James B. Byrne | 10 Feb 17:29 2016
Picon

Re: Utility to zero unused blocks on disk


On Tue, February 9, 2016 16:05, Chris Murphy wrote:
> On Mon, Feb 8, 2016 at 11:18 PM, John R Pierce <pierce@...>
> wrote:
>> On 2/8/2016 9:54 PM, Chris Murphy wrote:
>>>
>>> Secure erase is really the only thing to use on SSDs.
>>> Writing a pile of zeros just increases wear (minor negative)
>>> but also doesn't actually set the cells to the state required
>>> to accept a new write,

Secure erase of an SSD, or any solid state device, is problematic.

See:
http://www.techrepublic.com/article/erasing-ssds-security-is-an-issue/

The CSE requires physical destruction of these devices through
pulverisation or incineration. See:
https://cse-cst.gc.ca/en/system/files/pdf_documents/itsg06-eng.pdf

The USDOD leaves disposal protocols to the individual commands.

Essentially, due to the way data is stored on SSDs, it is impossible
to access every memory cell during a software driven wipe; no matter
how many passes are made.  The possibility of significant fragments of
residual data remaining is always greater than zero.

However, if you entirely encrypt an SSD, BEFORE adding any
confidential material, then secure destruction is assured by
'forgetting' the key. But encrypting an SSD after the material is put
(Continue reading)

centos | 10 Feb 13:00 2016

CentOS-announce Digest, Vol 132, Issue 3

Send CentOS-announce mailing list submissions to
	centos-announce@...

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
	centos-announce-request@...

You can reach the person managing the list at
	centos-announce-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."

Today's Topics:

   1. CEEA-2016:0154 CentOS 5 tzdata Enhancement Update (Johnny Hughes)
   2. CEEA-2016:0154 CentOS 7 tzdata Enhancement Update (Johnny Hughes)
   3. CEBA-2016:0138 CentOS 6 sg3_utils BugFix Update (Johnny Hughes)
   4. CEBA-2016:0147 CentOS 6 389-ds-base BugFix Update (Johnny Hughes)
   5. CEBA-2016:0153  CentOS 6 sssd BugFix Update (Johnny Hughes)
   6. CEBA-2016:0144 CentOS 6 chkconfig BugFix Update (Johnny Hughes)
   7. CEBA-2016:0146 CentOS 6 libgovirt BugFix Update (Johnny Hughes)
   8. CEBA-2016:0148  CentOS 6 poppler BugFix Update (Johnny Hughes)
   9. CEBA-2016:0141  CentOS 6 php BugFix Update (Johnny Hughes)
  10. CEBA-2016:0143  CentOS 6 kdelibs BugFix Update (Johnny Hughes)
  11. CEBA-2016:0139  CentOS 6 cluster BugFix Update (Johnny Hughes)
  12. CEBA-2016:0149  CentOS 6 dnsmasq BugFix Update (Johnny Hughes)
  13. CEBA-2016:0145 CentOS 6 kexec-tools BugFix Update (Johnny Hughes)
  14. CEBA-2016:0142 CentOS 6 librdmacm BugFix Update (Johnny Hughes)
(Continue reading)

Corey Erickson | 9 Feb 18:18 2016
Picon

centos.firehosted.com / tagged as malicious

This repository has begun triggering alerts in my enterprises trend
micro solution this morning.

centos.firehosted.com/7.2.1511/updates/x86_64/repodata/repomd.xml

Any tips on ensuring this repository is never queried by my systems ?

It seems to keep getting picked up on freshly deployed vagrants for
development at this time.

Thanks,
Corey Erickson
Kai Bojens | 9 Feb 17:05 2016
Picon

/tmp full with systemd-private*

CentOS: 7.1.1503

I have a problem with systemd which somehow manages to fill /tmp up with a lot of
files. These files obviously are from the Apache server and don't pose a problem
per se. The problem is that these files don't get removed daily:

du -hs systemd-private-*
7,7G	systemd-private-mpg7rm
0	systemd-private-olXnby
0	systemd-private-qvJJ5o
0	systemd-private-Rs2nBv

It was my understanding that these temp-files should have been removed daily as
it is stated here:

$: grep -v '^#' /usr/lib/systemd/system/systemd-tmpfiles-clean.timer

[Unit]
Description=Daily Cleanup of Temporary Directories
Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)

[Timer]
OnBootSec=15min
OnUnitActiveSec=1d

Am I missing something? Is there a better way with a systemd based systemd to
have these files removed daily?
John Cenile | 9 Feb 16:04 2016
Picon

OpenSwan Drop Out Issue

Hello,

I'm cross posting this from the OpenSwan mailing list, in case someone here
can help.

We have two sites connected via OpenSwan 2.6.32-9 on CentOS 5, sharing 6
/24 subnets each (so 12 in total).

The problem we're having is completely randomly, be it in the middle of the
day, or in the middle of the night (so I don't believe it's traffic
related), certain (and sometimes all) routes will drop. They usually
recover after a few minutes, but it's still long enough for our monitoring
to detect downtime.

The configuration we have on each device is:

conn site-a
        keyingtries=0
        keylife=1h
        ikelifetime=8h
        left=1.1.1.1
        right=2.2.2.2

leftsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}

rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
        pfs=yes
        auto=start
        authby=secret
        dpddelay=30
(Continue reading)

Mike | 9 Feb 14:31 2016
Picon

[SOLVED] Seeking Clarification CentOS 7 as Samba 4 Active Directory Domain Controller

I'm putting the Centos 7 repository Samba 4 packages on hold.
Going to work with Samba 4 source with embedded heimdal.
I see this suggested often on the samba mailing list.

On Mon, Feb 8, 2016 at 3:41 PM, Mike <1100100@...> wrote:

> I performed a Samba 4 Active Directory Domain Controller install in June
> of 2015 on CentOS 7.
> At that time I used the Samba 4.1.XX package from SerNet due to the
> absence of necessary heimdal packages and libraries not provided in the
> CentOS 7 Samba package.
> Since the the 4.1 series is on security fix only, I'd like to upgrade to
> the latest package that tracks with CentOS 7.
>
> When searching the samba packages, I've found:
>
> samba-client.x86_64 : Samba client programs
> samba-client-libs.i686 : Samba client libraries
> samba-client-libs.x86_64 : Samba client libraries
> samba-common.x86_64 : Files used by both Samba servers and clients
> samba-common.noarch : Files used by both Samba servers and clients
> samba-common-libs.x86_64 : Libraries used by both Samba servers and clients
> samba-common-tools.x86_64 : Tools for Samba servers and clients
>
> samba-dc.x86_64 : Samba AD Domain Controller
> samba-dc-libs.x86_64 : Samba AD Domain Controller Libraries
>
> samba-devel.i686 : Developer tools for Samba libraries
> samba-devel.x86_64 : Developer tools for Samba libraries
> samba-libs.x86_64 : Samba libraries
(Continue reading)

Wes James | 8 Feb 22:34 2016

Utility to zero unused blocks on disk

Is there a utility to zero unused blocks on a disk?

CentOS 6.7/Ext4

I saw zerofree, but I’m not sure it would work on Ext4 or even work on this version of CentOS.

thanks,

-wes
_______________________________________________
CentOS mailing list
CentOS <at> centos.org
https://lists.centos.org/mailman/listinfo/centos
Mike | 8 Feb 21:41 2016
Picon

Seeking Clarification CentOS 7 as Samba 4 Active Directory Domain Controller

I performed a Samba 4 Active Directory Domain Controller install in June of
2015 on CentOS 7.
At that time I used the Samba 4.1.XX package from SerNet due to the absence
of necessary heimdal packages and libraries not provided in the CentOS 7
Samba package.
Since the the 4.1 series is on security fix only, I'd like to upgrade to
the latest package that tracks with CentOS 7.

When searching the samba packages, I've found:

samba-client.x86_64 : Samba client programs
samba-client-libs.i686 : Samba client libraries
samba-client-libs.x86_64 : Samba client libraries
samba-common.x86_64 : Files used by both Samba servers and clients
samba-common.noarch : Files used by both Samba servers and clients
samba-common-libs.x86_64 : Libraries used by both Samba servers and clients
samba-common-tools.x86_64 : Tools for Samba servers and clients

samba-dc.x86_64 : Samba AD Domain Controller
samba-dc-libs.x86_64 : Samba AD Domain Controller Libraries

samba-devel.i686 : Developer tools for Samba libraries
samba-devel.x86_64 : Developer tools for Samba libraries
samba-libs.x86_64 : Samba libraries
samba-libs.i686 : Samba libraries
samba-python.x86_64 : Samba Python libraries
samba-test.x86_64 : Testing tools for Samba servers and clients
samba-test-devel.x86_64 : Testing devel files for Samba servers and clients
samba-test-libs.i686 : Libraries need by teh testing tools for Samba
servers and clients
(Continue reading)

Bear Tooth | 7 Feb 22:00 2016
Picon
Picon

"upstream testing"??

	[Follow-ups set to gmane.linux.centos.general] 

 	My wife had been running CentOS 6.4 almost since 
	its inception; then her PC broke down.

        We got a PC from System76, and Ubuntu turned out 
	utterly unsuitable for us, as expected -- as bad
 	for us as Gnome3. (I had previously bought a System76 
	net book (starling iirc), and immediately installed the
	then current Fedora; all has been well with that.

        This time, alas!, I thought I should let her try Ubuntu; 
	so I tried running it myself for an houror two 
	to get it set up and tweaked.

        I couldn't even find any of the apps I wanted to tweak! 
	So I put in an install disk for CentOS, and rebooted.

        It never came near finishing the reboot. Up popped the 
	following:

                Detected CPU family 6 model 94.

                Warning: Intel CPU model -- this hardware has not
                undergone upstream testing. Please see

                http://wiki.centos.org/FAQ for more information.

                tsc: Fast TSC calibration failed.

(Continue reading)

Alessandro Baggi | 7 Feb 16:29 2016
Picon

Re: C7 AD server

Il 07/02/2016 15:59, Miguel Medalha ha scritto:
>>> How I can assing permission on this share?
>
> You can easily do it by following the instructions on the Samba Wiki:
>
> https://wiki.samba.org/index.php/User_Documentation
>

Hi Miguel,
I've followed the wiki how to but, I want configure a share on same 
machine where is hosted DC and seems that this is not possible.

I've configured AD DC on C7 using ServNet packages. Now after 
provisioning, I've tried to join a win7 host and all works.

After this, I've tried to add a share on AD server for all client, but 
when I try to assign permission on dir, I can't because my local system 
can't see domain user.

If I run wbinfo -u I can see user domain. If I run getent passwd, I 
can't see user domain, and so I can't give permission on share for this 
user but only using 777 on share directory (and this is not what I want).

Now, If I put a new samba4 machine and configure it as domain member, 
and join the domain, I can assign on this machine permission for user as 
explained from samba wiki. But this is not my case.

I need to configure DC and share on same machine, but I can't figure out 
why I can't see domain user in my local system.

(Continue reading)

Erkin Aka | 7 Feb 13:49 2016
Picon

Re: C7 AD server

these articles could help you. first one is english and second is turkish
http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller
http://www.koraykey.com/?p=3842
      From: Miguel Medalha <miguelmedalha@...>
 To: chris weisiger <cweisiger@...> 
Cc: CentOS mailing list <centos@...>
 Sent: Sunday, February 7, 2016 2:11 AM
 Subject: Re: [CentOS] C7 AD server

>> Try this. I have been thinking of trying it on C7.
>> http://www.linuxhelp.net/forums/index.php?showtopic=10868

I wouldn't follow the instructions on that link.

Disable iptables? Nah!

The author lumps SELinux and the firewall together.

What is said about DNS is also misleading. DNS is crucial for AD.

Please look at the Samba Wiki instead.
_______________________________________________
CentOS mailing list
CentOS@...
https://lists.centos.org/mailman/listinfo/centos

Gmane