Re: [CentOS] Asterisk and VOIP was Re: CentOS for non-tech user

2009-10-02 Thread Rob Townley 
On Thu, Oct 1, 2009 at 1:46 PM, Rob Kampen  wrote:
> Ron Blizzard wrote:
>>
>> On Wed, Sep 30, 2009 at 5:15 PM, Brian Mathis 
>> wrote:
>>
>>
>>>
>>> "Not connected to the Internet", and "not connected to a LAN" are very
>>> different things.  I doubt VOIP would work if the server was not
>>> connected to a LAN.  There could be quite a few things on the LAN,
>>> depending on it's size, such as viruses, malware, and even users doing
>>> scans of the network.  Don't assume that "out there" is insecure, and
>>> "in here" is secure.  That's one of the biggest mistakes to make when
>>> creating a secure environment.
>>>
>>
>> You're right. I was thinking like a phone tech -- that the VOIP
>> system's wiring was still separate from the regular LAN.
>>
>>
>
> Just to set your minds at ease (or not).
> I have a separate D-Link switch that does PoE (to power the snom phones) and
> vlans and set it up so that all the phones are on one vlan called VOIP.
> The * server single eth0 is also on this vlan, but does also belong to the
> rest of the office on another vlan called LAN.
> So - the snom phones (linux based) can only see the * server.
> The * server can see the rest of the LAN - so in theory anyone on the local
> LAN can scan and see the CentOS based * server.
> We are however a very small office and I get to see all connected PCs in
> action.
> As I have some questions about SIP security I was not prepared to have the
> snom phones in any way being accessible to / from the LAN (let alone the
> internet).
> Tks for comments and suggestions.
> Rob
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

i like that layout.  i would think instant messaging type access might
still be doable to send short text messages to the phone display from
workstations.  Receptionist and those that want to check their voice
mail from a web browser could be allowed.

Those HP Multi Function Printer & Scanner & Fax & copier machines can
be very vulnerable because a hacker calls into the fax to compromise
the fax machine which gives them full access to the inside of your
Lan.i wonder how vulnerable Asterisk / Hylafax is to a dial-up
rootkit.   If so, even * connected to vlan and trunks would in theory
still be vulnerable.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux...

2009-10-07 Thread Rob Townley 
On Wed, Oct 7, 2009 at 11:45 AM,   wrote:
>> Quoting m.r...@5-cent.us:
>>
>>> Have I mentioned that I am less than enthralled with selinux?
>>>
>>> My latest issue is continuing messages in the /var/log/messages, which
>>> complain, for example, that siteminder can't write to smagent log (well,
>>> it can, since we've got selinux in permissive mode, and no, we have no
>>> control over using either siteminder or selinux).
>>>
>>> I've done what it says will solve the problem. A number of times.
>>> Discussing it with my manager, it seems as though selinux DOES NOT HAVE
>>> CORRECT ERROR HANDLING, and is falling through to a default error, and
>>> is
>>> *not* telling me the true cause.
>>
>> What is the error?
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> Running sealert. let's start with...
> 
> SELinux prevented httpd reading and writing access to http files. Ordinarily
> httpd is allowed full access to all files labeled with http file context.
> This
> machine has a tightened security policy with the httpd_unified turned off,
> this
> requires explicit labeling of all files. If a file is a cgi script it
> needs to
> 
> and respond with
> # getsebool -a | grep unified
> httpd_unified --> on
>
> Then we can go to:
> <...> avc:  denied  { write } for  pid=5898 comm="LLAWP"
> path="/var/log/httpd/smagent.log" dev=sda3 ino=
> scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_log_t:s0
> tclass=file
>
> Do you need more info?
>
>         mark
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Don't know selinux.

when i have had init scripts write to new /var/log/ log files , i had
to change them to be system_t or it would fail.  Files under /tmp/ had
to have a special label as well.  So i wonder if you tried changing
the log file to the system_t context and it also fails.  Wouldn't it
have to have both the system and http context?  i went as far as
building se modules which is actually very easy when you find the few
instructions, but it had to rebuilt with each new kernel.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] resolv.conf rewritten every reboot. How to figure out who and why?

2009-10-08 Thread Rob Townley 
On Thu, Oct 8, 2009 at 4:39 PM, Dave  wrote:
> On Thu, Oct 8, 2009 at 11:27 AM, Meenoo Shivdasani  wrote:
>> /etc/init.d/network calls /etc/sysconfig/network-scripts/ifup which
>> calls /sbin/dhclient which calls /sbin/dhclient-script which
>> overwrites your resolv.conf with the info it gets from the DHCP server
>> on the network.
>
>
> How would I find this out on my own? And it seems not to be correct.
> At least, if /etc/sysconfig/network-scripts/ifup calls
> /sbin/dhclient, it must use some indirection, as dhclient is not
> mentioned in the script explicitly:
>
> grep -i dhc /etc/sysconfig/network-scripts/ifup
> if [ "${BOOTPROTO}" = "bootp" -o "${BOOTPROTO}" = "dhcp" ]; then
>
>
> Why does it overwrite /etc/resolv.conf when the machine is not set to
> use DHCP? The IP address etc. is set statically using
> /usr/bin/system-config-network.
>
> Dave
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

i feel the pain as i went through this just last night on a multihomed
CentOS 5.3 box.  It was using old and wrong lease info which helped me
notice it as a problem.

i ended up deleting:

/var/lib/dhcpd/dhclient.leases
/var/lib/dhcpd/dhclient.leases~
/etc/dhclient.conf  (but you should make a backup or at least look at
the dhclient.conf because i think you can tell it what ethX to work on
or not).
rm anything else associated with dhclient

Some guys say to uninstall NetworkManager, not just keep it from running.

Setting a static dhcp lease in our separate dhcpd server you would
think would fix this.  But static lease made things worse because
dhclient broke /etc/sysconfig/network-scripts/ifup-routes calls to
'/sbin/ip/route add" and "/sbin/ip/rule add".  With dhclient, i could
not set a default gw rule for each different network interface card.
After deleting the lease info and maybe changing the
/etc/dhclient.conf and then deleting it, i could have a separate
default gateway for each nic.

Ok, the other BUG is ping.  There is a bug in ping that has sucked up
much of my life for the last 2 or 3 years.  i will post separately on
the ping -I bug.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] My doubts with apache server on centos installation

2009-10-09 Thread Rob Townley 
On Fri, Oct 9, 2009 at 1:46 AM, vijay shanker  wrote:
> Hi Linux geeks,
>
> I have just started to setup a production server with centos; and moved from
> windows server to centos. My first encounter with this great linux distro is
> good.
>
> I am not able to understand what is the point of having scattered folders
> for apache server installation.
>
> when i see the /etc/httpd folder; it has only conf folder and links to logs,
> module and , run. As i have been working on Windows where all these files
> are stored in a single installation folder.
>
> So, this makes me quite confused to start with.
>
> Can anyone tell me what is the idea behind using such a installation
> pattern.
>
> Now i am going to install java, I have two options via RPM and other is
> extracting the distro and use it. i have a feeling if i use first option,
> all the folders like jre and jdk will be palced any where. Not to be found.
>
> Please tell me or point to any relevant link. so i can go ahead without any
> doubt over this issue.
>
>
>
> --
> Regards,
> Vijay Shanker
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Did it ever make since for everybody and their brother to install
everything under c:\windows\system32\?  That everything in system32
nightmare scares me security wise and functionality wise.  WinVistA
fixes that through file and registry system virtualization - that
means even more places for your files.

Some of the IIS stuff is in the registry and some in metabase and some
in files.  At least with nix, all the locations can be searched with a
single find command - not so in windows.

If you modify something in Linux using a GUI, but need
the text file equivalent, the following command can help.
touch /tmp/now
install your app or make changes using a gui
find / -newer  /tmp/now | grep -v /proc/

There are a few improvements on this, but that can get you started.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Ping Is Broken

2009-10-09 Thread Rob Townley 
i am hoping this attachment gets through.  It deals with bug in ping that
made it very difficult to set up a system with two gateways.
Title: ping -I is broken
././ping-bug-demo.sh.html
 
 
ping -I is broken 

Demonstration that ping -I is broken.  When specifying the source 
interface using -I with an ethX alias and that interface is not the default gateway 
interface, then ping fails.  When specifying the interface as an ip address, 
ping works.  Search for "Destination Host Unreachable" to find the bug. 


eth0 = 4.3.2.8 and the default gateway is accessed through a different interface eth1. 
eth1 = 192.168.168.155 is used as the device to get to the default gateway. 
FAILS : ping -I eth0 208.67.222.222 
WORKS: ping -I 4.3.2.8 208.67.222.222 
WORKS: ping -I eth1 208.67.222.222 
WORKS: ping -I 192.168.168.155 208.67.222.222 

The following are actual results which can be reproduced from an up-to-date 
Fedora 11 or CentOS 5.3 box.  Caused a very very long episode of frustration 
when setting up multi gatewayed systems. 
  ping using  eth0 :
ping -c 2 -B -I  eth0 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 eth0: 56(84) bytes of data.
From 4.3.2.8 icmp_seq=1 Destination Host Unreachable
From 4.3.2.8 icmp_seq=2 Destination Host Unreachable

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
, pipe 2

  ping using  4.3.2.8 :
ping -c 2 -B -I  4.3.2.8 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 : 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=55 time=562 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=55 time=642 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 562.546/602.400/642.255/39.862 ms

  ping using  eth1 :
ping -c 2 -B -I  eth1 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 eth1: 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=270 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=629 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 270.128/449.766/629.405/179.639 ms

  ping using  192.168.168.155 :
ping -c 2 -B -I  192.168.168.155 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 : 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=585 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=554 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 554.098/569.655/585.212/15.557 ms

My source route policy rules:

/sbin/ip rule show
0:	from all lookup 255 
32762:	from 4.3.2.8 lookup nic0 
32763:	from 192.168.168.155 lookup nic1 
32764:	from 192.168.168.155 lookup nic1 
32765:	from 4.3.2.8 lookup nic0 
32766:	from all lookup main 
32767:	from all lookup default 

 
Print out routing tables using /sbin/ip route show table TABLENAME:
routing table  nic0 :
/sbin/ip route show table nic0
default via 4.3.2.1 dev eth0 

routing table  nic1 :
/sbin/ip route show table nic1
default via 192.168.168.1 dev eth1 

routing table  main :
/sbin/ip route show table main
4.3.2.1/27 dev eth0  proto kernel  scope link  src 4.3.2.8 
192.168.168.0/24 dev eth1  proto kernel  scope link  src 192.168.168.155 
169.254.0.0/16 dev eth1  scope link 
default via 192.168.168.1 dev eth1 

routing table  default :
/sbin/ip route show table default

 


NOTES:
cat /etc/iproute2/rt_tables to get your own table names. 

ping Maintainer YOSHIFUJI Hideaki / USAGI/WIDE Project 
 http://www.skbuff.net/iputils/  
Mailing List net...@vger.kernel.org 

man ping:
   -I interface address
Set source address to specified interface address. 
Argument may be numeric IP address or name of device.
When  pinging  IPv6  link-local  address  this option is required. 

ping -V returns the latest available on CentOS and Fedora and the maintainers website: 
 
ping utility, iputils-ss020927
 



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ping Is Broken

2009-10-09 Thread Rob Townley 
The following deals with bug in ping that made it very difficult to set up a
system with two gateways.

ping -I is broken

Demonstration that *ping -I is broken*. When specifying the source
interface using -I with an *ethX* alias and that interface is not the
default gateway
interface, then ping fails. When specifying the interface as an ip address,
ping works. Search for "Destination Host Unreachable" to find the bug.


eth*0* = 4.3.2.8 and the default gateway is accessed through a different
interface eth*1*.
eth*1* = 192.168.168.155 is used as the device to get to the default
gateway.
*FAILS *: ping *-I eth0* 208.67.222.222
*WORKS*: ping *-I 4.3.2.8* 208.67.222.222
*WORKS*: ping *-I eth1* 208.67.222.222
*WORKS*: ping *-I 192.168.168.155* 208.67.222.222

The following are actual results which can be reproduced from an up-to-date
Fedora 11 or CentOS 5.3 box. Caused a very very long episode of frustration
when setting up multi gatewayed systems.


* ping using eth0 *:

ping -c 2 -B -I  eth0 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 eth0: 56(84) bytes of data.
>From 4.3.2.8 icmp_seq=1 Destination Host Unreachable
>From 4.3.2.8 icmp_seq=2 Destination Host Unreachable

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
, pipe 2


* ping using 4.3.2.8 *:

ping -c 2 -B -I  4.3.2.8 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 : 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=55 time=562 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=55 time=642 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 562.546/602.400/642.255/39.862 ms


* ping using eth1 *:

ping -c 2 -B -I  eth1 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 eth1: 56(84)
bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=270 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=629 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 270.128/449.766/629.405/179.639 ms


* ping using 192.168.168.155 *:

ping -c 2 -B -I  192.168.168.155 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 : 56(84)
bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=585 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=554 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 554.098/569.655/585.212/15.557 ms

My source route policy rules:

/sbin/ip rule show
0:  from all lookup 255
32762:  from 4.3.2.8 lookup nic0
32763:  from 192.168.168.155 lookup nic1
32764:  from 192.168.168.155 lookup nic1
32765:  from 4.3.2.8 lookup nic0
32766:  from all lookup main
32767:  from all lookup default



Print out routing tables using /sbin/ip route show table TABLENAME:
routing table  nic0 :
/sbin/ip route show table nic0
default via 4.3.2.1 dev eth0

routing table  nic1 :
/sbin/ip route show table nic1
default via 192.168.168.1 dev eth1

routing table  main :
/sbin/ip route show table main
4.3.2.1/27 dev eth0  proto kernel  scope link  src 4.3.2.8
192.168.168.0/24 dev eth1  proto kernel  scope link  src 192.168.168.155
169.254.0.0/16 dev eth1  scope link
default via 192.168.168.1 dev eth1

routing table  default :
/sbin/ip route show table default




NOTES: cat /etc/iproute2/rt_tables to get your own table names.

ping Maintainer YOSHIFUJI Hideaki / USAGI/WIDE Project
 http://www.skbuff.net/iputils/
Mailing List net...@vger.kernel.org

man ping:
   -I interface address
Set source address to specified interface address.
Argument may be *numeric IP address or name of device*.
When  pinging  IPv6  link-local  address  this option is required.

ping -V returns the latest available on CentOS and Fedora and the
maintainers website:

ping utility, iputils-ss020927
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ping Is Broken

2009-10-09 Thread Rob Townley 
ping -I is broken

The following deals with bug in ping that made it very difficult to set up a
system with two gateways.

Demonstration that *ping -I is broken*. When specifying the source
interface using -I with an *ethX* alias and that interface is not the
default gateway
interface, then ping fails. When specifying the interface as an ip address,
ping works. Search for "Destination Host Unreachable" to find the bug.


eth*0* = 4.3.2.8 and the default gateway is accessed through a different
interface eth*1*.
eth*1* = 192.168.168.155 is used as the device to get to the default
gateway.
*FAILS *: ping *-I eth0* 208.67.222.222
*WORKS*: ping *-I 4.3.2.8* 208.67.222.222
*WORKS*: ping *-I eth1* 208.67.222.222
*WORKS*: ping *-I 192.168.168.155* 208.67.222.222

The following are actual results which can be reproduced from an up-to-date
Fedora 11 or CentOS 5.3 box. Caused a very very long episode of frustration
when setting up multi gatewayed systems.


* ping using eth0 *:

ping -c 2 -B -I  eth0 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 eth0: 56(84) bytes of data.
>From 4.3.2.8 icmp_seq=1 Destination Host Unreachable
>From 4.3.2.8 icmp_seq=2 Destination Host Unreachable

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
, pipe 2

--
The Following all WORK:
* ping using 4.3.2.8 *:

ping -c 2 -B -I  4.3.2.8 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 : 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=55 time=562 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=55 time=642 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 562.546/602.400/642.255/39.862 ms


* ping using eth1 *:

ping -c 2 -B -I  eth1 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 eth1: 56(84)
bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=270 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=629 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 270.128/449.766/629.405/179.639 ms


* ping using 192.168.168.155 *:

ping -c 2 -B -I  192.168.168.155 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 : 56(84)
bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=585 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=554 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 554.098/569.655/585.212/15.557 ms

My source route policy rules:

/sbin/ip rule show
0:  from all lookup 255
32762:  from 4.3.2.8 lookup nic0
32763:  from 192.168.168.155 lookup nic1
32764:  from 192.168.168.155 lookup nic1
32765:  from 4.3.2.8 lookup nic0
32766:  from all lookup main
32767:  from all lookup default



Print out routing tables using /sbin/ip route show table TABLENAME:
routing table  nic0 :
/sbin/ip route show table nic0
default via 4.3.2.1 dev eth0

routing table  nic1 :
/sbin/ip route show table nic1
default via 192.168.168.1 dev eth1

routing table  main :
/sbin/ip route show table main
4.3.2.1/27 dev eth0  proto kernel  scope link  src 4.3.2.8
192.168.168.0/24 dev eth1  proto kernel  scope link  src 192.168.168.155
169.254.0.0/16 dev eth1  scope link
default via 192.168.168.1 dev eth1

routing table  default :
/sbin/ip route show table default




NOTES: cat /etc/iproute2/rt_tables to get your own table names.

ping Maintainer YOSHIFUJI Hideaki / USAGI/WIDE Project
 http://www.skbuff.net/iputils/
Mailing List net...@vger.kernel.org

man ping:
   -I interface address
Set source address to specified interface address.
Argument may be *numeric IP address or name of device*.
When  pinging  IPv6  link-local  address  this option is required.

ping -V returns the latest available on CentOS and Fedora and the
maintainers website:
ping utility, iputils-ss020927
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Resolv.conf with multiple adaptors on multiple networks

2009-10-09 Thread Rob Townley 
On Fri, Oct 9, 2009 at 10:39 AM, ML  wrote:
> Hi All,
>
> I did a clean install of CentOS 5.3 yesterday. During setup I
> activated both adapters on startup. etho is my public IP and eth1 is
> my private/internal IP.
>
> It did not let me specify nameservers though.
>
> So I know this is resolv.conf.
>
> I know I put in:
> nameserver xxx.xxx.xxx.xxx
> nameserver xxx.xxx.xxx.xxx
>
> But how do I put in nameservers for specific networks? Example, I want
> my public IP to resolve to the comcast name-servers top get out to
> things like Google. I want internal to default to my internal DNS once
> I have it setup.
>
> -Jason
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

i second what the others have said, but you can specify nameservers
for each nic in their
/etc/sysconfig/network-scripts/ifcfg-ethX file.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Caught between a Red Hat and a CentOS

2009-10-19 Thread Rob Townley 
On Mon, Oct 19, 2009 at 3:45 PM, Joseph L. Casale
 wrote:
>>which is about as useful as Microsoft Windows support... is it broken?
>>"reinstall windows"
>
> FFS, this attitude amongst opensource guys that MS is the devil and are
> trying to murder your family or  sabotage your life is such BS.
>
> Take the Tin Foil Hat off and settle down, MS support is easily on par w/
> or *the* best support there is.

i don't believe the statement lambastes MS because "is about as
useful" means about the same.

Remember that windows integration website ( don't remember the name
but related to nLite and ryanvm) shutdown by Microsoft - it made a
great deal of news because they had scripts to take out annoyances
such as balloons popping up in the taskbar.  MS lawyers had them
disbanded.  MS Tech Support asked customers to wipe and reinstall, but
when the "Wireless Networks Found" balloon didn't pop up, they knew
some things had been changed in the windows installation because they
just had the customer wipe and reinstall.  The point i believe the
original poster was making is that "wipe-n-reinstall" is very very
very common everywhere even at MS.

i have been running NT since 3.0? / 3.1 and wondered why anything but
NT ever came out.  i don't think MS is evil but i have wasted too much
time swapping legitimate MS Office CDs when there were multiple MS
Office versions installed.

It takes way too much time to install a windows system from scratch,
configure how you want it,  and then install all the apps on top and
then all the updates and then all the updates to the apps ad nauseam.
Oh, you want to image that harddrive now?  Well you get 3 attempts
with sysprep and then you start all over - no thanks.

There is no comparison to 'yum -y update' -- i have wasted way too
much of my life updating software, hunting down product keys (the COA
on the pc case is hidden under the lock or on a misplaced cd).  In
fact,  depending on which method you get to the 2008R2 activation
screen it will not take your key.  Dealing with proprietary phone tech
support regarding software bugs that i could fix myself  if i had the
code - it is demeaning.  In that world, you rarely have an opportunity
to talk to the programmer, let alone a good tech.

Filing a bug report in Bugzilla and getting a response from one of the
programmers directly responsible - that has happened to me in open
source.  Never happened once as a Win32 developer and user.  There
really is no long lasting great tech support except open source along
with the skill and intelligence we have ourselves and shared over the
internet.  i am more independent that way.  i have more freedom that
way.  i have more time.

>
> I maintain both Linux/Unix and Windows machines, and since high school days
> I have been using PSS and there is nothing like it. They have have *ALWAYS*
> fixed everything but one issue I have had, where that one issue I resolved
> before them.
>
> Spreading your FUD reflects on _you_ not MS.
>
> I love Linux (and prefer to toil in this forest) but don't preach that anti-ms
> crap, its utter malarkey.
>
> Geesh...
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] full-fledge PDF editor for Linux

2009-10-20 Thread Rob Townley 
On Tue, Oct 20, 2009 at 10:59 AM, Boris Epstein  wrote:
> On Tue, Oct 20, 2009 at 10:36 AM, Boris Epstein  wrote:
>> Hi all,
>>
>> Does anybody know of an editor that can do on Linux what Acrobat /
>> Acrobat Pro can do on Mac/Windows? I have tried to use the PDF Import
>> extension to the Open Office which appears barely functional - at
>> least it is so slow as to be almost impractical. I have also tried
>> pdfedit under Linux which seems to work fine but seems to have rather
>> limited functionality. For instance, the capability to make bookmarks
>> or to search through the whole document (as opposed to the current
>> page) seems to be missing there.
>>
>> Any tips much appreciated.
>>
>> Cheers,
>>
>> Boris.
>>
>
> Hi again,
>
> Just to update you on the situation: the best solution I have found
> thus far is a commercial but cheap one named PDFStudio (
> http://www.qoppa.com/psindex.html ). Prices are under US $100. Seems
> to be doing all we need (much like the Adobe Acrobat Pro ).
>
> Boris.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Acrobat isn't easy to use either.  i find it kinda clunky and not
intuitive.  Maybe it is the nature of vector graphics and text.

InkScape for graphics imports / exports pdf.
The SVG can be edited in theory in a text editor because it is XML.

ps2pdf  <-->   pdf2ps

xhtml2ps | ps2pdf
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Caught between a Red Hat and a CentOS

2009-10-21 Thread Rob Townley 
On Tue, Oct 20, 2009 at 6:47 AM, Joseph L. Casale
 wrote:
>>Remember that windows integration website ( don't remember the name
>>but related to nLite and ryanvm) shutdown by Microsoft - it made a
>>great deal of news because they had scripts to take out annoyances
>>such as balloons popping up in the taskbar.  MS lawyers had them
>>disbanded
>
> For a good reason, because silly non-admins where using nlite in a corporate
> environment? WTF, if you take all of RHELS rpms and recompile them in an
> unsupported manor then call for help, what do you think they will do?
>
> You have got to be kidding me, ms should just support anything anyone wants
> to do? Sigh...

The point was that there were at least thousands of publicly
documented instances of the first line of support was to wipe n
reinstall.  Should users have to wait 9 years to get some balloons
turned off?  The changes were registry key changes documented by MS,
not exactly recompiles.

No, i don't think MS should have to support nLite modifications, but
wouldn't the money spent on lawyers have been better spent on giving
customers what they wanted.  And when one stops and thinks about src
rpms .

>
>>It takes way too much time to install a windows system from scratch, configure
>>how you want it,  and then install all the apps on top and then all the 
>>updates
>>and then all the updates to the apps ad nauseam. Oh, you want to image that
>>harddrive now?  Well you get 3 attempts with sysprep and then you start all
>>over - no thanks..
>
> Well, if you need some guidance on how to do this, I would be willing to help.
> Even at home I use RIS/WDS and deploy almost all of my apps to windows lab 
> vm's
> with GPO's. So, unfortunately yes, I do *completely* automated deployments 
> that
> setup all my apps and even pre-populate some settings at the push of F12. When
> I didn't have this knowledge, I never assumed Bill was an a$$hole, I took the
> time to learn it. Same with Linux, when I never had kickstart knowledge and
> couldn't automate my CentOS deployments, I never assumed KB or the CentOS devs
> were scumbags, I took the time to learn it:)

'yum repolist' lists 19,107 packages i can install in a heartbeat.
How many 3rd party apps do you actually install?How many windows
packages do you have to spend _time_ repackaging with a $1500 and
$more windows MSI installer package to get it pushed out correctly
with standard gpos?  For the non MSI apps, how long did it take to
contact the developer and hunt down the parameters to answer yes,yes,
product-key=XXX-ZG123-56787-01l1l1Il (r those ones, letter i, letter
L, zeros?).

i never thought of Bill in a negative light.  i didn't downgrade to
WinXP and deployed WinVista except to all but my workstations.   A MS
technical account executive is giving a breakfast security meeting in
6 hours where i live on why patch management is a big problem that
will NOT be going away.   Maybe MS will come out with something akin
to yum.repos app store, but it will never have all the proprietary
software you will need and oh yeah - it will cost money over and over.

>
> Guess what, now I can do both! Wow...

Guess what, i can too.How many families can afford the licensing
fees for a windows server at home?  Why not use OCSinventory-ng or
FreeGhost?  Winner?

>
> This useless thread will never end, FOSS guys have their sh!t in a knot over
> MS for reason of which I have my own opinions. Bottom line is, I work with 
> both
> and quit successfully get equivalent uptimes and QOS with both. Many guys do 
> it,
> it's possible. I met one of the guys who did the barnes and noble setup at an 
> msdn
> conference, I guess that successful setup wasn't the result of competent guys
> who actually knew their sh!t and did a good job, but just dumb luck. Mama 
> always
> said if I could be smart or lucky, it was better to be lucky:)

You may even get longer uptimes with MS, but how much time do you have
to spend patching all those 3rd party applications?   All those apps
developed by the vast majority of developers that believe that if
their install process is half as good as MS Office, we're golden.
Those other users of MSDN that still require their users to have full
admin privs bc that is how we developed the software because the MS
developer tools required Administrator privileges to compile the exe?
Those same MSDN developers that do not see anything wrong with web
browsing with admin privileges.  i have been using NTFS permissions
since the mid 90's and just last Friday had to explain to one of our
vendor's overpaid, MSDN reading C# experts the concept of 'Least
Privilege'.

i have read and enjoyed many of your posts Joe, consider unwinding
some of those knots, the cussing doesn't help.

>
> jlc
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.o

Re: [CentOS] full-fledge PDF editor for Linux

2009-10-21 Thread Rob Townley 
On Tue, Oct 20, 2009 at 9:25 PM, MHR  wrote:
> On Tue, Oct 20, 2009 at 5:14 PM, Rob Townley  wrote:
>>
>> Acrobat isn't easy to use either.  i find it kinda clunky and not
>> intuitive.  Maybe it is the nature of vector graphics and text.
>>
>> InkScape for graphics imports / exports pdf.
>> The SVG can be edited in theory in a text editor because it is XML.
>>
>> ps2pdf  <-->   pdf2ps
>>
>> xhtml2ps | ps2pdf
>
> I have had problems with ps2pdf - a lot of the time it just plain
> fails, especially if the output is fancy-formatted (like dual
> columns).
>
> OpenOffice can export its documents as pdfs, which can provide a lot
> of the functionality, but as for editing an existing PDF, I don't know
> of a cheap, simple solution.  Acrobat is probably the best, and it's
> expensive (by my budget framework).
>
> mhr
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

i am having problems with ps2ascii tonight - wonder if ghostscript
versions are clobbering one another.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help! i want to clone my Centos machine to another box..

2009-10-22 Thread Rob Townley 
On Thu, Oct 22, 2009 at 3:06 AM, RoLaNd RoLaNd  wrote:
> Hello all,
>
> i've spent the last week trying to find something that will clone my
> existing Centos server to a more powerful box.
> i've used clonezilla though that resulted in a complete failure..

You used the CloneZilla Live CD?

CloneZilla Server and DRBL Server are entirely different and can be
difficult.  But CloneZilla _LiveCD_ is easy.


Tell us more about your RAID config.  It is not software raid is it?
Not sure if any cloning system can work to clone software raid unless
you have completely identical set of drives in both and then you would
not be doing disk level cloning, but file level cloning.
What kind of raid do you have?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bypass Hung Applications At Boot So System Can Complete The Boot Process

2009-10-25 Thread Rob Townley 
On Sun, Oct 25, 2009 at 3:23 PM,   wrote:
> During boot, you'll see (for a real brief moment), something to the effect
> "press I for interactive startup...".
> A few seconds after pressing it, you will be prompted to load services with
> a y/n.
> Once in Ubuntu, I entered rescue mode by entering grub startup options at
> the command prompt, namely single user mode but I can't recall exactly how I
> did this  I imagine it would apply to any Linux distro.
> For me, sendmail and other network services (not NFS though) took forever to
> load because of fubar'd network stuff.
>
> On Oct 25, 2009, at 1:01 PM, Mathew S. McCarrell wrote:
>
> On Fri, Oct 23, 2009 at 12:12 PM, Kemp, Larry 
> wrote:
>>
>> I have a CentOS system that is hanging at boot. Sendmail takes forever
>> (and a few other apps hang as well...mainly network apps). This has proven
>> in the pas to be a NIC misconfiguration or a network issue. I think that is
>> what it is on this one too. Is there a way when I see an app haning at boot
>> to make the server stop trying to load the hung app and bring the OS up into
>> the GI so that I get to fixing it? Thanks in advance.
>>
>> Larry Kemp
>> Network Engineer
>> U.S. Metropolitan Telecom, LLC
>> ___
>
> If your having network apps hang, I would take a look at your /etc/hosts
> file and make sure it is correct.  I've had an issue in the past with
> sendmail hanging during boot and an incorrect /etc/hosts file was the cause.
>
>
> Matt
>
> --
> Mathew S. McCarrell
> Clarkson University '10
>
> mccar...@gmail.com
> mccar...@clarkson.edu
> 1-518-314-9214
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

i seem to recall similar situation and the netplugd helped but in my
case it was because the Cat5 cable was unplugged or the switch was
powered off.  i am not sure why it isn't on by default, maybe
NetworkManager was supposed to take over the responsibilities of
Netplugd, but clearly failed.  ifconfig would say eth0 was UP even
though it was not plugged-in.  Since netplug daemon has been running,
ifconfig hasn't lied again.

IIRC, all i did to turn it on and enable it was, but you may have to
yum it down first:
chkconfig netplug on
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] administering an MS Windows partition under Linux

2009-11-07 Thread Rob Townley 
On Fri, Nov 6, 2009 at 1:21 PM, Boris Epstein  wrote:
> Hi all,
>
> If I have a dual-boot machine (Linux and Windows) would I have any
> good tools under Linux that would allow me to look at the content of
> the Windows boot partition, administer it, clean up the registry,
> remove viruses if any, etc? The Windows installation seems to be so
> defective as to be quite useless so I am trying to think of a good
> strategy for dealing with the situation.
>
> Thanks in advance for any and all advice.
>
> Boris.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

The Helix LiveCD for forensics does registry editing, av scans, ...
i would be surprised if SysRescCD doesn't give you registry editing as well.
f-prot cd for virus scans as well.
Not to mention the rootkit detection cds.

Make sure you update the virus definitions after boot up with the live cds.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] again, nic driver order

2009-11-29 Thread Rob Townley 
On Sat, Nov 28, 2009 at 2:55 PM, Ross Walker  wrote:
> On Nov 28, 2009, at 3:10 PM, Les Mikesell  wrote:
>
>> Tom H wrote:
>> Digging around google a bit more I came up with different rules,
>> and
>> fingers crossed, they seem to work!
>> SUBSYSTEM=="net", SYSFS{address}=="00:1b:21:4d:c3:e8", NAME="eth0"
>> # pro/1000gt
>> SUBSYSTEM=="net", SYSFS{address}=="00:e0:81:b5:7a:30", NAME="eth1"
>> # internal 1
>> SUBSYSTEM=="net", SYSFS{address}=="00:e0:81:b5:7a:31", NAME="eth2"
>> # internal 2
>>>
 Don't touch udev, expecting admins to write udev rules for network
 interface binding is just not realistic. Udev rules are meant to be
 static across hardware reconfigurations while ifcfg files are
 meant to
 be modified to suit your current configuration.
>>>
 Use HWADDR="00:1b:21:4d:c3:e8" in the ifcfg files along with
 NAME=eth0
 for eth0 and so on.
>>>
>>> I read a while ago that udev overrode ifcfg-* settings so I did a
>>> clean install of 5.4 and changed:
>>> ifcfg-eth0 to ifcfg-eth9 (file name)
>>> eth0 to eth9 (inside the file)
>>> the last number of the HWADDR line
>>
>> Do you mean that you changed the HWADDR line so it no longer matched
>> the actual
>> nic mac address?  In that case, you shouldn't expect it to work.
>>
>>> The nic came up as eth0 with the old/original mac address after a
>>> reboot.
>>>
>>> So we unfortunately have to write udev rules when we have nic
>>> naming problems...
>>
>> I think the ifcfg-eth? files work when they match the nic mac
>> addresses.  They
>> may have to all match for any of them to work, though.  I've seen
>> some cases
>> where they all get renamed with a .bak extension and new ones are
>> created but I
>> don't know what triggers that.
>
> Usually a new kernel that forces a regeneration of the hwconf.
>
> There was a kernel update maybe the move from C4 to C5 which caused
> grief with Dell hardware, where it reversed the order Broadcom devices
> are detected, still does and needs manual swapping around after install.
>
> -Ross
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

NIC ordering is a problem. Some say it is the multi cpu, some say bad
BIOS, some say MAC address ordering is better, some say PCI bus
enumeration is better.  The netdev mailing list has had a long running
discussion on this issue.  The CTO of Dell and members of HP along
with others are / were active participants.  Part of the problem is
that an alias name may not be available to the kernel.

Dell has their own software to bring determinism to NIC ordering.
http://linux.dell.com/papers.shtml

One of Dell's programmers has proposed changing Anaconda to let you
choose at installation time the NIC naming convention:

We have been having discussions in the netdev list about creating
multiple names for the network interfaces to bring determinism into
the way network interfaces are named in the OSes. In specific, "eth0
in the OS does not always map to the integrated NIC Gb1 as labelled on
the chassis".

http://marc.info/?l=linux-netdev&m=125510301513312&w=2 - (Re: PATCH:
Network Device Naming mechanism and policy)
http://marc.info/?l=linux-netdev&m=125619338904322&w=2 - ([PATCH]
udev: create empty regular files to represent net)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] again, nic driver order

2009-11-29 Thread Rob Townley 
On Sun, Nov 29, 2009 at 10:57 AM, Les Mikesell  wrote:
> Rob Townley wrote:
>>
>> NIC ordering is a problem. Some say it is the multi cpu, some say bad
>> BIOS, some say MAC address ordering is better, some say PCI bus
>> enumeration is better.  The netdev mailing list has had a long running
>> discussion on this issue.  The CTO of Dell and members of HP along
>> with others are / were active participants.  Part of the problem is
>> that an alias name may not be available to the kernel.
>>
>> Dell has their own software to bring determinism to NIC ordering.
>> http://linux.dell.com/papers.shtml
>>
>> One of Dell's programmers has proposed changing Anaconda to let you
>> choose at installation time the NIC naming convention:
>>
>> We have been having discussions in the netdev list about creating
>> multiple names for the network interfaces to bring determinism into
>> the way network interfaces are named in the OSes. In specific, "eth0
>> in the OS does not always map to the integrated NIC Gb1 as labelled on
>> the chassis".
>>
>> http://marc.info/?l=linux-netdev&m=125510301513312&w=2 - (Re: PATCH:
>> Network Device Naming mechanism and policy)
>> http://marc.info/?l=linux-netdev&m=125619338904322&w=2 - ([PATCH]
>> udev: create empty regular files to represent net)
>>
>
> Do any of these approaches help with the scenario where you want to clone a
> system across many identical machines including future additions where you 
> don't
> know the MAC addresses yet, and you'd like the remote operator to be able to
> insert a drive and have it come up with the right interfaces on the right
> network connections?  This was possible in Centos 3.x, but not in 5.x.
>
> --
>   Les Mikesell
>    lesmikes...@gmail.com
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Yes Les.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NetworkManager constantly overwriting /etc/resolve.conf - how to disable?

2009-11-30 Thread Rob Townley 
On Mon, Nov 30, 2009 at 2:27 AM, Rudi Ahlers  wrote:
> On Mon, Nov 30, 2009 at 1:56 AM, Robert Heller  wrote:
>
>>
>> You either
>>
>> A) Don't have NetworkManager installed on the other servers
>> (eg 'rpm -q NetworkManager' yields 'package NetworkManager is not installed')
>>
>> OR
>>
>> B) Don't have NetworkManager running on the other servers
>> (eg '/sbin/chkconfig NetworkManager --list' yields
>> 'NetworkManager 0:off   1:off   2:off   3:off   4:off   5:off   6:off')
>>
>>>
>>>
>>>
>>
>> --
>> Robert Heller             -- 978-544-6933
>> Deepwoods Software        -- Download the Model Railroad System
>> http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
>> hel...@deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/
>>
>> ___
>
>
> Thanx Robert, so it's safe to remove NetworkManager then? I have done
> so, and will see if any issues arise. The only files that was removed
> is:
>
> Removing:
>  NetworkManager                                  i386
>             1:0.7.0-9.el5                              installed
>                       3.3 M
>  NetworkManager                                  x86_64
>             1:0.7.0-9.el5                              installed
>                       3.4 M
> Removing for dependencies:
>  NetworkManager-glib                             i386
>             1:0.7.0-9.el5                              installed
>                       154 k
>  NetworkManager-glib                             x86_64
>             1:0.7.0-9.el5                              installed
>                       161 k
>
>
>
>
> --
> Kind Regards
> Rudi Ahlers
> CEO, SoftDux Hosting
> Web: http://www.SoftDux.com
> Office: 087 805 9573
> Cell: 082 554 7532
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

i uninstall NetworkManager as well, but i would think you have bigger
problems since it appears you have both the 64bit and 32bit versions
of software installed?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Learning some sad things about the state of IPv6

2008-05-29 Thread Rob Townley 
On Thu, May 29, 2008 at 10:53 PM, Matt Shields <[EMAIL PROTECTED]> wrote:

> On Thu, May 29, 2008 at 11:43 PM, Christopher Chan
> <[EMAIL PROTECTED]> wrote:
> > Robert Moskowitz wrote:
> >>
> >> We have kernel support for IPv6 in Centos, but not stateful firewall
> >> support.
> >>
> >> That requires at least the 2.6.20 kernel, which means Fedora Core 6 or
> >> some other Linux distro.
> >>
> >> None of the various free Linux firewalls have IPv6 support.  Supposedly
> >> FWBuilder can manage Netfilters for a Linux Kernel, but that seems to be
> the
> >> extent of it.
> >>
> >> More sad facts as I uncover them.
> >
> > Just use openbsd. We cannot expect Linux to rule everything. Use what
> best
> > fits the job.
>
> Not sure about FC6, but in both CentOS 4 & 5 there is an ip6tables.  I
> haven't used it, but I'm assuming that you can build rules just like
> you do with iptables.
>
> --
> -matt
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

My dd-wrt web page has a IPv6 checkbox, but don't know what it does.  i am
shunning IPv6 bc securing the private side of a NAT is hard enough.
Securing IPv6 seems much much much tougher.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Trouble brewing in dmesg... any ideas?

2008-06-18 Thread Rob Townley 
dmesg > dmesg.log

or

cd /var/log/
ls -lat | more

i liked the old days when dmesg, /var/log/messages and other syslog stuff
was displayed automatically on a tty console.  I tried a softlink from
/var/log/messages to tty9, but didn't have any luck.  Would it require a tee
or a mod to dmesg?

On Wed, Jun 18, 2008 at 6:38 PM, Tim Nelson <[EMAIL PROTECTED]> wrote:

> Unfortunately I can't see the top of the errors as there are too many...
> :-( I'll throw a console on it and start logging. Is anyone else seeing this
> sort of activity? I'm running the latest stock kernel available using yum
> from the repos. I'm not using any additional repos(rpmforge, epel, etc...)
> and I don't have any custom compiled modules. This box is a fresh
> installation running bind, apache, and mysqld.
>
> Tim Nelson
> Systems/Network Support
> Rockbochs Inc.
> (218)727-4332 x105
>
> - Original Message -
> From: "nate" <[EMAIL PROTECTED]>
> To: centos@centos.org
> Sent: Wednesday, June 18, 2008 6:19:07 PM GMT -06:00 Guadalajara / Mexico
> City / Monterrey
> Subject: Re: [CentOS] Trouble brewing in dmesg... any ideas?
>
> Tim Nelson wrote:
>
> > There are others with various app names besides vi including httpd,
> named,
> > sftp-server, etc..  Is this an imminent hardware failure? Do I have
> kernel
> > issues? I've checked the system with lm_sensors and temps are perfectly
> > normal. Also, performance and operation seems to be fine. Even with these
> > errors, my services are running without any hiccups. HELP! :-)
> >
>
> Would need to see the full error but it sounds like a kernel oops. For
> me at least the useful info would be at the top of the error which wasn't
> included in your email.
>
> Worst case, configure your system with a serial console and capture the
> error using a terminal emulator on another machine plugged into your
> serial console.
>
> nate
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What will the upgrade to 5.2 be like?

2008-06-19 Thread Rob Townley 
On Thu, Jun 19, 2008 at 7:44 AM, Johnny Hughes <[EMAIL PROTECTED]> wrote:

> Robert Moskowitz wrote:
>
>> I have a few servers that I really have to build already.  Got to buckle
>> down and get it done; no more waiting for 5.2 as a 'reason' to put it off
>> for another day.
>>
>> I will be building a local repository for 5.2 as soon as the ISOs are
>> posted (well as soon as my 768Kb DSL link will allow), so what am I looking
>> at for the 'cost' of the upgrade?
>>
>
> 5.2 should be here by Monday(6/23) or Tuesday(6/24)
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>


Will likewise-open and the likewise-open-gui be available in a repository?
If not, how would one go about getting it added?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What will the upgrade to 5.2 be like?

2008-06-19 Thread Rob Townley 
Why do distributions put in very old versions of Firefox - 1.5   when 2.0
has been out for a year or more and 3.0 was just released.

On Thu, Jun 19, 2008 at 2:25 PM, Lanny Marcus <[EMAIL PROTECTED]>
wrote:

> On 6/19/08, Johnny Hughes <[EMAIL PROTECTED]> wrote:
> 
> > 5.2 should be here by Monday(6/23) or Tuesday(6/24)
>
> I'm looking forward to upgrading to 5.2!   If for nothing else, for
> the newer version of Mozilla Firefox. The current version (1.5.0.12)
> crashes, very frequently, at web sites I use.  The brain dead version
> of Konqueror (3.5.4-15) is much more stable than this version of
> Firefox. Everyone will, hopefully, BACKUP, before they do this
> upgrade!
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What will the upgrade to 5.2 be like?

2008-06-19 Thread Rob Townley 
Security > Stability when it comes to web browsers and i wonder if 1.5 is
more secure than 2.14.  i wonder when 1.x will not have security patches
anymore.  rh must document that somewhere and i will have to find it.

On Thu, Jun 19, 2008 at 3:08 PM, Lanny Marcus <[EMAIL PROTECTED]>
wrote:

> On 6/19/08, Rob Townley <[EMAIL PROTECTED]> wrote:
> > Why do distributions put in very old versions of Firefox - 1.5   when 2.0
> > has been out for a year or more and 3.0 was just released.
> >
> Rob: This distribution, is for the Enterprise (where the majority of
> installations are on Servers) and the priorities are Stability and
> Security and a Long Life, and not "the latest and greatest", that you
> would find in Fedora Core or Ubuntu, 2 examples among many
> distributions. The drawback here is that we are slow to get new stuff,
> but that is intentional. Lucky here, that Upstream is including some
> much newer stuff, in v.5.2! :-) Lanny
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cannot unmount volume "xxx"

2008-06-22 Thread Rob Townley 
2008/6/21 李晖 <[EMAIL PROTECTED]>:

> Hi all:
> I am using Centos 5.1. But now I have a problem when unmount a
> removable usb hard disk with right click and choose unmount volume command.
> When I did that, system reminds me with a message like this:Cannot unmount
> volume "xxx", Detail: Cannot remove directory, "xxx" represents a temporary
> directory made when the system auto mount the disk in /media, and "xxx" is
> simple-chinese. But in fact, the volume has been removed because there're no
> files or folder in xxx.
> Because the file system type of the hard disk is NTFS, I install
> ntfs-3g and add a script named "mount.ntfs" in /sbin, the content of the
> script is
> #!/bin/sh
> export LANG=zh_CN.UTF-8
> exec /sbin/mount.ntfs-3g "$@"
> I googled this problem for many days and didn't find any way to solve
> this problem. Maybe it is a bug. I hope someone can help me. Thank you.
> --
> Sunny Lee
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

You may want to double check that all of your CTRL-ALT+Fx virtual consoles,
screen sessions, and Konqueror windows do not have a folder open on the
external usb drive.  For instance, could you have forgotten that in the
CTRL-ALT+F1 console, you cd'd into /media/sda1/ ???

i also second the lsof -a command.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Directory compare

2008-06-22 Thread Rob Townley 
On Sun, Jun 22, 2008 at 11:47 PM, Spiro Harvey, Knossos Networks Ltd <
[EMAIL PROTECTED]> wrote:

> I would like to do the same among two, several boxes, that is take thier
>> dir
>> listing to a certain depth, and compare it for differences as an integrity
>> check that they have the same installation files?
>>
>
> then, maybe run a find to extract all filenames, then feed each one into
> sha1sum or md5sum to get a list of checksums. rinse and repeat on other
> server, then compare the two resulting sets of data.
>
> I can't think of a single tool to do this all rolled into one.
>
>
> --
> Spiro Harvey  Knossos Networks Ltd
> 021-295-1923www.knossos.net.nz
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


it may be much faster to use du or df from / to narrow down where the
culprits are.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

2008-07-09 Thread Rob Townley 
why not use the dig command to query your isp dns system to see if
they forward requests to opendns.  By the way, OpenDNS is a great way
to help prevent phishing attacks.

Lastly, you should use this opp to create a opendns signon, this will
give you control over your dns request options.  You could block any
domain via dns quikly.

On 7/8/08, Lanny Marcus <[EMAIL PROTECTED]> wrote:
> On 7/8/08, Bill Campbell <[EMAIL PROTECTED]> wrote:
>>
>> On Tue, Jul 08, 2008, Lanny Marcus wrote:
>> >I believe this is completely OT, but I want to be positive. I have a
>> > fully
>> >up to date CentOS 5.2 box. During the past week, when surfing with
>> > Firefox
>> >(and today, while testing with Konqueror), frequently, especially when
>> > DNS
>> >is slow,  I am seeing references to opendns.com  At times, I end up on
>> >opendns.com web pages, instead of at the web site I'm trying to get
>> to.  My
>> >ISP, the phone company, claims this is not coming from their end and that
>> >they are not using opendns.com. I was told they have two (2) DNS servers.
>> I
>> >haven't changed anything in my IPCop Firewall/Router box and my belief is
>> >that this is coming from my ISP or upstream from there. . If using
>> >opendns.com  is something new in CentOS 5.2, please let me know. TIA.
>>
>> I would suggest that you set up your own caching dns server, and don't
>> depend on your ISP's.
>
>
> We use dnscache from djbdns, avoiding BIND (Buggy Internet Name Daemon).
>
>
> Interesting idea! I will read the IPCop documentation, to see if I can do
> that on my IPCop box.
> If not, I'm interested in SME Server, if that will do the job. What I don't
> like about SME Server is that their documentation isn't available for
> download. I like to have local documentation on my hard drive. My strong
> belief is that this is coming from my ISP, but they claim I'm the only one
> with this problem. I can't imagine that it would be coming from the OS and
> nothing has changed in my IPCop box. ISP's like to claim that  problems
> are on the users end, rather than on their end. Once or twice, I've pointed
> out a problem to a previous ISP, been told there was no problem, and then
> later, they tell me that yes, they had a problem The phone company is
> the best ISP I have had, so far, and they seem to be "pro active" and
> usually they fix problems, without me calling them, which I truly appreciate
> and respect.
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: OT: [centos] open source inventory system with invoicing and serial no tracking

2008-07-11 Thread Rob Townley 
On Fri, Jul 11, 2008 at 3:56 AM, david chong <[EMAIL PROTECTED]> wrote:
> Dear All,
>
> Sorry, cause this is OT.
>
> I am asking this for my client, they hope to find a simple open source
> web base software with invoicing and serial no tracking, preferably if
> can generate continuous serial no by its own.
>
> Thanks in advance.
>
> David
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

That is essentially built into MySQL / phpMyAdmin
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Iptables not blocking UDP port 53

2008-07-11 Thread Rob Townley 
On Fri, Jul 11, 2008 at 7:03 PM, Johnny Hughes <[EMAIL PROTECTED]> wrote:
> Sean Carolan wrote:
>>
>> I'm attempting to block access to port 53 from internet hosts for an
>> internal server.  This device is behind a gateway router so all
>> traffic appears to come from source ip 10.100.1.1.  Here are my
>> (non-working) iptables rules:
>>
>
> If it is behind a gateway router, how is port 53 traffic getting from the
> internet to that DNS server in the first place.
>
> Also ... IF you are PORT FORWARDING port 53 from the internet to the DNS
> server, then the SOURCE IP will not be the IP of the forwarding device, but
> the IP of the machine making the request.
>
> If this device is really behind a firewall why are you even forwarding any
> traffic to it from port 53 in the first palce?
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Assuming a SOHO LinkSys firewall preferably with dd-wrt alternative firmware.
Are you sure this DNS Server is not in the DMZ?
Are you sure the port isn't opened under the UPnP section?  It is
conceivable that mDNS / AVAHI  with a UPnP router automatically open
this port on the firewall.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ideas for stopping ssh brute force attacks

2008-07-21 Thread Rob Townley 
On Mon, Jul 21, 2008 at 4:11 PM, Dan Carl <[EMAIL PROTECTED]> wrote:

>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Behalf Of Bo Lynch
> > Sent: Monday, July 21, 2008 3:43 PM
> > To: centos@centos.org
> > Subject: [CentOS] Ideas for stopping ssh brute force attacks
> >
> >
> > just wanted to get some feedback from the community. Over the last few
> > days I have noticed my web server and email box have attempted to ssh'd
> to
> > using weird names like admin,appuser,nobody,etc None of these are
> > valid users. I know that I can block sshd all together with iptables but
> > that will not work for us. I did a little research on google and found
> > programs like sshguard and sshdfilter. Just wanted to know if anyone had
> > any experience with anything like these programs or have any other
> advice.
> > I really appreciate it.
> >
> > --
> > Bo Lynch
> >
> Just change the default port.
> You can also limit the allowed nocks on door with iptables, but changing
> the
> port is much eaieer.
> Cleans up the logs real nice.
> Dan
>
>
>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



PortKnocking - ports appear closed until the correct knock on the ports.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.2 release: a thank you

2011-12-21 Thread Rob Townley 
+2

On Wed, Dec 21, 2011 at 12:29 PM, Paul Heinlein  wrote:

> On Wed, 21 Dec 2011, Louis Lagendijk wrote:
>
> > I would like to express my appreciation for the unbelievably quick
> > release of Centos 6.2. Thanks a million! You managed to release 6.2
> > some 10 days after 6.1. Johnny, you are not that ugly after all :-).
>
> +1
>
> --
> Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] LZMA for CentOS 5.3 repository or source or rpm

2009-06-08 Thread Rob Townley 
i need lzma compression for CloneZilla, but have not found it in any
CentOS repository.  The Finnish website was down and when up, it does
not do much english.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Windows Vista Tablet PC linux alternative

2009-06-12 Thread Rob Townley 
On Fri, Jun 12, 2009 at 11:17 AM, Tosh wrote:
> Sorin Srbu wrote:
>> That sounds about right. You get a textbox to write in and it will dump the
>> input to whatever editor you set?
> Yes, it can dump the text to anything where you can use a normal keyboard.
>
>>> xournal, is a good replacement for onenote, but doesn't have the
>>> conversion handwriting to text
>>
>> Don't know about Onenote. Is that part of the text input in Vista Tablet or
>> something?
> It is a part of office, m$ distributes it freely to students at our
> university, so all my friends use it, I convert their notes to pdf and
> enjoy with xournal
>
> --
> Toshaan  - http://www.toshaan.be
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Just FYI,

While setting up CloneZilla on CentOS, i noticed that the Colorado
School of mines uses Ubuntu on TabletPCs extensively and even modified
a wacom driver for a 2007 version of Ubuntu.  They also have a guide
on imaging using drbl / CloneZilla.
http://ticc.mines.edu/csm/wiki/index.php/Imaging_Guide

Modified Wacom Driver:
http://ticc.mines.edu/csm/wiki/index.php/Custom_Tablet_Software

http://ticc.mines.edu/csm/wiki/index.php/Tablet_PC_Resources
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] good small registrar?

2009-06-24 Thread Rob Townley 
GoDaddy switched to all windows servers according to NetCraft.com.
Look at NoDaddy.com

On Tue, Jun 23, 2009 at 8:16 PM, fmb fmb wrote:
> networksolutions is another good/pricey option...you can get good cs service
> if you called them, yet I prefer godaddy
>
> On Wed, Jun 24, 2009 at 3:22 AM, Eugene Vilensky 
> wrote:
>>
>> Greetings,
>>
>> What are some  registrars that members of this list have had good
>> experience with?  I was stepping through the godaddy checkout process, and
>> being opted-in to a dozen different upsell features just left a bad
>> impression.  But I have no clue who else to go with.
>>
>> -Eugene
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Set hostname via DHCP ?

2009-06-28 Thread Rob Townley 
# i do NOT have any kind of use-host-decl-names on; entry.  Do you use
dnsmasq or dhcpd?
# /etc/dhcpd.conf   Not sure if a dnsmasq entry would be the same anymore.
host babasse {
hardware ethernet 00:0d:61:ae:6b:8f;
fixed-address 192.168.1.249;
option host-name
"PutClientHostNameHereNotSureIfItHasToBeSameAsAbove-babasse";
}

#Don't remember what happens when a linux client machine has already
been configured.
#But know for a fact that all pxe booted and live linux booted and
Windows Vista and WinXP
#machines use the hostname from the dhcpd entry.

On Sun, Jun 28, 2009 at 10:38 AM, Niki Kovacs wrote:
> Hi.
>
> I just setup one of my machines as a DHCP server. I'd like it to handle
> the hostnames of clients. Don't know if this is an orthodox thing to do
> (feel free to add your comments :oD). Here's the server's relevant lines
> of dhcpd.conf:
>
> --8<---
> ...
> # Envoyer les noms d'hôtes aux clients
> use-host-decl-names on;
>
> # Adresses statiques
> host babasse {
>   hardware ethernet 00:0d:61:ae:6b:8f;
>   fixed-address 192.168.1.249;
> }
> --8<---
>
> Now the question is: how should the configuration look like on the
> client side, so the hostname gets effetively fetched from the DHCP
> server? During the initial install, I assigned hostnames manually to
> every machine.
>
> Cheers,
>
> Niki Kovacs
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Linux WYSIWYG HTML Editors

2009-06-28 Thread Rob Townley 
On Sun, Jun 28, 2009 at 4:48 PM, Ned Slider wrote:
> Lanny Marcus wrote:
>> I have KomPozer installed, but after using M$ FrontPage for years,
>> KomPozer looks like it is going to have a learning curve and I want to
>> get away from FrontPage and Windows.  I know Mark (MHR) uses
>> SeaMonkey. Wondering if there is anything else I can use on Linux that
>> is easier on a FrontPage user. I found this article:
>>  when I
>> googled. Recommendations?  TIA!
>
> What's wrong with your favourite text editor and preview in Firefox?
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

It always seemed to me that the only logical reason for FrontPage to
purposely mess up the tag order was in the hopes that someday M$ would
be the only ones capable of detangling it.  Without FrontPage
generating such messy html, i think you will find hand editing
html/xhtml/xml to be not so difficult.  O'Reilly's Head First HTML css
and xhtml is a good book. http://www.headfirstlabs.com/books/hfhtml/

eclipse and some plugins as documened here:
http://web-design.lovetoknow.com/Eclipse_HTML_Editor
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] server is always getting hacked

2009-06-29 Thread Rob Townley 
On Mon, Jun 29, 2009 at 9:00 AM, Sander Snel wrote:
> On 06/27/2009 09:21 PM, Mag Gam wrote:
>
> sane and simple security management for linux systems:
> 1. only open ports in iptables which are being used, if possible with
> source address or source network.
> 2. use hosts.allow/deny rules for services if applicable, this adds
> another layer of security.
> 3. check logs often, use a central loghost
> 4. SSH: no root login, only dedicated users, only dedicated source
> addresses, only key based access or kerberized access, no standard port

PortKnocking so the open port changes continuously.

and / or

tinc-vpn / hamachi so the port is only open to another member of your
tinc network.  Since there there are hundreds-of- thousands or
millions of infected web servers out there serving up malicious
drive-by javascript, use noscript on any machine connected to a
server.

Reemphasize watching cms (joomla and the like) plugins.



> 5. enable SELinux
> 6. use some kind of intrusion detection, like aide (standard in centos)
> or snort
> 8. use fail2ban to deny ipaddresses with several failed login attempts
> within a short period of time
> 9. clear your shell's history on logout
> 10. use sudo instead of su -
> 11. check bastille.org for hardening
> 12. check center for internet security for benchmarks, they provide very
> detailed information for hardening servers ( csisecurity.org )
> 13. use chattr -i for several key configuration files, so they cannot be
> changed or deleted
>
> this should get you started, good luck
>
> Sander
>
>> WE have a centos 5.3 install, and our server is keep getting hacked.
>> We see load averages of 500+ and see people from all over the world
>> logging into our server (used last).
>>
>> Is there a good place to start to avoid these kinds of things?
>>
>> For example, here is what I already did.
>>
>> Open up sshd port only
>> setup iptables to only accept port 80 and 22
>> No FTP
>> No other ports are allowed according to IP Tables.
>>
>>
>> I am not sure what else measures I can take. Can someone please assist?
>>
>> TIA
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dhcp question

2009-07-08 Thread Rob Townley 
On Wed, Jul 8, 2009 at 5:55 PM, Karanbir Singh wrote:
> On 07/08/2009 11:46 PM, John R Pierce wrote:
>> for your use, dnsmasq would do nicely.   with the rpmforge repo
>> configured...
>
> whats wrong with the dnsmasq already included in C5 ? ( I am guessing
> the target is c5 )
>
>>      # yum install dnsmasq
>>      # chkconfig dnsmasq on
>>      # service dnsmasq start
>
> Why not just use the caching-nameserver ?
>
> --
> Karanbir Singh : http://www.karan.org/  : 2522...@icq
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

There are db based nameservers such as MyDNS or djbdns or pdns.
MySQL db replication can replicate zones to other machines and it has
an web interface option.

pdns is authoritative only, not caching.  pdns-recursor is caching.

yum search pdns for ldap, db, geo,  and i thought a web interface.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there an openssh security problem?

2009-07-10 Thread Rob Townley 
On Fri, Jul 10, 2009 at 9:33 AM, Peter Kjellstrom wrote:
> On Friday 10 July 2009, Rob Kampen wrote:
>> Coert Waagmeester wrote:
> ...
>> > it only allows one NEW connection to ssh per minute.
>> >
>> > That is also a good protection right?
> ...
>> Not really protection - rather a deterrent - it just makes it slower for
>> the script kiddies that try brute force attacks
>
> Basically it's not so much about protection in the end as it is about keeping
> your secure-log readable. Or maybe also a sense of being secure...
>
> It's always good to limit your exposure but you really have to weigh cost
> against the win. Two examples:
>
> Limit from which hosts you can login to a server:
>  Configuration cost: trivial setup (one iptables line)
>  Additional cost: between no impact and some impact depending on your habits
>  Positive effect: 99.9+% of all scans and login attempts are now gone
>  Verdict: Clear win as long as the set of servers are easily identifiable
>
> Elaborate knocking/blocking setup:
>  Configuration cost: significant (include keeping it up-to-date)
>  Additional cost: setup of clients for knocking, use of -p XXX for new port
>  Positive effect: "standard scans" will probably miss but not air tight
>  Verdict: Harder to judge, I think it's often not worth it
>
> Other things worth looking into are, for example, access.conf (pam_access.so)
> and ensuring that non-trivial passwords are used.
>
> my €0.02,
>  Peter
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Virtual Networks are such as tinc-vpn.org or hamachi create an
encrypted network only accessible to members of the virtual network.
So if your server's virtual nic has an address of 5.4.3.2, then the
only other host that may see your server would be your laptop with
address 5.4.3.3.  No other internet hosts would even see 5.4.3.2...
It is like IPSec, but much easier.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCI modems

2009-07-23 Thread Rob Townley 
HylaFax.org's list of Analog/POTS SoftModems has a list of winmodems
mixed in with  just plain software.  (Digital Modems are for ISDN / T1
phone circuits, not home).  So you may want to ask their mailing list
and chat room.


Keeping in mind that hardware that works for one type of softmodem
project (voice) may not work for another (faxing).  Linux Gazette has
an article on a $10 dollaer Linux Answering Machine that says that
"Intel 537-based modem (softmodem)" works.  A "PCI slot that does not
share interrupts" is very important bc it will generate thousands of
interrupts.

External modems allow you to reset the modem without resetting the entire pc.

On 7/23/09, RedShift  wrote:
> Hi all,
>
>
> I'm currently searching for a PCI modem that will be used to receive faxes.
> I've tried out a few modems but they all use conexant chipsets, which need
> out-of-tree kernel drivers and currently doesn't work here (kernel oops when
> the installation script modprobes the driver).
>
> Does anyone know of a PCI modem that works out of the box with in-tree
> kernel drivers?
>
>
> Thanks,
>
>
> Glenn
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need help on start samba

2009-07-23 Thread Rob Townley 
Why?  IIRC, I think the term is  ready for this    *Open Source *

Further, the samba project has added a great deal more than what is in
the standard RPMs.

On 7/23/09, Tom Brown  wrote:
>


>>> what rpm did you use for this install?
>>>
>> ---
>> He did not use an rpm so he is on his on. He used the source tarball.
>>
>>
>
> one would wonder why
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need help on start samba

2009-07-23 Thread Rob Townley 
On Thu, Jul 23, 2009 at 3:08 AM, Tran Van Hung wrote:
> Hi!
>
> Thank for reply.
> But before I insalled samba by hand, as follow:
> -download samba source (.tar.gz)
> -unrar with tar command
> -build with ./configure
> -install with make
>
> -Then I configure /etc/samba/smb.conf by vi.
> -Then I create users with password.
>
> Issue I met when start samba as I wrote before:
>
> r...@maychu1 home]# /etc/rc.d/init.d/smb start
>
> Pls!
>
> Thank you & Best Regards,
>
> --
> Tran Van Hung
> IT Department
> REX HOTEL
> 141 Nguyen Hue Blvd, Ho Chi Minh City, Vietnam
> Tel:(84-8)38292185 or (84-8)38293115
> Fax:(84-8)38296536
> Email: tvhun...@yahoo.com.vn
> Website:http//www.rexhotelvietnam.com
> **
> Cell Phone: 0983908262
> YM and Skype: tvhungsg
>
> 
> From: Kwan Lowe 
> To: CentOS mailing list 
> Sent: Wednesday, July 22, 2009 10:09:55 PM
> Subject: Re: [CentOS] Need help on start samba
>
>
>
> On Wed, Jul 22, 2009 at 10:52 AM, Tran Van Hung 
> wrote:
>>
>> Hello all!
>>
>> I have met inform as following. I see that no smb on init.d folder.
>>
>> [r...@maychu1 home]# /etc/rc.d/init.d/smb start
>> bash: /etc/rc.d/init.d/smb: No such file or directory
>>
>> Pls help me how to have smb on init.d folder? Thank you.
>>
>> Thank you & Best Regards,
>
> You probably do not have the samba package installed. You can do:
>
> rpm -q samba
>
> If no packages are listed, do:
>
> yum -y install samba
>
> This will install the samba package which contains the /etc/rc.d/init.d/smb
> script.
>
> Instead of running the script directly, it's easier to do:
>
> service smb start
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>


Attached are RPM based /etc/init.d/smb and /etc/init.d/winbind which
are the text based shell scripts used to do things such as:
service smb start
service smb stop
service smb status

Of course, these are the RPM based ones which may have assumptions
that are not compatible with your source based version unless you edit
them.  Let me know if it works.
If you haven't done a "man chkconfig", you may want to do that as well.

Don't forget the testparm command which checks /etc/samba/smb.conf for
proper syntax.

i believe the list blocks attachments, so i cced you on it directly.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Concerned 3 im clients were installed as dependencies.

2009-07-30 Thread Rob Townley 
Worried, ran yum -y update expecting to get the bind update but am
concerned as to why the following instant messaging packages were
installed as dependencies.  All of the following are instant messaging
related except cyrus-sasl.

Jul 30 17:00:49 Installed: cyrus-sasl-md5-2.1.22-4.i386
Jul 30 17:00:49 Installed: meanwhile-1.0.2-5.el5.i386
Jul 30 17:00:50 Installed: libsilc-1.0.2-2.fc6.i386
Jul 30 17:00:54 Installed: libpurple-2.5.5-3.el5.i386
Jul 30 17:00:58 Installed: libpurple-perl-2.5.5-3.el5.i386

Did anybody else notice the install of im clients on practically
headless non-gui systems?
Any explanation?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Concerned 3 im clients were installed as dependencies.

2009-07-30 Thread Rob Townley 
On Thu, Jul 30, 2009 at 5:27 PM, Christoph Maser wrote:
> Am Freitag, den 31.07.2009, 00:21 +0200 schrieb Rob Townley:
>> Worried, ran yum -y update expecting to get the bind update but am
>> concerned as to why the following instant messaging packages were
>> installed as dependencies.  All of the following are instant messaging
>> related except cyrus-sasl.
>>
>> Jul 30 17:00:49 Installed: cyrus-sasl-md5-2.1.22-4.i386
>> Jul 30 17:00:49 Installed: meanwhile-1.0.2-5.el5.i386
>> Jul 30 17:00:50 Installed: libsilc-1.0.2-2.fc6.i386
>> Jul 30 17:00:54 Installed: libpurple-2.5.5-3.el5.i386
>> Jul 30 17:00:58 Installed: libpurple-perl-2.5.5-3.el5.i386
>>
>> Did anybody else notice the install of im clients on practically
>> headless non-gui systems?
>> Any explanation?
>
> We observed something similar. On some systems automatic update
> installed kernel-xen-devel on some of our systems. Seems like the yum
> repository metadata was broken at some point in time.
>
> Chris
>
>
> financial.com AG
>
> Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | 
> Germany
> Frankfurt branch office/Niederlassung Frankfurt: Messeturm | 
> Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
> Management board/Vorstand: Dr. Steffen Boehnert (CEO/Vorsitzender) | Dr. 
> Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach
> Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden 
> (chairman/Vorsitzender)
> Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID 
> number/St.Nr.: DE205 370 553
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Gosh, i miss Munich at this time of year.  Wish i was eating a roasted
chicken in the Chinese Pavillion right now!

Thanks.  Maybe i am being paranoid but Rootkits sending back their
loot via im isn't uncommon and this internet facing system is due for
a harddrive wipe anyway.  But after yum clean all and uninstalling all
the new im clients, then rerunning yum update resulted in no updates
found.  So that is good news.

Thank You Karanbir, Kwan, and Christoper.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Embedded Question

2009-08-01 Thread Rob Townley 
dynebolic.org LiveCD

KnoppMyth

On 8/1/09, Jason Pyeron  wrote:
>
>
>> -Original Message-
>> From: centos-boun...@centos.org
>> [mailto:centos-boun...@centos.org] On Behalf Of Victor Padro
>> Sent: Saturday, August 01, 2009 18:18
>> To: CentOS mailing list
>> Subject: Re: [CentOS] Embedded Question
>>
>> On Sat, Aug 1, 2009 at 4:59 PM, Joseph L.
>> Casale wrote:
>> > A friend asked me to setup an embedded appliance with an RO
>> root for
>> > minimal maintenance to primarily stream shoutcast out to an amp.
>> >
>> > The only thing I knew that might do this is iMedia Linux, but the
>> > project is practically dead with little to no activity. Is
>> it possible
>> > to do something like this with CentOS?
>> >
>> > Doesn't seem to be much info on the
>> /etc/sysconfig/readonly-root file.
>
> Googled it:
>
> http://people.redhat.com/dmalcolm/stateless/
>
>> >
>> > Anyone know a good place to get info on this? I would rather use
>> > CentOS if possible as I also want to use this a
>> firewall/vpn for them
>> > and that would be easy and reliable w/ CentOS.
>> >
>> > Thanks!
>> > jlc
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > http://lists.centos.org/mailman/listinfo/centos
>> >
>>
>> Hi Joseph,
>>
>> Maybe it's not what you are looking for but there is a
>> project named freenas which can provide a itunes server,
>> uPnP, torrent server, among other things and it's based on
>> m0n0wall(as pfSense is).
>>
>> http://www.freenas.org
>>
>>
>> Greetings.
>>
>> --
>> Linux User #452368
>> Ubuntu User #28025
>>
>> "Doing a thing well is often a waste of time."
>> --
>> --
>> //HP Mini 2GB 60GB - Windows XP/Ubuntu Jaunty //Core 2 Duo
>> 2.40Ghz 8GB 500GB - Windows 7/Ubuntu Jaunty //Core 2 Duo
>> 2.40Ghz 8GB 320GB - MacOS Leopard //Athlon 64 2.7Ghz 8GB
>> 400GB - CentOS 5.3 //Core 2 Duo 1.86Ghz 8GB 1TB - Proxmox 1.3
>> //Celeron 1.8Ghz 2GB 160GB - pfSense
>> //NSLU2 266Mhz 32MB 1TB - Debian Lenny
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
>
>
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> -   -
> - Jason Pyeron  PD Inc. http://www.pdinc.us -
> - Principal Consultant  10 West 24th Street #100-
> - +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
> -   -
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> This message is copyright PD Inc, subject to license 20080407P00.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] xrdp in EPEL

2009-08-15 Thread Rob Townley 
xrdp is a service that allows you to use mstsc or rdesktop to view
your Linux desktop from afar.

xrdp is packaged for Fedora and EPEL

http://koji.fedoraproject.org/koji/packageinfo?packageID=9026

now you can just type yum -y install xrdp to install it.

it's also available in EPEL repo (for redhat enterprise and centos)

https://fedoraproject.org/wiki/EPEL/FAQ#howtouse

I have only installed from source, haven't tried this rpm.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to tell if I've been hacked?

2009-08-23 Thread Rob Townley 
On Sat, Aug 22, 2009 at 6:07 PM, Bill Campbell wrote:
> On Sat, Aug 22, 2009, Dave wrote:
>>On Sat, Aug 22, 2009 at 6:49 AM, Bill Campbell wrote:
>>> I review daily reports from over 50 systems every morning, checking changes
>>> found, usually taking no more than 10 minutes a day.  The key is to keep
>>> the reports simple, and to make updating easy (and to have procedures that
>>> monitor systems to be sure they's still alive and reporting in).
>>
>>So how do you track the inevitable changes? Not saying you can't, just
>>curious. For me, when I look at a batch of changes, some of them are
>>obviously stuff I've done, other stuff not so obvious. I also filter
>>reports through a script that sort of does a diff and makes an attempt
>>to limit the boilerplate. Sometimes it is a bit too terse.
>
> First off, we don't allow automatic updates on most systems, much
> preferring to do them manually making it pretty easy to refresh
> the comparison database immediately after the update is complete.
> The odds that a cracker will get in and do their dirty deeds
> while this are going on are pretty low, and can probably be
> ignored.
>
> We handle pretty much all server stuff under the OpenPKG portable
> package management system so things like spamassassin, amavisd,
> clamav, and postfix are not the distribution versions, but those
> from OpenPKG (which are generally updated more quickly then the
> distribution's).  A typical occurrence will be that we get an
> e-mail saying that clamav is out of date from the nightly
> freshclam update, I will pick up the new sources, update the
> OpenPKG SRPM for it, and deploy it 40 or so systems running it,
> and expect to see a corresponding set of notices the next morning
> that files under clamav have changed.
>
> The clusterssh program makes this sort of thing much more efficient
> as one can execute shell commands on multiple systems simultaneously.
>
>>> We create a file system initially, the same size as ``/'', and make a copy
>>> of ``/'' in it identical except for the /etc/fstab entry.  This is not
>>> mounted in normal operations, but the system can be booted from it to get
>>> to a clean system.
>>
>>Wow, elaborate. How do you protect this file system from intruders?
>>Exterrnal and powerred off?
>
> That's one way to do it.  We also run a fair number of Linux
> servers under VMware so periodic snapshots and backups simplify
> the task.
>
> I have not seen many successful cracks of Linux boxes that we
> have configured from scratch.  Some basic things can be done to
> minimize the chances of cracks.
>
>   + Create the baseline for intrusion detection tools before putting the
>     syste on line, and monitor it daily.
>
>   + Configure openssh to refuse password authentication requiring
>     authorized_keys access.
>
>   + Configure openssh with tcp_wrappers support, restricting access by IP
>     address and/or domain names.  I consider this absolutely mandatory if
>     one needs to all username and password authentication.
>
>   + Use fail2ban or similar techniques to quickly block IP addresses that
>     are found probing the system (don't forget to look at POP and IMAP
>     logs for failed login attempts).
>
>   + Use /bin/false as the standard shell for accounts that don't have good
>     reason for shell access.  This does not affect e-mail or most services
>     that a typical ISP customer needs.
>
>   + Use OpenVPN for access.  This works well even when in hotels with NAT
>     firewalls, and is not easily hacked anonymously.
>
>   + Restrict access of webmin and usermin to local networks so they are
>     not vulnerable to outside attack.  These services are available to
>     people outside connecting with OpenVPN.

Cross Site Attacks (CSRF, XSS) make webmin very vulnerable in this
scenario.  It is a bad idea to use a single browser.  If in Firefox,
you already logged in to webmin and browse to a malicious site (many
reputable sites unknowingly have malicious javascript -- see
HoneyNet), the malicious site could do nasty things via webmin or any
other internal webserver.  Yes, NoScript may help, but NoScript has to
be updated daily and Firefox restarted.

The best practice is to Install three separate browser application
such as Epiphany or Dillo  and only use this for internal websites.
Use Firefox for email.  Use Chrome for everything else.  The idea is
to have completely separate processes using completely separate memory
and harddrive locations.

I don't think there are many malicious variants of InvisibleThings's
BluePill or BlueChicken, but if a malicious variant can elevate itself
to become the Hypervisor, then all of your virtual machines could be
monitored by a HyperKit -- rootkit in the hypervisor.  Again, i don't
know if there are many malicious in-the-wild versions of bluepill, but
if just one malicious vmware image is uploaded to the Amazon EC2, then
every other VM on that same hardware at Amazon can be controlled by a
hyperkit.  InvisibleTh

Re: [CentOS] RPMforge.net down

2009-09-22 Thread Rob Townley 
On Tue, Sep 22, 2009 at 9:26 PM, Hugh E Cruickshank  wrote:
> Hi All:
>
> It appears that the RPMforge.net site is down. Can someone confirm
> and possibly advise when it might be expected back?
>
> TIA
>
> Regards, Hugh
>
> --
> Hugh E Cruickshank, Forward Software, www.forward-software.com
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

yes, it appears down from here in Omaha on cox.net.  Tried to also use
that website that tests whether a 3rd party machine is up but it is
NOT   http://downformeoreveryone.com/  because that is now a porn
site!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Best location in filesystem to have a samba share

2010-08-26 Thread Rob Townley 
The next time they buy a camera memory card, recommend to them to buy
an eye.fi card (it is uLinux based).
Set all the cards to store in MMDD format.
Set up your own ftp server to receive the uploads directly from the camera.

Even though the eye.fi SD memory card runs uLinux itself, eye.fi does
not provide Linux applications.
There are supporting applications for Linux with the most
comprehensive list here:
http://tech.groups.yahoo.com/group/EyeFiHacking/

Hope this is not too off-topic in mentioning a product, but it has a
great deal of promise in helping the OP handle user input, ftp solves
a number of problems, and it is Linux based.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Routing of outgoing packets

2010-11-21 Thread Rob Townley 
2010/10/1 Mitja Mihelič :
>
> On 09/30/2010 05:02 PM, John Doe wrote:
>> From: Mitja Mihelič
>>> I am trying to use hping to chek the latency of our network.
>>> Somehow things are not going to plan and I thought someone might be able
>>> to shed some light on the subject.
>>> Here is the setup:
>>> (the IP addresses gvien here are fake, but they do represent the correct
>>> state of the networking setup)
>>> vlan      interface      IP                      mask
>>> V2        eth0           192.168.20.20    32
>>> V4        eth1           172.16.4.40        32
>>> V6        eth2           172.16.6.60        32
>>>
>>> The default route is set to eth1.
>>> The idea is to use eth2 for pinging only, the other two interfaces are
>>> used by another service and management access.
>> Could you show the ifconfig and route outputs...?
>>
>> JD
> The Centos version is 5.5.
>
> This is the kernel we are using
> (http://rpms.mcnc.org/web100/el5/distro-compat/i386/):
> 2.6.18-164.15.1.el5.web100PAE #1 SMP Mon May 17 17:01:51 EDT 2010 i686
> athlon i386 GNU/Linux
>
> The IP addresses are presented as private addresses, netmasks are real.
>
> Here is the ifconfig output:
> [r...@server ~]# ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:16:35:82:45:A0
>           inet addr:192.168.254.236  Bcast:192.168.254.239
> Mask:255.255.255.240
>           inet6 addr: fe80::216:35ff:fe82:45a0/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:139602 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:58914 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:211203420 (201.4 MiB)  TX bytes:4285647 (4.0 MiB)
>           Interrupt:186 Memory:dc00-dc012800
>
> eth1      Link encap:Ethernet  HWaddr 00:16:35:82:45:A2
>           inet addr:192.168.254.244  Bcast:192.168.254.247
> Mask:255.255.255.248
>           inet6 addr: fe80::216:35ff:fe82:45a2/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:15 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:1130 (1.1 KiB)  TX bytes:1116 (1.0 KiB)
>           Interrupt:194 Memory:da00-da012800
>
> eth2      Link encap:Ethernet  HWaddr 00:15:17:C5:84:4D
>           inet addr:192.168.254.18  Bcast:192.168.254.23
> Mask:255.255.255.248
>           inet6 addr: fe80::215:17ff:fec5:844d/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:29 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:2280 (2.2 KiB)  TX bytes:1236 (1.2 KiB)
>           Memory:dfde-dfe0
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:21 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:4240 (4.1 KiB)  TX bytes:4240 (4.1 KiB)
>
>
> And the route command output:
> [r...@server ~]# route -n
> Kernel IP routing table
> Destination      Gateway          Genmask          Flags Metric Ref
> Use Iface
> 192.168.18.122   192.168.254.225  255.255.255.255  UGH   0      0
> 0 eth0
> 192.168.254.16   0.0.0.0          255.255.255.248  U     0      0
> 0 eth2
> 192.168.254.240  0.0.0.0          255.255.255.248  U     0      0
> 0 eth1
> 192.168.18.160   192.168.254.225  255.255.255.240  UG    0      0
> 0 eth0
> 192.168.254.224  0.0.0.0          255.255.255.240  U     0      0
> 0 eth0
> 192.168.1.64     192.168.254.225  255.255.255.192  UG    0      0
> 0 eth0
> 192.168.1.128    192.168.254.225  255.255.255.128  UG    0      0
> 0 eth0
> 169.254.0.0      0.0.0.0          255.255.0.0      U     0      0
> 0 eth2
> 0.0.0.0          192.168.254.241  0.0.0.0          UG    0      0
> 0 eth1
>
> --
> Mitja
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

This may be too late, but came across this searching for my old
iproute conversations.
Each NIC needs its own "source based route" otherwise, it will use the
sytem wide default route.
In other words, add "nic specific default routes" in addition to the
"system wide default route".

Once you have nic specific source routes, you may notice a big
difference between the following two seemingly identical commands:
ping -I eth2 208.67.222.222
ping -I 192.168.x.y  208.67.222.222
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Win2000 / Win2003 ADS dnsHostName and servicePrincipalName

2008-08-18 Thread Rob Townley 
Sharing my experience with SSO of Linux clients to Active Directory.

Over the last 2 years or so, i had a great deal of trouble getting and
_keeping_ authentication to our Win2000/Win2003 Active Directory system
working from OpenSUSE and CentOS clients.  ADS authentication would work
until reboot, a few days, a month max.  We'll see how long this lasts.

Another problem was dealing with the fact that i setup dns in AD using
aMixedCaseDomain.com name.  Had to add all variants to the [realms] and
[domain_realm] names to /etc/krb5.conf.  snslatc.hp.com, snslatc.HP.com,
SNSLATC.HP.COM ...

Over the weekend i gave up on CentOS and tried Fedora because Fedora
repositories have SaMBa 3.2, but CentOS only has 3.0.   SaMBa 3.2 supports
sasl sign and seal (hashing and encryption) and supports NTLMv2 better and
using winbind with ADS.

Still had problems with Fedora.  Since i had to change the hostname in the
middle of the process and update krb5.conf as mentioned above and i noticed
that somehow dNSHostName in Active Directory was set to
"HOST/localhost:localdomain" which clearly cannot be correct.  So i used
SysInternals LDAP Explorer (ADExplorer.exe) to change the entry in
ActiveDirectory to remove any reference to localhost.  Unless i changed
/etc/hosts to not have rmonster in
"127.0.0.1 localhost.localdomain localhost rmonster", deleted from WinAD and
rejoined.

dNSHostName: rmonster.snslatc.hp.com
servicePrincipalName: CIFS/rmonster.snslatc.hp.com
servicePrincipalName: CIFS/rmonster
servicePrincipalName: HOST/rmonster.snslatc.hp.com
servicePrincipalName: HOST/rmonster

Is the line "servicePrincipalName: CIFS/rmonster.snslatc.hp.com" only
required when you want your Linux box shares to show to other clients
(Windows)?

Successfully joined and authenticating using Fedora, but really want to use
CentOS and have group policy support from likewise.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Win2000 / Win2003 ADS dnsHostName and servicePrincipalName

2008-08-18 Thread Rob Townley 
On Mon, Aug 18, 2008 at 4:50 PM, David Miller <[EMAIL PROTECTED]> wrote:

> We've had good luck with this approach:
> http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/
>
> Basically using the Windows 2003 R2 schema extensions (as opposed to SFU)
> and Identity Management for Unix mmc.
>
>
> On Mon, Aug 18, 2008 at 4:17 PM, BlackHand <
> [EMAIL PROTECTED]> wrote:
>
>> nate wrote:
>>
>>> Rob Townley wrote:
>>>
>>>  Over the weekend i gave up on CentOS and tried Fedora because Fedora
>>>> repositories have SaMBa 3.2, but CentOS only has 3.0.   SaMBa 3.2
>>>> supports
>>>> sasl sign and seal (hashing and encryption) and supports NTLMv2 better
>>>> and
>>>> using winbind with ADS.
>>>>
>>>
>>> Rebuild the samba src rpms on CentOS?
>>>
>>> I gave up on integrating windows+(insert any OS here) integration years
>>> ago,
>>> not worth the headaches.
>>>
>>
>> less headaches
>>
>> use Services For Unix in your AD.
>>
>> if you need winbind, use the samba rpms from Sernet.
>>
>> http://enterprisesamba.org/
>>
>> almost all my nightmares with integrations with AD+winbind was resolved
>> with this ones.
>>
>> --
>> Black Hand
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
i forgot about EnterpriseSamba - thanks for the link.  Maybe i wont compile
on CentOS because EnterpriseSamba has a repository now - *
http://ftp.sernet.de *for Yum, debs, and YaST.   Fedora seems to be working
fairly well, but i won't really trust it until i have put it thru about 2
months of use.

Scott Lowe also has an article on Win2003R1.  (A license to Win2003R1 does
not give you a license to Win2003R2 - It has to be purchased.)  There are so
many more comments and user experiences on his blog now - thanks for the
link.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [Request] mod_auth_ntlm_winbind

2008-08-18 Thread Rob Townley 
On Mon, Aug 18, 2008 at 5:18 PM, Morten Nilsen <[EMAIL PROTECTED]> wrote:

> http://adldap.sourceforge.net/wiki/doku.php?id=mod_auth_ntlm_winbind
>
> I have built an rpm for my own use, by grabbing the source files from
> sambas' web interface to cvs.
> It would be real neat to have it packaged and available through yum.
>
> --
> Cheers, Morten
> :wq
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

One of the other users posted about EnterpriseSamba.com.  Their repository
is at *http://ftp.sernet.de
http://ftp.sernet.de/pub/services/samba/README.txt

Haven't tried it myself.  Then again, you are referring to using AD
Authentication in a web browser, but i would think their package would
eliminate some of the steps, anyway.


*
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [Request] mod_auth_ntlm_winbind

2008-08-19 Thread Rob Townley 
On Tue, Aug 19, 2008 at 5:34 PM, Morten Nilsen <[EMAIL PROTECTED]> wrote:

> Rob Townley wrote:
>
>> One of the other users posted about EnterpriseSamba.com.  Their repository
>> is at *http://ftp.sernet.de
>> http://ftp.sernet.de/pub/services/samba/README.txt
>>
>> Haven't tried it myself.  Then again, you are referring to using AD
>> Authentication in a web browser, but i would think their package would
>> eliminate some of the steps, anyway.
>>
>
> I'm uncertain as to what you are talking about, but, yes what I am doing is
> using NTLM to get seamless logon to web servers from clients that are logged
> into AD.
>
> This is working quite fine, and there was little I had to do on CentOS,
> I basically only installed mod_auth_ntlm_winbind, and everything was fine
> and dandy..
>
> There was one little issue though, I had to turn on keepalive in httpd.conf
>
> --
> Cheers,
> Morten
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


Morten, i may have mixed up the conversations.  I had just posted about
wanting a SaMBa 3.2 package for CentOS.  This would make it so that the user
could logon to a XWindows/SSH Linux workstation using MS Active Directory
Services credentials.

You are talking about getting your CentOS server to check credentials by
verifying with ADS.  Your users are likely on Windows machines.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Is there a way to save the routing table permanently?

2008-08-19 Thread Rob Townley 
On Tue, Aug 19, 2008 at 11:32 AM, ABBAS KHAN <[EMAIL PROTECTED]> wrote:

> Thanks Bob for the additional tip :)
>
>
>
>
>
> On Tue, Aug 19, 2008 at 9:28 AM, Bob Beers <[EMAIL PROTECTED]> wrote:
>
>> IIANM, you can also use /etc/sysconfig/network-scripts/route-eth*, no?
>>
>> Take a look at /etc/sysconfig/network-scripts/ifup-routes script.
>>
>> -Bob
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
How many NICs?
SELinux?

When you have SELinux, two NICs each that would use two different gateways,
system-config-network is worthless whether using the GUI or text based one.
The route will not stay permanent.  ifup would not process either route.ethX
nor ethX.route - at least not enough for it to show in route.  Had to set
the routes in /etc/rc.local.   Of course, you can't set two default
gateways, but you can add two routes via something like the following:

route add -net 0.0.0.0 netmask 0.0.0.0 gw a.b.c.ddev eth0
route add -net 0.0.0.0 netmask 0.0.0.0 gw w.x.y.zdev eth1
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Is there a way to save the routing table permanently?

2008-08-21 Thread Rob Townley 
On Wed, Aug 20, 2008 at 7:52 AM, Filipe Brandenburger
<[EMAIL PROTECTED]>wrote:

> Hi,
>
> On Wed, Aug 20, 2008 at 01:22, Rob Townley <[EMAIL PROTECTED]> wrote:
> > two NICs each that would use two different gateways,
>
> If you are configuring default gateways on each interface, you are
> probably doing something wrong.
>
> The only reason why you would want to do that is to balance your
> outgoing traffic between the two NICs, and this is better accomplished
> with bonding interfaces.
>

Bonding would defeat my purpose for this.  My registrar requires two dns
servers on two different IP addresses, but i only wanted to use one machine
for now.  The machine has two NICs that connect out through the same cable
modem.  One behind a soho firewall, one direct.


>
> > ifup would not process either route.ethX nor ethX.route
> > - at least not enough for it to show in route.  Had to set
> > the routes in /etc/rc.local.
>
> I fail to see why SELinux would make any difference on that. Can you
> describe your issue better? What is the configuration you tried to set
> up, and why didn't it work? What version of CentOS are you using, 4 or
> 5? What is in /var/log/messages and /var/log/audit/audit.log when you
> try to bring the interface up?


The interfaces would come up, the point was that that system-config-network
would not keep the static information for the two NICs after a reboot.  So
when the machine was rebooted, some part of IP, SM, GW, NS disappeared or
reverted back to DHCP even though it was explicitly set to static.  I was
using CentOS 5.0 / 5.1 when i had most problems.   No entries would have
appeared in the logs.  I modified ifup-route to add logging to it directly
and believe it was never called.  Maybe i will have to upgrade the machine
so i can run both the TUI and GUI more and monitor all files changed by
both.   Further, i turned off NetworkManager to get much further in keeping
static ip setup.

Couldn't tell you much about why seLinux may have caused problems except
that maybe there were mdac labels on files that broke some part of
system-config-network keeping static routes and dns servers.  I just
remember that uninstalling seLinux got me much much further on a different
machine when it came to static settings for multiple NICs.  Much Further.




>
> Regards,
> Filipe
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to save the routing table permanently?

2008-08-22 Thread Rob Townley 
Are you sure this is actually processed?  Do you have a working example for
CentOS 4.x or 5.x?  One that works with two NICS that would use two
different gateways to the internet?  I would like nothing more to get this
to work in a streamlined fashion.

i didn't have success with the /etc/sysconfig/static-routes  file, but maybe
i didn't specify the routes using the correct syntax?

This web page recommends a complete rewrite of the
/etc/sysconfig/network-scripts/ifup-routes script!
http://www.akadia.com/services/redhat_static_routes.html


On Fri, Aug 22, 2008 at 7:58 AM, Stephen Moccio <[EMAIL PROTECTED]> wrote:

>  You can place the statement in /etc/sysconfg/static-routes.
>
>
>
> This file will be used when the network starts up.
>
>
>  --
>
> *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On
> Behalf Of *ABBAS KHAN
> *Sent:* Tuesday, August 19, 2008 9:38 AM
> *To:* CentOS mailing list
> *Subject:* [CentOS] Is there a way to save the routing table permanently?
>
>
>
> I'm adding the default gateway to the route through "route add default gw
> 10.10.10.10" which is also shown in "route -n" but the problem is that as
> soon as I restart the network through /etc/init.d/network restart; the route
> sets to default one...!
> SO, my question is there any way to save the modified route permanently by
> hardcoding the changes?
>
> Thanks.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Is there a way to save the routing table permanently?

2008-08-22 Thread Rob Townley 
On Fri, Aug 22, 2008 at 12:12 PM, RobertH <[EMAIL PROTECTED]> wrote:

>
> Hasn't this been hashed over several times in the past year to the same end
> result?
>
> :-)
>
> It appeared to me the original issue (this time) was being able to do
> primary and secondary dns on one box with different ip addresses because
> the
> registrar needed two different ip addresses when registering a domain.


Actually, the original issue was system-config-network not keeping static IP
information (IP, SM, NS, GW) or at least not throwing a warning.  I guess i
made it digress.


>
> If you must do it at home and you cannot get this solution to work as you
> expect, get a routed subnet on one side.


i can think of many meanings for a "routed subnet" - is it something you buy
from your ISP?


>
>
> or
>
> ...better yet, since both links appear to be residential, ask a buddy with
> a
> colo for for access and make it the primary dns and pull secondary on your
> residential, or get a VPS server or two, or something else...


Actually, it is commercial cable and doable by other systems, so i am not
giving up.  i am going to start with studying "ip rules" as opposed to "ip
routes".  When the same IP configuration is on a laptop connected to both
wireless and Cat5 wired behind two different firewalls, they do not have
this problem.  Granted, these usually use dynamic connections and are not
providing critical services, but it works.  Why not for static
configurations and why doesn't system-config-network at least throw an
warning.


>
>
> Unless it is a pure don't care if down sometimes hobby, having primary and
> secondary dns on last mile residential links, regardless of budget or your
> reliability perceptions, is not particularly wise.
>
>  - rh
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to save the routing table permanently?

2008-08-22 Thread Rob Townley 
On Fri, Aug 22, 2008 at 12:44 PM, Les Mikesell <[EMAIL PROTECTED]>wrote:

> Florin Andrei wrote:
>
>> ABBAS KHAN wrote:
>>
>>> I'm adding the default gateway to the route through "route add default gw
>>> 10.10.10.10 " which is also shown in "route -n" but
>>> the problem is that as soon as I restart the network through
>>> /etc/init.d/network restart; the route sets to default one...!
>>> SO, my question is there any way to save the modified route permanently
>>> by hardcoding the changes?
>>>
>>
>> It would be very nice if the init.d script would allow the sysadmin to do
>> something like "service network saveroutes". I always thought that would be
>> a neat feature.
>>
>
> Routes only work when you can reach the next hop.  That is,  if you try to
> add a route through an interface that is not up, the command will fail and
> the route will not be added.  If you want a route to be added when an
> interface comes up, there is already a place to do that. However, as others
> have pointed out you shouldn't expect multiple concurrent default routes to
> do something useful - but if you have multiple interfaces you can configure
> them both to add default routes and bring only one up at a time.
>
> --
>  Les Mikesell
>   [EMAIL PROTECTED]
>
>
;Are you suggesting the following?
;assume eth1 is a better ISP than eth0
ifdown eth0
ifup eth1
ISP on eth1 goes down
automagically detect down ISP on eth1, so
ifdown eth1
ifup eth0
automagically detect ISP back up on eth1, so
ifdown eth0 again
;That isn't gonna fly.

Looks like nate pointed out the right journal article and looks very
promising.  Will let you know how it goes.

"Source-based routing capabilities are common on high end networking gear,
but they rarely are seen or utilized in server environments. Linux has
excellent but poorly understood source-based routing support. The whole
universe of advanced Linux routing and traffic shaping is well described at
lartc.org."

ip rules and ip route priority are key.




>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Port Scan

2008-08-26 Thread Rob Townley 
On Tue, Aug 26, 2008 at 3:11 PM, Les Mikesell <[EMAIL PROTECTED]> wrote:

> Lanny Marcus wrote:
>
>> I just did a port scan on one of my web sites. Shared Hosting. Looking
>> at ports 1863, 3000 and 3001. Are those ports normally open or
>> something I should file a support ticket about? TIA!
>>
>> Port State Service
>> 21 open ftp
>> 22 open ssh
>> 25 open smtp
>> 80 open http
>> 110 open pop3
>> 143 open imap
>> 443 open https
>> 993 open imaps
>> 995 open pop3s
>> 1863 open msnp
>> 3000 open hbci
>> 3001 open redwood-broker
>> 3306 open mysql
>> 5190 open aol
>> 5432 open postgres
>>
>
>
> Ports are 'open' when you start programs that listen on them.  lsof should
> tell you what those programs are.
>
> --
>  Les Mikesell
>   [EMAIL PROTECTED]
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



If it is shared hosting, maybe he doesn't have root.  But yes lsof and even
better,
netstat -anp | grep -v "^unix"
The -anp has netstat give the Process name along with the port Number for
All services.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

2008-08-26 Thread Rob Townley 
On Mon, Aug 11, 2008 at 11:15 PM, Robert Moskowitz <[EMAIL PROTECTED]>wrote:

> Craig White wrote:
>
>> On Mon, 2008-08-11 at 23:28 -0400, Robert Moskowitz wrote:
>>
>>
>>> Craig White wrote:
>>>
>>>
 On Mon, 2008-08-11 at 21:11 -0400, Robert Moskowitz wrote:


> I am doing some testing and it almost seems as if Firefox 3.0.1 that
> comes with Centos 5.2 is NOT working with IPv6.
>
> Anyone know for sure?
>
> I am getting weird hang behaviours and other just not working things.
>
>
 
 more likely a DNS issue


>>> Name is coded in /etc/hosts
>>>
>>> Of course the fqdn I am using does NOT follow 'standard' TLDs, but it
>>> should NOT be masking that, or would that be a 'security' feature?
>>>
>>>
>> 
>> I have no clue what you are talking about being coded in /etc/hosts...
>>
>> you can check DNS if it returns ipV6 addresses for hosts or if there are
>> snags/delays in trying to resolve names from command line
>>
> p3490.htt is in my /etc/hosts file as something like:
>
> 2701:24:2:1:0:1:2:3   p3490.htt
>
> I can 'ping6 -n p3490.htt'
>
> But putting a url of http//p3490.htt does not work
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
DNS can be real slow when IPv6 is enabled.  For instance the following
firefox delta would speed up firefox on IPv4 connections.  Maybe you need to
turn it on?

Mr Scsi to Omaha
show details Aug 25 (2 days ago)
Reply

You may have already found this, but it helped when I had the same problem.

In firefox type in about:config,
filter for 'ipv6' you should have an entry for network.dns.disableIPv6
right click on it and 'toggle' it to a true value,
restart firefox and see if it helps.


On Mon, Aug 25, 2008 at 12:59 AM, DYNATRON tech <[EMAIL PROTECTED]> wrote:
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

2008-08-27 Thread Rob Townley 
On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz <[EMAIL PROTECTED]>wrote:

>
>
> Rob Townley wrote:
>
>> On Mon, Aug 11, 2008 at 11:15 PM, Robert Moskowitz <[EMAIL PROTECTED]> [EMAIL PROTECTED]>> wrote:
>>
>>Craig White wrote:
>>
>>On Mon, 2008-08-11 at 23:28 -0400, Robert Moskowitz wrote:
>>
>>Craig White wrote:
>>
>>On Mon, 2008-08-11 at 21:11 -0400, Robert Moskowitz wrote:
>>
>>I am doing some testing and it almost seems as if
>>Firefox 3.0.1 that comes with Centos 5.2 is NOT
>>working with IPv6.
>>
>>Anyone know for sure?
>>
>>I am getting weird hang behaviours and other just
>>not working things.
>>
>>
>>more likely a DNS issue
>>
>>Name is coded in /etc/hosts
>>
>>Of course the fqdn I am using does NOT follow 'standard'
>>TLDs, but it should NOT be masking that, or would that be
>>a 'security' feature?
>>
>>
>>I have no clue what you are talking about being coded in
>>/etc/hosts...
>>
>>you can check DNS if it returns ipV6 addresses for hosts or if
>>there are
>>snags/delays in trying to resolve names from command line
>>
>>p3490.htt is in my /etc/hosts file as something like:
>>
>>2701:24:2:1:0:1:2:3   p3490.htt
>>
>>I can 'ping6 -n p3490.htt'
>>
>>But putting a url of http//p3490.htt does not work
>>
>>
>>
>>___
>>CentOS mailing list
>>CentOS@centos.org <mailto:CentOS@centos.org>
>>http://lists.centos.org/mailman/listinfo/centos
>>
>> DNS can be real slow when IPv6 is enabled.  For instance the following
>> firefox delta would speed up firefox on IPv4 connections.  Maybe you need to
>> turn it on?
>>
>
>  You may have already found this, but it helped when I had the same
>> problem.
>>
>> In firefox type in about:config,
>> filter for 'ipv6' you should have an entry for network.dns.disableIPv6
>> right click on it and 'toggle' it to a true value,
>> restart firefox and see if it helps.
>>
>
> Um, as the original poster, I WANT IPv6.  Not make IPv4 lookups faster by
> ignoring  records.
>
> Further testing has IPv6 working just fine.  Thing is when I enable the HIP
> API intercepts, FIrefox does not work.  Like they are doing something
> 'non-standard' with the regualr TCP socket API so that HIP can't slide in
> there.  I tried disabling a number of options, thinking it might be some
> security setting, but if it is, I have not found it.
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


Yep, i fully understood you wanted IPv6.  i just thought you might want to
verify what settings you have for Firefox -- making sure Firefox has turned
on IPv6 dns.

Just curious, what is the motivation for the HIP api stuff, it is not there
by default is it?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unable to install CentOS 5.2 on New HP Intel Core 2 Quad

2008-08-27 Thread Rob Townley 
On Wed, Aug 27, 2008 at 5:23 PM, Spiro Harvey, Knossos Networks Ltd <
[EMAIL PROTECTED]> wrote:
>>
>> They stop on kernel startup when trying to boot the CentOS 5.2 boot CD.
>> It is during ACPI.
>> Fedora 10 Live will not but up either.
>> I am using Fedora 9 from Live and DVD Install to teach a fall class and
it
>> works fine.
>
> Are the CentOS and fed 10 DVDs of a similar type, and different to the DVD
you used with fed 9?
>
> Or is your CentOS on CDs?
>
> A common problem I have is that some DVD drives really don't like some
brands of disc. Some have issues with DVD-R's, some have issues with
DVD+R's, some seem to be completely random.
>
> ymmv, but if the failing discs are the same brand, it's probably your
cheapest quickest solution to reburn on a different brand and see if that
helps.
>
>
> --
> Spiro Harvey  Knossos Networks Ltd
> 021-295-1923www.knossos.net.nz
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

i was very disappointed to find these new machines that don't boot Linux
easily.  i have to wonder if HP received rebates from M$ by making it
difficult to boot Linux on these machines.  These machines have to be noob
proof.  $300.00 less expensive than the same CPU and intel chipset as Dell.

To boot off of a knoppix disc use the boot option *knoppix acpi=off*.
For CentOS, use *linux pci=noacpi,nommconf*.

On HP Compaq Business Desktop Small Form Factor.
dc7800 Core 2 DUO e8400  @ 3.00GhZ
BIOS Version: Hewlett-Packard 786F1 v01.24 3/18/2008.
Mfr# KA607UT#ABA
UPC/EAN# 884420101468
HP Compaq Business Desktop dc7800 - SFF - 1 x Core 2 Duo E8400 / 3 GHz - RAM
2 GB - HDD 1 x 160 GB - DVD±RW (±R DL) / DVD-RAM - GMA 3100
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: HIP - was Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

2008-08-27 Thread Rob Townley 
On Wed, Aug 27, 2008 at 9:50 PM, Robert Moskowitz <[EMAIL PROTECTED]>wrote:

>
>
> Rob Townley wrote:
>
>> On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz <[EMAIL PROTECTED]> [EMAIL PROTECTED]>> wrote:
>>
>>Um, as the original poster, I WANT IPv6.  Not make IPv4 lookups
>>faster by ignoring  records.
>>
>>Further testing has IPv6 working just fine.  Thing is when I
>>enable the HIP API intercepts, FIrefox does not work.  Like they
>>are doing something 'non-standard' with the regualr TCP socket API
>>so that HIP can't slide in there.  I tried disabling a number of
>>options, thinking it might be some security setting, but if it is,
>>I have not found it.
>>
>>
>> Yep, i fully understood you wanted IPv6.  i just thought you might want to
>> verify what settings you have for Firefox -- making sure Firefox has turned
>> on IPv6 dns.
>>
> Default was on.
>
>> Just curious, what is the motivation for the HIP api stuff, it is not
>> there by default is it?
>>
> read the RFCs on HIP:  4423 and 5201-5206.
>
> 4423 provides the justification of HIP and its architecture.  I created HIP
> almost 10 years ago, shortly after (as IPsec co-chair) got the IPsec RFCs
> out.  HIP is much more than an alternative keying protocol for ESP (compared
> to IKE).  It directly addresses secure mobility.  HIP **IS** an important
> change to the TCP/IP architecture; this has been part of its slow
> advancement.  As such it has its own 'native' API:
> http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-05.txt.
>
> I can go into more about HIP if you wish.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


So HIP isn't in any distribution by default or is it?  How does one know?
Would it make sense to include HIP in a Wireless Access Point firmware or a
RADIUS type machine?   Looks interesting, will have to keep it in mind for
wlan sec.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes

2008-08-27 Thread Rob Townley 
On Tue, Aug 26, 2008 at 5:55 PM, Robert Moskowitz <[EMAIL PROTECTED]>wrote:

> Jeff Kinz wrote:
>
>> On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote:
>>
>>
>>> Is there an easy way or anyway to establish a 128 bit encrypted tunnel
>>> between a handful of centos 5.2 boxes?
>>>
>>>
>>
>> In addition the rest of the good info others already posted for you,
>> please remember that "128 bit encryption" doesn't mean anything unless you
>> also specify the encryption scheme being used.
>>
>> A 128 bit encryption scheme may or may not be easily broken depending on
>> which one it is. (Pick a good!)
>>
> Actually 'we' (crypto community) talk about crypto-suites, as you have to
> look at all the pieces involved. If everything is not disclosed (like with
> Skype), then you just don't know where the weakness may be.
>
> SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the suites
> are too weak to talk about), and HIP are all well-rounded security
> protocols. I have worked on all of them.
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



i would look into the HIP stuff.  But also look at the Hamachi like
solutions such as EOIP  - Ethernet Over IP (built into dd-wrt) and tinc-vpn.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to enable bind to listen querys from all my network

2008-08-28 Thread Rob Townley 
On Thu, Aug 28, 2008 at 8:10 AM, Spook ZA <[EMAIL PROTECTED]> wrote:

> Hi Guys.
> I installed BIND 9.3.3rc2 straight off the CentOS 5.1 CDs.
> By default the /var/named/chroot is empty, so all I did was copy the
> cp -R /usr/share/doc/bind-9.3.3/sample/* /var/named/chroot/
> and it inserts a working set of files.
> Editing /var/named/chroot/etc/named.conf shows a sample setup that listens
> on all interfaces
> (which is why I set up the firewall first to block all interfaces) and has
> 3 views (localhost_resolver, internal and external)
> Then it is a simple matter to set up forwarders in the options section for
> caching and off you go.
> Further tweaking should allow you to restrict the interfaces and adding
> zones (master/slave/forward) into the appropriate views
> will allow resolving of internal or domains hosted by the server.
>
> By default there is no "listen-on port" option in the sample file, so it
> listens on the default port (53) on all interfaces.
>
> HTH
> Regards,
>   Andrew.
>

Thanks for the tip ... i knew there had to be an easier way!


>
> On Thu, Aug 28, 2008 at 11:23 AM, Miguel A. Velasco <
> [EMAIL PROTECTED]> wrote:
>
>> Hello all,
>>
>> I´ve installed a proxy Squid in my gateway and a Cache DNS Server with
>> bind. The problem is the server is only resolving is own querys but not
>> the client queries from my company.
>> When I do:
>> $service named start
>> I see in /var/log/messages:
>>
>> starting BIND 9.3.4-P1 -u named -t /var/named/chroot
>> found 1 CPU, using 1 worker thread
>> loading configuration from '/etc/named.conf'
>> listening on IPv6 interface lo, ::1#53
>> listening on IPv4 interface lo, 127.0.0.1#53
>> command channel listening on 127.0.0.1#953
>> command channel listening on ::1#953
>> zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
>> zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
>> zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
>> zone
>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
>>
>> loaded serial 1997022700
>> zone localdomain/IN/localhost_resolver: loaded serial 42
>> zone localhost/IN/localhost_resolver: loaded serial 42
>> running
>>
>> I don´t understand why is only "listening on IPv4 interface lo,
>> 127.0.0.1#53"
>> I have bind-chroot installed with the following options in
>> /etc/named.conf:
>>
>> options {
>>listen-on port 53 { 127.0.0.1; 10.10.80.0; };
>>listen-on-v6 port 53 { ::1; };
>>directory   "/var/named";
>>dump-file   "/var/named/data/cache_dump.db";
>>statistics-file "/var/named/data/named_stats.txt";
>>memstatistics-file "/var/named/data/named_mem_stats.txt";
>>
>>// Those options should be used carefully because they disable port
>>// randomization
>>// query-sourceport 53;
>>// query-source-v6 port 53;
>>
>>allow-query { localhost; };
>> };
>> logging {
>>channel default_debug {
>>file "data/named.run";
>>severity dynamic;
>>};
>> };
>> view localhost_resolver {
>>match-clients  { localhost; };
>>match-destinations { localhost; };
>>recursion yes;
>>include "/etc/named.rfc1912.zones";
>> };
>>
>> Where 10.10.80.0 is my network range. What may I do my server really
>> listen for all my network? Nowadays it´s listenning just itself 
>>
>> Thanks very much for your attention.
>> Miguel A. Velasco
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Compiling v6tun from KAME

2008-09-04 Thread Rob Townley 
On Thu, Sep 4, 2008 at 8:15 AM, Robert Moskowitz <[EMAIL PROTECTED]>wrote:

> I need vtun working over IPv6.  The version from rpmforge does not seem to
> support IPv6 (binds to 0.0.0.0:5000 if I specify binding to the interface,
> and won't let me put in an IPv6 address for address binding).
>
> So I was pointed to the KAME (which does not provide any FC/RHEL support.
>  The person who sent me there provided a makefile that he said works on
> Linux, but did not work for me:
>
> Makefile from KAME:
>
> install_dir = /usr/local/v6/bin
>
> v6tun: v6tun.o
>cc -o $@ $>
>
> install: v6tun
>-rm -f $(install_dir)/v6tun
>install -c -o root -g wheel -m 04710 v6tun $(install_dir)
>
> clean:
>
>
>-rm -f *.o v6tun
>
>
> Makefile from contact:
>
> v6tun: v6tun.o
>
>   gcc v6tun.c v6tun.h -o v6tun
>
> install: v6tun
>
>   -rm -f $(install_dir)/v6tun
>
>   install -c -o root -g wheel -m 04710 v6tun $(install_dir)
>
> clean: 6tun: v6tun.o-rm -f *.o v6tun
>
>   gcc v6tun.c v6tun.h -o v6tun install: v6tun

^
Looks like part of the file is repeated.  ^^ and further down

>
>
>   -rm -f $(install_dir)/v6tun
>
>   install -c -o root -g wheel -m 04710 v6tun $(install_dir) clean:

^^
needs a line break

>
>
>   -rm -f *.o v6tun
>
> I changed the install_dir to /usr/local/bin
>
> I had put the makefile, v6tun.c, & v6tun.h in /root/v6tun and as root
> issued make install.  I got the following error:
>
> Makefile:10: *** target pattern contains no '%'. Stop.
>
>
> What is missing to get this compiled?
>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Configuring an Intel 3945 wireless card: partial success

2008-09-04 Thread Rob Townley 
On Wed, Sep 3, 2008 at 9:55 AM, Niki Kovacs <[EMAIL PROTECTED]> wrote:

> Mogens Kjaer a écrit :
>
>>
>> Take a close look at what gets logged into /var/log/messages
>>
>>
> Sorry couldn't try this out earlier, as my wife went away for a few days
> with the laptop.
>
> Anyway, here goes. To try it out, I stopped the 'network' service and
> started 'NetworkManager' as well as 'NetworkManagerDispatcher'. Laptop was
> not connected to any Ethernet cable. My home access point showed up (essid
> 'zuhause', no encryption). I clicked on it to try to establish a connection:
>
> --8<
> [EMAIL PROTECTED] init.d]# tail -f /var/log/messages
> Sep  3 16:32:39 nordinou NetworkManager:   User Switch:
> /org/freedesktop/NetworkManager/Devices/eth1 / zuhause
> Sep  3 16:32:39 nordinou NetworkManager:   Deactivating device
> eth1.
> Sep  3 16:32:39 nordinou dhcdbd: message_handler: message handler not found
> under /com/redhat/dhcp/eth1 for sub-path eth1.dbus.get.reason
> Sep  3 16:32:39 nordinou NetworkManager:   Device eth1
> activation scheduled...
> Sep  3 16:32:39 nordinou NetworkManager:   Activation (eth1)
> started...
> Sep  3 16:32:39 nordinou NetworkManager:   Activation (eth1)
> Stage 1 of 5 (Device Prepare) scheduled...
> Sep  3 16:32:39 nordinou NetworkManager:   Activation (eth1)
> Stage 1 of 5 (Device Prepare) started...
> Sep  3 16:32:39 nordinou NetworkManager:   Activation (eth1)
> Stage 2 of 5 (Device Configure) scheduled...
> Sep  3 16:32:39 nordinou NetworkManager:   Activation (eth1)
> Stage 1 of 5 (Device Prepare) complete.
> Sep  3 16:32:39 nordinou NetworkManager:   Activation (eth1)
> Stage 2 of 5 (Device Configure) starting...
> Sep  3 16:32:39 nordinou NetworkManager:   Activation
> (eth1/wireless): access point 'zuhause' is unencrypted, no key needed.
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: sending
> command 'INTERFACE_ADD eth1wext /var/run/wpa_supplicant
>   '
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: response was
> 'OK'
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: sending
> command 'AP_SCAN 1'
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: response was
> 'OK'
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: sending
> command 'ADD_NETWORK'
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: response was
> '0'
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: sending
> command 'SET_NETWORK 0 ssid 7a756861757365'
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: response was
> 'OK'
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: sending
> command 'SET_NETWORK 0 key_mgmt NONE'
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: response was
> 'OK'
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: sending
> command 'ENABLE_NETWORK 0'


Enabling something with a value of zero looks suspicious to me


>
> Sep  3 16:32:39 nordinou NetworkManager:   SUP: response was
> 'OK'
> Sep  3 16:32:39 nordinou NetworkManager:   Activation (eth1)
> Stage 2 of 5 (Device Configure) complete.
> Sep  3 16:33:19 nordinou NetworkManager:   Activation
> (eth1/wireless): association took too long (>40s), failing activation.
> Sep  3 16:33:19 nordinou NetworkManager:   Activation (eth1)
> failure scheduled...
> Sep  3 16:33:19 nordinou NetworkManager:   Activation (eth1)
> failed for access point (zuhause)
> Sep  3 16:33:19 nordinou NetworkManager:   Activation (eth1)
> failed.
> Sep  3 16:33:19 nordinou NetworkManager:   Deactivating device
> eth1.
> --8<
>
> Now I was curious about this, so I tried it on another machine, my
> Buildbox, that also has a wireless card. Similar failure:
>
> --8<
> [EMAIL PROTECTED] ~]# tail -f /var/log/messages
> Sep  3 16:35:52 buildbox dhcdbd: Started up.
> Sep  3 16:35:53 buildbox NetworkManager:   starting...
> Sep  3 16:35:53 buildbox NetworkManager: 
> nm_system_device_get_system_config (): Network configuration for device
> 'wlan0' was invalid (non-DHCP configuration, but no gateway specified. Will
> use DHCP instead.
> Sep  3 16:35:53 buildbox NetworkManager:   wlan0: Device is
> fully-supported using driver 'rt61'.
> Sep  3 16:35:53 buildbox NetworkManager:   wlan0: driver does
> not support SSID scans (scan_capa 0x00).
> Sep  3 16:35:53 buildbox NetworkManager:  nm_device_init():
> waiting for device's worker thread to start
> Sep  3 16:35:53 buildbox NetworkManager:  nm_device_init():
> device's worker thread started, continuing.
> Sep  3 16:35:53 buildbox NetworkManager:   Now managing
> wireless (802.11) device 'wlan0'.
> Sep  3 16:35:53 buildbox NetworkManager:   Deactivating device
> wlan0.
> Sep  3 16:35:53 buildbox kernel: eth0: link down
> Sep  3 16:35:53 buildbox kernel: ADDRCONF(NETDEV_UP): eth0: link is not
> ready
> Sep  3 16:35:53 buildbox NetworkManager:   eth0: Device is
> fully-supported using driver '8139too'.
> Sep  3 16:35:53 bui

Re: [CentOS] OT: Home NAS device

2008-09-05 Thread Rob Townley 
On Fri, Sep 5, 2008 at 12:35 PM, Les Mikesell <[EMAIL PROTECTED]> wrote:

> Joseph L. Casale wrote:
>
>> The Dlink DNS-323 looks exactly what you are asking of
>>>
>>
>> What a procedure to hack that thing!
>>
>>  The problem I see with going the all-in-one NAS route is that down the
 road, there's always some function you'd like to add - but you can't.
 You've hit the limitations of the box.

>>>
>> That's why I want to put straight Linux on it:)
>>
>> As fun as hacking that thing would be, I might just buy one of the tiny
>> boards, but for the price if I brick the DNS-323 it would still be fun
>> and I wouldn't really care!
>>
>
> The most demanding operation you'd want such a server to do is probably
> feeding video/media files to a DLNA client like an xbox360 or PS3 which
> sometimes involves transcoding the content.  You'd probably get the most
> specific advice about device capabilities on the forums for those programs
> (mediatomb, for example, which runs on a lot of the small network hard
> drives).
>
> --
>  Les Mikesell
>   [EMAIL PROTECTED]
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

http://www.readynas.com/wp-content/uploads/2008/06/readynas_specs.swf
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LCD blanks out overnight

2008-09-09 Thread Rob Townley 
hmmm, usually ctrl-alt f1 would fix this.  Sine that isn't  working,
have u tried switching to external vga and back.  That did the trick
for me on Dell Latitude C610's.

On 9/9/08, Joe Tseng <[EMAIL PROTECTED]> wrote:
> I inherited an ancient Dell Latitude C840 and recently installed CentOS 5.2
> on it.  It worked fine for the most part, but when I left it overnight and
> came back the next morning, the screen blacked out and wouldn't come back
> unless I did a hard reset.  Even though I turned off all the power
> management settings and left it set like a desktop, the next morning after
> that it still blacked out.  I thought maybe it'd come back if I switched
> from X to a virtual text console, but that didn't do the trick.  Has anyone
> seen this and what do I do to fix it?
>
> tia,
>
>   - Joe
>
> _
> Stay up to date on your PC, the Web, and your mobile phone with Windows
> Live.
> http://clk.atdmt.com/MRT/go/msnnkwxp1020093185mrt/direct/01/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Thin client

2008-09-11 Thread Rob Townley 
On Wed, Sep 10, 2008 at 8:44 AM, Les Mikesell <[EMAIL PROTECTED]> wrote:

> Kevin Thorpe wrote:
>
>> lingu wrote:
>>
>>> Dear all,
>>>
>>>
>>>  I am very much new to Linux Thin Client Concept. But know i am very
>>> much interested to create Centos 5 based thin client of  512MB on
>>> flash rom.
>>>
>>>  Can any one guide me to how to start and if you provide any suitable
>>> links that will be very much great full.
>>>
>>>
>>
>> Instead of 'rolling your own' based on a heavy desktop/server distribution
>> like Centos, look into
>> something like Thinstation. The work has already been done for you. If you
>> want to do it as an
>> exercise then by all means continue. Look into the thin client options and
>> the rescue disk options
>> already available.
>>
>
> You might also look at the k12ltsp distribution which has fedora and Centos
> spins with LTSP and some other extra packages included to network-boot thin
> clients.  Even if you don't network boot, it is handy to have everything
> else set up on the server for remote thin client use.
>
> http://k12ltsp.org/mediawiki/index.php/Main_Page  The EL5 version would be
> the current Centos based copy.  Some work is in progress to turn this into
> installable packages for the next fedora release, but for now it is hard to
> beat installing this distro for something that works out of the box.
>
> --
>  Les Mikesell
>   [EMAIL PROTECTED]
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



Another option is the xrdp project.  Using rdestkop on your thin client to
connect to a CentOS server with multiple simultaneous XWindows.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba 3.0.28/3.0.32

2008-10-08 Thread Rob Townley 
On Wed, Oct 8, 2008 at 6:40 PM, John R Pierce <[EMAIL PROTECTED]> wrote:

> Spike Turner wrote:
>
>> I've looked at the CentOS docs-list as well as the Wiki as I was
>> interested in Samba.
>>
>> On one CentOS box I've got 3.0.32 (the latest bug-fixed version from
>> Samba.org)
>> and on another I've got 3.0.28 (the latest from upstream). The docs look
>> almost the same and the docs refer to security = share. However 3.0.32 comes
>> with a blank smb.conf making it harder to get a secure server up and
>> running.
>>
>> Is there a plan for a quick and dirty guide on the Wiki for setting up
>> Samba
>> with secure settings as well as TDB rather than deprecated settings?
>>
>>
>
> FWIW (about what you paid), I've often used SWAT to setup my Samba initial
> configuration.
>
> yum install samba-swat, then edit /etc/xinetd.d/swat and put a #  in front
> of 'disable = yes', save this file, service xinetd reload, and then use a
> browser to connect to http://localhost:901 log on as root, and fill out
> the forms
>
> (if you want to manage swat from a seperate workstation, # out the
> only_from line too, or add your LAN ip or cidrrange, seperated by a space
> example:
>   only_from = 127.0.0.1 192.168.0.0/24
> would allow localhost or anyone on the 192.168.0.0/24 network to access
> swat)
>
> I know a lot of folks disparage swat, but its a lot easier than remembering
> all the obscure settings in the smb.conf files when you've got better things
> to do.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


You may want to look at a third party samba packager for better
documentation such as:
http://enterprisesamba.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Picasa vs. native photo management apps

2008-10-31 Thread Rob Townley 
On Fri, Sep 19, 2008 at 9:33 AM, Michael Semcheski <[EMAIL PROTECTED]>wrote:

> On Wed, Sep 17, 2008 at 2:30 AM, Niki Kovacs <[EMAIL PROTECTED]>
> wrote:
> >> The GIMP probably is going to require a very *long* learning curve. It
> >> has the power of
> >> Adobe Photoshop and may not be something casual users are going to want
> >> to take the time to learn.
> >
> > Admittedly. But more in the sense of learning a few very basic steps that
> > everybody needs to know:
> >
> > - photo redimensioning
> > - slimming them down (bytewise)
> > - turning a color photograph into black and white
> > - some basic effects (one-click, included)
>
> I recommend taking a good look at Digicam.  For the types of tasks
> listed above, its very good and fairly easy.  It also supports bulk
> processing, tagging images, etc.
>
> Its part image database and part image manipulator.
>
> Mike
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


don't forget ImageMagick which could be hosted localhost
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Gigabit Lan doesn't work

2008-11-16 Thread Rob Townley 
On Sun, Nov 16, 2008 at 8:38 PM, Rilawich Ango <[EMAIL PROTECTED]> wrote:
> Hi all,
>
>  I have installed Centos completely.  However, the LAN  doesn't work.
>  Below is the message after I issue.  How can I make it work?
>
> 00:19.0 Ethernet controller: Intel Corporation 82567V-2 Gigabit
> Network Connection
>
> Thanks!
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Were you running a 2.6.27 pre-release kernel?  Everyone should read
this as there about 12 NICs that could be rendered useless especially
in a chipset integrated NIC.

"If you have an Intel PCI Express add-on card or integrated NIC, avoid
the Ubuntu 8.10 alphas, OpenSUSE 11.1 beta, SUSE Linux Enterprise 11
beta, Fedora Rawhide or for that matter, any distribution that comes
with a 2.6.27 pre-release kernel."  So says the following arstechnica
article.
   
http://episteme.arstechnica.com/eve/forums/a/tpc/f/96509133/m/638006184931/inc/-1

i am no firmware expert, but i would think if you can find an
identical machine, you should be able to use the following command
from the article to backup good firmware, then use ethtool -E to
restore the good firmware over your bad firmware.
sudo ethtool -e ethX > savemyeep.txt
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Gigabit Lan doesn't work

2008-11-16 Thread Rob Townley 
You may want to see if the device driver for your device has been
blacklisted in order to protect it.
Look through the various /etc/modprobe.d/ blacklist files to see if it
is listed.  I am not an expert, there may be another place to
blacklist or whitelist drivers on your config.

On Sun, Nov 16, 2008 at 10:06 PM, Rilawich Ango <[EMAIL PROTECTED]> wrote:
> Below is the setting.
>
> [EMAIL PROTECTED] ~]# more /etc/redhat-release
> CentOS release 5.2 (Final)
>
> [EMAIL PROTECTED] ~]# uname -a
> Linux localhost.localdomain 2.6.18-92.1.18.el5 #1 SMP Wed Nov 12
> 09:30:27 EST 2008 i686 i686 i386 GNU/Linux
>
> [EMAIL PROTECTED] ~]# ethtool eth0
> Settings for eth0:
>Supported ports: [ TP MII ]
>Supported link modes:   10baseT/Half 10baseT/Full
>100baseT/Half 100baseT/Full
>Supports auto-negotiation: Yes
>Advertised link modes:  10baseT/Half 10baseT/Full
>100baseT/Half 100baseT/Full
>Advertised auto-negotiation: Yes
>Speed: 100Mb/s
>Duplex: Full
>Port: MII
>PHYAD: 32
>Transceiver: internal
>Auto-negotiation: on
>Supports Wake-on: pumbg
>Wake-on: d
>Current message level: 0x0007 (7)
>Link detected: yes
> [EMAIL PROTECTED] ~]# ethtool eth1
> Settings for eth1:
> Cannot get device settings: No such device
> Cannot get wake-on-lan settings: No such device
> Cannot get message level: No such device
> Cannot get link status: No such device
> No data available
>
>
> On Mon, Nov 17, 2008 at 11:35 AM, Barry Brimer <[EMAIL PROTECTED]> wrote:
>>> Actually, I have 2 LAN cards.  eth0 is working as it is 10/100.  There
>>> is a build-in gigalan which doesn't work.  I have to remove the 10/100
>>> and make build-in lan works.
>>>
>>> [EMAIL PROTECTED] ~]# ethtool eth0
>>> Settings for eth0:
>>>   Supported ports: [ TP MII ]
>>>   Supported link modes:   10baseT/Half 10baseT/Full
>>>   100baseT/Half 100baseT/Full
>>>   Supports auto-negotiation: Yes
>>>   Advertised link modes:  10baseT/Half 10baseT/Full
>>>   100baseT/Half 100baseT/Full
>>>   Advertised auto-negotiation: Yes
>>>   Speed: 100Mb/s
>>>   Duplex: Full
>>>   Port: MII
>>>   PHYAD: 32
>>>   Transceiver: internal
>>>   Auto-negotiation: on
>>>   Supports Wake-on: pumbg
>>>   Wake-on: d
>>>   Current message level: 0x0007 (7)
>>>   Link detected: yes
>>> [EMAIL PROTECTED] ~]# ethtool eth1
>>> Settings for eth1:
>>> Cannot get device settings: No such device
>>> Cannot get wake-on-lan settings: No such device
>>> Cannot get message level: No such device
>>> Cannot get link status: No such device
>>> No data available
>>>
>>>
>>> On Mon, Nov 17, 2008 at 10:54 AM, Barry Brimer <[EMAIL PROTECTED]> wrote:
>
>  I have installed Centos completely.  However, the LAN  doesn't work.
> Below is the message after I issue.  How can I make it work?
>
> 00:19.0 Ethernet controller: Intel Corporation 82567V-2 Gigabit
> Network Connection

 What does "ethtool eth0" tell you?
>>
>> What does "ethtool eth0" tell you when the 10/100 card is not installed?
>> What does "lsmod" look like with the 10/100 card in and out?  What does
>> "dmesg | grep eth" give you with the 10/100 card in and out?
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how can I stress a server?

2008-11-21 Thread Rob Townley 
Does this system have shared video/system RAM?  If you have video
memory shared with system memory, there is going to be memory that
can't be tested unless you rotate memory chips or put in a vga card.
In memtest+ 2.10 configuration, set for no reserved memory and watch
the memtest corrupt the video output on a shared memory system.

i have some several year old DL360's and ML370's and love em -
especially hw raid, but i my local supplier hasn't had any for several
months.  Uptil a few months ago, password reset info on ebay was sent
in the clear, so i have a very hard time trusting ebay.  It would be
great if something like LinuxBios / OpenBios could stresstest the
machine and then disable any RAM addresses that proved flaky - whether
ECC or not.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Skype vs. CentOS: no outgoing sound

2008-11-23 Thread Rob Townley 
On Sun, Nov 23, 2008 at 4:20 PM, Niki Kovacs <[EMAIL PROTECTED]> wrote:
> Lanny Marcus a écrit :
>>
>> Niki: Welcome to the club! This is something I have tried to get
>> working, on my CentOS 5 (32 bit) desktop. William was very kind and he
>> volunteered to help, but I have other projects, with higher
>> priorities, ahead of this one now. Great to know that one of the
>> previous responders has it working AOK. My Sound Card is a Generic,
>> which uses the snd-cs46xx driver. It's a Cirrus Logic and Skype works
>> perfectly on M$ Windows, which is the main reason why this is still a
>> dual boot box. Like yours, my calls to the Skype test robot are all
>> one way. I can hear her, but she can't hear me. GL! Lanny
>
> After a few more hours of googling, I've come to the following conclusion:
> Skype seems to work for some folks, and not for others, regardless of
> competence or used distribution.
>
> I'd say this is quite annoying.
>
> Niki
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Don't use skype, but r u sure your firewall is not blocking outgoing sound?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Skype vs. CentOS: no outgoing sound

2008-11-23 Thread Rob Townley 
On Sun, Nov 23, 2008 at 5:02 PM, Niki Kovacs <[EMAIL PROTECTED]> wrote:
> Rob Townley a écrit :
>>>
>>
>> Don't use skype, but r u sure your firewall is not blocking outgoing
>> sound?
>
> Funny, I never gave that a thought. Any idea which port I would have to
> open?
>
> Niki
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Can't tell the port numbers involved.
What about your selinux config - have you tried permissive mode of selinux?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Stop the FUD Xen is not deprecated

2008-11-25 Thread Rob Townley 
On Tue, Nov 25, 2008 at 2:18 PM, Bo Lynch <[EMAIL PROTECTED]> wrote:
>
>
> On Tue, November 25, 2008 2:55 pm, Rainer Duffner wrote:
>>
>> Am 25.11.2008 um 20:32 schrieb Bo Lynch:
>>
>>>
>>> I was thinking about implementing Xen for our school district. Now
>>> that
>>> I'm hearing all of this I guess I need to look at something else.
>>> What does everyone recommend?
>>> Thanks
>>> Bo Lynch
>>
>>
>> How much money do you have?
>> What (how many systems, what do they do?) do you actually want to
>> virtualize?
>> Are you going to be around your school for the next couple of years?
>> ;-)
>>
>> On a small scale, running VMware ESX3i or VMware-server is perfectly
>> possible.
>>
>>
>>
>> Rainer
>
>
> Right now we have a about 30 servers. Mixture of CentOS,debian,slack,windows.
> Free is always the best cost and is why we have been moving toward open
> source as much as possible.
> Bo
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Why not give kvm a try?  i am using kvm on Fedora 9 to virtualize
Win2008 at the moment.  Also installed Virtual Machine Manager to set
up.  i am getting a BSOD on shutdown, but so far it is not bothering
anything afaic tell.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] URGENT: libdvdcss install hosed /var

2008-12-11 Thread Rob Townley 
On Thu, Dec 11, 2008 at 12:56 PM, MHR  wrote:
> I am running CentOS 5/2 (latest updates) with the GNOME DE on a 32-bit
> machine (at work).
>
> I have k3b installed, and I was trying to copy a DVD earlier this
> morning, but k3b said it couldn't read encrypted DVDs.
>
> So, I installed libdvdcss from rpmforge and restarted k3b.  It hung
> the system.  I rebooted, and / had been damaged.  After running e2fsck
> from the repair prompt, I rebooted and a whole slew of errors
> revolving around various /var directories that did not ecist occurred.
>
> I have been trying to repair /var, and so far with a fair modicum of
> success, but I've hit an interesting wall - two, actually.
>
> 1) The gdm refuses to come up.  It claims that "Server Authorization
> directory (daemon/ServAuthDir) is set to /var/gdm, but this does not
> exist"
>
> However:
>
> # ll -d /var/gdm
> drwxrwx--T 2 root gdm 4096 Dec 11 10:31 /var/gdm
> # ll /var/gdm
> total 8
> -rw-r- 1 root root 45 Nov 26 10:47 :0.Xauth
> -rw-r--r-- 1 root root 63 Dec 11 09:14 :0.Xservers
>
> This is identical to my backup system (which is not surprising - I set
> up the dir and copied the files from here - was that a bad idea?).
>
> 2) The following daemons fail to start: auditd, NFS statd, avahi and
> HAL.  I've tried to pin down why the avahi daemon won't start because
> it keeps logging permissions errors trying to create the pid file
> /var/run/avahi-daemon//pid, but the setup of /var /var/run and
> /var/run/avahi-daemon are all identical to this (backup) machine.  Any
> suggestions?
>
> Or is there a better, more comprehensive repair facility available?
>
> BTW, OT: Does anyone know why this might have happened?  I have all
> this installed at home, no problems whatsoever (libdvdcss works
> seamlessly with all my DVD tools, including k3b).
>
> Thanks!
>
> mhr
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Was SELINUX in enforcing mode?  Rebuilding directories and files that
previously had mandatory labels seems like it would cause problems
until labels were reapplied.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] URGENT: libdvdcss install hosed /var

2008-12-11 Thread Rob Townley 
On Thu, Dec 11, 2008 at 2:29 PM, Lanny Marcus  wrote:
> On Thu, Dec 11, 2008 at 2:47 PM, MHR  wrote:
> 
 unpacking a tar archive into the root directory.
>> Hm - well, _I_ never do that, and I rather doubt that yum >did, either,
>
> Since you got it from rpmforge, I assume it was an rpm and not a tar file.
>
>> but I suppose that would depend on what's in libdvdcss.  >I find it
>> hard to believe that it wasn't something else more >subtle with k3b,
>> but, again, who knows?
>
> Or, more probably, with the libdvdcss
> 
>> 1) I did ask on the rpmforge list.  Waiting to hear back from there, too.
>>
>> 2) I am just now beginning to really appreciate >virtualization.
>
> A bunch of the gurus on this list use it. If I had a box with more
> RAM, I would try it.
>
>> Still, past experience told me this would not be a >problem.  I guess
>> that would best be described as naive
>
> I think since it works OK on your Desktop at home, that's not so
> naive. But, the HW is different and something may be awry on the HW on
> your Workstation at work. Or, there may have been a power glitch,
> while you were installing the SW. Is your Workstation on a UPS? Been
> using K3b for a long time here and never a disaster, like you
> experienced today.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Virtualization is great and all, but not sure that watching a dvd on a
virtual machine would work so well.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] utility to find which /dev/videoX

2008-12-15 Thread Rob Townley 
Not sure this helps b/c maybe u need a non human interactive method.

mplayer /dev/video0

lsusb -v

On 12/15/08, Ignacio Vazquez-Abrams  wrote:
> On Mon, 2008-12-15 at 19:32 -0500, Jerry Geis wrote:
>> is there a utility or SOME method to
>> determine which /dev/videoX (like /dev/video0 or /dev/video1)
>> is being used by a device???
>>
>> Example I have a USB camera and a USB TV module
>> how do I determine which device is on /dev/video0 and which is on
>> /dev/video1
>>
>> I have seen perhaps a way in dmesg but I am looking for the
>> BEST way and the correct way.
>
> Look under /sys/class/video4linux.
>
> --
> Ignacio Vazquez-Abrams 
>
> PLEASE don't CC me; I'm already subscribed
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] regarding vpn server for 1500 clients

2008-12-21 Thread Rob Townley 
On Sun, Dec 14, 2008 at 9:20 AM,   wrote:
> Hi list,
>
>
> I have to build vpn server for 1500 clients. No encryption necessary.
> can anyone please recommend me vpn server.
>
> I do not have experience on vpn.
>
> I have tested openvpn on my test setup, & its working fine.
>
> I want to check if there any other vpn server available.
> I have not checked but can pptp vpn be usefull?
>
>
> My requirement is to connect 1500 clients on vpn server.
> Need frontend to manage vpn clients.
>
>
>
> Regards
> Dhaval
>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

The open source tinc-vpn which is like Hamachi.  Could use a tun / tap
layer with 5.0.0.0/8 addresses.
Would never recommend PPTP because of the security issues and the
clients can't have the same subnet as the corporate lan for it to work
well.  Even if you do not need encryption, but just authentication,
pptp could be blown wide open.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Memory vs. Display Card

2009-03-09 Thread Rob Townley 
On Mon, Mar 9, 2009 at 3:39 PM, Victor Padro  wrote:
>
>
> On Mon, Mar 9, 2009 at 1:18 PM, Louis Lagendijk 
> wrote:
>>
>> On Sun, 2009-03-08 at 19:27 -0700, John R Pierce wrote:
>> > Rick wrote:
>> > > In article <20090308031754.ga11...@bludgeon.org>,
>> > > Ray Van Dolson   wrote:
>> > >
>> > >
>> > >> That sounds pretty strange.  Have you confirmed that removing the
>> > >> "new"
>> > >> memory allows you to run in runlevel 5 again?
>> > >>
>> > >
>> > > Yes, that's how I'm running right now.
>> > >
>> >
>> > now, try taking out the OLD memory and putting in just the NEW memory.
>> > see how it runs that way.   if this works, try with the new 4GB as the 0
>> > bank, and the old 2GB as the 1 bank.
>> >
>> > also, in the BIOS, check the memory timings, I'd leave them all on
>> > 'automatic' or 'default' or whatever the limited choices are in the
>> > Intel BIOS, trying to squeeze an extra clock out of CAS or whatever
>> > doesn't really help much under the best of conditions and it can
>> > destabilize a system under suboptimal conditions.
>> >
>> When you use 4 banks of memory, some boards require slower settings.
>> Tweaking the voltage may help there I guess, but I would opt for the
>> slower settings. I recall that my BIOS chose a slower memory setting
>> when I added 4G to my small server at home that already had 2G That
>> system has been rock stable (except for my Sun quad ethernet that had
>> problems with the Xen kernel due to MMIO issues. I solved that by
>> ditching the Sun card and using a vlan capable switch with vlan trunking
>> so that I no longer need so may ethernet interfaces)
>>
>> Louis
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>
> have you read your technical product specifications?
> http://www.intel.com/support/motherboards/desktop/d975xbx2/sb/CS-029346.htm
> it states that the supported memory modules are only 2GB top
>
> Table 4 lists the supported DIMM configurations.
> Table 4. Supported Memory Configurations
> DIMM
> Capacity
> Configuration
> (Note 1)
> SDRAM
> Density
> SDRAM Organization
> Front-side/Back-side
> Number of SDRAM
> Devices (Note 2)
> 128 MB SS 256 Mbit 16 M x 16/empty 4 [5]
> 256 MB SS 256 Mbit 32 M x 8/empty 8 [9]
> 256 MB SS 512 Mbit 32 M x 16/empty 4 [5]
> 512 MB DS 256 Mbit 32 M x 8/32 M x 8 16 [18]
> 512 MB SS 512 Mbit 64 M x 8/empty 8 [9]
> 512 MB SS 1 Gbit 64 M x 16/empty 4 [5]
> 1024 MB DS 512 Mbit 64 M x 8/64 M x 8 16 [18]
> 1024 MB SS 1 Gbit 128 M x 8/empty 8 [9]
> 2048 MB DS 1 Gbit 128 M x 8/128 M x 8 16 [18]
> Notes:
> 1. In the second column, “DS” refers to double-sided memory modules
> (containing two rows of SDRAM)
> and “SS” refers to single-sided memory modules (containing one row of
> SDRAM).
> 2. In the fifth column, the number in brackets specifies the number of SDRAM
> devices on an ECC DIMM
>
>  So your 4GB module is not supported... you should use 4x2GB modules in
> order to see an improvement(always using pairs, remember it's dual channel).
>
> cheers
>
>
> --
> "It is human nature to think wisely and act in an absurd fashion."
>
> "Todo el desorden del mundo proviene de las profesiones mal o mediocremente
> servidas"
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Victor seems to have found your problem.  But you might want to verify
there isn't a BIOS / firmware update for your motherboard.

memtest distributed with most systems is old.  One of the memtests was
recently updated to for the latest intel chipsets.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

2009-03-22 Thread Rob Townley 
http://httpd.apache.org/security/vulnerabilities_20.html

states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68.
i am no longer a httpd expert, but at least one of the security fixes
involves XSS attacks via malformed ftp commands.  I also realize that
redhat / centos may patch things separately from Apache and that the
sysadmin has  a great deal to do with how secure things are, but
almost 5 years?

Does the sysadmin for www.centos.org get paid?
HTTP/1.1 200 OK
Date: Sun, 22 Mar 2009 19:37:51 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Set-Cookie: PHPSESSID=f12ba53116e0f192b7653131d951a17d; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Connection: keep-alive

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

2009-03-22 Thread Rob Townley 
On Sun, Mar 22, 2009 at 3:29 PM, Les Mikesell  wrote:
> Rainer Duffner wrote:
>> Am 22.03.2009 um 20:40 schrieb Rob Townley:
>>
>>> http://httpd.apache.org/security/vulnerabilities_20.html
>>>
>>> states that Apache 2.0.52 is 4 years old and the latest version is
>>> 2.0.68.
>>> i am no longer a httpd expert, but at least one of the security fixes
>>> involves XSS attacks via malformed ftp commands.  I also realize that
>>> redhat / centos may patch things separately from Apache and that the
>>> sysadmin has  a great deal to do with how secure things are, but
>>> almost 5 years?
>>>
>>
>>
>>
>> Download the src-RPM and make a checklist which CVEs are fixed and
>> which not.
>> (It's in a changelog-file somewhere - I don't remember the details,
>> it's a while that I actually looked)
>>
>> Then, return here.
>
> Try:
>
> rpm -q --changelog httpd |less
> to see if it includes what you want to know before bothering with src rpms.

Thank You Les, that is an awesome info.

>
> --
>   Les Mikesell
>    lesmikes...@gmail.com
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

2009-03-24 Thread Rob Townley 
On Mon, Mar 23, 2009 at 9:05 PM, Christopher Chan
 wrote:
>
>> * vlans
>> * mstp or some well established form of per vlan spanning tree
>> * acl's
>> * port mirroring or what cisco calls span sessions
>> * snmp
>> * ssh enabled remote management
>> * support w/ updates and bugfixes
>>
>>
>> I need at least 48 ports per device and obviously would like them to be
>> "fast".  Most importantly, I'd like to know what you guys prefer as
>> operations dudes and what pitfalls to avoid.  Also, are there other
>> features you folks would demand to have in your switches that I haven't
>> mentioned?  I can provide more information if you'd like.  Thanks.
>>
>> Oh, cost is sort of an issue (small/medium sized business) but right now
>> insight from you guys is what's important and I can work out the cost
>> issue later.  Thanks again.
>>
> D-Link DGS-3100
>
>
> I ordered a number of these for the school where I work to place a
> number of Cisco 2960 10/100 switches.
>
>
> I am quite happy with them. Some of these switches are connected by
> multi-mode fibre.
>
> cheers,
>
> Christopher
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Every time i read these posts they are filled with contradictions in
that one person loves HP and hates CiscoLinksys while another hates
HP.  Let's get a more scientific approach.  Switch performance still
depends on the NICS in the client machines.  We all know a network is
a complex system.  Some of us claim to be computer scientists so
shouldn't we act like that instead of advertising for our vendors.

i would like to see real performance data via something like netperf
with client machines booted from a standardized LiveCD, then
peformance under their Linux Distribution and performance under
Windows.

Performance data would need to have details such as the NIC on the
client machine and other hw characteristics.  How many machines ran
the benchmark simultaneously.  Cat5e vs Cat6 or Fiber connected.

http://www.netperf.org   ( OpenSource started by HP, )
ftp://ftp.netperf.org/netperf/(Looks like 2.4.4 is the latest
version.  Not sure what 4.0.0 is)

http://sourceforge.net/projects/jnetperf  (java version of netperf)

There may be another project from some Italian Professor, but didn't
find it in my bookmarks.

Yes, there is the unix way of time dd ... but that wouldn't work for
windows clients and does not give enough details in terms of metrics.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

2009-03-24 Thread Rob Townley 
On Tue, Mar 24, 2009 at 10:24 AM, Rainer Duffner  wrote:
> Rob Townley schrieb:
>>
>> Every time i read these posts they are filled with contradictions in
>> that one person loves HP and hates CiscoLinksys while another hates
>> HP.  Let's get a more scientific approach.  Switch performance still
>> depends on the NICS in the client machines.
>
>
> Uhm. No. Not any longer, AFAIK.
> At least, once you leave the SOHO region (AFAIK, the OP wanted >= 48
> ports. I don't want to work in such a home-office, really...).

There are 48 port SOHO priced switches nowadays.  i am often not very
impressed by network performance and need standardized benchmarks to
figure out if there may be an issue at the NIC driver, switch or on up
to a virus shield.   It was either a ~2004 Dell Power magazine or
~2004 Network World article that mentioned that 3Com NICs didn't
perform well with Cisco switches and vice versa.  They also wrote
about other vendors and i don't remember any of them performing
extremely well across vendor.   Now that NICs are a commodity, the
problem could be worse.

> Backplane-performance is an issue.
> Especially with iSCSI.
>
> Also, as demonstrated, different switch-vendors offer different
> feature-sets at different price-levels.
> There's also the compatibility-question: if you already have a number of
> devices, the new ones must fit in well into the existing landscape
> (VLANs etc.pp.)
>
>
>>
>> Performance data would need to have details such as the NIC on the
>> client machine and other hw characteristics.  How many machines ran
>> the benchmark simultaneously.  Cat5e vs Cat6 or Fiber connected.
>>
>
>
> That's already more variables in the equation than is healthy for a
> typical benchmark...
>
>
>> http://www.netperf.org           ( OpenSource started by HP, )
>> ftp://ftp.netperf.org/netperf/    (Looks like 2.4.4 is the latest
>> version.  Not sure what 4.0.0 is)
>>
>> http://sourceforge.net/projects/jnetperf  (java version of netperf)
>>
>> There may be another project from some Italian Professor, but didn't
>> find it in my bookmarks.
>>
>> Yes, there is the unix way of time dd ... but that wouldn't work for
>> windows clients and does not give enough details in terms of metrics.
>>
>
> Switch performance is extremely difficult to measure IMO. You need
> enough clients to make sure you're not accidentally measuring
> client-performance.

Agreed, this is a difficult complex system, but some baseline
measurements would still be worthwhile to rule out some problems.
Client NIC performance would be valuable info.

>
> In the end, the only thing that counts is real-world data. Netperf
> et.al. don't really provide a real-world scenario, where you have a
> mixture of packet-sizes and protocols.
> Same for artifical load/packet generators (ixia et.al).

netperf could use some work, but some generic baseline perf data would
still be very valuable to rule basic problems.   Somebody could post
an ethereal packet capture of varying packet sizes and protocols that
could be replayed on client machines.

>
> Because (almost) nobody has the time to do extensive tests, past
> real-world experience/performance data and word-of-mouth becomes an
> integral part in choosing such products.
> That, or you have enough money to buy everything from Cisco ;-)

In theory, pxe booting a test image on all machines in the lan (maybe
via drbl / CloneZilla) with netperf and running overnight could
automate this process.  The reality is that it can take much much more
time to track down where a performance bottleneck is on a
heterogeneous LAN.

What "performance data" are you referring to?

>
>
> Rainer
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

2009-03-24 Thread Rob Townley 
On Tue, Mar 24, 2009 at 10:59 AM, nate  wrote:
> Rainer Duffner wrote:
>
>> Switch performance is extremely difficult to measure IMO. You need
>> enough clients to make sure you're not accidentally measuring
>> client-performance.
>
> There's also a lot more to switches than pure performance, line
> rate switches have been around for at least a decade(switches
> that have enough bandwidth to have every port running at 100%
> utilization).
>
> If your running only a layer 2 network(who does that anymore?)
> then perhaps performance is the best measure, but for the
> well known top performing manufacturers of gear raw performance
> hasn't been something to be concerned about for some time in
> the 10/100 and GigE space.

i would not be surprised if most SOHO networks may not even have layer
2 manageablity.
How do you know it isn't something to be concerned about unless you
have data from various manufacturers and various NICs?

>
> Now 10GigE is still kind of new as far as high density line
> rate, most chassis switches are not even line rate if you
> fully populate them with 10Gig ports.
>
> IMO -
>
> (no particular order)
> HP - Good for the lifetime warranty, lower support(contract)
>     costs. Advantages for an HP shop since they likely tie in
>     nicely to HP management tools.
> Extreme - Mature next-gen linux-based OS that's easy to use,
>          lots of advanced functionality included out of the
>          box. With a couple exceptions, line rate for 10+ years.
> Force10 - Leader in port density and switch performance, though
>          it's been a couple years since I've seen a new
>          product, most of their products are 4+ years old but
>          still compete extremely well even today. NetBSD next-gen
>          OS, still kind of new. Line rate since their inception
>          almost a decade ago. Looks like they just released a new
>          10gig chassis yesterday. Was the undisputed 10gig leader
>          for a while, others have since caught up, though this
>          new product may put them way ahead again haven't looked
>          in depth.
> Foundry(now Brocade) - Another leader in port density and
>          switch performance, best known perhaps for it's interface
>          clone of IOS. So if your used to Cisco you can adapt to
>          these pretty easily and get much better performance. Not
>          sure where they are at on their next gen OS. Line rate
>          for a long time, perhaps 10+ years too. Unlike Extreme
>          and Force10 Foundry offers products targeted specifically
>          to do high performance routing(NetIron), as well as
>          load balancing(ServerIron). Most of their edge switches
>          are 1.5U instead of 1U, though they include hot swap
>          internal power supplies. Most vendors rely on external
>          power supplies for redundancy. Foundry used to have some
>          non Ethernet offerings(e.g. T1, DS3 etc), but have since
>          like many others eliminated all non Ethernet products.
> Cisco - overpriced, under performing almost across the board, I'm
>        looking at replacing some older Cisco 7300 routers(which
>        they still sell), with something from Foundry, their LOW
>        end router is more than seven hundred times faster than
>        the Cisco 7300, and the price is comparable. Cisco has
>        a broad range of operating systems. Management is
>        incredibly complex. Can be a "one stop shop" for most things
>        network related, but while they share a common brand don't
>        let them fool you into making you think they are well
>        integrated and easy to use.
>
> Juniper - Somewhat new to the basic switch space though their
>        48-port 1Gig 1U switches are feature packed with gobs of
>        flash, RAM, hot swap fan trays and power supplies
>        (rare for a 1U switch), and a very fast stacking port(over
>        100Gbps if I recall). Juniper is of course best known for
>        it's routers, and more recently firewalls after it bought
>        NetScreen(?) a few years ago. I think their new switches
>        use the same BSD(FreeBSD perhaps?) based OS that their
>        high end routers do, if so it's very mature on the
>        software side.
>
> 3COM - Not familiar to much with their recent products though
>       personally weary of the company itself, it's working hard
>       to get back into the enterprise space after abandoning it
>       a decade or more ago.
>
> Linksys/NetGear/D-link/etc - if this is your price point then
>        that's your price point, I'd suggest at least getting
>        a good set of layer 3 switches for the network core.


If you don't have metrics justifying thousands more for the same
number of ports, then it is hard to justify to the boss.


>
>
> I personally have kept very close eyes on Extreme, Force10 and
> Foundry's product lines for 5 years or so, and more recently
> looking at Juniper as well. The sort of technology be

Re: [CentOS] [OT] Network switches

2009-03-24 Thread Rob Townley 
On Tue, Mar 24, 2009 at 11:16 AM, Rainer Duffner  wrote:
> Rob Townley schrieb:
>> On Tue, Mar 24, 2009 at 10:24 AM, Rainer Duffner  
>> wrote:
>>
>>> Rob Townley schrieb:
>>>
>>>> Every time i read these posts they are filled with contradictions in
>>>> that one person loves HP and hates CiscoLinksys while another hates
>>>> HP.  Let's get a more scientific approach.  Switch performance still
>>>> depends on the NICS in the client machines.
>>>>
>>> Uhm. No. Not any longer, AFAIK.
>>> At least, once you leave the SOHO region (AFAIK, the OP wanted >= 48
>>> ports. I don't want to work in such a home-office, really...).
>>>
>>
>> There are 48 port SOHO priced switches nowadays.
>
>
> I see your point.
> I only imagined the "home office" that would need 48 ports ;-)
>
>
>>   i am often not very
>> impressed by network performance and need standardized benchmarks to
>> figure out if there may be an issue at the NIC driver, switch or on up
>> to a virus shield.   It was either a ~2004 Dell Power magazine or
>> ~2004 Network World article that mentioned that 3Com NICs didn't
>> perform well with Cisco switches and vice versa.
>
> Hm. I think I saw something like that (I was at a site that used
> Catalyst 6500-switches to connect desktops - in 2001).
> Autosensing was useless...
>
>>   They also wrote
>> about other vendors and i don't remember any of them performing
>> extremely well across vendor.   Now that NICs are a commodity, the
>> problem could be worse.
>>
>>
>
> Here, autosensing sometimes doesn't work. Then, you've got to set it
> fixed on both the client and the switch-port.
>
>
>
>> What "performance data" are you referring to?
>>
>
>
> What you gathered in the past from other switches on your LAN - and what
> you read on the internet ;-))
> I'm not a networking-guy (switches are done by someone else here).
>
>
>
> Rainer
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


You did read it because they autosensing was a big factor in the
article(s).  However, iirc, for some combinations of switches and nics
still didn't perform well with autosensing off.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for some advice to monitor network usage in office

2009-03-25 Thread Rob Townley 
On Wed, Mar 25, 2009 at 3:52 AM, Spook ZA  wrote:
> Hi Rudy
>
> 2009/3/25 Rudi Ahlers :
>> Hi all,
>>
>> I've been asked by a college to setup a monitor to monitor a Windows
>> network, but on internet usage. They want to have detailed usage, i.e.
>> on a per IP / PC basis, and if possible to get stats for every
>> protocol, and see over a period of time what goes on.
>>
>> My first though wat ntop, which does all of this, but it doesn't save
>> the data in a DB, so if the server reboots the stats are reset to 0. I
>> also can't get Cacti to give me stats per IP & per protocol (unless
>> someone knows how todo this).
>>
>> I don't yet know the full network layout, but I have a feeling they're
>> using ADSL, and have a Windows Small Business server with ISA, and
>> possible Exchange as well. So, I'm either going to put a CentOS box
>> between the Windows box & ADSL router, or maybe even setup a CentOS
>> Vmware Virtual PC, force all the network to route via the VPS.
>>
>> Does anyone have some suggestions / experience in setting up something
>> like this?
>>
>> P.S. Please don't look at the fact that there's Windows on the
>> network. I use Linux for business purposes, not as a hobby, and we
>> also use Mac & Windows where the situation calls for it.
>>
>> --
>>
>> Kind Regards
>> Rudi Ahlers
>
> If your firewall / border gateway is running linux, have a look at:
>
>  http://www.networkuptime.com/tools/netflow/
>
> You need an exporter that will export linux netflow records and
> software that will collect and present the resultant data.
>
> Regards,
>  Andrew.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

When you mention college internet usage, i thought of Caida.org and
CoralReef.  But that is more for scientific investigations of internet
usage in general.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

2009-03-25 Thread Rob Townley 
On Tue, Mar 24, 2009 at 6:12 PM, Les Mikesell  wrote:
> Luke S Crawford wrote:
>>
>>> i would like to see real performance data via something like netperf
>>> with client machines booted from a standardized LiveCD, then
>>> peformance under their Linux Distribution and performance under
>>> Windows.
>>
>>
>> Performance data is not the most important metric, at least for me.
>>
>> For me, the big problem is reliability and security.   My problem with

i am with you, security is my biggest concern.  When our network were
to started to crawl, i have to wonder if there isn't a worm sucking up
all the bandwidth.  Stressing a switch may test the reliability of the
infrastructure in a safe way - an automated PXE boot at night.
Ideally, switch perf reports would include the firmware version.

>> used cisco is that getting access to the firmware usually costs more than
>> the used parts I'm buying... If I'm going to use the thing as a router at the
>> head of my network, I want to be sure that the thing can be secured, and
>> sometimes that requires a firmware update.
>>
>> If someone sold support contracts (by support contracts, I mean firmware.
>> I don't need help, I just need the firmware.) for old switches for
>> less than the value of the switch, I'd buy.    If someone sold
>> switches with open source firmware, I'd buy.  (I've bought myself an
>> OpenGear console server instead of a cheaper used cyclades for similar
>> reasons.)
>
> If you get a service contract on any piece of Cisco equipment, you
> typically get download access to all of the firmware updates.  However,
> in a lot of scenarios there are several choices, each with a different
> set of bugs that you won't know about unless you open a TAC case and
> tell an engineer exactly what features have to work for you.
>
> --
>   Les Mikesell
>    lesmikes...@gmail.com
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] help on kerberos5

2009-03-25 Thread Rob Townley 
On Wed, Mar 25, 2009 at 1:08 PM, Kanwar Ranbir Sandhu
 wrote:
> On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
>> my domain name is===> baladia.local
>> Windows 2003 AD server computer name is> kmun
>>
>> my /etc/krb5.conf file is
>>
>> 
>> [logging]
>>  default = FILE:/var/log/krb5libs.log
>>  kdc = FILE:/var/log/krb5kdc.log
>>  admin_server = FILE:/var/log/kadmind.log
>>
>> [libdefaults]
>>  ticket_lifetime=24000
>>  default_realm=BALADIA.LOCAL
>>  dns_lookup_realm = false
>>  dns_lookup_kdc = false
>>
>> [realms]
>>  BALADIA.LOCAL={
>>   kdc=172.16.2.227:88
>> #  admin_server=kmun.baladia.local:749
>>   default_domain=BALADIA.LOCAL
>>   kdc=BALADIA.LOCAL
>>  }
>
> You only need one kdc here.  Choose one, comment/delete the other.
>
>> [domain_realm]
>> .baladia.local=BALADIA.LOCAL
>> baladia.local=BALADIA.LOCAL
>>
>> kerberos  88/udp   kdc  # Kerberos key server
>> kerberos  88/tcp   kdc  # Kerberos key server
>
> What are these "kerberos" lines for? Why have you put them here? They
> don't belong - comment/delete them.
>
>
>> [kdc]
>>   profile = /var/kerberos/krb5kdc/kdc.conf
>>
>> [appdefaults]
>>  pam = {
>>    debug = false
>>    ticket_lifetime = 36000
>>    renew_lifetime = 36000
>>    forwardable = true
>>    krb4_convert = false
>>  }
>
> kinit should work after making the changes above.
>
> Regards,
>
> Ranbir
>
> --
> Kanwar Ranbir Sandhu
> Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux
> 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

it would be so much easier if all configuration files were written in
XML and by default would have an enforcing document type definition.
Self commenting, would make sure syntax is correct, and further could
ensure "grammar" is correct for the desired configuration.  Namespaces
can make XML less verbose;.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] error when join my Centos machine to win2003 ADS server

2009-03-26 Thread Rob Townley 
2009/3/26 fabian dacunha :
>
> Dear All,
>
> I have succesfully managed to have my kerberos configured n working
> without error when i say
>
> kinit Administrator
> and after entering password it works fine
>
> my krb5.conf
> --
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
>  default_realm = BALADIA.LOCAL
>  dns_lookup_kdc = false
>
>  dns_lookup_realm = false
> [realms]
> BALADIA.LOCAL = {
>   default_domain = baladia.local
>  kdc = 172.16.2.227:88
>  admin_server = 172.16.2.227:749
>  kdc = KMUN
> }
>
> [domain_realm]
> baladia.local = BALADIA.LOCAL
>
> 
>
> klist shows
>
> icket cache: FILE:/tmp/krb5cc_0
> Default principal: administra...@baladia.local
>
> Valid starting     Expires            Service principal
> 03/26/09 11:33:04  03/26/09 21:33:18  krbtgt/baladia.lo...@baladia.local
>        renew until 03/27/09 11:33:04
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>
> 
>
> now i configured /etc/samba/smb.conf but when i try to join the domain
>
>  net ads join -U Administrator
> Administrator's password:
> [2009/03/26 21:58:05, 0] utils/net_ads.c:ads_startup_int(286)
>  ads_connect: No logon servers
> Failed to join domain: No logon servers
>
> after googling and tryin various options in /etc/samba/smb.conf file here
> is the latest smb.conf file
> -
>
> [global]
> #--authconfig--start-line--
>
> # Generated by authconfig on 2009/03/26 12:50:28
> # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
> # Any modification may be deleted or altered by authconfig in future
>
>   workgroup = BALADIA.LOCAL
> ;   password server = kmun.baladia.local
>   password server = 172.16.2.227
>   realm = KMUN.BALADIA.LOCAL
>   security = ads
>   idmap uid = 16777216-33554431
>   idmap gid = 16777216-33554431
>   winbind separator = +
>   template shell = /bin/bash
>   winbind use default domain = true
>   winbind offline logon = false
>   encrypt passwords = yes
>  log level = 3
> #--authconfig--end-line--
>        encrypt passwords = yes
>       dns proxy = no
>       server string = Samba Server Version %v
>       os level = 20
>      client use spnego = no
>        server signing = auto
>
> --
>
> where i could be goin wrong
> i would be thankful and really apprecite your advice for any setting in my
> smb.conf file
>
> Is there anything else to check
>
> when i run testparam it gives no errors
>
> thnks and Regards
>
> Fabian
>
>
>
>
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Can you get to the ADS netlogon share?  It is //domainname/netlogon
which may be
//baladia.local/netlogon/on your network.

//172.16.2.227/netlogon ?

Further, even connecting WinVista to a domain will sometimes require
raw editing of the hosts properties in LDAP.   SysInternal's
adexplorer.exe or jexplorer (don't use java 1.6) are good at this.
Specifically, you will want to make sure dnsHostName and
servicePrincipalName (SPN) are correct.  If not, these tools with the
domain admin privilege will let you edit these ldap entries directly.
Use a known good ADS connected node as an example.

There is a list of apps based on python-ldap at
http://python-ldap.sourceforge.net/apps.shtml
Some of those would provide adexplorer.exe type functionality, but i
haven't tried them for editing.  Hmmm, now i wonder if they work at
all with Samba b/c python hooks were removed in Samba 3.2.0 due to
lack of maintenance???

I would like a script that could be run on a Windows ADS server, a ADS
domain connected windows client, and linux.  The script would generate
and verify everything needed to successfully connect.  SASL required?
Unsecured or Secured auth?   kerberos and ldap identifiying info.
ldapenum.pl was an attempt at this.

You will want to read the announcement for Samba 3.2 which i am not
sure if 3.2 is in the CentOS release repo or not.  i ended up using
fc9/fc10 for ads joins.  EnterpriseSamba.com may still be your best
bet for CentOS.
http://lists.samba.org/archive/samba-announce/2008/000145.html
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Acrobat Reader 9 on Centos 4.7

2009-03-26 Thread Rob Townley 
On Thu, Mar 26, 2009 at 9:04 AM, tblader  wrote:
> Hello,
> Anyone know how to get Acrobat 9 running* on Centos 4.7?
> Looks like a libc conflict:
>
>   /Adobe/Reader9/Reader/intellinux/bin/acroread: error while loading shared \
>   libraries: /apps/Adobe/Reader9_libs/libstdc++.so.6: requires glibc 2.5 or 
> later dynamic linker
>
> Thanks
> Thomas
>
> [*] - http://www.us-cert.gov/cas/techalerts/TA09-051A.html
> --
>
> Flambeau Inc. Technology Center - Baraboo, WI
> Email    : tbla...@flambeau.com
> Keyserver: http://pgp.mit.edu KeyID: 0x00E9EC2C
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

r u using the Adobe Repository?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] command line programs for ldap

2009-03-28 Thread Rob Townley 
On Sat, Mar 28, 2009 at 1:24 PM, Jerry Geis  wrote:
>>
>> On Sat, Mar 28, 2009 at 12:57 PM, Jerry Geis > > wrote:
>> >/ Hi all. I am looking for some command line programs (pre made)
>> />/ that will connect to an ldap server and list out the users in question
>> />/ provided by the search argument given.
>> /
>> What wrong with "getent passwd"?
>>
>> ldapsearch uid=*whatever* ?
>>
> ldapsearch was the command I was finding on oracles web page.
>
> whereis ldap on my machine produced nothing.
>
> yum provides ldapsearch produced nothing
> then I remembered I needed yum provides "*/ldapsearch" and found
> openldap-clients
>
> Thanks
>
> Jerry
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

You may want to look at python-ldap and the apps based on it.
http://python-ldap.sourceforge.net/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] need trouble ticket system

2009-03-31 Thread Rob Townley 
Since many tickets have complex interdependencies, do any tracking
systems  happen to integrate directly with FreeMind?

On 3/30/09, Steve Lindemann  wrote:
> Dhaval Thakar wrote:
>> Hi,
>>
>> I need to implement trouble tracking system,
>> we have 250 users in one premise & 3 desktop support technicians.
>>
>> I need to implement trouble ticket system, where user will enter their
>> application / other issues. Mail will be sent to technician available on
>> duty.
>> trouble ticket will be provided to user & will be given close stat once
>> resolved.
>>
>> Kindly suggest me one such application based on open source.
>
> While I'll admit it takes some tweaking for the purpose, I'm surprised
> no one has mentioned bugzilla.  It's a little bit of work to setup as a
> helpdesk trouble ticket system, but it does work at the task reasonably
> well.  When I put it up here there wasn't as much to choose from that
> provided the flexibility we needed then.  The only real grief I've seen
> is the multiple checks required to fully close a ticket (bug) are a bit
> much for a typical helpdesk.  They make perfect sense when dealing with
> software bugs... 8^)
>
> We've been looking at replacing it with something less complex but
> haven't found anything yet that makes it worth the trouble for us to
> change.  Try several and find the one that works for you.
> --
> Steve Lindemann __
> Network Administrator  //\\  ASCII Ribbon Campaign
> Marmot Library Network, Inc.   \\//  against HTML/RTF email,
> http://www.marmot.org  //\\  vCards & M$ attachments
> +1.970.242.3331 x116
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba and iptables - woes

2009-03-31 Thread Rob Townley 
The poster suggesting a lopsided interfaces is correct.  Look at
incoming vs outgoing packets via
ifconfig -a.
  Use /sbin/ip to fix it.  Since the subnet is the same, u need a
/sbin/ip rule.

On 3/31/09, Rob Kampen  wrote:
>
>
> Craig White wrote:
>> On Tue, 2009-03-31 at 00:19 -0400, Rob Kampen wrote:
>>
>>> Hi folk,
>>> I am trying to get iptables working on a samba server but find it is
>>> blocking something that prevents the windoze clients from being able to
>>> access the share.
>>> here are the bits from iptables:
>>>
 # nmb provided netbios-ns
 -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1
 --dport 137 -j ACCEPT
 # nmb provided netbios-dgm
 -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1
 --dport 138 -j ACCEPT
 # Samba
 -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
 eth1 --dport 135 --state NEW -j ACCEPT
 # smb provided netbios-ssn
 -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
 eth1 --dport 139 --state NEW -j ACCEPT
 # smb provided microsoft-ds
 -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
 eth1 --dport 445 --state NEW -j ACCEPT

>>> so as far as I can tell this should provide access to the required
>>> services.
>>> BTW the server has two NICs; 100Mb is eth0 at 192.168.230.230 and
>>> connects to the router with internet/NAT firewall; 1Gb is eth1 at
>>> 192.168.230.232 and this connects to a G ethernet switch that has the
>>> windoze clients.
>>> The smb.conf is as follows:
>>>  [global]
>>> workgroup = NDG
>>> netbios name = SAMBA
>>> netbios aliases = Samba
>>> server string = Samba Server Version %v
>>> interfaces = lo, eth1, 192.168.230.232
>>> bind interfaces only = Yes
>>> security = DOMAIN
>>> obey pam restrictions = Yes
>>> passdb backend = tdbsam
>>> pam password change = Yes
>>> log file = /var/log/samba/%m.log
>>> max log size = 50
>>> load printers = No
>>> add user script = /usr/sbin/useradd "%u" -n -g users
>>> delete user script = /usr/sbin/userdel "%u"
>>> add group script = /usr/sbin/groupadd "%g"
>>> delete group script = /usr/sbin/groupdel "%g"
>>> delete user from group script = /usr/sbin/userdel "%u" "%g"
>>> add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
>>> -M -d /nohome -s /bin/false "%u"
>>> logon path =
>>> domain logons = Yes
>>> os level = 32
>>> preferred master = Yes
>>> domain master = Yes
>>> dns proxy = No
>>> wins support = Yes
>>> ldap ssl = no
>>> create mask = 0664
>>> directory mask = 0775
>>> hosts allow = 127., 192.168.230., 192.168.231.
>>> case sensitive = Yes
>>> browseable = No
>>> available = No
>>> wide links = No
>>> dont descend = /
>>>
>>> [homes]
>>> comment = Home Directories
>>> valid users = %S
>>> read only = No
>>> browseable = Yes
>>> available = Yes
>>>
>>> [NDG]
>>> comment = NDG files
>>> path = /NDG
>>> write list = @NDGstaff, @birdseye
>>> read only = No
>>> browseable = Yes
>>> available = Yes
>>>
>>> I found that making the rule for port 139 ignore the eth port (i.e.
>>> remove the -i eth1) allowed things to work better, but do not want this
>>> to be the case as I do not want the eth0 interface to be used for this
>>> traffic.
>>> looking at netstat -l -n shows only lo and eth1 listening on port 139,
>>> so how is this failing to work??
>>> Any ideas?
>>> Thanks
>>>
>> 
>> I don't believe that you want to use comma separators in things like
>> 'bind interfaces' or 'interfaces' - it doesn't seem that samba is
>> consistent here.
>>
>>
> removed
>> I have never used two separate hardware network interfaces on the same
>> subnet and suspect that it may actually be trying to communicate back
>> from the wrong one which is confusing things. Also, it doesn't make
>> sense to list both eth1 and the actual ip address in bind interfaces but
>> I would tend to doubt that would be a problem.
>>
>> Try taking eth0 down (as root - ifdown eth0) and see if that fixes the
>> problem.
> tried this and things appear to work okay, so I guess I need to split my
> subnet into two..
> Some further thinking required here. I have an almost identical set up
> in my home and actually tried all this there first, as I do not want my
> business impacted. So it appears to work fine at home but not at the
> office, some more testing required. I have only two windoze machines at
> home and neither access the server, so I'll have to contrive a setup
> that tries this out properly. Will keep you posted.
>>
>>
>> Also, I'm not sure why some of the firewall rules include --state NEW
>> and some of the

Re: [CentOS] CentOS 5.3 samba: getent does not return data from the active directory (ads)

2009-04-08 Thread Rob Townley 
Have you browsed the LDAP entries in ActiveDirectory to see if they
match similar entries for working windows hosts.  Under the computer
entry, look carefully at dnsHostname and servicePrincipalName.  For a
server, there are many many entries for these two variables.  CIFS/x2,
HOSTx2, LDAPS?/, . and so on.

On 4/7/09, Jason Ellison  wrote:
> CentOS 5.3 getent does not return data from the active directory (ads)
>
>   I have installed and configured kerberos and samba so that the
> server can be a member of an existing Active Directory (AD).  Correct
> configuration of kerbos was verified using kinit and klist.  The samba
> configuration was verified by using "smbclient -k -L server".  winbind
> was verified by using "wbinfo -g".  The problem seems to be nsswitch
> accessing winbindd to get group information via the "getent group"
> command.  I added winbind to the /etc/nsswitch.conf file like so:
>
> [r...@nagios ~]# grep winbind /etc/nsswitch.conf
> passwd: files winbind
> shadow: files winbind
> group:  files winbind
>
>I verified that all dynamic libraries are being accessed correctly
> by using "strace getent group".
>
>   Below is the debug output of winbindd when issuing various commands
> that interact with it.  The commands are noted in (parenthesis).
>
> (winbindd -i -d 9)
>
> 00a0 status: NT_STATUS_OK
>
> ("getent group" command issued)
>
> accepted socket 17
> [17171]: request interface version
> [17171]: request location of privileged pipe
> accepted socket 18
> [17171]: setgrent
> [17171]: endgrent
>
> ("getent passwd" command issued)
>
> accepted socket 17
> [17172]: request interface version
> [17172]: request location of privileged pipe
> accepted socket 18
> [17172]: setpwent
> [17172]: endpwent
>
> (winbindd -i -d 9)
>
> 00a0 status: NT_STATUS_OK
>
> ("wbinfo -g" command issued)
>
> accepted socket 17
> [17158]: request interface version
> [17158]: request location of privileged pipe
> accepted socket 18
> [17158]: list groups
> get_sam_group_entries: BUILTIN or local domain; enumerating local groups as
> well
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend ldapsam_compat
> Successfully added passdb backend 'ldapsam_compat'
> Attempting to register passdb backend NDS_ldapsam
> Successfully added passdb backend 'NDS_ldapsam'
> Attempting to register passdb backend NDS_ldapsam_compat
> Successfully added passdb backend 'NDS_ldapsam_compat'
> Attempting to register passdb backend smbpasswd
> Successfully added passdb backend 'smbpasswd'
> Attempting to register passdb backend tdbsam
> Successfully added passdb backend 'tdbsam'
> Attempting to find an passdb backend to match tdbsam (tdbsam)
> Found pdb backend tdbsam
> pdb backend tdbsam has a valid init
> get_sam_group_entries: Returned 2 local groups
> get_sam_group_entries: BUILTIN or local domain; enumerating local groups as
> well
> get_sam_group_entries: Returned 0 local groups
> get_cache: Setting ADS methods for domain COMPANY
> ads: enum_dom_groups
>
>
> NOTES:
>
> [r...@nagios ~]# uname -a
> Linux nagios.hq.company.local 2.6.18-128.1.6.el5xen #1 SMP Wed Apr 1
> 09:53:14 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
>
> [r...@nagios ~]# rpm -qa samba krb* nss*
> nss_db-2.2-35.3
> nss_db-2.2-35.3
> krb5-libs-1.6.1-31.el5
> nss-tools-3.12.2.0-4.el5.centos
> nss_ldap-253-17.el5
> krb5-libs-1.6.1-31.el5
> samba-3.0.33-3.7.el5
> krb5-auth-dialog-0.7-1
> nss-3.12.2.0-4.el5.centos
> nss-3.12.2.0-4.el5.centos
> nss_ldap-253-17.el5
> krb5-workstation-1.6.1-31.el5
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

2009-04-17 Thread Rob Townley 
On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva  wrote:
> on 4-17-2009 9:33 AM Lanny Marcus spake the following:
>> On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby
>>  wrote:
>>> On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
 On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters 
  wrote:
 
> My experience is that when browsing on any OS and you come across an
> error message stating that your computer is infected and you need to
> install such and such software, the web site I was visiting has an XSS
> exploit that was taken advantage of to try and get you to manually
> install a piece of malware.
>
> Install the FireFox extension "noscript" and be very careful about what
> domains you authorize scripting from.
>>
>> I now have NoScript installed.
>>
>> 
>>> You might want to also check your preferences. FF has settings about
>>> warning about fraud sites etc. You also can affect the things that
>>> javascripts can do and suppress pop-ups. I've encountered those things
>>> that you mentioned and gotten no ill-effects since I just leave the site
>>> immediately.
>>
>> Bill: I will double check the Firefox configuration settings, since I
>> upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able
>> to visit that web site, so if anything bad is coming from it (without
>> the knowledge of the webmaster) I will hopefully avoid it, with the
>> NoScript Firefox extension which I just installed. Lanny
>
> Noscript will give you an idea of just how many sites run a script of some
> kind. You will see a large part of sites just look different when the scripts
> don't run, and some don't function at all. Not that it is a bad thing, it will
> just make you think a lot.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Remember the NeXT step days (for me, mid 90's) when a single
executable binary file contained both intel and PowerPC/Motorola code.
 When clicked, it would execute the intel code on the intel platform
and the PowerPC/Motorola code on the PowerPC/Motorola platform.  I
think it would be cool to have Portable App executables that run under
both Linux and Windows because life would be easier, but the security
problem would be too much of a downside -- a single binary that roots
both Linux and Windows.

It is easy to write an executable binary for Linux that ends in .exe -
so that is don't think that is any protection at all.

Clicking "Cancel" on these dialogs or X could still launch the
executable - safest thing to do would be to kill firefox.

Further recommend NoScript and SiteAdvisor simultaneously.  Recommend
against wine and even more so against the Internet Explorer
whatchamacallit for Firefox including on wine.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

2009-04-17 Thread Rob Townley 
On Fri, Apr 17, 2009 at 2:30 PM, Robert Heller  wrote:
> At Fri, 17 Apr 2009 14:07:31 -0500 CentOS mailing list  
> wrote:
>
>>
>> On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva  wrote:
>> > on 4-17-2009 9:33 AM Lanny Marcus spake the following:
>> >> On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby
>> >>  wrote:
>> >>> On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
>>  On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters 
>>   wrote:
>>  
>> > My experience is that when browsing on any OS and you come across an
>> > error message stating that your computer is infected and you need to
>> > install such and such software, the web site I was visiting has an XSS
>> > exploit that was taken advantage of to try and get you to manually
>> > install a piece of malware.
>> >
>> > Install the FireFox extension "noscript" and be very careful about what
>> > domains you authorize scripting from.
>> >>
>> >> I now have NoScript installed.
>> >>
>> >> 
>> >>> You might want to also check your preferences. FF has settings about
>> >>> warning about fraud sites etc. You also can affect the things that
>> >>> javascripts can do and suppress pop-ups. I've encountered those things
>> >>> that you mentioned and gotten no ill-effects since I just leave the site
>> >>> immediately.
>> >>
>> >> Bill: I will double check the Firefox configuration settings, since I
>> >> upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able
>> >> to visit that web site, so if anything bad is coming from it (without
>> >> the knowledge of the webmaster) I will hopefully avoid it, with the
>> >> NoScript Firefox extension which I just installed. Lanny
>> >
>> > Noscript will give you an idea of just how many sites run a script of some
>> > kind. You will see a large part of sites just look different when the 
>> > scripts
>> > don't run, and some don't function at all. Not that it is a bad thing, it 
>> > will
>> > just make you think a lot.
>> >
>> >
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > http://lists.centos.org/mailman/listinfo/centos
>> >
>> >
>>
>> Remember the NeXT step days (for me, mid 90's) when a single
>> executable binary file contained both intel and PowerPC/Motorola code.
>>  When clicked, it would execute the intel code on the intel platform
>> and the PowerPC/Motorola code on the PowerPC/Motorola platform.  I
>> think it would be cool to have Portable App executables that run under
>> both Linux and Windows because life would be easier, but the security
>> problem would be too much of a downside -- a single binary that roots
>> both Linux and Windows.
>
> There is something called a StarKit that can be used to encapsulate
> Tcl/Tk programs. The StarKit can be treated as an executable that will
> run on any machine with a suitable Tclkit installed.  It is also
> possible to combine the Tclkit with the StarKit, creating a StarPack,
> which is a self-contained executable.
>
>>
>> It is easy to write an executable binary for Linux that ends in .exe -
>> so that is don't think that is any protection at all.
>
> Linux does not care about file *names*.  A file is executable if its x
> bit is set AND it is recognized as an executable.  That is one of:
>
> 1) file with the magic 'ELF' header (the # bits, bit order, and arch
> have to match what your kernel can deal with)
> 2) a Java jar file (if you have Java installed and configured for this usage)
> 3) a MS-Windows executable (if you have Wine installed AND the path is
> somewhere that maps to a MS-Windows drive AND Wine is configured for
> this usage)
> 4) an ASCII file with a '#!' as its first line and the path there names an
> executable file.
>
> MacOSX also supports 'universal binaries' (binaries that run on Intel or
> PowerPC processors).
>
>>
>> Clicking "Cancel" on these dialogs or X could still launch the
>> executable - safest thing to do would be to kill firefox.
>>
>> Further recommend NoScript and SiteAdvisor simultaneously.  Recommend
>> against wine and even more so against the Internet Explorer
>> whatchamacallit for Firefox including on wine.
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
>
> --
> Robert Heller             -- 978-544-6933
> Deepwoods Software        -- Download the Model Railroad System
> http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
> hel...@deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Robert Heller, excellent post!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

  1   2   >