Discuss August 2011

discuss@lists.centos.org

222 participants
208 discussions

Error installing latest CentOS kernel from %post section of kickstart
by Alfred von Campe 01 Sep '11

01 Sep '11

I'm running the command "yum -y update" from a script called from the the post section of my kickstart config file, and I get the following error: Installing : kernel-2.6.32-71.29.1.el6.i686 185/378 grubby fatal error: unable to find a suitable template After the install, if I log in to the system and remove that RPM and then re-install it with "yum install kernel", the grub.conf file is updated correctly. Any ideas why this might be failing from kickstart? Anyone else seen this? Alfred

3 3

Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
by Always Learning 01 Sep '11

01 Sep '11

On a VPS I wanted to add to IP tables:- iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP I got: iptables: Unknown error 18446744073709551615 uname -a = 2.6.35.4 #2 (don't know how this got installed) lsmod | grep ipt = ipt_LOG 5419 2 yum upgrade iptables* = nothing to install. --------------------------------------- On a standalone server (C 5.6) iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP is accepted. uname -a = 2.6.18-274.el5 #1 lsmod | grep ipt = ipt_LOG 39617 1 iptable_filter 36161 1 ip_tables 55457 1 iptable_filter x_tables 50505 6 xt_string,xt_state,ipt_LOG,xt_tcpudp,ip_tables,ip6_tables ------------------------------------------------ Appreciate suggestions on how to get kernel 2.6.35.4 to install the whole IP tables package, especially the STRING and RECENT options (in -m). Thank you. Paul.

17 56

Help integrating CentOS 6 with existing network login infrastructure
by Alfred von Campe 01 Sep '11

01 Sep '11

I've updated my kickstart configuration files to work with CentOS 6 and am most of the way there integrating a CentOS 6 system into our LDAP/NIS environment. My authconfig line in the kickstart file is as follows: authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX --nisserver=nis.XXX.com --useshadow --enablekrb5 --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com This is virtually identical to the authconfig line I was using in CentOS 5. My issue is that users cannot log in with their network (NIS) usernames and passwords. If I log in as root, I can do a "su - username" and get the user's automounted home directory with the correct uid/gid, but if I try to log in as the user, or do a "su - username" as a non-root user and have to enter the password, authentication always fails. The entries in /var/log/secure just say "su: pam_unix(su-l:auth): authentication failure". I'm not a pam expert and don't know how to debug this. Anyone else run into this and/or know what might be the problem? This works just fine in CentOS 5. Alfred

2 3

Question re: CentOS-6.0, KVM, and /dev/sr0
by James B. Byrne 31 Aug '11

31 Aug '11

I am experimenting with KVM and I wish to create a virtual machine image in a logical volume. I can create the new lv without problem but when I go to format its file system then I get these warnings: Warning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or resource busy). As a result, it may not reflect all of your changes until after reboot. Warning: Unable to open /dev/sr0 read-write (Read-only file system). /dev/sr0 has been opened read-only. When I take a look at things using parted I see this: # parted -l print Model: ATA WDC WD5000AAKS-0 (scsi) Disk /dev/sda: 500GB Sector size (logical/physical): 512B/512B Partition Table: msdos Number Start End Size Type File system Flags 1 1049kB 525MB 524MB primary ext4 boot 2 525MB 500GB 500GB primary lvm Model: Linux device-mapper (linear) (dm) Disk /dev/mapper/vg_inet02-lv_guest01: 129GB Sector size (logical/physical): 512B/512B Partition Table: loop Number Start End Size File system Flags 1 0.00B 129GB 129GB ext4 Model: Linux device-mapper (linear) (dm) Disk /dev/mapper/vg_inet02-lv_log: 1049MB Sector size (logical/physical): 512B/512B Partition Table: loop Number Start End Size File system Flags 1 0.00B 1049MB 1049MB ext4 Model: Linux device-mapper (linear) (dm) Disk /dev/mapper/vg_inet02-lv_tmp: 8389MB Sector size (logical/physical): 512B/512B Partition Table: loop Number Start End Size File system Flags 1 0.00B 8389MB 8389MB ext4 Model: Linux device-mapper (linear) (dm) Disk /dev/mapper/vg_inet02-lv_home: 4194MB Sector size (logical/physical): 512B/512B Partition Table: loop Number Start End Size File system Flags 1 0.00B 4194MB 4194MB ext4 Model: Linux device-mapper (linear) (dm) Disk /dev/mapper/vg_inet02-lv_swap: 8321MB Sector size (logical/physical): 512B/512B Partition Table: loop Number Start End Size File system Flags 1 0.00B 8321MB 8321MB linux-swap(v1) Model: Linux device-mapper (linear) (dm) Disk /dev/mapper/vg_inet02-lv_root: 53.7GB Sector size (logical/physical): 512B/512B Partition Table: loop Number Start End Size File system Flags 1 0.00B 53.7GB 53.7GB ext4 Warning: Unable to open /dev/sr0 read-write (Read-only file system). /dev/sr0 has been opened read-only. Error: /dev/sr0: unrecognised disk label The host system is CentOS-6.0 with updates applied. I did a manual disc configuration on initial install but I do not recall specifically dealing with /dev/sr0 at any point. Can anyone explain to me what is happening here and what I should do? Am I constrained to reboot the server each time that I make changes to an LV? Is there some configuration change I need make to the base system? The favour of a direct copy of any reply to the mailing list is requested as I am a digest subscriber. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

3 4

(Centos 5.6) Server Time NTP Facility
by Always Learning 31 Aug '11

31 Aug '11

Curiously examining some of the blocked IP addresses in the daily Logwatch report, I notice strange sites attempting to connect to our servers on port 123 (the time port). I also notice our servers successfully contacting official time references centres which are not those sites trying to connect to us. I notice too the installed time software is listening on every available IP. I can not identity any options in any configuration files to turn-off this listening. Why are unknown sites attempting to connect to our server to, I assume, sample the time and how does one turn-off the software's listening on every IP address, including 127.0.0.1 ? Thanks, Paul.

5 6

xendomains not starting at boot
by Theo Band 31 Aug '11

31 Aug '11

On one of my xen hosts a virtual machine does not start at boot. I can see that xendomains gives an error: service xendomains start Starting auto Xen domains: fszeleNo handlers could be found for logger "xend" Error: Disk isn't accessible No handlers could be found for logger "xend" Error: Disk isn't accessible An error occured while creating domain fszele: Usage: xm create <ConfigFile> [options] [vars] Create a domain based on <ConfigFile>. Options: -h, --help Print this help. --help_config Print the available configuration variables (vars) for the configuration script. -q, --quiet Quiet. --path=PATH Search path for configuration scripts. The value of PATH is a colon-separated directory list. -f=FILE, --defconfig=FILE Use the given Python configuration script.The configuration script is loaded after arguments have been processed. Each command-line option sets a configuration variable named after its long option name, and these variables are placed in the environment of the script before it is loaded. Variables for options that may be repeated have list values. Other variables can be set using VAR=VAL on the command line. After the script is loaded, option values that were not set on the command line are replaced by the values set in the script. -F=FILE, --config=FILE Domain configuration to use (SXP). SXP is the underlying configuration format used by Xen. SXP configurations can be hand-written or generated from Python configuration scripts, using the -n (dryrun) option to print the configuration. -n, --dryrun Dry run - prints the resulting configuration in SXP but does not create the domain. -p, --paused Leave the domain paused after it is created. -c, --console_autoconnect Connect to the console after the domain is created. ! [failed] [FAILED] The actual command executed turns out to be: XMC=`xm create --quiet --defconfig $dom` where dom=/etc/xen/auto/fszele If I issue the command from the command line, the dom starts as expected. After some debugging on /etc/init.d/xendomains it turns out to work if I change this line: diff xendomains* 283c283 < XMC=$(xm create --quiet --defconfig $dom) --- > XMC=`xm create --quiet --defconfig $dom` or diff xendomains* 283c283 < XMC=`echo debug;xm create --quiet --defconfig $dom` --- > XMC=`xm create --quiet --defconfig $dom` So I fixed the problem using $() instead of back-ticks, but I like to understand what can be the root cause of this problem. It seems to happen on only one of my hosts. cat /etc/redhat-release CentOS release 5.6 (Final) rpm -qf xendomains xen-3.0.3-120.el5_6.3 uname -a Linux xenzele.greenpeak.com 2.6.18-238.19.1.el5xen #1 SMP Fri Jul 15 08:16:59 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux Theo

1 0

Apache warns Web server admins of DoS attack tool
by m.roth＠5-cent.us 31 Aug '11

31 Aug '11

Anyone have any idea how soon RHEL and CentOS will be releasing the patch package? Excerpt: Computerworld - Developers of the Apache open-source project today warned users of the popular Web server software that a denial-of-service (DoS) tool is circulating that exploits a bug in the program. The tool, called "Apache Killer," showed up last Friday in a post to the "Full Disclosure" security mailing list. Today, the Apache project acknowledged the vulnerability that the attack tool exploits, and said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours. --- end excerpt --- <http://www.computerworld.com/s/article/9219471/Apache_warns_Web_server_admi…> mark

16 52

selinux & iptables
by Michael D. Berger 30 Aug '11

30 Aug '11

In setting up my new CentOS 6 laptop, I replaced /etc/sysconfig/iptables with my own, very restrictive version. I then tried to restart the iptables daemon, but it reported that my new iptables was unreadable. On a guess, I disabled selinux, and my problem was solved. Later, I re-enabled selinux and on reboot, it had to go through a very long setup procedure. Is there something better I could have done when replacing iptables, so that I would not have to disable selinux? Thanks for your help. Mike.

5 4

6.0 Media problems
by ken 30 Aug '11

30 Aug '11

When I downloaded the iso for 6.0 install, K3b said the iso wouldn't fit on the blank DVD. So I downloaded and burned the LiveDVD. When I boot it, I get the blue splash screen (it says "CentOS... Community Enterprise OS on the bottom, logo to the right), but nothing else comes up. Hitting various keys does nothing. Downloaded and burned the Netinstall CD. It gives an error message that it can't install because the machine's CPU doesn't have pae. So is it the end of CentOS/RH for this machine? (I can't believe that. One of the great things about Linux has always been that it'll run on old hardware.) Or are these fixable problems? Or are there workarounds? Or should I go for a different distribution? -- War is a failure of the imagination. --William Blake

10 26

Secure a python http server
by admin lewis 30 Aug '11

30 Aug '11

Hi, I want to make secure my python http server.. what should i use ? chroot ? there are something more secure ? On my centos server I've SE enabled..then .. sandboxing ? Thanks very much lewis -- Linux and Windows 2003/2008 Server. http://predellino.blogspot.com/

2 2

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss August 2011