admin | 25 Oct 22:22 2014

Centos 6.5 - Fping - SE Linux - Missing type enforcement (TE) allow rule

Hi gents,

I seem to have a small issue with fping and Observium(a monitoring 
solution). The particular VPS I'm using does have SELinux enabled and it 
seems to be causing issues when the httpd process is attempting to use 
Fping?

Here is what I know so far :

Output from "audit2why -a" :

---------------
type=AVC msg=audit(1414265994.125:6744): avc:  denied  { create } for  
pid=8968 comm="fping" scontext=unconfined_u:system_r:httpd_t:s0
       Was caused by:
                 Missing type enforcement (TE) allow rule.

                 You can use audit2allow to generate a loadable module 
to allow this access.

---------------

Which does seem to confirm that something is wrong between httpd and fping.

I then ran "audit2allow -M fping-httpd < audit2allow" which did create 
both the .te and .pp files. The issue is that inside the .te file, I 
have a warning saying that the rules already exists! Which does make 
sense since I had to allow those particular function for the Mysql
connection to function properly.

(Continue reading)

Timothy Murphy | 25 Oct 15:40 2014
Picon

Upgrading to CentOS-7 on a new partition


I would like to upgrade a CentOS-6.5 home server
to CentOS-7 on a new partition.
What is the simplest way to achieve this?
I would like to be able to boot into either version of CentOS
until I am sure the new version is running OK.

Incidentally, I think most people today must have enough space
on their hard drive to install a new OS on a new partition -
it is surprising that this option never seems to be mentioned
in upgrade documentation.

--

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin 2, Ireland
Always Learning | 24 Oct 22:12 2014
Picon

C7 : Firewalld


Being a fan of IPtables and dreading the eventual transition to Centos
7, I wondered if in C7's firewalld an interface can be assigned to a
single zone or to multiple zones such as 'private' and 'trusted'.

For example interface em1 having both trusted and public zones assigned
to it. If multiple zones per interface are permitted presumably one can
segregate traffic by IP range ?

--

-- 
Thank you.

Paul.
England, EU.
Robert Arkiletian | 24 Oct 20:53 2014
Picon

cr repo firefox el6.6 crashes on 6.5

Noticed firefox is one of the only critical sec. updates from 6.6. So I
manually downloaded the rpm from cr repo and rpm -Uvh
firefox-31.2.0-3.el6.centos.x86_64.rpm

but it crashes with

/usr/lib64/firefox/firefox: symbol lookup error:
/usr/lib64/firefox/libxul.so: undefined symbol: gdk_window_get_visual
Jerry Geis | 24 Oct 19:42 2014

setting background on the command line

I have centos 7

I am using:
gsettings set org.gnome.desktop.background picture-uri
 file:///usr/share/backgrounds/gnome/Wood.jpg

to set the background from the command line...

dconf-editor shows the command worked.

But the picture is not updated???

How do I get the desktop to re-draw?

Thanks,

Jerry
Timothy Murphy | 24 Oct 17:43 2014
Picon

What is a client certificate?

A very ignorant question, sans doute.

I get my certificates from cacert.org, to whom I am very grateful.
I follow what I take to be the official procedure,
first creating <server>.key and <server>.csr on my server
and then getting <server>.crt by going to Server Certificate=>New
at the cacert site.

I then place the key certficate *.key in /etc/pki/tls/private/
and what I call the client certificate *.crt in /etc/pki/tls/certs/ .

But I notice that there at www.cacert.org there is 
a Client Certificate folder as well as the Server Certificate folder,
and it seems that one can create a "client certificate" there.

My quesion is: what is the purpose of this second client certificate?

And while I am on the topic, what are the recommended file permissions
for PKI certificates?
I was a little surprised to find my <server>.key has permission 640,
while <server>.crt has permission 644.
The folder /etc/pki/tls/private/ on my server
does not seem to have any special security;
it is owned by root but can be opened and listed by anybody.
Is that the recommended setup?

--

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin 2, Ireland
(Continue reading)

centos | 24 Oct 14:00 2014

CentOS-announce Digest, Vol 116, Issue 13

Send CentOS-announce mailing list submissions to
	centos-announce@...

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
	centos-announce-request@...

You can reach the person managing the list at
	centos-announce-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."

Today's Topics:

   1. CEBA-2014:1679 CentOS 7 perl-Authen-SASL	FASTTRACK BugFix
      Update (Johnny Hughes)
   2. CEBA-2014:1681 CentOS 7 mgetty FASTTRACK BugFix	Update
      (Johnny Hughes)
   3. CEBA-2014:1700 CentOS 7 rsh FASTTRACK BugFix	Update
      (Johnny Hughes)
   4. CEBA-2014:1701  CentOS 7 systemd BugFix Update (Johnny Hughes)
   5. CEBA-2014:1698 CentOS 7 kexec-tools BugFix Update (Johnny Hughes)

----------------------------------------------------------------------

Message: 1
Date: Thu, 23 Oct 2014 12:21:18 +0000
From: Johnny Hughes <johnny@...>
(Continue reading)

Fred Smith | 23 Oct 20:58 2014
Picon

pidgin-sipe on Centos-6/64

Hi!

Wondering if anyone here has been able to get the (3-rd party) SIPE
plugin (pidgin-sipe) working on Centos-6 with the C6 version of pidgin?

I've just started looking at it and after a little messing around have
no joy. Before I waste more time on it I thought I'd ask.

what I've done so far:
--download the latest binary from the Suse build service, allegedly one built
for EL-5. installs (along with libpurple-sipe) without errors, but when I
attempt to create a new account for SIPE there is no listing of it in the
list of protocols in the "add user" dialog.
--figuring I had the wrong version (since the pidgin in C6 is now rather
old) I downloaded the source and built it, again with no errors. but
having installed it, I get the same symptom.

I'd appreciate any helpful hints.

thanks!
--

-- 
---- Fred Smith -- fredex@... -----------------------------
               But God demonstrates his own love for us in this: 
                         While we were still sinners, 
                              Christ died for us.
------------------------------- Romans 5:8 (niv) ------------------------------
Jerry Geis | 23 Oct 20:54 2014

Re: Gnome 3 on centos 7

On Thu, Oct 23, 2014 at 2:50 PM, <m.roth@...> wrote:

> Note that I still can't post to the list....
>
> Jerry Geis wrote:
> > Hi all - almost have my migration to Centos 7 done...
> >
> > My last piece is finding a way to keep menus away from users on Gnome 3.
> >
> > gsettings  took me pretty far, to remap gconf-tool to gsettings.
> >
> > I also removed two packages
> > gnome-shell-extension-places-menu
> > gnome-shell-extension-app-menu
> >
> > This removed the Places and Apps menu options in the top panel.
> >
> > However - when doing this now I see the menu choice for "Activities".
> >
> > I am wondering if anyone knows how to remove that or make it
> > non-functional...
> > You can click on it and run a "terminal" which I do not desire.
>
> I missed the beginning of this - is this supposed to be like a kiosk? The
> only things the users can do is click on icons, and those are all they're
> allowed to do? If so, I think there's a kiosk setup.
>
> And don't forget to disable screen, or whatever it is, that lets me to
> <f[2-x], and get to a text-mode login....
>
(Continue reading)

Jerry Geis | 23 Oct 20:44 2014

Gnome 3 on centos 7

Hi all - almost have my migration to Centos 7 done...

My last piece is finding a way to keep menus away from users on Gnome 3.

gsettings  took me pretty far, to remap gconf-tool to gsettings.

I also removed two packages
gnome-shell-extension-places-menu
gnome-shell-extension-app-menu

This removed the Places and Apps menu options in the top panel.

However - when doing this now I see the menu choice for "Activities".

I am wondering if anyone knows how to remove that or make it
non-functional...
You can click on it and run a "terminal" which I do not desire.

Thanks,

jerry
Johan Vermeulen | 23 Oct 18:27 2014
Picon

lynx only shows : FRAME: wlmframe

Hello,

when I log in through ssh to a remote site and open the web interface 
from a ( new ) printer using Lynx,
it only displays :

FRAME: wlmframe

I suspect this is some unfriendly coding, that will cost me time in 
opening Firefox instead of Lynx or w3m.

Does anybody know of a way around this?

Greetings, Johan

--

-- 
Johan Vermeulen
IT-medewerker
Caw De Kempen
johan.vermeulen@...
0479.82.01.41

Powered by Linux.

Gmane