Updating Fedora versions
Hello, I've got a Linode running fc17. I'd like to update it to fc20. I'm wondering if it's possible to do this upgrade from fc17 to fc20 without doing a complete reinstall? I've got several services that I'd very much not like to have to reconfigure from scratch on the new system. Thanks. Dave. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Updating Fedora versions
Hello, Thank you. I will be doing: F17 > F18 > F20 What issues did you run into when performing your yum update? This will be to a remote server and over ssh. Thanks. Dave. On 2/17/14, Frank Murphy wrote: > On Sun, 16 Feb 2014 21:25:59 -0500 > David Mehler wrote: > >> Hello, >> >> I've got a Linode running fc17. I'd like to update it to fc20. I'm >> wondering if it's possible to do this upgrade from fc17 to fc20 >> without doing a complete reinstall? > > Yes and NO, > You cannot go F17 > F20 in one step. (# 2 release at most recommended) > The advice would be F17 > F18 > F20 or > F17 > F19 > F20 > > //* I have gone F17 to F20 using yum. > * Expect some tweaking. > */ > > The recommended method is using "fedup" > Personally I have used yum --releasever=N > following : > http://fedoraproject.org/wiki/Upgrading_Fedora_using_yum > > ymmv. > > ___ > Regards > Frank > frankly3d.com > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Updating Fedora versions
Hello, I have completed my upgrade. I used the fedora-upgrade package and command to go the slow way, Fc17 > Fc18 > FC19 > FC20. It is working. Much thanks. Dave. On 2/17/14, Joe Zeff wrote: > On 02/17/2014 07:51 AM, Martin Airs wrote: >> the only thing I would add, is that you probably shouldn't use fedup, >> because >> if I remember correctly, fedup puts an entry in the grub.conf to complete >> the >> installation after reboot, and being a remote server, you probably dont >> have >> access to choose this option when it reboots. > > Yes, fedup does add an entry, however, it's also the default. The > upgrade starts when you reboot unless you intentionally pick a different > entry. > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Fc20, systemd, and nonexistent services
Hello, I'm running a new FC20 system, one that was upgraded. I'm using: systemctl -t service -a -l to check services and I'm seeing several that I don't have installed, exim (MTA?) for example. I've tried using systemctl disable to remove the service, and don't get anything back. How do I prune my services list/get the unknown or uninstalled packages out? Thanks. Dave. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Fc20, systemd, and nonexistent services
Hello, Thanks. On 2/18/14, T.C. Hollingsworth wrote: > On Mon, Feb 17, 2014 at 6:42 PM, David Mehler wrote: >> Hello, >> >> I'm running a new FC20 system, one that was upgraded. >> >> I'm using: >> >> systemctl -t service -a -l >> >> to check services and I'm seeing several that I don't have installed, >> exim (MTA?) for example. I've tried using systemctl disable to remove >> the service, and don't get anything back. >> >> How do I prune my services list/get the unknown or uninstalled packages >> out? > > Don't pass the '-a' argument to systemctl. ;-) > > Using the '-a' argument makes systemctl display every unit it knows > about regardless of whether it's installed or not. There are several > ways it can know about services that don't exist. The most common > case where this happens is if a service wants to make sure it is > started before/after another service, but doesn't necessarily require > it to be running if it's not installed. It defines Before/After > dependencies for such services in its systemd unit file, which affects > the ordering of services being started, but not whether they're > actually started. > > So you probably have some service that wants to start before/after > exim, but doesn't necessarily require it to be there. (Perhaps because > it could work with sendmail or postfix as well). This is nothing to > worry about, hence why systemctl hides it from you unless you > specifically unearth it with the '-a' argument. > > If you want to view all running services and ones systemd tried and > failed to start, just use 'systemctl -t service'. If you want to see > a list of all services and whether they're enabled, disabled, or > statically enabled, use 'systemctl -t service list-unit-files'. > > -T.C. > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Firewalld and fail2ban
Hello, I use to use iptables on fc17, now with firewalld in fc20 I'm migrating to it. I have to say I like it better, there are things I'm curious if it can do. For example, if you allow in http does that work for ipv4, ipv6, or both? Second question, in my previous setup I used fail2ban to block ip addresses that were brute forcing the system. I'm wondering if fail2ban and firewalld can work together? Googling showed it was possible with an action.d file, but the site referenced returned a page not found. Thanks. Dave. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Anti-brute force to those using firewalld?
Hello, To those running firewalld as opposed to the older iptables static firewall setup, FC20, what do you use for stopping anti brute force or port knockings on your systems? I use to use fail2ban but it appears it does not work with firewalld. Recommendations appreciated. Thanks. Dave. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Anti-brute force to those using firewalld?
Hello, Thank you. I'm referring to ssh and or smtp bot probes of a system. I'd like to block these out. Thanks. Dave. On 3/6/14, Bruno Wolff III wrote: > On Thu, Mar 06, 2014 at 11:20:16 -0500, >David Mehler wrote: >>Hello, >> >>To those running firewalld as opposed to the older iptables static >>firewall setup, FC20, what do you use for stopping anti brute force or >>port knockings on your systems? I use to use fail2ban but it appears >>it does not work with firewalld. > > Strong passwords. > Limited source IP addresses. > Requiring a key and password. > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Serious OpenSSL vulnerability
Hello, What is Koji? I downloaded the src.rpm, built it and installed the resulting binary rpm, was there an easier way? Thanks. Dave. On 4/8/14, Tim wrote: > Allegedly, on or about 08 April 2014, Patrick O'Callaghan sent: >> See also http://heartbleed.com/ and >> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ > > Quoting from the arstechnica link (is that name meant to be funny?), I > find this: > > "recovering from the two-year-long vulnerability may also require > revoking any exposed keys, reissuing new keys, and invalidating all > session keys and session cookies" > > Years ago I noticed a browser option to check for revoked keys, one that > was always disabled by default on any system I looked. Switching it on > caused many sites to fail, because they were badly set up. e.g. My > bank, and many other mainstream sites. > > It was an option that I considered ought to be set by default. I would > have thought that checking for revoked certificates should be a > mandatory step in a secure browsing situation. I wonder what the > current state of play is with that? > > -- > [tim@localhost ~]$ uname -rsvp > Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 > > All mail to my mailbox is automatically deleted, there is no point > trying to privately email me, I will only read messages posted to the > public lists. > > George Orwell's '1984' was supposed to be a warning against tyranny, not > a set of instructions for supposedly democratic governments. > > > > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Are the Fc20 yum repos down?
Hello, Are the FC20 yum repos down? I keep getting errors that they're unavailable when attempting to update. Thanks. Dave. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Can not retrieve metalink for repository fedora/20/i386
Hello, I've been having update problems since yesterday on my f20 system. I keep getting the above message can not retrieve metalink repository fedora/20/i386. At first I thought the repos were down, but a host and ping shows they're up. I googled and saw similar issues, but without a fix, I'm hoping someone can help me get my yum working again. If I change skip_if_unavailable in fedora/20/i386 to true I then get the same error with fedora/20/update repo, if I set that one to skip_if_unavailable to true the process works, but I don't get any updates. Here's my nonworking repo setup: #yum update One of the configured repositories failed (Unknown), and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this: 1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Disable the repository, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable 4. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=.skip_if_unavailable=true Cannot retrieve metalink for repository: fedora/20/i386. Please verify its path and try again and my repo setup: fedora.repo: [fedora] name=Fedora $releasever - $basearch failovermethod=priority #baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/ metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch enabled=1 metadata_expire=7d gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch skip_if_unavailable=False fedora-updates.repo: [updates] name=Fedora $releasever - $basearch - Updates failovermethod=priority #baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/ metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch skip_if_unavailable=False remi.repo: [remi] name=Les RPM de remi pour Fedora $releasever - $basearch #baseurl=http://rpms.famillecollet.com/fedora/$releasever/remi/$basearch/ mirrorlist=http://rpms.famillecollet.com/fedora/$releasever/remi/mirror enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi rpmfusion-free.repo: [rpmfusion-free] name=RPM Fusion for Fedora $releasever - Free #baseurl=http://download1.rpmfusion.org/free/fedora/releases/$releasever/Everything/$basearch/os/ mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-$releasever&arch=$basearch enabled=1 metadata_expire=7d gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-$releasever rpmfusion-free-updates.repo: [rpmfusion-free-updates] name=RPM Fusion for Fedora $releasever - Free - Updates #baseurl=http://download1.rpmfusion.org/free/fedora/updates/$releasever/$basearch/ mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-$releasever&arch=$basearch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-$releasever Help appreciated. Thanks. Dave. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
fail2ban on fc20
Hello, Is anyone running fail2ban on fc20 with firewalld? I'm trying to get this working and finding a lot of bug reports on this but not an rpm that goes out of the box. I'd prefer not to have to revert to iptables but I want to stop brute force attempts. Thanks. Dave. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Setting up caching nameserver on f21
Hello, I'm trying to set up a caching nameserver on f21. No success, but googling shows items pre-system and not working on my setup. I've got my isp's upstream dns servers but I'd like to query my localhost caching nameserver first. Thanks. Dave. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Setting up caching nameserver on f21
Hello, Thanks. I can get the caching service setup and started. The issue I'm having is with name resolution and resolv.conf, I'm wanting to get my local dns server at 127.0.0.1 to be queried first, echoing values to resolv.conf doesn't stick. Thanks. Dave. On 1/23/15, Jens Neu wrote: > > On 01/23/2015 12:14 AM, David Mehler wrote: >> Hello, >> >> I'm trying to set up a caching nameserver on f21. No success, but >> googling shows items pre-system and not working on my setup. I've got >> my isp's upstream dns servers but I'd like to query my localhost >> caching nameserver first. > google "fedora unbound caching howto", unbound is probably what you need. > > regards > Jens > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Firewalld and fail2ban on f21
Hello, Last time I tried this combination it was either f19 or f20 I was unable to get it to work as firewalld was new. On f21 is anyone using firewalld to manage their firewall and fail2ban to protect services against bots? Thanks. Dave. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Firewalld and fail2ban on f21
Hi, No, any tricks I have to do to get the two working well with each other? As I said last time I tried it I needed to get two files which were in svn and even then I never got it going. I'll take sshd although you can substitute smtp as an example, ports 22 or 25, port knocking bots I want them blocked with fail2ban and to have those rules permanently in firewalld so that I can not only have them loaded on a system restart but also can view which addresses have been blocked with firewall-cmd. Thanks. Dave. On 1/3/15, Peter Boy wrote: > Works fine here. Any concern getting it up and running? > > > >> Am 03.01.2015 um 17:47 schrieb David Mehler : >> >> Hello, >> >> Last time I tried this combination it was either f19 or f20 I was >> unable to get it to work as firewalld was new. On f21 is anyone using >> firewalld to manage their firewall and fail2ban to protect services >> against bots? >> >> Thanks. >> Dave. >> -- >> users mailing list >> users@lists.fedoraproject.org >> To unsubscribe or change subscription options: >> https://admin.fedoraproject.org/mailman/listinfo/users >> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct >> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines >> Have a question? Ask away: http://ask.fedoraproject.org > > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
