrespective if it was updated or freshly installed. Kind regards, George Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. This email has been scanned for viruses and malware, and automatically archived by Mimecast SA (Pty) Ltd, an innovator in Software as a Service (SaaS) for business. Mimecast Unified Email Management (UEM) offers email continuity, security, archiving and compliance with all current legislation. To find out more, visit http://www.mimecast.co.za/uem. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
