DevHeads.net

Postings by Niki Kovacs

Problem with bugs.centos.org

Hi,

I wanted to create an account on bugs.centos.org to report a minor but
annoying bug with Dolphin.

After trying to register by providing the login (kikinovak) and email
address (<a href="mailto: ... at microlinux dot fr"> ... at microlinux dot fr</a>), I'm told that the email is already in use.
Uh oh. Maybe I already created an account years ago and then forgot
about it. So I click on the field for forgotten passwords, only to be
told that there is no one under that name or email address.

So I'm hitting a wall. Maybe one of the admins of bugs.centos.org is
reading this and can help me out?

Cheers,

Niki

Slightly OT : write bootable CentOS USB disk under Windows 10 and Mac OS X ?

Hi,

I'm currently writing my fourth book about Linux, for the french editor
Eyrolles.

Questions about yum-cron

Hi,

Up until now I always kept my servers up-to-date manually. Currently I'm
experimenting with yum-cron to automate this process.

I read through various online tutorials, and now I have a couple questions.

1. As far as I know, when editing /etc/yum/yum-cron.conf, I can only use
the following value for update_cmd :

update_cmd = default

If I understand this correctly, 'update_cmd = security' would have no
effect, since contrary to RHEL, CentOS doesn't provide the necessary
metadata to operate the distinction between security updates and other
updates like mere bugfixes.

Password recovery trick not working on CentOS

Hi,

I remember back in the days, there was a neat trick to recover a lost
root password, or more exactly, redefine a new password for root.

1. In the bootloader, boot the system with the 'init=/bin/bash' kernel
argument.

2. Remount the root partition in read-write mode:

# mount -o remount,rw /

3. Set the password for root:

# passwd

4. Remount the root partition in read-only mode:

# mount -o remount,ro /

5. Switch off the computer.

I tried this out of curiosity on a CentOS 7 sandbox machine, and this
doesn't seem to work anymore.

Clone a custom CentOS 7 desktop using G4L over FTP

Hi,

A couple months ago, I migrated our local school (two servers, 20
desktop clients) from Slackware 14.1 to CentOS 7. The desktop clients
are running a customized lightweight desktop based on Xfce:

<a href="https://blog.microlinux.fr/poste-de-travail-xfce-centos-7/" title="https://blog.microlinux.fr/poste-de-travail-xfce-centos-7/">https://blog.microlinux.fr/poste-de-travail-xfce-centos-7/</a>

Home directories are all on the server, and authentication is
centralized. Everything works fine so far.

With Slackware I had found a neat trick to install the desktop clients.
First I installed and configured one single client PC from start to
finish.

CentOS 7 + KDE : Dolphin weirdness

Hi,

I'm running CentOS 7 + KDE on my workstation. Since the latest big batch
of updates, Dolphin behaves a bit weirdly. When I download a .zip
archive and then right click and "Extract here", the extracted files
don't show. I have to hit F5 to refresh the current directory view and
display the new files.

Cheers,

Niki

Vsftpd vs. iptables firewall script

Hi,

I'm currently setting up a local FTP server, to receive disk images sent
with G4L (Ghost4Linux).

This server has been running Slackware Linux before, and the Vsftpd
setup was relatively simple.

With CentOS things seem to be slightly different, so I'm currently
trying to work things out. For the moment, two things seem to be
creating problems, the simple iptables firewall and SELinux.

When I disable the firewall and SELinux, Vsftp works as expected. So far
so good.

Now let's tackle this one dragon at a time. First the firewall.

Use EPEL without redirection ?

Hi,

Is there any way to deactivate the redirection to a mirror when using
the third-party EPEL repository ?

Our network uses a transparent HTTP/HTTPS proxy with a local AC. We can
create exceptions for sites like centos.org or
download.fedoraproject.org, but whenever we want to install a package
from EPEL, the mirror redirection causes an error due to redirection.

Any suggestions ?

Niki

kernel-lt from ELRepo vs. GRUB: define default boot kernel

Hi,

After upgrading my workstation to CentOS 7.5 (1804), I had to upgrade my
kernel from vanilla to kernel-lt from ELRepo. My NVidia GeForce 210
would only work with the driver provided by NVidia, which in turn
required a more recent kernel than 3.0.10.

Squid and log files

Hi,

I have Squid running on several CentOS proxy servers. Here's what the
Squid log file directory looks like on my own server:

access.log
access.log-20180311.gz
access.log-20180319.gz
access.log-20180429.gz
access.log-20180506.gz
access.log-20180514.gz
cache.log
cache.log-20180416.gz
cache.log-20180422.gz
cache.log-20180430.gz
cache.log-20180506.gz
cache.log-20180514.gz
squidGuard.log

I don't know if the compressed and archived *.gz log files are supposed
to be erased some time. Anyway, I'd like to make sure they are kept at
least for one full year.

Where is this defined ?

Niki

CentOS 7.5 (1804) and NetworkManager

Hi,

I'm running CentOS on all kinds of setups: servers, workstations,
desktops and laptops.

Up until now, I'm only using NetworkManager on laptops, since it makes
sense to use it there. On servers and desktop clients, I usually remove
it and configure the network "traditionally" by simply editing
/etc/sysconfig/network-scripts/ifcfg-whatever, /etc/resolv.conf,
/etc/hosts, /etc/hostname and /etc/sysconfig/network.

Video troubles after 7.5 upgrade using CR repo

Hi,

Our desktop clients are running CentOS 7 with the Xfce desktop from
EPEL. The CR repository is enabled. A few days ago I launched an update,
which brought in close to 1 GB of packages.

I had some weird problems on two clients. One is an old Dell Optiplex
330 with a legacy video card.

[root@cybermule:/] # lspci | grep -i vga

01:05.0 VGA compatible controller: Advanced Micro Devices, Inc.
[AMD/ATI] RC410 [Radeon Xpress 200/1100]

After the update, X wouldn't start anymore, and there was no way to make
it behave.

Replacement for Pdftk under CentOS 7 ?

Hi,

Two weeks ago I migrated all our local school's servers and clients from
Slackware 14.1 to CentOS 7. Everything went perfectly, and now I'm busy
sanding down some edges.

The previous installation sported pdftk and a frontend (can't remember
the name) which allowed some basic operations on PDF files such as
splitting and concatenation. The school's staff used this application
all the time. Unfortunately it's not available under CentOS 7.

Can you suggest any replacement for this application? On a side note, it
should be something with a point-and-click GUI.

Cheers,

Niki

HPLIP vs. CentOS

Hi,

Our local school has recently acquired an HP PageWide Pro 477
professional printer.

According to HP, the printer requires HPLIP 3.16.3 at least.

Unfortunately, CentOS is only shipping HPLIP 3.15.9.

So I downloaded and installed the hplip/hplipfull package from the HP
site.

Problem with Digikam and libgphoto2 after latest update

Hi,

I have CentOS 7 with KDE on my workstation. I'm using the CR repo. I had
to remove Digikam to be able to do the latest update (1 GB of updates...
wow).

XScreenSaver

Hi,

I'm currently moving all our local school's desktop clients from
Slackware 14.1 to CentOS 7 + Xfce. Right now I'm fine-tuning the default
user profile.

I have a problem with XScreenSaver. The application per se works very
well. Only there's a hard-coded pop-up window that reminds the user that
he's not running the latest version. So, if I'm running version 5.36 as
provided by the EPEL repo and not the latest and greatest 5.38 as
provided upstream, I get a pestering pop-up window informing me that
YOUR VERSION OF XSCREENSAVER IS VERY OLD.

CentOS 7 + Xfce + GDM : disable "switch user" ?

Hi,

I have CentOS 7 + Xfce + GDM installed on all our local school's desktop
clients.

I'd like to disable the "switch user" menu entry, since our desktop
clients have a relatively limited amount of RAM. Most users tend to use
the "switch user" functionality to log off, and at the end of the day,
the computer has no RAM left.

I know there is a way to disable this functionality, I vaguely remember
having it done a few years ago on Slackware.

Any suggestions ?

Niki

How insecure is NIS ? Possible alternatives ?

Hi,

In the past I've setup simple centralized authentication with NIS and
NFS, without bothering about possible security implications.

Over the next month I have to setup a new network in a local school, and
I wonder if I should use NIS/NFS. I still have my own documentation,
it's simple and somewhat bone-headed to setup, and it just works.

RHEL/CentOS 7 still provide NIS, and I vaguely wonder how exactly it is
insecure. So I thought I'd simply ask on this list.

I know there's FreeIPA available.

Install CentOS 7 over serial port on router board ?

Hi,

I have to install CentOS 7 for a client, to act as cache & filtering
proxy using Squid.

I'd like to use this piece of specialized hardware :

<a href="http://store.calexium.com/fr/systeme-pre-assemble/869-systeme-pre-assemble-rackmatrix-apu-amd-gx-412tc-quatre-coeurs-1-ghz.html" title="http://store.calexium.com/fr/systeme-pre-assemble/869-systeme-pre-assemble-rackmatrix-apu-amd-gx-412tc-quatre-coeurs-1-ghz.html">http://store.calexium.com/fr/systeme-pre-assemble/869-systeme-pre-assemb...</a>

There is no VGA or HDMI video output, just a serial port to connect to,
and then three NICs and two USB ports.

I've never installed CentOS over a serial console, so I don't even know
if it's possible in the first place. Has anyone ever done something like
that ?

Any suggestions ?

Niki

Squid + SquidGuard : static block page not working

Hi,

I've been working with Squid + SquidGuard for a few years, though only
on Slackware.

Squid vs. iptables redirection: exception for certain domains ?

Hi,

I'm currently facing a quite tricky problem. Here goes.

I have setup Squid as a transparent HTTP+HTTPS proxy in my local
network. All web traffic gets handed over to Squid by an iptables script
on the server.

SELinux breaks Squid's ssl_crtd helper

Hi,

I've setup a transparent HTTP+HTTPS proxy on my server running CentOS 7,
using Squid.

Squid and HTTPS interception on CentOS 7 ?

Hi,

I've been running Squid successfully on CentOS 7 (and before that on 6
and 5), and it's always been running nicely. I've been using it mostly
as a transparent proxy filter in school networks.

So far, I've only been able to filter HTTP.

Do any of you do transparent HTTPS filtering ? Any suggestions, advice,
caveats, do's and don'ts ?

Cheers from the snowy South of France,

Niki

Going back to a minimal system : strange problem

Hi,

Some time ago I wrote a little script elaguer.sh ("élaguer" means "to
prune") which simply removes all packages that are *not* part of a
minimal installation.

First I created a list of packages that make up a minimal CentOS
installation. On a fresh install, I would do something like this:

# rpm -qa --queryformat '%{NAME}\n' | sort > minimal.txt

Here's the resulting list of packages. I added a comment on top:

<a href="https://github.com/kikinovak/centos-7-server-lan/blob/master/config/pkglists/minimal.txt" title="https://github.com/kikinovak/centos-7-server-lan/blob/master/config/pkglists/minimal.txt">https://github.com/kikinovak/centos-7-server-lan/blob/master/config/pkgl...</a>

And here's the script to prune the installation, e. g.

Set LANG on CentOS 6 server

Hi,

I'm having a weird problem on a CentOS 6 server. I installed the machine
in french, so I have LANG=fr_FR.UTF8 defined.

I'd like to define en_US.UTF8, because some output is better readable in
english, like chkconfig --list.

I replaced fr_FR.UTF8 in /etc/sysconfig/i18n and /boot/grub/grub.conf.
Unfortunately, when I reboot the system, I still get this:

# echo $LANG
fr_FR.UTF-8

Any suggestions?

Niki

Slightly OT : newsletters, mail formatting and netiquette

Hi,

This question is not exactly CentOS-related strictly speaking, but here
goes. I'm running a few newsletter servers for myself and a handful of
clients on public CentOS servers with PHPList.

For the last twenty years or so I've followed the basic rule that mails
should have no formatting whatsoever, only simple text.

Gtkcdlabel + cdlabelgen on CentOS 7 ?

Hi,

I've been using the nifty little application Gtkcdlabel for making CD
and DVD covers since 2005, if I remember correctly. Later versions are
written in Python, and it's a graphical frontend to the cdlabelgen utility.

The application doesn't look very well maintained, since the 1.15
release dates back to 2011. Nevertheless, I've been successfully running
it on Slackware Linux until the latest 14.2 release.

I'm currently trying to install it on CentOS 7, and I'm only having a
partial success, with a showstopper.

CentOS 7 + KDE : post-installation script

Hi,

I just spent two rainy days writing and fine-tuning a post-installation
script for CentOS 7 and KDE.

<a href="https://github.com/kikinovak/centos-7-desktop-kde" title="https://github.com/kikinovak/centos-7-desktop-kde">https://github.com/kikinovak/centos-7-desktop-kde</a>

I've just tested it on three different machines here, and it works quite
nicely. Feel free to give it a spin and make some suggestions.

Cheers,

Niki

Spamassassin vs. SELinux trouble

Hi,

Spamassassin has been working nicely on my main server running CentOS 7
and Postfix. SELinux is activated (Enforcing).

Since the most recent update (don't know if it's related to it though)
I'm getting the following SELinux error.

--8<-----------------------------------------------------------------
SELinux is preventing /usr/bin/perl from 'read, write' accesses on the
file /var/log/spamassassin/.spamassassin/bayes_toks.

***** Plugin catchall (100.

Apache and web content permissions

Hi,

Until a few months ago, when I had to setup a web server under CentOS, I
assigned (I'm not sure about the correct english verb for "chown"ing)
all the web pages to the apache user and group. To give you an example,
let's say I have a static website under /var/www/myserver on a CentOS
server running Apache.