logs archiveIRC Archive / Freenode / #centos / 2015 / October / 10 / 1
TrevorH
questions about ELRepo's kernels are better addressed on #elrepo
justarandomeguy
Hi, can I use wildcard in grub2 config file? for example for initramfs or kernel file address or in 'search --file' command
tawm04
don't know who to notify but i think there's an issue with the recently released vagrant box on atlas. It doesn't have guest additions so shared folders are broke. using v1508.1 it works. anyone know of a better place to report this?
pankid
I am trying to lock down my server with iptables and some unexpected things are happening. When I set my input chain to the drop policy, I can no longer resolve dns. My output is accept and my dns is pointed at 8.8.8.8 and 8.8.4.4
Here is my iptables setup
https://paste.debian.net/315210/
Logos01
pankid: You're rejectin all inbound DNS traffic.
pankid: HEre. Use this as a template for your iptables configuration: http://fpaste.org/277282/43003814/
Just add lines for each tcp/udp port so that they go lowest->highest top->bottom in the relevant chain.
I.e.; If you are running a webserver, add copy-and-past the line with "--dport 25" immediately below itself (but above the line that has "-j LOGNDROP"
Then change that 25 to an 80.
pankid: For bonus points, you can add this http://fpaste.org/277283/14444302/ as a file named /etc/rsyslog.d/iptables.conf
And then mkdir -p /var/log/iptables
pankid
Logos01: thanks
Logos01
And you'll have unique/separate logfiles for your logworthy-but-accepted and all-rejected network traffic.
These are what I use.
https://github.com/Logos01/admin-tools/tree/master/CIS_kickstart
(That's if you want to build a Cent7 server against the standards I'm talking about.)
pankid: While you're at it, you might want to look up what a stateful firewall is and why what you wrote isn't one.
pankid
Yeah, that is something I need to brush up on
Logos01
:)
pankid: Basically what you were doing that was creating the unwanted behavior was that you were not tracking relationship between outbound and inbound traffic
pankid: You had a blanket drop policy on any inbound traffic on ports not explicitly opened, so even though you were initiating the DNS queries the responses were treated as unrelated to the initiated connection.
         

pankid
oh I see, so when I tried to grab dns, iptables was blocking it even though it was outbound?
Logos01
It wasn't outbound at that point.
pankid
oh
Logos01
Your request is outbound; the server's response to you is inbound.
pankid
I needed the -A ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
Logos01
That would do it.
pankid
huh
thanks
for you time
and iptables config
Logos01
No worries!
Chill_Surf
hi there. While running "ls" in my main user folder /home/user, i see that there is a file/folder with 0 size called "Package" and another one "Running"
i cant seem to find any info on the net. is this something normal?
as I havent noticed that again
Sokel
Are you very, very sure you're not the one that created those.
Chill_Surf
I am very very sure i didnt create them, the only thing i did is to run "cd Package" and cd "Running" when i've seen them for the first time
Sokel: they seem to have been created 5 months ago
as i can see using filezilla file view
dgbaley
Chill_Surf: if this is a DE, they could have been created by anything
Chill_Surf
DE?
dgbaley
desktop environment
Chill_Surf
centos 6.7 x64bit
dgbaley
uh, ok
Is it a text-only server, or are you running gnome, kde, xfce, or something?
Chill_Surf
text-only, but i am only running webmin/virtualmin
as a web interface environment
fenrus02
@webmin
centbot
The webmin, usermin and virtualmin web management interfaces are not supported in this venue. Please seek assistance from their channels (#webmin / #virtualmin) or other support venues.
fenrus02
it's not surprising you have issues now.
         

linsux
repoforge don't have mplayer
fenrus02
@repoforge
hm.
pj
@rpmforge
centbot
rpmforge/repoforge can no longer be considered a trusted resource. Updates are few and far between which can, has and will continue to put people at risk. Please find alternative package sources such as EPEL or another trusted repo listed at http://wiki.centos.org/AdditionalResources/Repositories and pay attention to the reference on yum-priorities.
fenrus02
ta pj
pj
yw
fenrus02
@repos
centbot
Additional packages are often in 3rd party repos. Information on additional CentOS repos is available at http://wiki.centos.org/AdditionalResources/Repositories Pay attention to the reference on yum-priorities.
fenrus02
use that instead.
linsux
yes, repoforge don't have mplayer
pj
linsux: check out the nux-dextop repo instead
@nux
bleh
it's on that @repos page
fenrus02
literacy is overrated.
linsux
i really like centos 7 ui more than 6
but it don't have 32bit
pj
linsux: actually, there is a 32 bit CentOS 7 now
linsux
where
pj
hang on, I'll dig up the link
linsux
please give me 32bit 7
thanks
pj
the problem you'll find, though, is that there are no 3rd party repos for it yet.
http://mirror.centos.org/altarch/7/isos/i386/
fenrus02
not much point. remotely recent hw supports 64bit.
pj
fenrus02: I happen to have two laptops that are 32 bit and run CentOS 7 just fine
there is a rather good point for me.
fenrus02
pj, how old are they :)
and do they actually not have 64bit instruction sets?
pj
fairly old, one is on it's (very) last legs, the other can probably get another four or five years out of it.
fenrus02: correct, they are 32 bit CPUs
linsux
will 7 32bit be official?
pj
linsux: it is official
it is now official and released.
linsux
i don't see it in the website
fenrus02
pj, what make/model is the non-ancient one?
pj
as I said the main issue is 3rd-party repos, such as epel and nux, etc.
linsux
and rpm fusion
fenrus02
did you see the @repos link above?
pj
fenrus02: it's a dell n series PP20L
it's one of the original ones that actually came with ubuntu pre-loaded instead of windows.
linsux
Version

Minor release

CD and DVD ISO Images
1 2 3 4 5 next »