Re: [CentOS] [CentOS-announce] CESA-2018:1318 Important CentOS 7 kernel Security Update
Hi all - should I be surprised to be receiving these notifications today when a
newer version, 3.10.0-862.3.2, corresponding to
https://access.redhat.com/errata/RHSA-2018:1629
appears to already be available from CentOS ‘yum update’
Installing:
kernel x86_64
3.10.0-862.3.2.el7 updates46 M
Noam
> On May 30, 2018, at 2:29 PM, Johnny Hughes wrote:
>
>
> CentOS Errata and Security Advisory 2018:1318 Important
>
> Upstream details at : https://access.redhat.com/errata/RHSA-2018:1318
>
> The following updated files have been uploaded and are currently
> syncing to the mirrors: ( sha256sum Filename )
>
> x86_64:
> af10287508a7362f9c018b0e6c59ba7bc608260adff8bacbbd9ece097f74742b
> kernel-3.10.0-862.2.3.el7.x86_64.rpm
> 044a2935ccb02d2dfcad72050d443faca89ca41cc0713a8188ea415e81feefe9
> kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm
> 96b5ec7ac81ebb87b46745f3e363e5c0b5de3c71aeb9043c61dc09ba1d2f73b5
> kernel-debug-3.10.0-862.2.3.el7.x86_64.rpm
> c9543022f7d4d7c2b9e62dbbb3b7b1eb60a1149733be8e1f79bf91f3aebb93d3
> kernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm
> ac64e0995558acf3874b2ccbdce8f3b8aae2b6d494256c4bf1ae093aec0f1c18
> kernel-devel-3.10.0-862.2.3.el7.x86_64.rpm
> 9f8d0640aaee8ae074d92c72da51f4f9c0eb0280d7cb27a4f84ad307ff3a9a62
> kernel-doc-3.10.0-862.2.3.el7.noarch.rpm
> 8bf0391255899698ef9da2b9b8f0bc7f12bd683d00dca21b1495342401409c47
> kernel-headers-3.10.0-862.2.3.el7.x86_64.rpm
> b2cf2333d02f582c8e39f6f3b72470ede6d1226c30d36ee4db264b2460f763fe
> kernel-tools-3.10.0-862.2.3.el7.x86_64.rpm
> 9e1a49326b8abb3167ec5e047bef4ebbc805908e18740e34c80bbc6f89b63fa1
> kernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm
> 470c6a6029fb88156f971d14a30543f64224efeb7be14b5eacf83be45a656290
> kernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm
> 58f967b393f7aabeec2ceba4f381efffea0a8bed2947c126519ba4ee771cf377
> perf-3.10.0-862.2.3.el7.x86_64.rpm
> a5fdba3a8ea30fec1298c121bf30a7d1e814bcfaec868c708c9d403cc838421f
> python-perf-3.10.0-862.2.3.el7.x86_64.rpm
>
> Source:
> 6c7186a7c985cdac3abf640219cd10124494e900c22aafab163b95fe10b25b46
> kernel-3.10.0-862.2.3.el7.src.rpm
>
>
>
> --
> Johnny Hughes
> CentOS Project { http://www.centos.org/ }
> irc: hughesjr, #cen...@irc.freenode.net
> Twitter: @JohnnyCentOS
>
> ___
> CentOS-announce mailing list
> centos-annou...@centos.org
> https://lists.centos.org/mailman/listinfo/centos-announce
||
|U.S. NAVAL|
|_RESEARCH_|
LABORATORY
Noam Bernstein, Ph.D.
Center for Materials Physics and Technology
U.S. Naval Research Laboratory
T +1 202 404 8628 F +1 202 404 7546
https://www.nrl.navy.mil
[CentOS] CentOS 7.5 gui login root only
Taking first steps on CentOS 7 1804. Logging into the Gnome/Gnome classic desktop from gdm works only for root. For other users, the screen flashes and the login screen returns. KDE/Plasma login is successful but ends up with a black screen with mouse pointer while all desktop processes appear to be running. The CentOS 7 system is running in a CentOS6 KVM virtual machine, which may be the problem. I have no physical machine for testing right now. These logins work for non-root users when the system is built from the CentOS 7 DVD. The non-working installation stems from a kickstart install which essentially includes a much larger number of packages, some 6k vs. 2.5k from DVD install). Maybe there are conflicts, but I have not been able to isolate anything. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Definitive guide to setting up FTPIS on vsftpd
I have a new CentOS 7.4 (recently upgraded to 7.5) system that I have been struggling with in configuring vsftpd for FTPS Implicit (port 990). (The latest instructions I've used are at: https://www.unixmen.com/configure-vsftpd-ssltls-centos-7/) Using Filezilla client, I get: Error: GnuTLS error -15: An unexpected TLS packet was received. Error: Could not connect to server Using Core FTP LE: SL/TLS error - 0, SSL error - 1, error:0001:lib(0):func(0):reason(1) SSL Connection not established Using WinSCP: TLS connect: error in SSLv2/v3 read server hello A TLS connect: error in SSLv2/v3 read server hello A Can't establish TLS connection Disconnected from server lftp from a remote Linux: Fatal error: gnutls_handshake: An unexpected TLS packet was received. Debugging, I get: ... GNUTLS: EXT[0x2aa440f42d0]: sent signature algo (2.3) ECDSA-SHA1 GNUTLS: EXT[0x2aa440f42d0]: Sending extension SIGNATURE ALGORITHMS (22 bytes) GNUTLS: HSK[0x2aa440f42d0]: CLIENT HELLO was queued [268 bytes] GNUTLS: REC[0x2aa440f42d0]: Preparing Packet Handshake(22) with length: 268 and min pad: 0 GNUTLS: ENC[0x2aa440f42d0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 GNUTLS: REC[0x2aa440f42d0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 273 GNUTLS: ASSERT: gnutls_buffers.c:1154 GNUTLS: ASSERT: gnutls_buffers.c:588 GNUTLS: ASSERT: gnutls_buffers.c:1154 GNUTLS: ASSERT: gnutls_buffers.c:588 GNUTLS: ASSERT: gnutls_buffers.c:1154 GNUTLS: ASSERT: gnutls_buffers.c:588 GNUTLS: ASSERT: gnutls_buffers.c:1154 GNUTLS: ASSERT: gnutls_buffers.c:588 GNUTLS: ASSERT: gnutls_buffers.c:1154 GNUTLS: REC[0x2aa440f42d0]: SSL 48.48 Unknown Packet packet received. Epoch 0, length: 8271 GNUTLS: ASSERT: gnutls_record.c:572 GNUTLS: Received record packet of unknown type 53 GNUTLS: ASSERT: gnutls_record.c:1076 GNUTLS: ASSERT: gnutls_record.c:1158 GNUTLS: ASSERT: gnutls_buffers.c:1409 GNUTLS: ASSERT: gnutls_handshake.c:1446 GNUTLS: ASSERT: gnutls_handshake.c:2757 gnutls_handshake: An unexpected TLS packet was received. GNUTLS: REC[0x2aa440f42d0]: Start of epoch cleanup GNUTLS: REC[0x2aa440f42d0]: End of epoch cleanup GNUTLS: REC[0x2aa440f42d0]: Epoch #0 freed GNUTLS: REC[0x2aa440f42d0]: Epoch #1 freed Closing control socket TIA! Frank M. Ramaekers Jr. | Systems Programmer | Information Technology | American Income Life Insurance Company | 254-761-6649 (732-6649) -- This message contains information which is privileged and confidential and is solely for the use of the intended recipient. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution, or use of the contents of this message is strictly prohibited. If you have received this in error, please destroy it immediately and notify us at privacy...@torchmarkcorp.com. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] move LDAP service to new server
On Tue, May 29, 2018 at 03:57:43PM +0100, Gary Stainburn wrote: > Is there any (easy to follow) instructions anywhere to tell me how to back up > this service and restore it onto a new one? This is basically running slapcat on your old server and slapadd on the new one. openldap config can be either stored as files on disk or inside of the LDAP and must be handled separatly. best regards Ulf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.5 gui login root only
isdtor wrote: > Taking first steps on CentOS 7 1804. > > Logging into the Gnome/Gnome classic desktop from gdm works only for root. > For other users, the screen flashes and the login screen returns. > KDE/Plasma login is successful but ends up with a black screen with mouse > pointer while all desktop processes appear to be running. > > The CentOS 7 system is running in a CentOS6 KVM virtual machine, which may > be the problem. I have no physical machine for testing right now. > > These logins work for non-root users when the system is built from the > CentOS 7 DVD. The non-working installation stems from a kickstart install > which essentially includes a much larger number of packages, some 6k vs. > 2.5k from DVD install). Maybe there are conflicts, but I have not been > able to isolate anything. > Sounds like an authorization issue. Have you checked both /var/log/messages and /var/log/secure? If you're using /etc/password, are its permissions and ownership correct? Are the user's home directories owned by them? mark > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Definitive guide to setting up FTPIS on vsftpd
On 5/31/2018 8:01 AM, Frank M. Ramaekers wrote: I have a new CentOS 7.4 (recently upgraded to 7.5) system that I have been struggling with in configuring vsftpd for FTPS Implicit (port 990). (The latest instructions I've used are at:https://www.unixmen.com/configure-vsftpd-ssltls-centos-7/) Here's what I'm using. The tutorial site I used is currently down with a bandwidth exceeded warning, so I guess it must be quite popular. I'm using LetsEncrypt certificates. My site domain is replaced with example.com. Use your own domain name there as registered with LetsEncrypt. # see # http://beginlinux.com/blog/2009/01/secure-ftp-with-ssl-on-centos/ rsa_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem rsa_private_key_file=/etc/letsencrypt/live/example.com/privkey.pem ssl_enable=YES force_local_logins_ssl=NO force_local_data_ssl=NO ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES # limit pasv ports to range that iptables can check pasv_min_port=6900 pasv_max_port=6969 # added 20120213 to deal with FileZilla 3.5.3 stricter cipher list # see http://forum.filezilla-project.org/viewtopic.php?f=2&t=23275 ssl_ciphers=HIGH dual_log_enable=YES allow_writeable_chroot=YES user_sub_token=$USER ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.5 gui login root only
> Sounds like an authorization issue. Have you checked both > /var/log/messages and /var/log/secure? If you're using /etc/password, are > its permissions and ownership correct? Are the user's home directories > owned by them? Nothing relevant in these log files. The test user is in NIS and home directory is auto-mounted. All of this works, user can login through text console and ssh. selinux is disabled. But even startx isn't working, and again the Xorg log doesn't give any indication what might be the problem. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.5 gui login root only
isdtor wrote: > >> Sounds like an authorization issue. Have you checked both >> /var/log/messages and /var/log/secure? If you're using /etc/password, >> are >> its permissions and ownership correct? Are the user's home directories >> owned by them? > > Nothing relevant in these log files. The test user is in NIS and home > directory is auto-mounted. All of this works, user can login through text > console and ssh. selinux is disabled. But even startx isn't working, and > again the Xorg log doesn't give any indication what might be the problem. > Now it begins to sound like a video driver problem. What video do you have? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.5 gui login root only
I have seen similar issues when user shell profiles like .bash_profile or .bashrc has some errors. Are users invoking other shells from their default shell ? this usually breaks X11 start-up scripts. Regards, Prasad On 1 June 2018 at 01:04, isdtor wrote: > > > Sounds like an authorization issue. Have you checked both > > /var/log/messages and /var/log/secure? If you're using /etc/password, are > > its permissions and ownership correct? Are the user's home directories > > owned by them? > > Nothing relevant in these log files. The test user is in NIS and home > directory is auto-mounted. All of this works, user can login through text > console and ssh. selinux is disabled. But even startx isn't working, and > again the Xorg log doesn't give any indication what might be the problem. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
