Postings by Niki Kovacs

SpamAssassin vs. SELinux


I just installed SpamAssassin on two servers running CentOS 7 and
Postfix. One is my sandbox server for experimenting, the other one is
the server that hosts my company's web site, blog, mail, etc.

So far, SpamAssassin seems to work as expected.

Strange problem with CentOS 7 and guest additions in VirtualBox


I'm having a very weird problem with CentOS as a VirtualBox guest. Let
me explain it step by step.

tl;dr: I can install VirtualBox Guest Additions and configure a
fullscreen 1280x1024 graphical resolution on a full install, but not on
a reduced install with a lightweight window manager.

Here's what I did.

1. Install vanilla CentOS 7 with KDE.

2. Boot to reduced 1024x768 resolution.

3. Install gcc, make and kernel-devel.

4. Build VirtualBox Guest Additions.

5. Reboot to full 1280x1024 resolution. ==> perfect

On a vanilla desktop installation, this works perfectly.

yum groupinstall vs. yum group install


Is there a difference between 'yum groupinstall' and 'yum group
install'? As far as I can tell,

# yum groupinstall "X Window System"


# yum group install "X Window System"

get me the same result.

Just curious.


Use CentOS to create a bootable Mac OS X DVD from dmg file?


Sorry if this is only half-CentOS-related.

In my office, I'm running CentOS on all my systems (server, workstation,
laptop, sandbox PCs). A colleague brought me her MacBook Pro to upgrade
it from OS X 10.5.7 to 10.11.6.

I downloaded the 5.8 GB dmg file and now I wonder how to create a
bootable DVD with this using only Linux tools.

1. Can I simply burn this as a data DVD with K3B?


CentOS 7: changes to php.ini


I'm hosting a few web apps like OwnCloud, Wordpress and Dolibarr on
CentOS 7 that require a handful of changes to php.ini. I have to define
some custom values for post_max_size, upload_max_filesize, etc.

I don't know if I'm supposed to edit /etc/php.ini directly or if changes
should be put in a configuration file stub in /etc/php.d.

CentOS, PHP & OwnCloud/Nextcloud: the version dilemma


I'm currently experimenting with OwnCloud and Nextcloud on a sandbox
CentOS 7 server. I've been using OwnCloud for the last two years for my
own purposes on a Slackware server, and I'm quite happy with it.

In my humble opinion, every admin who wants to host OwnCloud or
Nextcloud on a RHEL/CentOS server is confronted with a version dilemma.

1. CentOS 7 sports PHP 5.4, which has been officially EOL for quite some
time, but Red Hat will provide security update backports until 2024.
Which is fine.


Block internet access for some users on the LAN ?


In our local school we have two servers and roughly 80 clients.

systemctl poweroff


I've been using CentOS since versions 4.x, and I see a weird trend in
recent Linux distributions.

Under CentOS 4.x, 5.x and 6.x, shutting down a server (workstation,
laptop) simply meant issuing 'shutdown -h now' (or choosing 'Shutdown'
from the GUI menu), and the machine would simply shut down.

Flush memory on a server?


A few days ago I checked the health of my main public server running
CentOS 7, a quad-core machine with 16 GB RAM. It had been running
non-stop for 65 days, hosting only a handful of services (BIND, NTP,
Apache, Postfix, Dovecot) for two domains.

I was surprised to see that RAM consumption was relatively high, and
apparently, the machine even had to swap at some time.

I read up a bit on RAM consumption, and now I wonder if flushing the
memory cache regularly is a good idea.

<a href="" title=""></a>

Any suggestions?


TeX Live on CentOS 7


I just installed the OpenVAS vulnerability scanner on my CentOS 7
workstation. Everything seems to work fine, except PDF generation. The
'openvas-check-setup' script tells me that PDF generation works fine,
but whenever I want to generate a report, the result is unusable and
can't open in Evince or Okular.

After googling a bit, I found out that several users complained that Tex
Live is broken under RHEL/CentOS 7.

While I did use LaTeX a long time ago to write documents, I don't use it
anymore nowadays (just Markdown or LibreOffice).

Ark can't handle RAR archive


I'm running CentOS 7 with KDE. Ark can't seem to handle a RAR archive,
even though I have unrar from the Nux repository installed.

Any idea what's wrong here?



OpenVAS: confusion with 3rd party repos


I'm currently experimenting with OpenVAS, the vulnerability scanner
which was forked from Nessus.

I'm reading through various HOWTOs and tutorials, and it seems like I'm
stuck very early in my fiddling process.

All the CentOS-based tutorials I've found mention a third-party Atomic
repo, and here's how the installation usually begins.

# wget -q -O - <a href="" title=""></a> | sh

Yet on my servers I have EPEL configured for my third-party needs, and
OpenVAS already seems available through EPEL.

# yum search openvas

Getting started with mod_security


I'm currently fiddling with mod_security, and before going any further,
I simply wanted to ask here for any recommended documentation/tutorials
on the subject. There seems to be a lot of information about
mod_security out there, and right now I have a bit of a hard time
wrapping my head around it.

I'm grateful for any suggestions.


Niki Kovacs

CentOS 7 + KDE: sleep mode?


One of my clients is running CentOS 7 + KDE 4.14 which I installed for
her. Everything is running nicely. She asked me - more out of curiosity
- if she could use the "Sleep" mode instead of "Shutdown" like she did
when she ran Windows, so the PC would be up and running faster the next
time. I didn't know what to answer, since I don't explicitly use this
mode. Only on my laptop I simple shut the lid, which puts the laptop
into Sleep mode. But on a normal PC, I don't know if this mode is
supposed to be used.

Any suggestions?


Hardening Apache on CentOS 7


Some time ago one of my public servers (running Slackware64 14.0) got
attacked and was misused to send phishing emails.

This misadventure made me more concerned about security, so I spent the
last few weeks catching up on security, reading docs about SELinux and
how to use it, etc.

I have a public sandbox server running CentOS 7, and I'm currently
experimenting quite a lot with Apache and how to secure it. My approach
is very much trial-and-error.

Apache + mod_evasive : problem with


I'm currently experimenting with the mod_evasive module for Apache, to
protect the server against potential DoS attacks. Here's what I did so far.

# yum install mod_evasive

Don't touch mod_evasive's default configuration, just restart Apache.

# systemctl restart httpd

The package includes a script supposed to launch a testing DoS

Web server files ownership?


I have a series of websites hosted on two CentOS 7 servers, using Apache
virtual hosts. One of these servers is a "sandbox" machine, to test
things and to fiddle around.

On the sandbox server, I have a few dummy websites I'm hosting.

# ls /var/www/html/
default phpinfo slackbox-mail slackbox-site unixbox-mail unixbox-site

Since Apache is running as system user 'apache' and system group
'apache', I thought it sensible that hosted files be owned by that process.

# ls -l /var/www/html/
total 24
drwxr-x---. 3 apache apache 4096 6 juil. 09:37 default

Problem with ipa-client


Here's the warning that Yum currently displays:

** Found 3 pre-existing rpmdb problem(s), 'yum check' output follows:
ipa-client-4.4.0-14.el7.centos.7.x86_64 has installed conflicts
freeipa-client: ipa-client-4.4.0-14.el7.centos.7.x86_64
ipa-client-common-4.4.0-14.el7.centos.7.noarch has installed conflicts
freeipa-client-common: ipa-client-common-4.4.0-14.el7.centos.7.noarch
ipa-common-4.4.0-14.el7.centos.7.noarch has installed conflicts
freeipa-common: ipa-common-4.4.0-14.el7.centos.7.noarch

Any suggestions what I can do about that? (BTW, I don't use IPA)



Physically moving a mail server vs. cached DNS


I just moved my main mail account and web content from a low-cost
(low-quality) provider to my own root server running CentOS 7. I
transferred the domain name from DNS management to my registrar,
configured BIND, Apache, Postfix, Dovecot, NTP, SELinux, etc. Now things
are running rather nicely.

Markdown editor for CentOS 7?


I recently discovered Markdown, and I'm currently using it to write some
documentation for CentOS 7.

<a href="" title=""></a>

For the time being, I'm using my good old Vim editor for writing it. I
turned off syntax highlighting, since this produces random results with

Pages are correctly displayed on Github, but in order to see them, I
have to push them to the server. Now I wonder if there's a good WYSIWYG
editor for Markdown, or at least something where I can check locally
what the page looks like.

Any suggestions?

Niki Kovacs

CentOS 7 + KDE: Okular view PDF files OK but prints a blank page


I recently installed CentOS 7 + KDE 4.14 on my main workstation, and
overall I'm very happy with it.

Okular seems to have trouble with some PDF files. I'm using the Dolibarr
application to generate invoices. I can view the resulting PDF file OK,
but when I try to print it, I get a blank page. A few days ago I had a
similar problem with a PDF file generated from a french administration
online form.

On my previous installation (Slackware64 14.1 + Xfce + Evince built from
source) I never had any trouble with PDF files.

Any suggestions?


Niki Kovacs

Virt-Manager and full-screen display


I have CentOS 7 with Qemu/KVM and Libvirt running on a headless HP
Proliant Server. Virtual hosts are managed via Virt-Manager installed on
a CentOS 7 + KDE client via SSH.

Things are running quite nicely for now, I only have a few small minor
details to adjust.

On my main workstation running Slackware64 14.1, I also have Qemu/KVM
and Virt-Manager installed. When I launch a virtual host and switch to
full-screen display, the host is a "real" full screen.

But when I do the same thing with CentOS, I don't have a real
full-screen display.

rpcbind fails to start after creating virbr0 bridge


In my office I have an HP Proliant server running CentOS 7. It's a
minimal install without GUI. The machine has two network interface
cards, and for now it's acting as gateway/firewall, and it's running
ntpd, Dnsmasq and Rsnapshot.

I'd like this machine to also be a KVM virtualization host, so I
installed qemu-kvm and libvirt.

SAN certificates for multiple domains and multiple services


I'm currently installing and configuring CentOS 7 on a public server.
The machine will host a few small-to-midsize projects that are currently
running on a handful of Slackware servers: public library databases, our
public school's agenda, a small webradio, OwnCloud for myself and a
local non-profit, etc.

Until recently I've mostly used self-signed SSL certificates for stuff
needing a secure connection.

Apache + SSL: default configuration rated "C" by Qualys Labs


I'm currently experimenting with a public server running CentOS 7. I
have half a dozen production servers all running Slackware Linux, and I
intend to progressively migrate them to CentOS, for a host of reasons
(support cycle, package availability, SELinux, etc.) But before doing
that, I have to figure out a few things that work differently under

CentOS 7 + HPLIP = blank page


I just installed CentOS 7 + KDE on a new workstation in my office. I
tried to setup my printer, but the test page is blank. Here's some details.

The printer is an HP OfficeJet 8600 Pro. It works perfectly with all
other desktop clients running Slackware Linux and HPLIP.

I installed hplip and hplip-gui, launched HP Toolbox and then setup the
printer - a network printer - which is mainly a matter of confirming OK,

The printer shows up OK in HP Toolbox, but when I try to print a test
page, the printer ejects a blank page, that's it.

Which leaves me clueless.


Niki Kovacs

bind vs. bind-chroot


On my public servers, I usually run BIND for DNS. I see CentOS offers a
preconfigured (sort of) bind-chroot package. I wonder what's the
effective benefit of this vs. a "normal" BIND setup without chroot. On
my Slackware servers, I have a rather Keep-It-Simple approach to all
things security, e. g. run no unneed services, open only needed ports
etc. but I don't run the extra mile (and haven't been bitten so far).

Any suggestions? (No flamefest please.)


Primary DNS server with BIND on a public machine running CentOS 7


I just installed CentOS 7 on a public server. I'd like to setup BIND as
a primary DNS server for a few domains.

Until now, all my public machines were running Slackware Linux, and
setting up BIND on a Slackware machine is relatively easy. In its out of
the box configuration, it has a bone-headed caching nameserver role,
which is quite easy to expand to a primary nameserver. Here's my
documentation. It's in French, but the *nix bits are universal.

<a href="" title=""></a>

On my server running CentOS, I notice things are more complicated in the
default configuration.

Network configuration: desktop vs. laptop


I'm just migrating some stuff from Slackware Linux to CentOS, and I have
a question about the orthodox way of configuring a network connection.

On a desktop or workstation, I usually get rid of NetworkManager:

# systemctl stop NetworkManager
# yum remove NetworkManager

Then I edit the /etc/sysconfig/network-scripts/ifcfg-XXXXX file
corresponding to my network interface.

Dnsmasq and /etc/hosts


I just setup CentOS 7 on three boxes to fiddle with it.

1. amandine.sandbox.lan is a headless LAN server

2. bernadette.sandbox.lan is a client desktop

3. raymonde.sandbox.lan is another client desktop

I've setup Dnsmasq on amandine.sandbox.lan.