apply also ideas from this document:
https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130
--
Eero
2015-04-22 9:30 GMT+03:00 Tim :
> I am very interested.
>
> One of my suggestions:
>
> Firewall:
> Network based firewall zone assignment (possibly disabling interface based
> ass
I am very interested.
One of my suggestions:
Firewall:
Network based firewall zone assignment (possibly disabling interface based
assignment)
Regards
Tim
Am 22. April 2015 07:13:52 MESZ, schrieb Earl A Ramirez
:
>Dear All,
>
>About a week ago; I posted a proposal over on the centos-devel mail
Dear All,
About a week ago; I posted a proposal over on the centos-devel mailing
list, the proposal is for a SIG 'CentOS hardening', there were a few of
the members of the community who are also interested in this. Therefore,
I am extending that email to this community; where there is a larger
co
On 04/21/2015 04:54 PM, Jonathan Billings wrote:
On Tue, Apr 21, 2015 at 03:46:52PM +0200, Dennis Jacobfeuerborn wrote:
Networking isn't really controlled by systemd but by NetworkManager. I
usually just yum remove NetworkManager* and then everything works just
as it did in CentOS 6.
Note: Net
On 04/21/2015 12:13 PM, Hugh E Cruickshank wrote:
From: Gordon Messmer Sent: April 21, 2015 10:30
Why do you accept that?
Every article I have read on the subject has recommended this a good
practice.
Not every source is equal.
The maintainers turned that behavior off by default sometime a
On Apr 21, 2015, at 3:12 PM, Warren Young wrote:
>
> With the four values that Kay provided, I calculate a 1.2% chance on average
> that two or more volumes will need to be checked on the same reboot.
Ooops, forgot to mention one other minor detail:
This calculator gives the chance or a 2+ vol
On Apr 21, 2015, at 9:50 AM, Hugh E Cruickshank wrote:
>
> From: Kay Diederichs Sent: April 21, 2015 03:43
>>
>> instead of having 20 for all of them, set
>> the first filesystem to 17, the second to 19, the third to 23, and the
>> fourth to 29.
>
> Thanks but that is not much different then my
On Tue, April 21, 2015 2:13 pm, Hugh E Cruickshank wrote:
> From: Gordon Messmer Sent: April 21, 2015 10:30
>>
>> On 04/21/2015 09:40 AM, Hugh E Cruickshank wrote:
>> > I accept that fscks are required on a periodic basis and I
>> am willing
>> > to reboot more often to achieve these but I would l
I am trying to get vino going on CentOS 7.1
I run this command:
gsettings set org.gnome.Vino require-encryption false
Then this one:
gsettings list-recursively org.gnome.Vino
org.gnome.Vino notify-on-connect true
org.gnome.Vino alternative-port uint16 5900
org.gnome.Vino disable-background fals
From: Gordon Messmer Sent: April 21, 2015 10:30
>
> On 04/21/2015 09:40 AM, Hugh E Cruickshank wrote:
> > I accept that fscks are required on a periodic basis and I
> am willing
> > to reboot more often to achieve these but I would like to minimize
> > downtime (during the reboot) where possible.
On Tue, April 21, 2015 1:35 pm, Dennis Jacobfeuerborn wrote:
> On 21.04.2015 16:46, Johnny Hughes wrote:
>> On 04/21/2015 08:54 AM, Jonathan Billings wrote:
>>> On Tue, Apr 21, 2015 at 03:46:52PM +0200, Dennis Jacobfeuerborn wrote:
Networking isn't really controlled by systemd but by NetworkM
On 21.04.2015 16:46, Johnny Hughes wrote:
> On 04/21/2015 08:54 AM, Jonathan Billings wrote:
>> On Tue, Apr 21, 2015 at 03:46:52PM +0200, Dennis Jacobfeuerborn wrote:
>>> Networking isn't really controlled by systemd but by NetworkManager. I
>>> usually just yum remove NetworkManager* and then ever
From: Les Mikesell Sent: April 21, 2015 09:54
> On Tue, Apr 21, 2015 at 11:40 AM, Hugh E Cruickshank wrote:
> >
> > I am trying to avoid running them at the same time in an effort to
> > avoid 70 minute boot times (which is what happened on the weekend).
>
> How many filesystems do you have?
It v
On 04/21/2015 09:40 AM, Hugh E Cruickshank wrote:
I accept that fscks are required on a periodic basis and I am willing
to reboot more often to achieve these but I would like to minimize
downtime (during the reboot) where possible.
Why do you accept that? The default behavior for filesystems s
On Tue, Apr 21, 2015 at 10:02:24AM -0700, John R Pierce wrote:
>
> do I need to compile it or something?
Looks as if the upstream jwhois.conf still isn't aware of the v6nic ->
apnic change. You can just replace the single occurance of v6nic in
jwhois.conf with apnic and you're golden (tested her
On 4/21/2015 9:46 AM, John R. Dennison wrote:
On Tue, Apr 21, 2015 at 09:39:09AM -0700, John R Pierce wrote:
>the whois command in c6 references whois.v6nic.net for ip addresses in the
>43.0.0.0/8 range (and maybe others). v6nic is no longer a valid whois
>server, any nets delegated to it shoul
On Tue, Apr 21, 2015 at 11:40 AM, Hugh E Cruickshank wrote:
> From: Les Mikesell Sent: April 21, 2015 09:19
>>
>> Why do you care about running them at the same time when it doesn't
>> take longer to run them all in parallel? Except I think the root
>> filesystem normally runs first. So you migh
On Tue, Apr 21, 2015 at 09:39:09AM -0700, John R Pierce wrote:
> the whois command in c6 references whois.v6nic.net for ip addresses in the
> 43.0.0.0/8 range (and maybe others). v6nic is no longer a valid whois
> server, any nets delegated to it should instead be delegated to apnic.
The distribu
From: Les Mikesell Sent: April 21, 2015 09:19
>
> Why do you care about running them at the same time when it doesn't
> take longer to run them all in parallel? Except I think the root
> filesystem normally runs first. So you might want to stagger it vs.
> everything else.
I am trying to avoid
the whois command in c6 references whois.v6nic.net for ip addresses in
the 43.0.0.0/8 range (and maybe others). v6nic is no longer a valid
whois server, any nets delegated to it should instead be delegated to apnic.
i have no upstream connections... this change was made in the generic
source
On Tue, April 21, 2015 11:19 am, Les Mikesell wrote:
> On Tue, Apr 21, 2015 at 11:01 AM, Hugh E Cruickshank
> wrote:
>> >
>> Thanks but changing the order of execution or executing them in
>> parallel does not help with executing them one per reboot.
>
> Why do you care about running them at the
On Tue, Apr 21, 2015 at 11:01 AM, Hugh E Cruickshank wrote:
> >
> Thanks but changing the order of execution or executing them in
> parallel does not help with executing them one per reboot.
Why do you care about running them at the same time when it doesn't
take longer to run them all in paralle
From: Hugh E Cruickshank Sent: April 20, 2015 21:09
>
> Over the weekend I had to reboot one of my systems and got hit with
> fsck runs on all of the filesystems. I would not mind so much except
> doing them all at once took over an hour. I would like to be able to
> stagger these, ideally only ex
From: Mark Milhollan Sent: April 21, 2015 05:35
> On Mon, 20 Apr 2015, Hugh E Cruickshank wrote:
>
> >CentOS 6
>
> >From ''man fstab'' ...
>
>The sixth field, (fs_passno), is used by the fsck(8)
> program to determine the order
>in which filesystem checks are done at reboot time
On Tue, Apr 21, 2015 at 10:00:50AM -0500, Johnny Hughes wrote:
> So, I am using MATE from EPEL as my desktop on one of my laptops.
>
> The screen saver was working, however the monitors (if connected via a
> docking station) were not going to sleep even if selected via the GUI
> mate power manager
From: Kay Diederichs Sent: April 21, 2015 03:43
> On 04/21/2015 06:08 AM, Hugh E Cruickshank wrote:
> >
> > The second idea was to set each filesystem to a different random
> > count value. This would run the risk of having two or more
> > executions at the same time but it would probably not be v
From: John R Pierce Sent: April 20, 2015 23:58
> On 4/20/2015 9:08 PM, Hugh E Cruickshank wrote:
> > The second idea was to set each filesystem to a different
> random count
> > value. This would run the risk of having two or more executions at
> > the same time but it would probably not be very f
From: Arun Khan Sent: April 20, 2015 23:49
>
> Take a look at 'man tune2fs' and 'man fstab' for modifying the fsck
> order in your system.
Thanks but I did look at those and I was not able to find anything
that would limit the fsck executions to one per reboot. Changing the
order of execution w
On Tue, Apr 21, 2015 at 09:46:51AM -0500, Johnny Hughes wrote:
> I have decided it is likely better to bite the bullet and learn how to
> use and configure Network Manager if you are going to do anything other
> than very simple things with your network .. at least on CentOS-7 or
> higher (ie, Fedo
So, I am using MATE from EPEL as my desktop on one of my laptops.
The screen saver was working, however the monitors (if connected via a
docking station) were not going to sleep even if selected via the GUI
mate power manager.
I then discovered that dpms has to be initialized via the command line
On 04/21/2015 08:54 AM, Jonathan Billings wrote:
> On Tue, Apr 21, 2015 at 03:46:52PM +0200, Dennis Jacobfeuerborn wrote:
>> Networking isn't really controlled by systemd but by NetworkManager. I
>> usually just yum remove NetworkManager* and then everything works just
>> as it did in CentOS 6.
>
On Tue, Apr 21, 2015 at 03:46:52PM +0200, Dennis Jacobfeuerborn wrote:
> Networking isn't really controlled by systemd but by NetworkManager. I
> usually just yum remove NetworkManager* and then everything works just
> as it did in CentOS 6.
Note: NetworkManager is in CentOS6 too, and is part of
On 21.04.2015 14:10, Mihamina Rakotomandimby wrote:
> Hi all,
>
> I used to manage network through /etc/sysconfig/network-scripts/ifcfg-*
> Most of my use case are vlans (ie: eth0.1) an aliases (ie: eth1:3)
> My context in headless VMs (no DE, no Xorg, no GUI)
>
> With CentOS7 and systemd: is it
On Tue, Apr 21, 2015 at 09:17:49AM -0400, Jerry Geis wrote:
> However - when I VNC into a box I get a different screen - I want to be on
> the same
> screen as the user that is on the console.
The VNC server you set up is its own X session running on its own X
server.
You probably want to throw a
On Tue, Apr 21, 2015 at 08:43:15AM -0400, Jerry Geis wrote:
> I have a file /etc/sysconfig/network and in the file is
>
> cat /etc/sysconfig/network
> # Created by anaconda
> HOSTNAME=zotac_c7.msgnet.com
> [root@localhost ~]#
>
> I rebooted and the prompt is still localhost ?
>
> What is the ne
On 04/21/2015 07:43 AM, Jerry Geis wrote:
> I have a file /etc/sysconfig/network and in the file is
>
> cat /etc/sysconfig/network
> # Created by anaconda
> HOSTNAME=zotac_c7.msgnet.com
> [root@localhost ~]#
>
> I rebooted and the prompt is still localhost ?
>
> What is the new thing in CentOS
On Mon, Apr 20, 2015 at 11:03:43AM -0400, Martes wrote:
> Tasks: 272 total, 2 running, 270 sleeping, 0 stopped, 0 zombie
> %Cpu(s): 7.1 us, 18.3 sy, 0.0 ni, 73.8 id, 0.7 wa, 0.0 hi, 0.1 si, 0.0
> st
> KiB Mem : 32679644 total, 402520 free, 9889728 used, 22387396 buff/cache
> KiB Swa
I have gone through all the "new" setup for VNC server on 7.1
(goodness - that certainly is not easier than the previous way)
Anyway - I have my port on 5901 and that is working.
However - when I VNC into a box I get a different screen - I want to be on
the same
screen as the user that is on the
Hi,
Try below command then report.
# hostnamectl set-hostname client.itzgeek.com
If you use this command, you do not require to notify the change in host
name. Close the current session and re launch the terminal.
OR
Directly edit /etc/hostname file and reboot.
# cat /etc/hostname
server.exam
I have a file /etc/sysconfig/network and in the file is
cat /etc/sysconfig/network
# Created by anaconda
HOSTNAME=zotac_c7.msgnet.com
[root@localhost ~]#
I rebooted and the prompt is still localhost ?
What is the new thing in CentOS 7 to set the host name
such that then the prompt is correct al
Hi all,
I used to manage network through /etc/sysconfig/network-scripts/ifcfg-*
Most of my use case are vlans (ie: eth0.1) an aliases (ie: eth1:3)
My context in headless VMs (no DE, no Xorg, no GUI)
With CentOS7 and systemd: is it still managed with
/etc/sysconfig/network-scripts/ifcfg-* ?
Fo
On 04/21/2015 06:08 AM, Hugh E Cruickshank wrote:
> CentOS 6
>
> Hi All:
>
> Over the weekend I had to reboot one of my systems and got hit with
> fsck runs on all of the filesystems. I would not mind so much except
> doing them all at once took over an hour. I would like to be able to
> stagger
On 04/20/2015 05:07 PM, Warren Young wrote:
On Apr 20, 2015, at 2:03 PM, Steve Clark wrote:
Does anyone know where I could find wireshark-1.12.4 el6 rpm?
CentOS is not the OS for you if you wish to have the very latest releases of
software.
The Wireshark project doesn’t provide Linux binarie
43 matches
Mail list logo
