DevHeads.net

Postings by m.roth

From slashdot, systemd memory corruption bugs

Linux systemd Affected by Memory Corruption Vulnerabilities, No Patches
Yet (bleepingcomputer.com) 286
Posted by msmash on Thursday January 10, 2019 @01:00PM from the
call-the-IT dept.
Major Linux distributions are vulnerable to three bugs in systemd, a Linux
initialization system and service manager in widespread use,
California-based security company Qualys said late yesterday. From a
report:
The bugs exist in 'journald' service, tasked with collecting and storing
log data, and they can be exploited to obtain root privileges on the
target machine or to leak information.

Yum excluding packages I need

C7, and I did a yum update --disableexcludes=all, and yet it's telling me
[nvidia]: excluding kmod-nvidia-410.66-1.el7_5.elrepo.x86_64
[nvidia]: excluding kmod-nvidia-410.73-1.el7_5.elrepo.x86_64
[nvidia]: excluding kmod-nvidia-410.73-2.el7_6.elrepo.x86_64
[nvidia]: excluding kmod-nvidia-410.78-1.el7_6.elrepo.x86_64
[nvidia]: excluding kmod-nvidia-410.93-1.el7_6.elrepo.x86_64
[nvidia]: excluding nvidia-x11-drv-410.66-1.el7_5.elrepo.x86_64
[nvidia]: excluding nvidia-x11-drv-410.73-1.el7_5.elrepo.x86_64
[nvidia]: excluding nvidia-x11-drv-410.78-1.el7_6.elrepo.x86_64
[nvidia]: excluding nvidia-x1

Encrypting a file

I'm running C6. I want to encrypt a file or two, before I email it. Now, I
have a very long passphrase - I used it a number of years ago. and that
worked. It's about a paragraph long. For the last year or two, since one
upgrade, kgpg popped up a window when I logged in. Until a few days ago, I
just hit cancel. But, since this came up, I tried to run it. It got to "enter
a passphrase"... and it FROZE MY ENTIRE WORKSPACE. I couldn't copy and paste
from another window.

thunderbird & firefox

I *really* dislike the new photon UI. I WANT the arrow buttons top and
bottom of the scrollbars.

Does anyone know how to bring them back, or is that "that's *sooo* last
year, you can't ever have them again"?

mark

Slider bars...

Anyone have a clue how to add back the buttons at the top and bottom of
the slider bars, or at least change how the sliders work? Most of the
time, I want to scroll up faster, *NOT* got 500 emails back, or to the top
of the page....

mark "c7.6"

Updating 7.5->7.6

I've got a user with a legacy NVidia card. I've got kmod-nvidia. Last time
I did an update, all I did was yum update --disableexcludes.

Re: [CentOS] CentOS 7.6 external USB dmesg issue

Jerry Geis wrote:

Speaking of libreoffice

Been busy writing - updated C 6.10, and libreoffice, for no reason I
understand, decides to put a heavy horizontal line in the text. I've tried
highlighting it and removing direct formatting, I've tried selecting it
and hitting delete, nothing makes it go away.

Horizonetal line (in ASCII) one heavy lower line, one very thin line a few
pixels above it, sort of like
Clues for the poor?

mark

C7 install, "failed to IDENTIFY"

The install from a USB key fails. It's showing ata2:0.0 failed to
IDENTIFY. I've been searching online, and the only hint I have is that it
might not understand the controller.

New Dell Optiplex 7050.

Haanyone run into this?

mark

Re: [CentOS] Upping my game on web work

Frank Cox wrote:

selinux, sendmail, and disable_ipv6

Just started seeing this on one server:
python: SELinux is preventing sendmail from read access on the file
disable_ipv6.

It recommends a local policy. Now, searching, I see someone filed a bug
for CentOS last year, 0012914, and they wound up creating a policy.

Cmts?

Note, btw, that the system has two IPv6 addresses - my manager has fallen
for slack. Both valid.

mark

Speaking of C 7 and ipv6...

Has anyone else been having problems with the dhclient -6 dying?

mark

ip6tables on C7

Working on a script, and to test, I need to shut down ip6tables
temporarily. firewalld is running; is there any way to shut down *just*
ip6tables?

I tried installinf iptables-services, and did a systemctl stop ip6tables,
and no joy.

mark

Stupid C7 firewall question

Been looking, and haven't found the answer: in c7, is there a firewall-cmd
command, or a systemctl cmd, to check whether ip6tables firewall is
running

mark

C7, NetworkMangler, and IPv6

Hi, folks,

Freshly built box... but does not get its IPv6 address. Gets its IPv4
with no trouble, and if I *manually* run dhclient -v -N eno1, it gets
the correct IPv6, but after that, nope. And INITIPV^=yes in
/etc/sysconfig/network-scripts/ifcfg-eno1. I even tried adding
NETWORKING_IPV6=yes to an otherwise empty /etc/sysconfig/network.

What am I missing?

mark

C 7 installation annoyances

In the disk partitioner, I can't
1) choose to make the LVM with root and swap be on a RAID 1. Is there
some way to do that, rather than two separate partitions RAIDed?
2) They don't align, so I can't clone /dev/sda to /dev/sdb as a
failover (for /boot and /boot/efi). I've created those two, manually,
and nope, it wiped them out, so I can't clone those two.

Any solutions for either of these?

Enable FIPS mode for apache?

Here's a question that I have3n't found the answer to yet: does anyone
know the effect of enabling FIPS mode for apache? Will it break existing
websites? Does code need changing? Configuration, other than enabling it?

mark

C7 and python 2.7 and jupityr notebook

Anyone familiar with this? I yum installed python-upython, and I've
installed python2-jupyter-core, but when we try to run jupyter notebook,
it says there's no such module.

C7, system-auth-ac, and authconfig

I read the clear-as-mud docs, and it appears that if we want to modify
system-auth-ac, we can create a local, and point system-auth to it.

Howver.. in the default, I see
auth [success=3 default=ignore] pam_succeed_if.so service notin
login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet
use_uid

Now, we'd like to add sudo to that list. Does anyone know *where*
authconfig gets that list in the first place?

Very odd: /proc/sys/net/ipv6/conf/all/disable_ipv6

CentOS 7.5, and on one system, I'm getting:
setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from
read access on the file disable_ipv6

ll -Z shows
-rw-r--r--. root root system_u:object_r:sysctl_net_t:s0
/proc/sys/net/ipv6/conf/all/disable_ipv6

I find this peculiar. Anyone have a resolution, or is this a bug?

mark

xfs quota question

Can I go to an existing xfs file system, and apply a soft quota to each
user on it? If I do, can I then run a report, and see who's using how
much, or does it only apply to files created after the quotas are applied?

mark

Okular

Does anyone know what Magical configuration file determines whether okular
give measurements, in the properties of a .pdf, in millimeters, rather
than, say, inches or cm or furlongs?

mark

Finding user's files

This is among the things we need to do when a user leaves, and it's a
larger question than it sounds. Our Office has many servers, with a good
number of fileservers for projects, with large filesystems (i.e. 10's of
TB).

C7, ipmi, NIC2, still fighting

This is that system with the missing management port, and I'm still
fighting it.

C7, just updated firefox, bugs

I just updated the "critical" firefox update, and it is *seriously* buggy.

1. I killed my old session, and started a new. Many (all?) tabs show
*nothing* until I put my cursor in the URL bar and hit <enter>
2. I cannot open a link in an email in thunderbird. I click the link, and
after a bit (30 sec? more?) a small windows tells me that firefox is
running, but not responding, which it certainly responds when I focus on
firefox.

mark

FYI: Useful to know on pdf printing

This is just an FYI, folks.

We've got this large poster printer. We had some, er, environmental
issues, let us say, and first I had to recreate the .ppd (HP "doesn't
support printing from Linux, and the one a former coworker extracted from
the Mac package... was for a 23", not this 44"). Then... I was trying to
print from a 6.9 box.

Semi-OT: LSI raid card sorta....

I've got a box running C7, just updated (yesterday). It had an onboard
RAID controller, and an HBA. I just installed a new, additional RAID card,
all LSI.

MegaCli64 only sees one controller. I can't seem to find the magic to see
the others. I *know* the new card is a MegaRAID - the box it came in says
so.

Samba issues with Win 10

Hi, folks,

Just ran into a problem: someone with a new laptop, running Win 10,
version 1709, tried to map their home directory (served from a CentOS
6.9 box, and it fails, with Windows complaining that it no longer
supports SMBv1, and if you go to their site, you can install support
for that manually....

The server running samba can *not* be updated to 7 - we have a lot of
stuff based off it, and most of our users use it, one way or another,
so it's a major thing when we do finally upgrade (or, more likely,
replace the server).

Has anyone run into this, and if so, any workarounds o