DevHeads.net

Postings by Helmut Drodofsky

persistent generic device for tape changer

Hello,

mtx and therefor amanda use generic device /dev/sg<x> for tape changer.

These devices change on reboot.

How to make them persistent?

/dev/sch0 and /dev/sch1 seem to be persistent.

/dev/tape/by-id/ shows links from WWID to generic device

An UDEV rule could help? I have not found any example.

XFS, NVMe

For me it's a new problem. I have never had problems like this:

kernel:XFS: mysqld(112843) possible memory allocation deadlock size
65552 in kmem_realloc (mode:0x250)

My first server with soft raid1 and NVMee. CentOS 7.5. Are there special
recommendations for configuring XFS with NVMe's?

yum update gitlab-ci-multi-runner

I'm doing
yum update
in CentOS 7 since some 10 hours.

Last terminal message is:
Updating   : gitlab-ci-multi-runner-9.5.1-1.x86_64

ps aux:
root     15296  0.3  2.5 1554608 204988 pts/0  S+   06:23   2:01
/usr/bin/python /bin/yum update

to kill yum is not a good idea. Alternative?

for what is yum waiting? can I stop an application process?

systemctl stop gitlab-runner does not help, same with giltlab-ctl stop

best regards

CentOS 7.3, SPF+ 10GBit network

Hello,

our server uses 1 GBit Nic and 10 GBit SPF+ NIC.

When both nics are configured ONBOOT=yes, then both nics are OK.

Wen 1GBit nic is ONBOOT=no, netwerk does not come up.

Missing driver? What else?

update clamav to 0.99.2

Helo,

update is in EPEL repository.

on startup, clamd does not further create clamd.sock and clamd.pid

clamd service stops without any message - even in debug mode.

It's a nightmare.

Helmut

CentOS 6, SSD recommendations?

Hello,

because of high disk load we plan to move from disk (raid1) to ssd.

Are there recommendations for
- manufacturer
- file sytem
- raid1

The Red Hat Storage Administration Guide says:
- no raid 1
- ext4 only
is this state of the art?

I have searched list,centos.org 2015 - nothing found.

I found in the year 2012 / 2013:
<a href="https://www.centos.org/forums/viewtopic.php?t=7580" title="https://www.centos.org/forums/viewtopic.php?t=7580">https://www.centos.org/forums/viewtopic.php?t=7580</a>
<a href="https://www.centos.org/forums/viewtopic.php?t=7175" title="https://www.centos.org/forums/viewtopic.php?t=7175">https://www.centos.org/forums/viewtopic.php?t=7175</a>
<a href="https://www.centos.org/forums/viewtopic.php?t=3667" title="https://www.centos.org/forums/viewtopic.php?t=3667">https://www.centos.org/forums/viewtopic.php?t=3667</a>

Shall I prefer to move to fast disks (15000 rpm)?

Thanks
Helmut

CentOS 7 hand-edit the network configuration files

Helo,

on
<a href="http://wiki.centos.org/FAQ/CentOS7" title="http://wiki.centos.org/FAQ/CentOS7">http://wiki.centos.org/FAQ/CentOS7</a>

in
3.

filesystem read only after logrotate CentOS 5

Helo,

the solution was now found in dmesg. I/O error for the journal.

dmesg was updated, /var/log/messages not. I think because of read only
file system.

Best regards
Helmut

Helo,

up to 04:02 the root file system was OK.

filesystem read only after logrotate CentOS 5

Helo,

up to 04:02 the root file system was OK. With the logrotate activities
there are messages: read only.

Last entry in /var/log/messages is the sendmail entry from logrotate.

less /etc/mtab gives:

/dev/sda1 / ext3 rw 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
devpts /dev/pts devpts rw,gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs rw 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw 0 0

What has happend?

Is this problem related with
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=947149" title="https://bugzilla.redhat.com/show_bug.cgi?id=947149">https://bugzilla.redhat.com/show_bug.cgi?id=947149</a>

Best regards
Helmut

port for rpc.statd occupied rsync port

Hello,

booting starts /etc/init.d/nfslock. today, rpc.statd used port 873.

later starting xinetd finds port used and disabled rsync daemon.

So its more or less a lucky break, to boot CentOS and have rsync running?

In /etc/rc3.d is
S14nfslock
S56xinetd

so by design xinetd starts always after nfslock!!!!

Best regards

rsync error 3.0.6 [solved]

Hello,

I use procedures for backup with rsync.

rsync error 3.0.6

Hello,

I use procedures for backup with rsync.

important spamassassin update

Hello,

njab.org will discontinue blacklist services.

On 1. March 2013 Apache published:

Bug 6913; Disabled rules/scores for njabl.org

See:
<a href="http://svn.apache.org/viewvc?view=revision&amp;revision=1451776" title="http://svn.apache.org/viewvc?view=revision&amp;revision=1451776">http://svn.apache.org/viewvc?view=revision&amp;revision=1451776</a>

Will there be an update from CentOS?

Best regards
Helmut Drodofsky

iptables: recent nolonger supported in Centos 5.8?!

Helo,

we use recent to control ip traffic.
kernel 2.6.18-308.13.1.el5 : all is OK
kernel 2.6.18-308.16.1.el5 : the first recent statement causes an error.
E.g.:
iptables -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80
iptables: Unknown error 18446744073709551615

The man pages say: recent is supported.

CentOS 6: is OK

Knows anyone more?

Best regards
Helmut Drodofsky

escd daemon

Helo,

this morning I have had a pop up Window in the gnome desktop, that
- the esc service is stopped
- I should restart the esc service or
- restart the computer

But there is no esc servcie in CentOS 5 ?!

What to do? As far as I know, the server is ok. So I have closed the pop
up. It does not come up again after later login.

iptables: hitcount

Hello,

up to CentOS 5.3 it was possible, to control new ip connections by
"recent", "seconds" and "hitcount"

-A INPUT -m state --state NEW -m recent --set -p tcp --dport 80
-A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount
1000 -p tcp --dport 80 -j LOG --log-prefix "FW DROP IP Flood: "
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -m recent
--update --seconds 60 --hitcount 1000 -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

so that
- short time high new connections rate for the web server where
accepted, but not over a longer tim

IPSEC How To?

Hello,

now I have spent many hours to configure openswan for VPN connections
without any success.

My goal:

VPN Server CentOS 6 with public IPv4
VPN Client (= road warrier) from private site with NAT router or from
mobile cell with Linux, Windows 7, Mac, iPhone or Android

Is there any how to in the net?

When I read
<a href="///usr/share/doc/openswan-doc-2.6.32/config.html" title="///usr/share/doc/openswan-doc-2.6.32/config.html">file:///usr/share/doc/openswan-doc-2.6.32/config.html</a>
then I belive, there is no solution.

first steps in selinux: cron.daily and postfix

Hello,

my CentOS 6.2 server sends the daily messages correct e.g. today at Feb
1 03:31:14

At the beginning of work hours (9:00 am local time):

Feb 1 10:06:17 server postfix/sendmail[27125]: fatal: chdir
/var/spool/postfix: Permission denied

Solution:
restorecon -R /var/spool/postfix/

Afterwards, postfix is OK again.

My own cron jobs will be run latest 1 am

What daily cron job destroys the selinux permissions?

LSi Logic SCSI controller driver

Hello,

I have found a lot of discussions concerning the LSI Logic scsi driver.

E.g.:
<a href="https://lkml.org/lkml/2010/4/26/335" title="https://lkml.org/lkml/2010/4/26/335">https://lkml.org/lkml/2010/4/26/335</a>
<a href="https://bugzilla.kernel.org/show_bug.cgi?id=16547" title="https://bugzilla.kernel.org/show_bug.cgi?id=16547">https://bugzilla.kernel.org/show_bug.cgi?id=16547</a>
<a href="http://www.redhat.com/archives/rhl-list/2007-April/msg02661.html" title="http://www.redhat.com/archives/rhl-list/2007-April/msg02661.html">http://www.redhat.com/archives/rhl-list/2007-April/msg02661.html</a>

VMware ESXI was updated on 28. April 2011.

Is this bug fixed in CentOS 6? RHEL 6 beta: the bug was included so far
as I have read.

secpwgen

Hi,

secpwgen is always reporting
"mlock: Cannot allocate memory"
even with user root.

CentOS 6.2.

Problem with selinux?

Thank you for help in advance.

Best regards
Helmut Drodofsky

UUID for network cards

Hello,

with CentOS 6, my new server created an UUID entry in ifcfg-eth0 -
additional to HWADDR entry.

Up to CentOS 5 the connection to the netwark card was defind only by HWADDR.

Now I have a new network card. How can I get the correct UUID?

The server connects correct the network with the updated HWADDR without
any UUID. Why do I need an UUID?

Thank you for help in advance.

Best Regards
Helmut Drodofsky

find most recent file update in directory

Hello,

I try to find in a directory hicharchy the most recent time of file update.

I think, there could be a solution with find?

Thank you for help in advance

Best regards
Helmut Drodofsky

recommendations for encrypting files?

I would like to encrypt and decrypt Files sent as attachment in Linux, Mac and Windows Systems

Recommendations?

Best regard
Helmut

CentOS 6: file and directory permissions

Hi,

I fear I am too stupid:

I find nowhere the explanation of the dot in file permissions like:

-rw-r--r--. 1 root root 457 Aug 4 17:27 config

I have searched in forums, Red Hat deployment guide, storage administration guide etc

Thank you for help in advance.

Best regards
Helmut

Centos6: missing link for mysqlclient

Hallo,

I am installing snort from source.

Besides of a lot of additional libraries, I needed a link

ln -vfs /usr/lib64/mysql/libmysqlclient.so.16 /usr/lib64/libmysqlclient.so

Are there reasons not to install with yum install mysql-devel ?

I have found many discussions to add this link in context of installing from source, nor only for snort.

Best regards
Helmut

ICMPv6 messages of type RS

Hallo,

as described by CISCO in
<a href="http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.html" title="http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.html">http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_...</a>

a router hast to send ICMPv6 messages of type RS to the all-router multicast group: ff02::1 and ff02::2 for stateless autoconfiguration.

How can I activate this sending in CentOS?

Best regards
Helmut

CentOS 6: snort, fwlogwatch

Hallo,

in CentOS 5 fwlogwatch is available. CentOS 6: I have found nothing.

Snort: installation from source? Other idea? Alternative software? OSSEC?

Thank you for help in advance

Best regards
Helmut

CentOS 6 IPv6: neighbor and restart network

Hallo,

for using the ipv6 neighbor functions, I have to execute commands like
ip -6 neigh add proxy 2001::211:d8ff:fe97:3273 dev eth0
to publish the ip of computers in the subnet.

To execute them on reboot, I have included these commands in /etc/rc.d/rc.local

Also after each restart of the network, I have to execute these commands too.

So: how can I always execute

/etc/rc.d/rc.local

after

service network restart

My idea:
Is it possible to rename /etc/network to /etc/network_original and to create a new shell script /etc/network to execute both?

Other/better advice?

Thank

CentOS 6 and IPv6 neighbor proxy

To route a subnet in ipv6 there are two possibilities:
- add route commands for the subnet in each computer
- or use neighbor proxy in the router server
I prefer neighbor proxy.

So I have to activate neighbor proxy in the router:
sysctl -w net.ipv6.conf.all.proxy_ndp=1

and I have to add entries for each client in the subnet like
ip -6 neigh add proxy 2001:0:0:1:211:d8ff:fe97:3273 dev eth0

This works well but is lost on reboot.

For the sysctl command there is /etc/sysctl.conf for permanent configuration.

If I create a file route-eth0 in the directory /etc/sysconfig/

How To for IPV6

Hi,

I try to set up
- A centos 6 firewall
- With proxy-arp (I know: arp is not supported in ipv6)
with ipv6.

Arp does not exist for ipv6. So I have added:
sysctl -w net.ipv6.conf.default.proxy_ndp=1
To use the neighbor proxy facility.

How to activate ipv6 forwarding? As far as I have found, this changed in RHEL6 from 6.1 (/etc/sysconfig/network) to 6.2 (/etc/sysctl.conf). CentOS 6?
So I have used
sysctl -w net.ipv6.conf.all.forwarding=1 as in RHEL 6.2

As in ipv4 I would prefer to proxy the clients behind the firewall.