Discuss August 2008

discuss@lists.centos.org

271 participants
280 discussions

Lies wide open ...!
by ABBAS KHAN 24 Aug '08

24 Aug '08

Being as a Windows geek tho, I consider Linux as a more powerful server operating system than Windows. When I saw OS comparison at http://www.microsoft.com/windowsserver/compare/linux/server-security.mspx I was shocked! Showed it to a friend and he felt like being brainwashed :D lol. What do you fellows think about this? Thanks.

6 5

Getting IP in installer
by Joseph L. Casale 24 Aug '08

24 Aug '08

How does one acquire an IP when in the ctr-alt-F2 console of the installer just as it begins? I must be doing something wrong, but I need to acquire one from the server before I start the installation. Thanks, jlc

2 3

CentOS-announce Digest, Vol 42, Issue 7
by centos-announce-request＠centos.org 24 Aug '08

24 Aug '08

1 0

Growing RAID5 on CentOS 4.6
by Stephen Harris 24 Aug '08

24 Aug '08

I have 4 disks in a RAID5 array. I want to add a 5th. So I did mdadm --add /dev/md3 /dev/sde1 This worked but, as expected, the disk isn't being used in the raid5 array. md3 : active raid5 sde1[4] sdd4[3] sdc3[2] sdb2[1] sda1[0] 2930279808 blocks level 5, 64k chunk, algorithm 2 [4/4] [UUUU] So then I tried the next step: mdadm --grow --raid-devices=5 /dev/md3 But now I have problems... mdadm: Cannot set device size/shape for /dev/md3: Invalid argument Can CentOS 4.6 grow md5 arrays? Or is the kernel and mdadm version too old? ( http://www.economysizegeek.com/2006/07/15/migrate-raid1-to-raid5-and-grow/ hints that I need 2.6.17 and mdadm 2.5.2, but it's hard to know what the RHEL/CentOS kernel has in it 'cos version numbers no longer match) I wonder if I could boot off a Ubuntu CD or something and grow the array that way. Would be annoying (many hours of server downtime)... -- rgds Stephen

4 15

Re: [CentOS] dynamic dns
by Les Bell 24 Aug '08

24 Aug '08

kcc <peterkcc2001(a)gmail.com> wrote: >> When printer is started on the network, it gets the ip from the dhcp server and registers that ip in the dns << You don't need ddns, so much as a fixed address in the DHCP server configuration. Get your printer's Ethernet address, and add a host entry in your /etc/dhcpd.conf file like this one: host kyocera1 { hardware ethernet 00:c0:ee:62:7D:bb; fixed-address 192.168.168.246; } Then you can set up an A record for the printer in your DNS the usual way. Best, --- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144 FreeWorldDialup: 800909

1 0

dynamic dns
by kcc 24 Aug '08

24 Aug '08

Hi all I want to setup the dynamic dns for printer. ls it easy to do it linux? Thank you

2 2

USB drive detected, but nothing gets mounted.
by MHR 24 Aug '08

24 Aug '08

I have a brand new, unaltered (as yet) 4Gb USB flash drive from Micro Center that does not get automounted when I plug it into my 5.2 desktop (home or work). It shows up in lsusb, and I can mount it manually, so why would it not mount automatically? Note that when I plug in other flash drives on the same machine before and after, they all get automounted as usual. Curious.... mhr

6 10

Crash recovery
by ABBAS KHAN 24 Aug '08

24 Aug '08

While playing with the graphic card drivers, I broke up the system and now I've a kernel panic with not syncing error. I did backup the system with mondorescue but I forgot to write the iso image files to the DVD rom. Can I burn the ISO file in rescue mode or in CentOS livecd environment? Already tried in the LiveCD env, but, as soon as I eject the live CD to put a blank DVD, the system halts ! Are there any other options available? Please advise.

3 5

CentOS 5.2 + SELinux + Apache/PHP + Postfix
by Art Age Software 23 Aug '08

23 Aug '08

Hi All, I'm running CentOS 5.2 with SELinux in enforcing mode (default targeted policy). The server hosts a PHP web app that sends mail. I'm getting the following errors (see end of message) in my selinux audit.log file every time the app sends an email. The email always seems to get sent successfully, despite the log messages. However, they do concern me and I would like to understand what they mean and why they occur. The first set of messages seems to relate to postfix being denied attempts to create/read/write a temporary file in Apache's context. In the second set, it seems to postdrop is attempting to do something with apache's error log file. Can anyone help make sense of this? I know I can create policy rules to allow these actions. But I don't want to do that without understanding the implications. For reference, audit2allow suggests the following policy additions: #============= postfix_postdrop_t ============== allow postfix_postdrop_t httpd_log_t:file getattr; #============= system_mail_t ============== allow system_mail_t httpd_t:file read; allow system_mail_t httpd_tmp_t:file { read write }; Any help greatly appreciated. Thanks! Sam ------------------------------------------------------------------------------------------- type=AVC msg=audit(1219458556.400:16996): avc: denied { read write } for pid=xxxxx comm="sendmail" path=2F746D702F2E7863616368652E302E302E313236373935383634322E6C6F636B202864656C6574656429 dev=dm-1 ino=xxxxx scontext=user_u:system_r:system_mail_t:s0 tcontext=user_u:object_r:httpd_tmp_t:s0 tclass=file type=AVC msg=audit(1219458556.400:16996): avc: denied { read write } for pid=xxxxx comm="sendmail" path=2F746D702F2E7863616368652E302E312E3534383639343233352E6C6F636B202864656C6574656429 dev=dm-1 ino=xxxxx scontext=user_u:system_r:system_mail_t:s0 tcontext=user_u:object_r:httpd_tmp_t:s0 tclass=file type=AVC msg=audit(1219458556.400:16996): avc: denied { read write } for pid=xxxxx comm="sendmail" path=2F746D702F2E7863616368652E302E322E313236323334313837332E6C6F636B202864656C6574656429 dev=dm-1 ino=xxxxx scontext=user_u:system_r:system_mail_t:s0 tcontext=user_u:object_r:httpd_tmp_t:s0 tclass=file type=AVC msg=audit(1219458556.400:16996): avc: denied { read write } for pid=xxxxx comm="sendmail" path=2F746D702F2E7863616368652E302E332E32313137303238332E6C6F636B202864656C6574656429 dev=dm-1 ino=xxxxx scontext=user_u:system_r:system_mail_t:s0 tcontext=user_u:object_r:httpd_tmp_t:s0 tclass=file type=AVC msg=audit(1219458556.400:16996): avc: denied { read } for pid=xxxxx comm="sendmail" path="eventpoll:[xxxxx]" dev=eventpollfs ino=xxxxx scontext=user_u:system_r:system_mail_t:s0 tcontext=user_u:system_r:httpd_t:s0 tclass=file type=SYSCALL msg=audit(1219458556.400:16996): arch=c000003e syscall=59 success=yes exit=0 a0=e04360 a1=e043e0 a2=e031a0 a3=3 items=0 ppid=xxxxx pid=xxxxx auid=xxx uid=xxx gid=xxx euid=xxx suid=xxx fsuid=xxx egid=xxx sgid=xxx fsgid=xxx tty=(none) ses=1363 comm="sendmail" exe="/usr/sbin/sendmail.postfix" subj=user_u:system_r:system_mail_t:s0 key=(null) type=AVC msg=audit(1219458556.410:16997): avc: denied { getattr } for pid=xxxxx comm="postdrop" path="/var/log/httpd/error_log" dev=dm-4 ino=xxxxx scontext=user_u:system_r:postfix_postdrop_t:s0 tcontext=user_u:object_r:httpd_log_t:s0 tclass=file type=SYSCALL msg=audit(1219458556.410:16997): arch=c000003e syscall=5 success=no exit=-13 a0=2 a1=7fffd0dbfa70 a2=7fffd0dbfa70 a3=0 items=0 ppid=xxxxx pid=xxxxx auid=xxx uid=xxx gid=xxx euid=xxx suid=xxx fsuid=xxx egid=xxx sgid=xxx fsgid=xxx tty=(none) ses=1363 comm="postdrop" exe="/usr/sbin/postdrop" subj=user_u:system_r:postfix_postdrop_t:s0 key=(null) -------------------------------------------------------------------------------------------

2 1

CentOS-announce Digest, Vol 42, Issue 6
by centos-announce-request＠centos.org 23 Aug '08

23 Aug '08

Send CentOS-announce mailing list submissions to centos-announce(a)centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request(a)centos.org You can reach the person managing the list at centos-announce-owner(a)centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2008:0855 Critical CentOS 5 x86_64 openssh Update (Karanbir Singh) 2. CESA-2008:0855 Critical CentOS 5 i386 openssh Update (Karanbir Singh) 3. CentOS position on systems intrusion at Red Hat (Karanbir Singh) ---------------------------------------------------------------------- Message: 1 Date: Fri, 22 Aug 2008 21:45:22 +0100 From: Karanbir Singh <kbsingh(a)centos.org> Subject: [CentOS-announce] CESA-2008:0855 Critical CentOS 5 x86_64 openssh Update To: centos-announce(a)centos.org Message-ID: <20080822204522.GA21052(a)base.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2008:0855 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0855.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 161c953e8c1c47c09542020837e9920b openssh-4.3p2-26.el5_2.1.x86_64.rpm 12b02fb6e6d1e8354539cd4cba304803 openssh-askpass-4.3p2-26.el5_2.1.x86_64.rpm c281a62dc3c21f1225ea309757b755d1 openssh-clients-4.3p2-26.el5_2.1.x86_64.rpm 01b3486f17ecb4adc7c59074525b7fd9 openssh-server-4.3p2-26.el5_2.1.x86_64.rpm Source: 278cfb304350f3604fb64ebaee3f1b77 openssh-4.3p2-26.el5_2.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos(a)irc.freenode.net ------------------------------ Message: 2 Date: Fri, 22 Aug 2008 21:45:22 +0100 From: Karanbir Singh <kbsingh(a)centos.org> Subject: [CentOS-announce] CESA-2008:0855 Critical CentOS 5 i386 openssh Update To: centos-announce(a)centos.org Message-ID: <20080822204522.GA21035(a)base.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2008:0855 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0855.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: d45c32890088d835ce8bc4a569173775 openssh-4.3p2-26.el5_2.1.i386.rpm 7f8194567e7797d834c22090d9c55b69 openssh-askpass-4.3p2-26.el5_2.1.i386.rpm c145d732591711659b5fe756a4e9a085 openssh-clients-4.3p2-26.el5_2.1.i386.rpm 2b1fdc9b245f2c8cd873ea7f8e3b900c openssh-server-4.3p2-26.el5_2.1.i386.rpm Source: 278cfb304350f3604fb64ebaee3f1b77 openssh-4.3p2-26.el5_2.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos(a)irc.freenode.net ------------------------------ Message: 3 Date: Fri, 22 Aug 2008 23:15:29 +0100 From: Karanbir Singh <kbsingh(a)centos.org> Subject: [CentOS-announce] CentOS position on systems intrusion at Red Hat To: CentOS-Announce <centos-announce(a)centos.org>, CentOS mailing list <centos(a)centos.org> Message-ID: <48AF3A81.3090903(a)centos.org> Content-Type: text/plain; charset=ISO-8859-1 Earlier in the day today Red Hat made an announcement [1] that there had been an intrusion into some of their computer systems last week. In the same announcement they mention that some of the packages for OpenSSH on RHEL-4 ( i386 and x86_64 ) as well as RHEL-5 ( x86_64 ) were signed by the intruder. In their announcement they also clarified that they were confident that none of these, potentially compromised, packages made their way into or through RHN to client and customer machines. As a security measure a script [3] was made available along with a semi-detailed description of the issue [2]. We take security issues very seriously, and as soon as we were made aware of the situation I undertook a complete audit of the entire CentOS4/5 Build and Signing infrastructure. We can now assure everyone that no compromise has taken place anywhere within the CentOS Infrastructure. Our entire setup is located behind multiple firewalls, and only accessible from a very small number of places, by only a few people. Also included in this audit were all entry points to the build services, signing machines, primary release machines and connectivity between all these hosts. Since OpenSSH is a critical component of any Linux machine, we considered it essential to audit the last two released package sets ( openssh-4.3p2-26.el5.src.rpm, openssh-4.3p2-26.el5_2.1.src.rpm ). I have just finished this code audit, and can assure everyone that there is no compromised code included in either of these packages. A similar check is also being done for the CentOS-4 sources. Packages released today, by upstream, ( based on : openssh-4.3p2-26.el5_2.1.src.rpm, openssh-3.9p1-11.el4_7.src.rpm ) address two issues. Firstly they contain a fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 . And secondly, in the remote event that someone had indeed got compromised packages via RHN, their packages would get updated to a known good state. We wanted to get these packages out right away to address the first issue, and also to cover users converting non updated RHEL installs to CentOS in the next few weeks/months. Release of these packages into the mirror.centos.org network does *not* imply that CentOS users are affected by the intrusion at Red Hat. Finally, while we feel confident that there is no possibility of this compromise having been passed onto the CentOS userbase, we still encourage users to verify their packages independently using whatever resources they might have available. -- [1]: https://rhn.redhat.com/errata/RHSA-2008-0855.html [2]: http://www.redhat.com/security/data/openssh-blacklist.html [3]: https://www.redhat.com/security/data/openssh-blacklist-1.0.sh :Its important to note that this script *only* checks for packages built within Red Hat, and will *not* be a reliable source of verification on CentOS since we rebuild from sources, using no Red Hat binary. -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos(a)irc.freenode.net ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce(a)centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 42, Issue 6 **********************************************

1 0

← Newer
1
...
7
8
9
10
11
12
13
...
28
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss August 2008