Re: [CentOS] [WTA] Automatically blocking on failed login

>-Original Message- >From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf >Of David Suhendrik >Sent: Monday, May 24, 2010 6:55 PM >To: CentOS mailing list >Subject: [CentOS] [WTA] Automatically blocking on failed login > >Hello All, >I had problems with the security

Re: [CentOS] [WTA] Automatically blocking on failed login

Maybe he should go with Centos based solution, because moving what ever services are on his box to a smooth wall instance, is going to be murder! I would still suggest fail2ban, I have hundreds of attempts against my server farm all day everyday, and the fail2ban scripts really help to stop my s

Re: [CentOS] [WTA] Automatically blocking on failed login

>-Original Message- >From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf >Of Mr Gabriel >Sent: Tuesday, May 25, 2010 9:34 AM >To: CentOS mailing list >Subject: Re: [CentOS] [WTA] Automatically blocking on failed login > >Maybe he should go with Centos based solution

Re: [CentOS] [WTA] Automatically blocking on failed login

Hi All, Sorry for long answer.. I would like to use CentOS for all. I've a transparent firewall (CentOS + iptables) and I want to use it as a filter. I've been using iptables on the server machine (not in transparent firewall), and I want to get the job done by the firewall. Is it possible if my

[CentOS] Unable to download the kickstart file ?

Hi,all: Today I tried installating few machines with kickstart file through NFS. But somehow it didn't worked and got error message "Unable to download the kickstart file". I have tested the nfs share mounting from other server and it worked fine. But somehow while trying to install

Re: [CentOS] Unable to download the kickstart file ?

2010/5/25 sync : > Hi,all: > > Today I tried installating few machines with kickstart file through NFS. But > somehow it didn't worked and got error message "Unable to download the > kickstart file". > > > I have tested the nfs share mounting from other server and it worked fine. > But somehow whil

Re: [CentOS] [WTA] Automatically blocking on failed login

On Tue, 25 May 2010, David wrote: > I would like to use CentOS for all. I've a transparent firewall (CentOS > + iptables) and I want to use it as a filter. I've been using iptables > on the server machine (not in transparent firewall), and I want to get > the job done by the firewall. Is it pos

[CentOS] Centos 5.4 to 5.5 fails to update lvm2 (needs newer device-mapper?)

Updating from centos 5.4 to 5.5 using an update rather than a rebuild, I get the following complaint from yum:- lvm2-2.02.56-8.el5_5.1.x86_64 from setup has depsolving problems --> Missing Dependency: device-mapper >= 1.02.39-1 is needed by package lvm2-2.02.56-8.el5_5.1.x86_64 (setup) This

Re: [CentOS] [WTA] Automatically blocking on failed login

>-Original Message- >From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf >Of Tom Yates >Sent: Tuesday, May 25, 2010 11:19 AM >To: CentOS mailing list >Subject: Re: [CentOS] [WTA] Automatically blocking on failed login > >if this is of interest to you i wrote it the

Re: [CentOS] SATA hotswap

Jakub Jedelský schrieb: > Hi all, > > I changed a bad disk (automaticly disabled from software raid1 and > system for I/O error) in one of our servers and now have problem with > adding new one to system without reboot. Does anybody have an experience > with this? Or is it possible? :) We're using

Re: [CentOS] Centos 5.4 to 5.5 fails to update lvm2 (needs newer device-mapper?)

On 05/25/2010 10:49 AM, C R Ritson wrote: > The updates directory > http://mirror.centos.org/centos-5/5/updates/x86_64/RPMS/ contains no > device-mapper package, just:- > The install directory http://mirror.centos.org/centos-5/5/os/x86_64/CentOS/ > contains contains newer copies of both device-m

Re: [CentOS] LSI software raid with centos 5.4

>> I have been trying to install CentOS 5.4 on a Intel SR1530SHS, Intel S3200SH >> mainboard.. It has a 3 x 1TB sata hotswap drives with LSI software raid >> onboard. > > fake-raid alert! > >> I had configured the LSI to have Sata0 and Sata1 with raid 1 and the third >> drive as a hotspare drive. >

Re: [CentOS] Unable to download the kickstart file ?

On Tue, May 25, 2010 at 5:03 PM, Eero Volotinen wrote: > 2010/5/25 sync : > > Hi,all: > > > > Today I tried installating few machines with kickstart file through NFS. > But > > somehow it didn't worked and got error message "Unable to download the > > kickstart file". > > > > > > I have tested the

[CentOS] Samba3x daily logged errors with Win7 clients

In the course of upgrading from CentOS 5.4 to CentOS 5.5 I changed from using the samba (v3.0.x) packages to the samba3x (v3.3.8) packages, mostly because the newer version was said to better support Win7. The Samba server services Linux, WinXP, and Win7 clients. Now I get many, many errors lo

[CentOS] Unable to execute a script , Permission denied

Hi I have a linux box which has CentOS running in it. I logged into the box using root and wrote a script in the /home/proc_threads directory. saved the file and quit. I changed the file permissions such that any user could execute it using the "chmod 777 filename" command. When i log out and

Re: [CentOS] LSI software raid with centos 5.4

CList wrote: >>> I have been trying to install CentOS 5.4 on a Intel SR1530SHS, Intel > S3200SH >>> mainboard.. It has a 3 x 1TB sata hotswap drives with LSI software raid >>> onboard. >> fake-raid alert! >> >>> I had configured the LSI to have Sata0 and Sata1 with raid 1 and the > third >>> drive

Re: [CentOS] Unable to execute a script , Permission denied

On 25.5.2010 14:27, Jatin Davey wrote: > Hi > > I have a linux box which has CentOS running in it. I logged into the box > using root and wrote a script in the /home/proc_threads directory. saved > the file and quit. I changed the file permissions such that any user > could execute it using the

Re: [CentOS] Unable to execute a script , Permission denied

On Tue, 2010-05-25 at 17:57 +0530, Jatin Davey wrote: > Hi > > I have a linux box which has CentOS running in it. I logged into the box > using root and wrote a script in the /home/proc_threads directory. saved > the file and quit. I changed the file permissions such that any user > could exec

Re: [CentOS] Unable to execute a script , Permission denied

On 25 May 2010 13:27, Jatin Davey wrote: > Hi > > I have a linux box which has CentOS running in it. I logged into the box > using root and wrote a script in the /home/proc_threads directory. saved > the file and quit. I changed the file permissions such that any user > could execute it using the

Re: [CentOS] Unable to execute a script , Permission denied

On 5/25/2010 6:20 PM, Jakub Jedelsky wrote: On 25.5.2010 14:27, Jatin Davey wrote: Hi I have a linux box which has CentOS running in it. I logged into the box using root and wrote a script in the /home/proc_threads directory. saved the file and quit. I changed the file permissions such that any

Re: [CentOS] Unable to execute a script , Permission denied

On 25.5.2010 14:57, Jatin Davey wrote: > On 5/25/2010 6:20 PM, Jakub Jedelsky wrote: >> On 25.5.2010 14:27, Jatin Davey wrote: >>> Hi >>> >>> I have a linux box which has CentOS running in it. I logged into the box >>> using root and wrote a script in the /home/proc_threads directory. saved >>>

Re: [CentOS] Unable to execute a script , Permission denied

How are you trying to execute the script, "./my script" or "sh ./my_script"? -- Regards, James. http://www.jamesbensley.co.cc/ - There are only 10 kinds of people in the world, those who understand trinary, those who don't understand trinary and those who don't understand trinary. __

Re: [CentOS] SATA hotswap

On 05/21/2010 03:12 PM, Robert Heller wrote: > I didn't need to do anything special when inserting disks into my > (cheap) 4x 2.5" SATA hot swap bay. Just inserted the drive and the > HAL/udev deamon pick it up all on its own. My motherboard is a > nVidia-based: What sata 4 bay cage are you using

Re: [CentOS] Unable to execute a script , Permission denied

Jatin Davey wrote: > Here is the script that i am trying to execute as a non-root user: > > #!/bin/sh > ps -C java -o thcount > /home/proc_threads/tempfile > awk ' { total += $1 } END { print total } ' /home/proc_threads/tempfile > > here is the output when i try to execute as a non-root user: > >

Re: [CentOS] Unable to execute a script , Permission denied

On 5/25/2010 6:44 PM, Bowie Bailey wrote: > Jatin Davey wrote: > >> Here is the script that i am trying to execute as a non-root user: >> >> #!/bin/sh >> ps -C java -o thcount> /home/proc_threads/tempfile >> awk ' { total += $1 } END { print total } ' /home/proc_threads/tempfile >> >> here is

Re: [CentOS] Unable to execute a script , Permission denied

On 25 May 2010 14:14, Bowie Bailey wrote: > Jatin Davey wrote: >> Here is the script that i am trying to execute as a non-root user: >> >> #!/bin/sh >> ps -C java -o thcount > /home/proc_threads/tempfile >> awk ' { total += $1 } END { print total } ' /home/proc_threads/tempfile >> >> here is the o

[CentOS] Stop annoying kernel message

Hi Everyone! This is my problem: I´m using Nagios tool to monitor my servers with Cent OS 5, and I recently added the script for check nfs. This script makes an rpc request in the server, but every time that script makes this request, I have this message in /var/log/messages: "kernel: svc: un

Re: [CentOS] Unable to execute a script , Permission denied

Bowie Bailey wrote: > Jatin Davey wrote: >> Here is the script that i am trying to execute as a non-root user: >> >> #!/bin/sh >> ps -C java -o thcount > /home/proc_threads/tempfile >> awk ' { total += $1 } END { print total } ' /home/proc_threads/tempfile >> >> here is the output when i try to exe

Re: [CentOS] Unable to execute a script , Permission denied

On Tue, May 25, 2010 at 05:57:46PM +0530, Jatin Davey wrote: > I have a linux box which has CentOS running in it. I logged into the box > using root and wrote a script in the /home/proc_threads directory. saved > the file and quit. I changed the file permissions such that any user > could execu

Re: [CentOS] SATA hotswap

At Tue, 25 May 2010 14:22:56 +0100 CentOS mailing list wrote: > > On 05/21/2010 03:12 PM, Robert Heller wrote: > > I didn't need to do anything special when inserting disks into my > > (cheap) 4x 2.5" SATA hot swap bay. Just inserted the drive and the > > HAL/udev deamon pick it up all on its

Re: [CentOS] Unable to download the kickstart file ?

2010/5/25 sync : > > > On Tue, May 25, 2010 at 5:03 PM, Eero Volotinen > wrote: >> >> 2010/5/25 sync : >> > Hi,all: >> > >> > Today I tried installating few machines with kickstart file through NFS. >> > But >> > somehow it didn't worked and got error message "Unable to download the >> > kickstart

Re: [CentOS] Unable to execute a script , Permission denied

On Tue, May 25, 2010 at 9:42 AM, Les Mikesell wrote: > Bowie Bailey wrote: >> Jatin Davey wrote: >>> Here is the script that i am trying to execute as a non-root user: >>> >>> #!/bin/sh >>> ps -C java -o thcount > /home/proc_threads/tempfile >>> awk ' { total += $1 } END { print total } ' /home/pr

Re: [CentOS] Unable to execute a script , Permission denied

Bob Beers wrote: > On Tue, May 25, 2010 at 9:42 AM, Les Mikesell wrote: > >> Bowie Bailey wrote: >> >>> Jatin Davey wrote: >>> Here is the script that i am trying to execute as a non-root user: #!/bin/sh ps -C java -o thcount > /home/proc_threads/tempfile aw

Re: [CentOS] Unable to execute a script , Permission denied

Bowie wrote: > Bob Beers wrote: >> On Tue, May 25, 2010 at 9:42 AM, Les Mikesell >> wrote: >>> Bowie Bailey wrote: Jatin Davey wrote: > Here is the script that i am trying to execute as a non-root user: > > #!/bin/sh > ps -C java -o thcount > /home/proc_threads/tempfile >

Re: [CentOS] Unable to execute a script , Permission denied

m.r...@5-cent.us wrote: > Bowie wrote: > >> ps -C java -o thcount | awk ' { total += $1 } END { print total } ' >> > > Now, as dearly as I love awk, > ps -C java --no-heading | wc -l > You are counting processes, the original is counting threads. $ ps -C java -o thcount | awk ' { total

Re: [CentOS] Unable to execute a script , Permission denied

> m.r...@5-cent.us wrote: >> Bowie wrote: >> >>> ps -C java -o thcount | awk ' { total += $1 } END { print total } ' >>> >> >> Now, as dearly as I love awk, >> ps -C java --no-heading | wc -l >> > > You are counting processes, the original is counting threads. > > $ ps -C java -o thcount | awk ' {

Re: [CentOS] Unable to execute a script , Permission denied

> m.r...@5-cent.us wrote: >> Bowie wrote: >> >>> ps -C java -o thcount | awk ' { total += $1 } END { print total } ' >>> >> >> Now, as dearly as I love awk, >> ps -C java --no-heading | wc -l >> > > You are counting processes, the original is counting threads. > > $ ps -C java -o thcount | awk ' {

Re: [CentOS] Unable to execute a script , Permission denied

On 5/25/2010 9:55 AM, m.r...@5-cent.us wrote: >> m.r...@5-cent.us wrote: >>> Bowie wrote: >>> ps -C java -o thcount | awk ' { total += $1 } END { print total } ' >>> >>> Now, as dearly as I love awk, >>> ps -C java --no-heading | wc -l >>> >> >> You are counting processes, the original is

Re: [CentOS] Unable to execute a script , Permission denied

Les Mikesell wrote: > On 5/25/2010 9:55 AM, m.r...@5-cent.us wrote: > >>> m.r...@5-cent.us wrote: >>> Bowie wrote: > ps -C java -o thcount | awk ' { total += $1 } END { print total } ' > > Now, as dearly as I love awk, ps -C java --

Re: [CentOS] Unable to execute a script , Permission denied

Les wrote: > On 5/25/2010 9:55 AM, m.r...@5-cent.us wrote: >>> m.r...@5-cent.us wrote: Bowie wrote: > ps -C java -o thcount | awk ' { total += $1 } END { print total } ' Now, as dearly as I love awk, ps -C java --no-heading | wc -l >>> >>> You are counting processes, th

Re: [CentOS] LSI software raid with centos 5.4

I have been trying to install CentOS 5.4 on a Intel SR1530SHS, Intel >> S3200SH mainboard.. It has a 3 x 1TB sata hotswap drives with LSI software raid onboard. >>> fake-raid alert! >>> I had configured the LSI to have Sata0 and Sata1 with raid 1 and the >> third drive as a

Re: [CentOS] OT: Strange Email Problem

On Sat, May 22, 2010 at 1:02 PM, Bart Schaefer wrote: > On Sat, May 22, 2010 at 6:42 AM, Chris Geldenhuis > wrote: > > > > The records that Richard was talking about was not that of your actual > > mail, but the Domain Name Service (DNS) records required to find the > > destination server and for

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

Just a follow up note: We've got the same problem again on another fresh install. Totally different hardware - so the hardware hypothesis bites the dust. Since other people aren't seeing this, the remaining suspect is our configuration files. We're using an smbpasswd backed, and in both these cases

[CentOS] Looking for Linux variant of chairgun

Hi, Does anyone know of a good Linux alternative to Chairgun ( http://www.chairgun.com/), which is used with air riffles? -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 _

[CentOS] User Mode Linux

Is anyone using 'user mode linux' to create virtual centos servers under a master centos server? Is there a package for this? Is xen or something a better way to go? Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinf

Re: [CentOS] User Mode Linux

2010/5/25 Matt : > Is anyone using 'user mode linux' to create virtual centos servers > under a master centos server?  Is there a package for this?  Is xen or > something a better way to go? openvz is very similar http://openvz.org anyway, xen and kvm provides better isolation and memoryprotectio

Re: [CentOS] User Mode Linux

On Tue, May 25, 2010 at 02:55:27PM -0500, Matt wrote: > Is anyone using 'user mode linux' to create virtual centos servers > under a master centos server? Is there a package for this? Is xen or > something a better way to go? I use it all the time. I've written a tonne of my own wrapper scripts

Re: [CentOS] Looking for Linux variant of chairgun

Hi, > Does anyone know of a good Linux alternative to Chairgun > (http://www.chairgun.com/), which is used with air riffles? I don't know of a linux alternative, but you could run this under wine I would think. Rgds Simon. ___ CentOS mailing list Ce

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

Finally, a clue! Upgraded from the stock smbd version from the 5.4 iso to 3.0.33-3.28.el5, and now an error message makes it into /var/log/messages: May 24 15:29:12 xyz smbd[2674]: [2010/05/24 15:29:12, 0] lib/messages.c:message_init(132) May 24 15:29:12 xyz smbd[2674]: ERROR: Failed to initi

Re: [CentOS] Unable to download the kickstart file ?

On 25/05/10 22:40, sync wrote: On Tue, May 25, 2010 at 5:03 PM, Eero Volotinen > wrote: 2010/5/25 sync mailto:jian...@gmail.com>>: > Hi,all: > > Today I tried installating few machines with kickstart file through NFS. But > somehow it didn

Re: [CentOS] Looking for Linux variant of chairgun

Rudi Ahlers wrote: > Hi, > > Does anyone know of a good Linux alternative to Chairgun > (http://www.chairgun.com/), which is used with air riffles? should be pretty easy to reproduce the math in something like Gnu Octave. y = y0 + x * tan(theta) - g*x^2/(2*(v*cos(theta))^2) gives height Y

[CentOS] Having trouble with LDAP Authentication...

I¹ve google and searched, and have had very little luck... I have: 1. Installed all the packages. 2. Configured and have running OpenLDAP. 3. Migrated my passwd/shadow/group/hosts files into the directory 4. Tested the directory using ldapsearch 5. Installed LAM (web interface to LDAP authenticat

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

Following up, that appears to be /var/cache/samba/messages.tdb it can't intialize. Which sits there with the same permissions on the not-working CentOS 5.4 systems as on the working Redhat 5.4 systems. Now what could create a problem for that when started from "/etc/init.d/smb start" but not from "

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

At Tue, 25 May 2010 15:11:45 -0400 CentOS mailing list wrote: > > Just a follow up note: We've got the same problem again on another fresh > install. Totally different hardware - so the hardware hypothesis bites the > dust. Since other people aren't seeing this, the remaining suspect is our > c

Re: [CentOS] Having trouble with LDAP Authentication...

On Tue, 25 May 2010, Andy Akins wrote: 8. Confirmed user is not in /etc/passwd 9. Confirmed using “getent passwd | grep username” that the user is listed. 10. Confirmed using “getent passwd” shows two records for each user except ldap-only users (one for /etc/passwd, one for LDAP). Howeve

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

At Tue, 25 May 2010 17:26:26 -0400 CentOS mailing list wrote: > > Following up, that appears to be /var/cache/samba/messages.tdb it can't > intialize. Which sits there with the same permissions on the not-working > CentOS 5.4 systems as on the working Redhat 5.4 systems. Now what could > create

Re: [CentOS] User Mode Linux

On 5/25/2010 3:08 PM, Stephen Harris wrote: > On Tue, May 25, 2010 at 02:55:27PM -0500, Matt wrote: >> Is anyone using 'user mode linux' to create virtual centos servers >> under a master centos server? Is there a package for this? Is xen or >> something a better way to go? > > I use it all the t

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

On Tue, May 25, 2010 at 05:38:59PM -0400, Robert Heller wrote: > Wondering aloud: where the smbpasswd *data* files copied? If so how, > exactly? And from what version of samba were the smbpasswd *data* > created with? And are the permissions of the smbpasswd *data* what they > should be? Just g

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

On Tue, May 25, 2010 at 05:47:00PM -0400, Robert Heller wrote: > Was this file *copied* from the Redhat 5.4 system(s) or created fresh > under CentOS? If you mean /etc/init.d/smb, it's CentOS's version. The entire difference between the two, just for the record, is: # diff smb /etc/init.d/smb 10

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

On Tue, May 25, 2010 at 06:05:34PM -0400, Whit Blauvelt wrote: > where "smb" is RH's version and /etc/init.d/smb is Cent's. I can't quite > imagine that a difference between overwriting or appending path.txt is at > the root of what I'm seeing though. Correction: that wasn't a virgin version of C

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

On Tue, May 25, 2010 at 06:09:40PM -0400, Whit Blauvelt wrote: > Correction: that wasn't a virgin version of Cent's. More in a moment. This gets more bizarre. To a virgin version of Cent's /etc/init.d/smb - it's a perfect match: # diff ./smb /etc/init.d/smb # That's right, no diff! Yet if I

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

Whit Blauvelt wrote, On 05/25/2010 06:05 PM: > On Tue, May 25, 2010 at 05:47:00PM -0400, Robert Heller wrote: > >> Was this file *copied* from the Redhat 5.4 system(s) or created fresh >> under CentOS? > > If you mean /etc/init.d/smb, it's CentOS's version. The entire difference > between the two

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

On Wed, May 26, 2010 at 12:17 AM, Whit Blauvelt wrote: > On Tue, May 25, 2010 at 06:09:40PM -0400, Whit Blauvelt wrote: > > > Correction: that wasn't a virgin version of Cent's. More in a moment. > > This gets more bizarre. To a virgin version of Cent's /etc/init.d/smb - > it's > a perfect match:

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

On 5/25/2010 5:09 PM, Whit Blauvelt wrote: > On Tue, May 25, 2010 at 06:05:34PM -0400, Whit Blauvelt wrote: > >> where "smb" is RH's version and /etc/init.d/smb is Cent's. I can't quite >> imagine that a difference between overwriting or appending path.txt is at >> the root of what I'm seeing thoug

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

WTE? do printenv > dot.slash.env add to /etc/init.d/smb printenv > ~/init.d.smb.env then execute /etc/init.d/smb There has got to be a difference between the two environments causing identical scripts to behave differently depending on how they're executed. unless PATH searches . before other d

Re: [CentOS] Having trouble with LDAP Authentication...

On 5/25/2010 5:16 PM, Andy Akins wrote: I've google and searched, and have had very little luck... I have: 1. Installed all the packages. 2. Configured and have running OpenLDAP. 3. Migrated my passwd/shadow/group/hosts files into the directory 4. Tested the directory using ldapsear

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

Hi Brian, I've been all over the environment comparisons before, I think. The question currently is: What can be the difference between "/home/smb restart" - which works, and "/etc/init.d/smb restart" - which fails when a diff between the two smb files shows no difference? This is with both

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

On 05/25/2010 04:11 PM, Whit Blauvelt wrote: > Hi Brian, > > I've been all over the environment comparisons before, I think. The question > currently is: > > What can be the difference between > > "/home/smb restart" - which works, and > "/etc/init.d/smb restart" - which fails > > when a diff betwe

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

Les, At risk of clogging mail boxes, see below, and note this line in the middle: open("/var/cache/samba/messages.tdb", O_RDWR|O_CREAT, 0600) = -1 EACCES (Permission denied) Now, if I copy that modified smb file elsewhere and run it, for one difference output stops without returning to prompt a

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

On Tue, May 25, 2010 at 06:23:02PM -0400, Todd Denniston wrote: > I have not been following this thread closely, but perhaps Robert was > pointing at SELINUX and the > need to keep the SE permissions intact as you copy/edit the file. > > i.e. you may need to: > A) restorecon /etc/init.d/smb and a

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

On Tue, May 25, 2010 at 04:33:53PM -0700, Jerry Franz wrote: > Are you running with SELinux on? Now there's a good question, it turns out. I'd assumed CentOS followed the pattern of most distros in having it not be in strictest mode out-of-the-box, but in /etc/selinux/config: SELINUX=enforcing

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

At Tue, 25 May 2010 18:05:34 -0400 CentOS mailing list wrote: > > On Tue, May 25, 2010 at 05:47:00PM -0400, Robert Heller wrote: > > > Was this file *copied* from the Redhat 5.4 system(s) or created fresh > > under CentOS? > > If you mean /etc/init.d/smb, it's CentOS's version. The entire dif

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

On Tue, May 25, 2010 at 07:55:12PM -0400, Whit Blauvelt wrote: > On Tue, May 25, 2010 at 04:33:53PM -0700, Jerry Franz wrote: > > > Are you running with SELinux on? You were right Jerry! echo 0 > /selinux/enforce and then /etc/init.d/smb restart works! Thank you much Jerry! Now why doesn't th

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

Whit Blauvelt wrote: > On Tue, May 25, 2010 at 07:55:12PM -0400, Whit Blauvelt wrote: >> On Tue, May 25, 2010 at 04:33:53PM -0700, Jerry Franz wrote: >> >>> Are you running with SELinux on? > > You were right Jerry! > > echo 0 > /selinux/enforce > > and then /etc/init.d/smb restart works! Thank

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

On May 25, 2010, at 8:25 PM, Whit Blauvelt wrote: > On Tue, May 25, 2010 at 07:55:12PM -0400, Whit Blauvelt wrote: >> On Tue, May 25, 2010 at 04:33:53PM -0700, Jerry Franz wrote: >> >>> Are you running with SELinux on? > > You were right Jerry! > > echo 0 > /selinux/enforce > > and then /etc/init

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

On Tue, May 25, 2010 at 07:46:56PM -0500, Les Mikesell wrote: > I would have looked at selinux first for any "odd failure", but I thought it > related to the process itself and couldn't see any way that the process would > be > different when started as "sh /etc/init.d/smb restart" than simply

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

On Tue, May 25, 2010 at 08:52:58PM -0400, Ross Walker wrote: > Selinux alerts are in /var/log/audit/audit.log Thank you for that. Cryptic, but there it is. > The problem is if smbd doesn't create the messages.tdb file then it > won't have the selinux rights. I don't follow you. What else coul

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Whit Blauvelt > Sent: Tuesday, May 25, 2010 21:27 > To: CentOS mailing list > Subject: Re: [CentOS] Odd failure of smbd to start from > init.d - CentOS 5.4 - it's that fine SELinux

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

Whit Blauvelt wrote: Then why was it also happy with "sh /etc/init.d/smb start" but not "/etc/init.d/smb start". I'm happy to become more educated on this. But if invoking a major daemon startup that selinux wants to block is as easy as that, selinux is window dressing, not security. What am I

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

On May 25, 2010, at 9:44 PM, Whit Blauvelt wrote: > On Tue, May 25, 2010 at 08:52:58PM -0400, Ross Walker wrote: > >> Selinux alerts are in /var/log/audit/audit.log > > Thank you for that. Cryptic, but there it is. > >> The problem is if smbd doesn't create the messages.tdb file then it >> won't

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

On Tue, May 25, 2010 at 10:03:38PM -0400, Jason Pyeron wrote: > If you look at it as the two different commands, then they may have different > permissions, owners, contexts, etc... > > /bin/sh vs /etc/init.d/smb > > I am just logically guessing here but ... Let me follow your logic here. So th

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

Whit Blauvelt wrote, On 05/25/2010 11:09 PM: > On Tue, May 25, 2010 at 10:03:38PM -0400, Jason Pyeron wrote: > >> If you look at it as the two different commands, then they may have different >> permissions, owners, contexts, etc... >> >> /bin/sh vs /etc/init.d/smb >> >> I am just logically guessi

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

On Tue, May 25, 2010 at 09:09:33PM -0500, Jay Leafey wrote: > In your case, there should have been AVC errors showing up in the > audit log related to smbd. Using restorecon to fix up the security > context on the files in /etc/samba might have resolved the issue > quickly... but I guess the tric

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

On 05/25/2010 04:39 PM, Whit Blauvelt wrote: > On Tue, May 25, 2010 at 06:23:02PM -0400, Todd Denniston wrote: >> i.e. you may need to: >> A) restorecon /etc/init.d/smb and any other samba files that you have >> copied/edited. > > It doesn't work with the smb file which is virgin, as installed by

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

On 05/25/2010 06:44 PM, Whit Blauvelt wrote: > > And that still doesn't say why it starts having a problem with > /var/cache/samba/messages.tbd. Does it? That's simply the first file which was denied by policy. If that one had been removed, the next one would have caused problems. >> That file

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

On 05/25/2010 08:36 PM, Whit Blauvelt wrote: > > Thoughtful advice. Thanks. Is there some method to duplicate basic > configuration files across selinux servers without running restorecon for > each set of files that's copied over - that is, to copy them with their > selinux labels intact? Usually

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

On 05/25/2010 08:09 PM, Whit Blauvelt wrote: > > So with selinux, in general any script that selinux would stop from running > due to the script's own extra selinux file tags can be run if Evil Intruder > simply invokes the same script with its shell first - sh or perl or python > or whatever? That

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

Gordon Messmer wrote: > > No. With that file removed, smbd probably wouldn't have been able to > write to the directory. If it was able to, it probably would have run > into trouble with the next file. If smbd started up in the context > which was configured for it, everything would work nor