Discuss April 2017

discuss@lists.centos.org

114 participants
91 discussions

SCSI drives and Centos 7
by Gregory P. Ennis 14 May '17

14 May '17

Everyone, about 4 years ago, I tried to install CentOS 6 on a Supermicro server with SCSI drives using a LSI raid system. I could never figure out or find a way to make the installation disc of Centos 6 identify the SCSI drives. The installation disc for Centos 5 identified the SCSI drives without a problem. I finally gave up on Centos 6 and installed Centos 5 and the system has worked very well for the last 4 years Now that Centos 5 has been retired, I would like to install Centos 7 on this server. Does the install disc for Centos 7 have the same issues with SCSI drives as Centos 6? Has anyone used Centos 7 on SCSI drives, or am I going to need to get an upgrade of the server? The server is working great. Greg Ennis -- Gregory P. Ennis, M.D., M.R.O. Medical Director EcCare Health Centers www.EcCare.com 972-659-1234

7 13

Firefox for CentOS
by Johnny Hughes 03 May '17

03 May '17

I am currently building the latest Firefox updates and I have noticed that they have upgraded the CentOS-7 Firefox from the ESR tree (45.8) to the mainline tree (Currently firefox-52.0). They have left EL5 and EL6 at the ESR level (45.8.0-2). EL7: https://rhn.redhat.com/errata/RHSA-2017-0461.html EL5 and EL6: https://rhn.redhat.com/errata/RHSA-2017-0459.html As stated above, I am currently building and testing these, so they are not yet released .. just preparing people for the changes. Thanks, Johnny Hughes

7 19

selinux problem policies
by Günther J. Niederwimmer 01 May '17

01 May '17

Hello, My problem is to add selinux policies can any help to say what is wrong with my policies I write this! semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ typo3conf(/.*)?" I have more instances from typo3 I found this construct in the selinux policies "/var/www/html(/.*)?/uploads(/.*)?" but my is not working ? and I have only errors? neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244 (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto))) <root> allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675 (allow restorecond_t non_auth_file_type (file (getattr relabelfrom relabelto))) <root> allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108 (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom relabelto))) neverallow check failed at /etc/selinux/targeted/tmp/modules/100/base/cil: 13121 (neverallow base_typeattr_18 scsi_generic_device_t (blk_file (read))) <root> allow at /etc/selinux/targeted/tmp/modules/100/munin/cil:581 (allow disk_munin_plugin_t device_node (blk_file (ioctl read getattr lock open))) ......... or is a other way to include policies better ? -- mit freundlichen Grüssen / best regards Günther J. Niederwimmer

3 5

SELinux policy to allow Dovecot to connect to Mysql
by Robert Moskowitz 30 Apr '17

30 Apr '17

I have been getting the following on my new mailserver: Apr 7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost): Connect failed to database (postfix): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 25 seconds before retry They go away when I setenforce 0. So I googled dovecot mysql selinux and the only worthwhile hit was: http://zszsit.blogspot.com/2012/12/dovecot-mysql-selinux-issue-on-centos6.h… that provides a /etc/selinux/dovecot2mysql.te Is there a simpler way like a setsbool option? With all the howtos on dovecot with mysql, it is interesting that none of them seem to have this problem. Maybe because they connect to mysql through TCP port 3306 which has ITS set of problems (like MariaDB defaults to not listening on TCP). thanks!

6 34

Apache + SSL: default configuration rated "C" by Qualys Labs
by Nicolas Kovacs 29 Apr '17

29 Apr '17

Hi, I'm currently experimenting with a public server running CentOS 7. I have half a dozen production servers all running Slackware Linux, and I intend to progressively migrate them to CentOS, for a host of reasons (support cycle, package availability, SELinux, etc.) But before doing that, I have to figure out a few things that work differently under CentOS. Apache and SSL behave quite differently under these two distributions. So far, Apache is running fine with HTTP and hosts a series of virtual hosts. I have installed Certbot and created a Let's Encrypt certificate for the server. I have a "dummy" website under /var/www/html/default/html. I installed mod_ssl and only edited the following directives in /etc/httpd/conf.d/ssl.conf. I kept the default options for everything else. --8<------------------------------------------------ ... DocumentRoot "/var/www/html/default/html" ServerName sd-41893.dedibox.fr:443 ... SSLCertificateFile /etc/letsencrypt/live/sd-41893.dedibox.fr/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/sd-41893.dedibox.fr/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/sd-41893.dedibox.fr/fullchain.pem --8<------------------------------------------------ After restarting Apache, the website shows up correctly. https://sd-41893.dedibox.fr/ But when I test it using Qualys SSL Labs Server Test, the results are a disappointment. https://www.ssllabs.com/ssltest/ The site is rated "C", with the following remarks: * This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C." "This server accepts RC4 cipher, but only with older protocols. Grade capped to B." "The server does not support Forward Secrecy with the reference browsers." "This site works only in browsers with SNI support." I googled a bit, and to my surprise I only found articles about Apache and SSL on CentOS that seem - more or less - to use the default ssl.conf configuration. On a side note, my Slackware servers have a default usable /etc/httpd/extra/httpd-ssl.conf file that gets an "A" on Qualys Labs, and even an "A+" when you add a two-liner. Any suggestions on improving that? Cheers, Niki Kovacs -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : info(a)microlinux.fr Tél. : 04 66 63 10 32

7 7

CentOS as Guest OS on Red Hat Virtualisation 4.x
by Ling Yew Kim 29 Apr '17

29 Apr '17

Hi all, I have a banking customer asking if CentOS is compatible on RHV4.0 as a guest VM. Based on Red Hat’s knowledge base (see link below), CentOS not supported guest OS. However, VMware say on their official document, CentOS is a compatible guest OS (see link below). So, in my customer's mind, CentOS cannot be used as a guest OS in RHV cause it is not compatible, which I find it hard to believe considering the relationship between CentOs and RHEL. RHV supported guest OS https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.0/ht… VMware compatible guest OS https://partnerweb.vmware.com/comp_guide2/pdf/VMware_GOS_Compatibility_Guid… So, my question is, technically, can CentOS run as a guest OS on RHV4? Is there anyone that has done extensive test with CentOS on RHV? Is there any documentation or links that can show CentOS will run fine on RHV4? Just need to show customer that indeed CentOS is technically compatible on RHV but just not supported by Red Hat. Many thanks. p/s: If you’re wondering why I’m not getting the customer to migrate CentOS to RHEL just so that it’s a supported configuration? well, for some reason he just wants to continue using CentOS, which I’m guessing could be caused by $$$ as they have heaps of CentOS in their environment. LING YEW KIM PLATFORMS SOLUTIONS ARCHITECT Red Hat Malaysia (ASEAN) <https://www.redhat.com/> lkim(a)redhat.com <mailto:lkim@redhat.com> M: +6012-343-8765 <tel:+6012-343-8765> <https://red.ht/sig> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted> @redhatnews <https://twitter.com/redhatnews> Red Hat <https://www.linkedin.com/company/red-hat> Red Hat <https://www.facebook.com/RedHatInc>

3 2

SAN certificates for multiple domains and multiple services
by Nicolas Kovacs 28 Apr '17

28 Apr '17

Hi, I'm currently installing and configuring CentOS 7 on a public server. The machine will host a few small-to-midsize projects that are currently running on a handful of Slackware servers: public library databases, our public school's agenda, a small webradio, OwnCloud for myself and a local non-profit, etc. Until recently I've mostly used self-signed SSL certificates for stuff needing a secure connection. Then, some time ago, I discovered LetsEncrypt and Certbot, which works very well, so I moved secure web hosting to using a free LetsEncrypt certificate. Now I want to take this to the next level and use these free certificates for multiple services. Not only web hosting, but also Postfix/Dovecot for mail and Prosody for XMPP. I had to fiddle a bit for permissions, so everything can access the certificate and key files right. I created a certs group and gave everything under /etc/letsencrypt/live to root:certs. Then, when a system user has to access this stuff, I simply add him to the certs group. Then came a moment when I hit a wall, because Postfix can't handle multiple certificates, only one. Let's say I have these domains on my server: * example1.com * example2.com * example1.net * example2.net When setting up Postfix, I can do one of these things: 1. continue to use a self-signed SSL certificate 2. choose one "preferred" domain on my server 3. setup multi-domain (SAN) certificates I tried the SAN certificates (after experimenting a lot and getting it right), and this stuff seems to work. I have one big bundle of certificates stored under /etc/letsencrypt/live/sd-41XXX.dedibox.fr (sd-41XXX.dedibox.fr being my server's FQDN), and I have all the certificates for all domains and subdomains of example1.com, example2.com, example1.net and example2.net. So before I go any further with this, I'm asking the more technically proficient admins here. Are there any drawbacks to using this solution? Is it problematic to bundle all my certificates into one big fat SAN certificate? This being said, the machine will host a maximum of two dozen domains, each with a handful of subdomains like mail.example1.com, xmpp.example1.com, etc.) Cheers, Niki Kovacs -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : info(a)microlinux.fr Tél. : 04 66 63 10 32

3 2

sha256sum a dvd
by James B. Byrne 27 Apr '17

27 Apr '17

CentOS-6.9 I am trying to verify a locally created dvd. I am using sha256sum in this fashion: sha256sum /dev/sr0 Which gave this result: sha256sum: /dev/sr0: Input/output error So I tried this: sha256sum /dev/cdrom Which, after some time, also produces: sha256sum: /dev/cdrom: Input/output error What does this mean and how do I fix it? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

5 4

CentOS version
by Larry Martell 27 Apr '17

27 Apr '17

I am trying to find out what version of CentOS is running at a customer site, but I do not have remote access and there is no one there to run anything for me. But I do have a dmesg output and I see this: Linux version 3.10.0-327.22.2.el7.x86_64 (builder(a)kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Jun 23 17:05:11 UTC 2016 >From that can someone tell me what the CentOS version is?

3 3

Re: [CentOS] can't create printers after upgrading cups
by Vanhorn, Mike 26 Apr '17

26 Apr '17

It looks like this may just be a bug upstream: https://access.redhat.com/solutions/3001891 Still trying the work-arounds. --- Mike VanHorn Senior Computer Systems Administrator College of Engineering and Computer Science Wright State University 265 Russ Engineering Center 937-775-5157 michael.vanhorn(a)wright.edu On 4/26/17, 9:51 AM, "CentOS on behalf of Vanhorn, Mike" <centos-bounces(a)centos.org on behalf of michael.vanhorn(a)wright.edu> wrote: After upgrading cups on my CentOS 6 systems from version 1.4.2-72.el6 to 1.4.2-77.el6, I am no longer able to create working printers, either with lpadmin from the command line or with system-config-printer. When I try to run lpadmin, I get this simple error: [root@vlsi66 ~]# lpadmin -p newprinter -v lpd://printserver/serverqueue-E -P /path/to/ppd/thing.ppd lpadmin: Unknown [root@vlsi66 ~]# Sometimes, the printer does get created (i.e. it shows up in the output of ‘lpstat –a’ and printers.conf gets updated), but sometimes it doesn’t. If the printer does get created, then there is no new ppd in /etc/cups/ppd. If I try to create the printer using system-config-printer, I get an error of CUPS server error (adding printer newprinter) There was an error during the CUPS operation: ‘server-error-service-unavailable’. I’ve looked at file and directory permissions, and checked that cupsd is, in fact, running. There is nothing obvious in the logs, except for this, which happens at exactly the time the printer should get created: localhost - - [26/Apr/2017:09:34:01 -0400] "POST /admin/ HTTP/1.1" 401 0 - - This also occurs if I access localhost:631 from a web browser; and everything works fine up to the point of “Add Printer”, and then the web page shows and Error: box with “Unknown” (from the lpadmin command), and the 401 error shows up in the log. I can’t figure out why it would be a 401 (unauthorized), since everything else worked. Has anyone else run into this problem, where you can’t create a new printer? Thanks! --- Mike VanHorn Senior Computer Systems Administrator College of Engineering and Computer Science Wright State University 265 Russ Engineering Center 937-775-5157 michael.vanhorn(a)wright.edu _______________________________________________ CentOS mailing list CentOS(a)centos.org https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.centos.org_mailm…

1 0

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss April 2017