DevHeads.net

Postings by Robert Moskowitz

URL question

I have a web site accessible by:  <a href="http://www.foo.com/bar.html" title="www.foo.com/bar.html">www.foo.com/bar.html</a>

But users that use: <a href="http://www.foo.com/bar" title="www.foo.com/bar">www.foo.com/bar</a>

get a directory content of the files in directory bar.

What do I need to add so that those that use the shortcut of leaving off
.html still get the full web site.

thanks

Support for Argon2 for password hashing

Is there any information on adding support for Argon2?

I have been working on my new mailserver and this came up in moving from
the default MD5 hash to more 'modern' hashes like SHA256 and SHA512. 
Then I was pointed to the work behind Argon2, and I see that it is
moving through the IRTF cfrg workgroup:

draft-irtf-cfrg-argon2-04.txt

It is a 'purpose built' hash for passwords, with recommendations that
new implementations use it.  Of course can't use it if crypt does not
support it....

thanks

user authentication and password format

For my new server, I plan on using either SHA256 or 512 and trying to
see what impact NOT using MD5 has on the postfix configuration.

time --verbose not working

I can't seem to get the verbose mode of time working.  I am trying to
compare the compute cost of sha256-crypt to sha512-crypt:

time doveadm pw -s sha256-crypt -p secret

real    0m0.128s
user    0m0.081s
sys     0m0.040s

time doveadm pw -s sha512-crypt -p secret

real    0m0.162s
user    0m0.105s
sys     0m0.047s

But all attempts to add --verbose fail:

time --verbose doveadm pw -s sha512-crypt -p secret
-bash: --verbose: command not found

Googling gives different recommendations, none work for me.

Did I install too much for clamav?

I just checked the status of amavisd:

# systemctl -l status amavisd
● amavisd.service - Amavisd-new is an interface between MTA and content
checkers.
   Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled;
vendor preset: disabled)
   Active: active (running) since Thu 2019-02-07 08:16:59 EST; 7h ago
     Docs: <a href="http://www.ijs.si/software/amavisd/#doc" title="http://www.ijs.si/software/amavisd/#doc">http://www.ijs.si/software/amavisd/#doc</a>
  Process: 5715 ExecStart=/usr/sbin/amavisd -c
/etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS)
 Main PID: 6327 (/usr/sbin/amavi)
   CGroup: /system.slice/amavisd.service
           ├─6327 /usr/sbin/amavisd (master)

Problems invoking amavis from postfix

I am building a new system on CentOS7 that has postfix 2.10.1 and
amavis-new 2.11.1

I am working from my notes of 2 years ago when I last did this
successfully so either something has changed since then (quite likely),
or I am missing something from my notes (also quite likely).

For main.cf I run:

postconf -e 'content_filter = amavis:[127.0.0.1]:10024'

Then I append to the default master.cf (working from my understanding
that the last instruction in master.cf encountered is the one applied,
rather than trying to edit what is there):

#
================================================

AH01630: client denied by server configuration

I have google around and the obvious reasons for this..

I am working on a new setup with posrfixadmin ver 3.2 on Centos7-armv7
with SElinux enforcing.

Applying changes to route-eth0

I have a series of static routes in route-eth0

Recently I had to made changes and could not find an effective way to
get the old routes out and the new routes in.

ifdown-route seems to apply the content of route-eth0 to take down the
routes listed and ifup-route brings up routes based on route-

So what ends up is that the old routes never go away, just new routes added.

ifdown eth0; ifup eth0

works, but is a bit heavy-handed for only changing routes.

So how do I clear out the routing table and have it rebuilt based on
ifcfg-eth0 and route-eth0 without bouncing the interface completely

How do I remove a kernel

I have 4 kernels in /boot, leaving on 20MB which is not enough for the
next one.

I had installonly_limit= set at 5, as there were some kernel problems. 
After I got the error that there was not enough room for another kernel,
I set installonly_limit= to 3 and did the update with --exclude=kernel*

That worked to update everything else, but not remove the oldest kernel.

How can I remove the oldest kernel to make room for the new one?

thanks

Running a command at startup

On a support forum, I was told that to turn off my board's blue led run:

echo none | sudo tee /sys/class/leds/blue\:heartbeat/trigger

Well, this does not survive a system reboot.  So I was told:

Add the off bit to

    /etc/rc.local

Add it above "exit 0"

So of course, CentOS is past using rc.local and recommends:

# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this fi

So can someone point me to how to make this into a simple systemd service?

thanks

Upping my game on web work

Until now, I have been satisfied with hand coding my html for simple,
but effective web pages (see <a href="http://www.htt-consult.com/" title="http://www.htt-consult.com/">http://www.htt-consult.com/</a>).

But I want to offer one of our small synagogues some web pages and need
a few tools for them to use to compose their pages and upload content.

What 'simple' web support tools do we have here?

Of course I will be doing this on armhfp,,,

Testing for apache open relaying

My mail server is being blocked by barracuda and spamexperts.

I have tested my mail port via mxtoolbox.com and I came out clean and no
relaying.

So I suspect my apache server as a proxy relay.

Is there a similar site to mxtoolbox that will test apache for improper
relaying?

thanks

I thought I had it blocked for this:

# cat 01-allow.conf
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order deny,allow
    allow from 192.168.96.0/255.255.255.0
    allow from 50.253.254.0/255.255.255.240
    deny from all
</Directory>

# more roundcubemail.c

TLS 1.3 and openSSL 1.1.1 support

TLS 1.3 RFC has 'shipped':  RFC 8446.  Don't yet know all that will have
to be updated to support it, but I am working on openSSL 1.1.1 beta
which is available in the Fedora 29 beta.  The openSSL team is looking
at one more beta release (I had challenges with ED25519 certs, I will
soon have an Internet Draft out on them).

So general heads up.  TLS 1.3 is claimed to be the cat's meow for
security (I see it as a kitchen sink).  There will be questions asking
for when it will be available (wait until they start thinking about
creating EDDSA pkis).

Yet another thing for our hard working C

Back to Xfce

Now that the basic server is up and running.  With Gnome via VNC (yuck),
it is time to go back and figure out howto install Xfce without an Xfce
group script.  So I am asking those with X64 Centos for some pointers. 
Like where are the group scripts so maybe I can modify them for armhfp.

I was reading:
<a href="https://www.rootusers.com/how-to-install-xfce-gui-in-centos-7-linux/" title="https://www.rootusers.com/how-to-install-xfce-gui-in-centos-7-linux/">https://www.rootusers.com/how-to-install-xfce-gui-in-centos-7-linux/</a>

Where the author talks about doing a minimal install then running:

yum groupinstall "Server with GUI"

But notes that this installs Gnome (which I don't want) and that instead to

yum groupinstall “X Window System”

But

rsync versioning problem

I seem to have an rsync versioning problem.

The sender is an old ClearOS6 server with rsynv 3.0.6
The receiver is a brand new Centos7-armv7 server with rsync 3.1.2

I am running rsync over ssh

Got the error:

rsync error: error in rsync protocol data stream (code 12) at io.c(600)
[sender=3.0.6]

And researching this it comes down to a versioning issue.  But all I
have found was to upgrade the 3.0.6 system!  That will happen when I
migrate to ClearOS7!

Is there some option to specify to get this to work?

rsync -ah --stats --delete -e "ssh" /var/flexshare/shares
x.htt-consult.com:/media/

How to set macaddr with nmcli

I see my problem.  I mis-read what

nmcli con mod eth0 mac "02:67:15:00:81:0B"

does.  It sets HWADDR; which interface to link to, not MACADDR, what MAC
address you want for your interface.

So I have read the nmcli pages and googled a bit.  I cannot find a way
to set MACADDR.  I suppose I can set HWADDR then use sed to change it to
MACADDR, but this seems a real hack.

ARM boards do not have assigned MAC addresses.  Uboot uses various
information to generate a local MAC address.  I want finer control of my
MAC address for my servers.  In the past, I just edited ifcfg-eth0.  I
am trying

How to set macaddr with nmcli

I see my problem.  I mis-read what

nmcli con mod eth0 mac "02:67:15:00:81:0B"

does.  It sets HWADDR; which interface to link to, not MACADDR, what MAC
address you want for your interface.

So I have read the nmcli pages and googled a bit.  I cannot find a way
to set MACADDR.  I suppose I can set HWADDR then use sed to change it to
MACADDR, but this seems a real hack.

ARM boards do not have assigned MAC addresses.  Uboot uses various
information to generate a local MAC address.  I want finer control of my
MAC address for my servers.  In the past, I just edited ifcfg-eth0.  I
am trying

ifcfg-link?

This is happening with the Centos7-armv7 image 1804, but I was wondering
if it is a broader C7 issue.

My image has only 2 ifcfg files:  ifcfg-l0 and -link.  'ip a' is listing
the ethernet as eth0.  ifcfg-link has contains:

DEVICE=link
BOOTPROTO=dhcp
ONBOOT=on

I then used nmcli to create my ifcfg-eth0

nmcli con delete eth0
nmcli con add type ethernet con-name eth0 ifname eth0 ip4
192.168.129.11/25 gw4 192.168.129.1
nmcli con mod eth0 ipv4.dns "50.253.254.2 192.168.129.1"
nmcli con mod eth0 mac "02:67:15:00:81:0B"

I moved the cable to the 192.168.129.1 vlan (which does not have a dhcp
s

Strange vncserver behavior

I got vncserver working per:

<a href="https://www.tecmint.com/install-and-configure-vnc-server-in-centos-7/" title="https://www.tecmint.com/install-and-configure-vnc-server-in-centos-7/">https://www.tecmint.com/install-and-configure-vnc-server-in-centos-7/</a>

Then I went to set up a second instance, and have that for logging on to
root:

==========

cp /lib/systemd/system/vncserver@.service
/etc/systemd/system/vncserver@:2.service

vi /etc/systemd/system/vncserver@\:2.service

replace <USER> with root

systemctl daemon-reload
systemctl start vncserver@:2

==========

I got the message:

Job for vncserver@:2.service failed because a configured resource limit
was exceeded.
See "systemctl status vncserver@:2.service" and "journalctl -xe" for
detail

C7 Xfce group

I am working with Centos-arm which right now only has the gnome and kde
desktops.

I am spoiled with using Xfce on all my Fedora systems (MUCH longer
battery life on my notebook, for example).  I like its simplicity.

I see from messages here that mainline C7 does have the Xfce desktop.

Can someone give me a list of rpms that make up the group, so I can try
starting with the minimal image and see if I can build an Xfce desktop?

Meanwhile I am going to put in a request for Xfce on the centos-arm list.

thanks

Errors on an SSD drive

I am building a new system using an Kingston 240GB SSD drive I pulled
from my notebook (when I had to upgrade to a 500GB SSD drive). Centos
install went fine and ran for a couple days then got errors on the
console.

Cloud and php

I am looking at cloud software. On Centos7-armv7hl, of course.

I was pointed to Nextcloud, but v11 CAN work with php 5.4 in Centos7,
but recommends at least 5.5 for security updates and performance
(important on arm), but recommends php 7.

vncserver died

I get back from two weeks on the road, and try to VNC to my server and
it fails. I ssh in and see that, yes vncserver is dead.

Low random entropy

I am use to low random entropy on my arm boards, not an intel.

On my Lenovo x120e,

cat /proc/sys/kernel/random/entropy_avail

reports 3190 bits of entropy.

On my armv7 with Centos7 I would get 130 unless I installed rng-tools
and then I get ~1300. SSH into one and it drops back to 30! for a few
minutes. Sigh.

Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am
seeing 180.

I installed rng-tools and no change.

startx on console 2

I seem to recall that there is some special option to run X11 on <Alt-F2>

On this ClearOS system, their console sits on the default console. You
have to <Alt-F2> (etc.) to get a text login. Now that I have Xfce kind
of installed, I want to see it on the system console, and I thought that
just running startx would work.

It doesn't. Got some errors. And then I remembered years back where
there was some extra options used to run startx on one of the other
consoles.

But it has been too many years and I can't find any notes on it.

Centos7 Cant start vncserver

OK, first time configuring vncserver on Centos7. I have read through a
bunch of old messages here on vncserver and thought I had it.

What is in a yum group

I want to install Xfce on a ClearOS server. They have not defined any
desktop groups (actually no groups other than minimal). But lots of
Xfce rpms are in their repos.

How can I see what rpms Centos would install with a 'yum group install'?

Then I get to install vnc server and set up the client right...

thanks

Mini PCs

I have been working, for the past few years, with armv7 SOCs and have a
number of servers working.

Intel, etal are catching up with ARM and I have seen ones like:

<a href="https://www.aliexpress.com/item/NEW-Mini-pc-X86-4-Lan-Qotom-Q190G4N-with-celeron-J1900-quad-core-4-usb-VGA/32785346279.html" title="https://www.aliexpress.com/item/NEW-Mini-pc-X86-4-Lan-Qotom-Q190G4N-with-celeron-J1900-quad-core-4-usb-VGA/32785346279.html">https://www.aliexpress.com/item/NEW-Mini-pc-X86-4-Lan-Qotom-Q190G4N-with...</a>

I am looking for a low power (this is 10W) x86_64 board that has at
least 2 core and 2GB memory.

cannot access file: Input/output error

I have a file on a backup usb drive that I get the following error:

# ls -ls P*
ls: cannot access Power usage.xls: Input/output error

How can I delete this file so that the nightly backup will write out the
current version to the backup drive?

I tried:

# rm -f Power\ usage.xls
rm: cannot remove `Power usage.xls': Input/output error

Which you can see did not work.

thanks

tabs ignored in here document

I thought this worked. Many web pages tell you it works. But bash is
ignoring tabs in my here docs. Worst, where there are two tabs, it is
functioning as a command expand in bash, where all files in the current
directory are listed to complete the command.

The following is the here doc I am using. Most likely the tabs will be
converted to spaces in this email.