DevHeads.net

Postings by m.roth

C 7 anacron issue

Has anyone else seen a problem recently (like, the last few weeks) with
anacron? We've got a couple of recently-built systems and we're seeing
Mar 4 17:20:01 <system> crond[25767]: (root) PAM ERROR (Failure setting
user credentials)
Mar 4 17:20:01 <system> crond[25767]: (root) FAILED to authorize user
with PAM (Failure setting user credentials)

mark

gpg?

I just wanted to set up to send an encrypted message, so I went to generate a
public/private key pair using gpg on C 6.

Version 2.0.14, copyright 2009?

Isn't there something newer than 10 years old?

mark

hplips

Yeah, about that... Back in '12, we got a nice HP poster printer. They
don't support Linux, but a co-worker got the .ppd out of the Mac support
file.

I tried it, then I looked at the file in vi... and found it *only*
supported the 24" printer, *not* the 44" printer that we had.

Well, we just bought a replacement, since the old printer was EOL'd. This
time, I went to hplips, d/l and built the current one, and sure enough,
there's a .ppd for the DesignJet Z9.

Any bets on what I found? No?

Policy issue: C7 and motion

Not sure who's package let an error slip in, but I don't believe I've had
this issue before: SELinux is preventing /usr/bin/motion from map access
on the chr_file /dev/video1

Yes, that should be allowed by default.

mark

iptables 2 firewalld

Y'all may remember me fighting this a few weeks back. I did finally
succeed, and thought that my awk script might be helpful to others. Yes,
it's really simple, it uses the build-in FORWARD chain. The line where I
skip the definition of those chains is because it *is* built in. To use
it, I did an iptables-save on the firewall that's currently in use,
changed the physdev devices to match the ones on the new box (I *loathe*
that idiot varying name convention, it is *not* helpful, and then ran it
through this script. I piped the o/p into a file, then sh scriptname did
the actual install.

thunderbird issues

Just updated t-bird, and once again, it wants to open a completely new
browser, other than using the running one.

I started searching, and found something about editing the config, and for
the first one of the two they said to change, I find this:
network.protocol-handler.app.https;/usr/lib64/thunderbird-3.1/open-browser.sh
%s

a) there's only /usr/lib64/thunderbird, and I'm on 60.something. Is this
in my config as a user?

C7 basic install, HATE

I've got an old server, that I'm *trying* to rebuild from C6. Our regular
key, with the kickstarts, etc, simply won't boot. Just a blank screen, and
it never goes anywhere.

So I'm trying to build it from a year-old regular installer.

100% of the time, the graphical screen is screwed. Resolution's so big
that I cannot see the right-hand 10% or 15% of the screen. There doesn't
seem to be any way that I've found yet to make it higher res, so I can
read it.

It's *not* the monitor's fault. It is an ancient Matrox video card...

C7, enable an abrt for a daemon

I've mentioned here before that gssproxy is crashing all over the place
with a SEGV. However, there's no /var/spool/abrt/... when it does. How do
I enable the daemon to give me an abrt with information? I'm just not sure
of what the right word is for systemd, so online searching isn't always
useful.

Thanks in advance.

mark

Back to c7 and firewalld

If I've missed someone's response, apologies.

As I said, my converted rules seem fine, and I can run the script that
issues a bunch of direct rules for the built-in FORWARD rule...

C7 and firewalld, ongoing

I've got my direct rules, converted from a C6 iptables-save. I load them -
they're to add to the built-in FORWARD chain. They all seem to load... but
then, when I try to --reload, I get
Error: BUILTIN_CHAIN: chain 'FORWARD' is built-in chain

and firewall-cmd --direct --get-all-rules returns nothing.

Bug in libreoffice or cups?

C7 My manager's manager sent out a ppt. Nothing fancy, no animation.

1. Page down doesn't get me to the next page.
2. Slide show decides that on my left monitor, it should fill the entire
monitor- no options, with the slide, and the next slide, and that my
right-hand monitor shuold be *COMPLETELY* filled with the slide.
3. Hitting <esc> gets rid of the one on the right... and anything then
crashes all instances of libreoffice.
4. I just tried to print it out...

C7, firewalld and rich rules

Hi, again, folks,

I'm trying to convert a number of iptables rules to firewalld rich
rules. I need to do this, because this is, in fact, a firewall, to
protect access to servers with sensitive data. It will limit access to
the servers behind it to a specific network, and nobody else, and allow
only certain services through.

What I've been trying to find is a script/program that converts the
output of iptables-save to something I can feed to firewall-cmd.
Anyone have a link to such?

I admit this is annoying.

C7, mdadm issues

I've no idea what happened, but the box I was working on last week has a
*second* bad drive. Actually, I'm starting to wonder about that
particulare hot-swap bay.

Anyway, mdadm --detail shows /dev/sdb1 remove. I've added /dev/sdi1... but
see both /dev/sdh1 and /dev/sdi1 as spare, and have yet to find a reliable
way to make either one active.

Actually, I would have expected the linux RAID to replace a failed one
with a spare....

Clues for the poor?

C 7 and gssproxy

Ok, folks,

I brought this up some time ago, and got no replies. We have a good
number of systems - > 100 - and we use sssd. On the C 7 boxen, which is
most of them, gssproxy *frequently* (like once a day or so) dies with a
SEGV. It restarts fine. Dies again eventually.

ARE other people seeing this? If so, I guess we get to file a bug
report with upstream. Speaking as an old C programmer, dying with a
SEGV? Really? In production?

mark

C7, and my RAID

Ok, I think my only choice at this point is to delete and recreate the
RAID, then restore from backup (oy, 7TB).

I see that I can do an mdadm --remove /dev/md0, then, the page I see that
on, suggests zeroing the superblocks. What would happen if I *don't* zero
the superblocks before doing an mdadm --create? Would I just wind up back
where I am?

mark

Where is everyone?

There's usually a lot more traffic here. Just today, I've started
wondering if a lot of folks who are usually here are on furlough, with the
US gov't shutdown.... If so, my condolences, folks.

mark

C7 radeon driver

Hi, folks,

We've been recently (the last few months) having issues on workstations
with the radeon driver.

Re: [CentOS] C7 and mdadm - apparently SOLVED

Looking around on the Web, what I just tried was to stop the RAID, then do
an --assemble --scan, and *that* found everything, put the raid together,
and appears to be rebuilding using the new drive.

*phew*

I do find it interesting that scan works, but explicitly assembling
apparently remembers the drive that died, and wouldn't even look at it.

mark

C7 and mdadm

A user's system had a hard drive failure over the weekend. Linux RAID 6. I
identified the drive, brought the system down (8 drives, and I didn't know
the s/n of the bad one. why it was there in the box, rather than where I
started looking...) Brought it up, RAID not working.

C7 and firewalld and ethernet bridge

Does someone have a link to a how-to-do-it with firewalld, not "disable
firewalld and use iptables"?

mark

C 7.6, radeon

Hi, folks,

Got a user that's recently(? been having odd things with her
workstation video.

From slashdot, systemd memory corruption bugs

Linux systemd Affected by Memory Corruption Vulnerabilities, No Patches
Yet (bleepingcomputer.com) 286
Posted by msmash on Thursday January 10, 2019 @01:00PM from the
call-the-IT dept.
Major Linux distributions are vulnerable to three bugs in systemd, a Linux
initialization system and service manager in widespread use,
California-based security company Qualys said late yesterday. From a
report:
The bugs exist in 'journald' service, tasked with collecting and storing
log data, and they can be exploited to obtain root privileges on the
target machine or to leak information.

Yum excluding packages I need

C7, and I did a yum update --disableexcludes=all, and yet it's telling me
[nvidia]: excluding kmod-nvidia-410.66-1.el7_5.elrepo.x86_64
[nvidia]: excluding kmod-nvidia-410.73-1.el7_5.elrepo.x86_64
[nvidia]: excluding kmod-nvidia-410.73-2.el7_6.elrepo.x86_64
[nvidia]: excluding kmod-nvidia-410.78-1.el7_6.elrepo.x86_64
[nvidia]: excluding kmod-nvidia-410.93-1.el7_6.elrepo.x86_64
[nvidia]: excluding nvidia-x11-drv-410.66-1.el7_5.elrepo.x86_64
[nvidia]: excluding nvidia-x11-drv-410.73-1.el7_5.elrepo.x86_64
[nvidia]: excluding nvidia-x11-drv-410.78-1.el7_6.elrepo.x86_64
[nvidia]: excluding nvidia-x1

Encrypting a file

I'm running C6. I want to encrypt a file or two, before I email it. Now, I
have a very long passphrase - I used it a number of years ago. and that
worked. It's about a paragraph long. For the last year or two, since one
upgrade, kgpg popped up a window when I logged in. Until a few days ago, I
just hit cancel. But, since this came up, I tried to run it. It got to "enter
a passphrase"... and it FROZE MY ENTIRE WORKSPACE. I couldn't copy and paste
from another window.

thunderbird & firefox

I *really* dislike the new photon UI. I WANT the arrow buttons top and
bottom of the scrollbars.

Does anyone know how to bring them back, or is that "that's *sooo* last
year, you can't ever have them again"?

mark

Slider bars...

Anyone have a clue how to add back the buttons at the top and bottom of
the slider bars, or at least change how the sliders work? Most of the
time, I want to scroll up faster, *NOT* got 500 emails back, or to the top
of the page....

mark "c7.6"

Updating 7.5->7.6

I've got a user with a legacy NVidia card. I've got kmod-nvidia. Last time
I did an update, all I did was yum update --disableexcludes.

Re: [CentOS] CentOS 7.6 external USB dmesg issue

Jerry Geis wrote:

Speaking of libreoffice

Been busy writing - updated C 6.10, and libreoffice, for no reason I
understand, decides to put a heavy horizontal line in the text. I've tried
highlighting it and removing direct formatting, I've tried selecting it
and hitting delete, nothing makes it go away.

Horizonetal line (in ASCII) one heavy lower line, one very thin line a few
pixels above it, sort of like
Clues for the poor?

mark