Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?

On 02/18/2011 03:09 PM, Michael B Allen wrote: > Hackerguiardian is a commercial service (it's actually "COMODO CA > Limited"). Their scan looks thorough. Obviously they're just matching > up version numbers with CVE notices but I have a feeling most of these > guys are going to be doing the same

Re: [CentOS] 40TB File System Recommendations

On 04/12/2011 10:21 AM, Boris Epstein wrote: > On Tue, Apr 12, 2011 at 3:36 AM, Alain Péan > > wrote: I would chime in with a dis-commendation for XFS. At my previous employer, two cases involving XFS resulted in irrecoverable data corruption. These were

Re: [CentOS] 40TB File System Recommendations

On 04/12/2011 11:30 AM, Les Mikesell wrote: > On 4/12/2011 9:36 AM, John Jasen wrote: >> >> >> >> I would chime in with a dis-commendation for XFS. At my previous >> employer, two cases involving XFS resulted in irrecoverable data >> corruption. These were

Re: [CentOS] 40TB File System Recommendations

On 04/12/2011 08:19 PM, Christopher Chan wrote: > On Tuesday, April 12, 2011 10:36 PM, John Jasen wrote: >> On 04/12/2011 10:21 AM, Boris Epstein wrote: >>> On Tue, Apr 12, 2011 at 3:36 AM, Alain Péan >>> >> <mailto:alain.p...@lpp.polytechnique.fr>> wrote

Re: [CentOS] 40TB File System Recommendations

On 04/13/2011 09:04 PM, Ross Walker wrote: > On Apr 13, 2011, at 7:26 PM, John Jasen wrote: > Every now and then I hear these XFS horror stories. They seem too impossible > to believe. > > Nothing breaks for absolutely no reason and failure to know where the > breakage wa

Re: [CentOS] 40TB File System Recommendations

One was 32 bit, the other 64 bit. Christopher Chan wrote: >On Thursday, April 14, 2011 07:26 AM, John Jasen wrote: >> On 04/12/2011 08:19 PM, Christopher Chan wrote: >>> On Tuesday, April 12, 2011 10:36 PM, John Jasen wrote: >>>> On 04/12/2011 10:21 AM, Boris Ep

Re: [CentOS] how many people still use NIS?

Iain Morris wrote: > > > On Sat, Oct 2, 2010 at 7:29 PM, Craig White > wrote: > > > > This discussion completely ignores the fact that user authentication is > just one of the many things LDAP does. If all you are going to do with > LDAP is s

Re: [CentOS] OT: linux desktop market share more than 1%

On 10/08/2010 06:25 PM, Warren Young wrote: > On 10/8/2010 4:09 PM, m.r...@5-cent.us wrote: >> But OS X can legally only run on Apple (tm$$$) systems, where Linux can >> run on *anything* and anybody's inexpensive hardware. > > Apple hardware is fairly priced when compared on quality. Yes, there

Re: [CentOS] Mount/automount fails with krb5-enabled nfs4

For what its worth, every time that I've tried kerberized NFS with RHEL, I've run into issues unless I was running the latest version of mount-utils, which I _think_ included rpc.gssd and rpc.svcgssd. My memory may be failing, and I'll look later, but my recollection is that it was very sensitive

Re: [CentOS] XFS or EXT3 ?

>From personal experience, the last three times I ran XFS on large volumes (4+ TB), they all became irrecoverably corrupted in some way or another. The final occasion resulted in XFS being permanently banned from that establishment. -- -- John E. Jasen (jja...@realityfailure.org) -- "Deserve Vi

Re: [CentOS] XFS or EXT3 ?

On 12/03/2010 03:16 PM, Les Mikesell wrote: > Was this on 32-bit RH/Centos where the 4k stacks are a known problem for > XFS? Both 32 and 64 bit kernels. -- -- John E. Jasen (jja...@realityfailure.org) -- "Deserve Victory." -- Terry Goodkind, Naked Empire __

Re: [CentOS] Graphing System Load MRTG

On 12/21/2010 11:09 AM, Matt wrote: > I check system load like so: > > [r...@server cron.daily]# w > 10:07:33 up 4 days, 15:01, 2 users, load average: 4.22, 3.17, 3.09 > > I would like to to graph the 3.17 5 minute average with MRTG. Anyone > know of some examples of doing this? The easy way

Re: [CentOS] which firewall to automatically block bandwidth abusers?

ic use with > cacti & SNMP. Cacti can send us an email if a certain amount of > bandwidth is used up, but it doesn't tell the firewall to block the > offending IP address. > > DDOS protection type firewalls doesn't help much either since they > only block incoming "att

Re: [CentOS] [WTA] Automatically blocking on failed login

David Suhendrik wrote: > Hello All, > I had problems with the security server, the server is frequently > attacked using bruteforce attacks. Is there an application that can > perform automatic blocking when there are failed login to the ports > smtp, pop3 port, and others? > > I am currently usin

Re: [CentOS] security compliance vs. old software versions

Kwan Lowe wrote: > On Tue, Jun 29, 2010 at 5:11 PM, Les Mikesell wrote: >> What's the correct response to a security scan that points out that >> apache versions below 2.2.14 have multiple known vulnerabilities? Is >> there an official document about what known vulnerabilities have been >> fixed

Re: [CentOS] security compliance vs. old software versions

m.r...@5-cent.us wrote: > Frank Cox wrote: >> On Wed, 2010-06-30 at 15:14 -0400, m.r...@5-cent.us wrote: >>> Sorry, you lost me here. I turned off all access to the h/d/ramdisk on >>> the >>> printers, and left it off. This, of course, slows things down a lot, >>> but >>> it's "Secure". >> The poin

Re: [CentOS] security compliance vs. old software versions

m.r...@5-cent.us wrote: > John Jasen wrote: >> m.r...@5-cent.us wrote: >>> Frank Cox wrote: >>>> On Wed, 2010-06-30 at 15:14 -0400, m.r...@5-cent.us wrote: >>>>> Sorry, you lost me here. I turned off all access to the h/d/ramdisk on >>>&g

Re: [CentOS] Windows 2003 AD, Winbind, Kerberos and NFSv4

Please forgive joining the broadcast already in progress, and for top posting. However, I have found that removing all but the DES CBC keytab entries on the client helps. With Windows 2003, you may also have to set the default encryption type for the kerberos account to DES, and use ADSIEDIT.msc t

Re: [CentOS] security compliance vs. old software versions

John Hinton wrote: > On 6/30/2010 8:54 PM, John Jasen wrote: >> Well, I'm a security admin, so of course protection is more important >> than utility! :) >> >> But seriously, the assessment tools provide information on your >> environment, based on certain

[CentOS] selinux getsebool request

Out of faint curiosity, how do we push change requests upstream to RHEL? I'm using puppet to automate systems, including the application of SELinux policy. While setsebool -P is non-damaging to repeat, it is time consuming -- taking about 45 seconds per execution to process the existing policy and

Re: [CentOS] selinux getsebool request

On 04/12/2016 02:31 PM, James Hogarth wrote: > For example: > > unless => "/usr/sbin/getsebool httpd_can_network_connect | /usr/bin/grep on > &> /dev/null" D'oh! That's what I get for overcomplicating the whole darn thing. :) > > Incidentally one nice trick if you're dealing with potentially chang

Re: [CentOS] selinux getsebool request

re: puppet selboolean And ... a double d'oh! for the day. That's just what I was looking for! Thanks for pointing it out! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

support disappeared then I would simply go that route when > necessary. > > May I ask what the reason is for considering dropping tcp wrappers > support? > > --keith > -- -- John Jasen (jja...@realityfailure.org) -- No one will sorrow for me when I die, because those who wou

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On 03/20/2014 04:13 PM, Matthew Miller wrote: > On Thu, Mar 20, 2014 at 04:00:49PM -0400, John Jasen wrote: >> Various government entities may use it extensively. I don't recall if >> tcp_wrappers is in the USGCB baselines for RHEL, but I do believe its in >> several

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

handle portmapper? > As another case, read some of the extended use cases for vsftpd. They require tcpd to pass an environmental variable telling vsftpd which configuration file to use. -- -- John Jasen (jja...@realityfailure.org) -- No one will sorrow for me when I die, because those w

[CentOS] performance problems with OpenLDAP and multiple simultaneous clients

Running CentOS7, with openldap-2.4.40-13.el7. The environment consists of two ldap providers, in mirror mode, serving over a shared virtual IP. Client-facing services are provided by 4 consumers, most of which are accessed over a layer 4 load balancer. Periodically, the consumers encounter some s

Re: [CentOS] CentOS 7.3 and e1000e

This may be the wrong approach, but install the NetworkManager-config-server rpm. It sets a config option to allow interfaces to be configured before being available, which may help. On 07/08/2017 07:45 AM, Jerry Geis wrote: >> Do you use NetworkManager or the network sysv service? > I use the s

Re: [CentOS] Hardening Apache on CentOS 7

If your site(s) are simple enough, look into modsecurity for Apache web servers. Also, use either iptables or the built-in firewalld stuff on centos7 to restrict in/outbound ports. On 07/09/2017 12:01 PM, Nicolas Kovacs wrote: > Hi, > > Some time ago one of my public servers (running Slackware6

[CentOS] SOLVED Re: performance problems with OpenLDAP and multiple simultaneous clients

This turned out to be a blocking issue with rsyslog. So, the slapd issue is solved by uncovering the root cause. On 07/07/2017 07:24 PM, John Jasen wrote: > Running CentOS7, with openldap-2.4.40-13.el7. The environment consists > of two ldap providers, in mirror mode, serving over a

[CentOS] rsyslog stops logging on service reload?

I have multiple servers running stock CentOS 7 rsyslog 7.4.7-16.el7, which are configured to log locally and over TCP to a remote logserver, also running stock CentOS 7 rsyslog. The remote server uses imptcp to receive, and pretty basic rules to parse and commit to disk. I have several systems tha

Re: [CentOS] Getting started with mod_security

mod_security 2.7.3 from CentOS is pretty old and pretty broken. The crs package is equally out of date. Recompiling mod_security from a more recent fedora SRPM and grabbing the OWASP core-rule-set from git will yield much better results, in my opinion. On 07/16/2017 02:32 PM, Nicolas Kovacs wro

Re: [CentOS] rsyslog stops logging on service reload?

The long and the short of the story was that another misconfigured client on the network was swamping the central logserver right after logrotate kicked offed. The best fix was to enable client memory/file queues. On 07/13/2017 04:40 AM, Fabian Arrotin wrote: > On 09/07/17 18:37, John Ja

Re: [CentOS] migrate openldap to centos 7 server..

You should be able to use slapd.conf. You may need to toggle /etc/sysconfig/slapd to do so, but my testing with CentOS7 has all been slapd.conf-based. On 08/21/2016 11:49 AM, Jason Welsh wrote: > I hope this isnt terribly off-topic, but Im trying to migrate openldap from > an old 32bit install

Re: [CentOS] An 'orrible question: Outlook 365 under wine on CentOS?

The only linux-based client that, if I recall, can speak native MS mail protocols, was Evolution. I don't know if it still does. On 09/23/2016 07:25 PM, John R Pierce wrote: > On 9/23/2016 12:50 PM, m.r...@5-cent.us wrote: >> Upper Management has decided on a policy that IMAP is going to go >> a

Re: [CentOS] An 'orrible question: Outlook 365 under wine on CentOS?

On 09/26/2016 01:28 PM, m.r...@5-cent.us wrote: > John Jasen wrote: >> The only linux-based client that, if I recall, can speak native MS mail >> protocols, was Evolution. >> >> I don't know if it still does. >> > Yeah... and this is O365. > > Stupi

Re: [CentOS] New laptop recomendation

At least one I looked at, the 17.3 inch, had an option for Ubuntu 14.04. On 11/22/2016 06:50 PM, Dr. Mikeal Hughes wrote: > When you go to the Dell Linux site and choose shop now you are taken to a > page featuring Windows 10 machines. > > Sent from my iPad > >> On Nov 22, 2016, at 13:01, Tony

[CentOS] openldap: replica consumers and ppolicy overlay values

I'm trying to setup OpenLDAP on CentOS7, in a provider/consumer relationship. In general, provider/consumer is working quite well, except when it comes to password policy. Specifically, I want PwdFailureTime to be written to the provider from one of the front end consumers when appropriate. I'm l

Re: [CentOS] amanda and selinux

There's an option to get selinux to report on all the 'don't audit' bits, which can be toggled on and off as needed. This may help in debugging. On 01/19/2017 06:25 PM, Jon LaBadie wrote: > Anyone familiar with the selinux policy for the > amanda backup software package? I'm getting lots > of dat

Re: [CentOS] kerberized-nfs - any experts out there?

On 03/22/2017 03:26 PM, Matt Garman wrote: > Is anyone on the list using kerberized-nfs on any kind of scale? Not for a good many years. Are you using v3 or v4 NFS? Also, you can probably stuff the rpc.gss* and idmapd services into verbose mode, which may give you a better ideas as to whats go