logs archiveIRC Archive / Freenode / #centos / 2015 / June / 26 / 1
kotten
oh..
I was not expecting ssh root login to be allowed by default on CentOs
devhen
it is
oh sorry, misread that
it is allowed by default
kotten
yes
It do feels.. wrong
devhen
so change it
carbonator
kotten: I'd be surprised if a fresh OS install matches your needs perfectly
devhen
it makes more sense to have it enabled by default so you can login as root after you install
if you dont like it, change it
kotten
devhen yeah i did.
carbonator no ofc.
fossxplorer
Anyone here well versed in SELinux and semanage? :)
Sling
don't ask to ask, ask :)
         

devhen
fossxplorer: yes, lots of people. ask your question
fossxplorer
I've posted an error over at #rhel, but pretty low activity there :)
http://fpaste.org/236873/43530510/ is the cmd run & the error
devhen
it might be better if you explained exactly what you're trying to accomplish. maybe that specific semanage command isnt the best way to do it
fossxplorer
RHEL7 has issues with double sided GUI printing, i assume same is the case for CentOS.
I need script permanently changing the context of a file
devhen
are you getting an selinux error in /var/log/audit/audit.log and have you piped it to audit2allow ?
fossxplorer
devhen, nope, nothing related to this in audit.log
devhen
are you sure changing the selinux context on a system file is the proper solution to your problem?
fossxplorer
Also, another problem is that i'm unable to change SELinux user of a symlink
devhen
and have you done what the error tells you to do, to do it on /usr/lib/libpoppler.so.46.0.0 instead ?
Sling
fossxplorer: you could use -C so the base policy regarding /usr/lib /usr/lib64 isn't affected
fossxplorer
devhen, my file isn't in /usr/lib, why should i worry about /usr/lib?
devhen
just a wild guess, because the selinux error *specifically* tells you to do so
Sling
oh wait, that is just for listing, nvm
fossxplorer
Sling, yeah, why am i not allowed to just restore context of the parent directory of the file?
devhen
you might try #selinux
fossxplorer
ah, good idea, thx devhen
carbonator
fossxplorer: isn't -e only for directories?
fossxplorer
carbonator, hmm possibly
carbonator
fossxplorer: from man: The context labeling for the target subtree is made equivalent to that defined for the source
fossxplorer
carbonator, good discovery.
         

juriadobalzac
Hi all! I've got a question, how do you configure centos7 to send out dhcp client options? Right now I use hostnames as identifiers on the dhcp server and this has been working wonderfully in centos5/6, but it's changed in 7 and I can't seem to find the documentation for it
I basically want to add DHCLIENTARGS="-I $(hostname)" to /etc/sysconfig/network, but having it actually work
amk1996
afaik centos 7 uses /etc/sysconfig/network-scripts/ifcfg-eth* rather than /etc/sysconfig/network
TrevorH
most likely you want to use DHCP_HOSTNAME= anyway
juriadobalzac
amk1996: True, but by default it's interface name instead of eth0, I've added DHCP_HOSTNAME=dev7 to /etc/sysconfig/network-scripts/ifcfg-ens192 but to no change
TrevorH: True, yeah, that one stays
I actually thought this was common practice but I suppose the cool kids use MACs or DDNS or something instead
sixth
Hi, anyone has any experience with forcing TLS1.2 on CentOS 6.5 and apache24?
TrevorH
CentOS doesn't ship apache httpd 2.4 on CentOS 6
longword
sixth: That's not a good idea for most purposes, but it can be achieved by modifying the SSLCipherSuite
siXy
sixth: what longword said is wrong, protocol version is controlled via SSLProtocol, cipher sites are different
devhen
^
longword
Apologies.
devhen
SSLProtocol -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 if you want to me explicit
longword
You can kinda sorta do it with SSLCipherSuite, but SSLProtocol is clearly the right thing to do.
devhen
be*
btw, the current release of centos 6 is 6.6. if you are really on 6.5 you need to yum update
^ sixth
siXy
it's kinda ironic to on one hand care about the security of your ssl tunnels so much, but not care at all about the security of your OS...
oh and be aware - if you limit your ssl ciphers and protocols too much, centos-provided curl won't work, including centos 7.
ditto a bunch of other centos things that RH patches to link against nss rather than openssl.
TrevorH
does that still apply after yesterday's nss updates?
siXy
TrevorH: good question - I haven't looked at that yet so I don't know
I'd be rather surprised if the NSS team had suddenly discovered that it wasn't 1994 anymore and modern crypto exists, but it's certainly not impossible
MerlinTHP
(Action) sniggers.
kotten
I seem to have a maximum of ~50 gig in my /srv/ but I have a 3 TB drive. My fstab doesn't do me wiser. Why can't my users use all the disk space?
df -h gives me: /dev/mapper/centos-root 50G 8,2G 42G 17%
(mounted on /
)
I don't want to limit my 3TB to just home.
wolfy
kotten: what does mount come back with ?
kotten: pastebin the output of mount and of df -h. The full output
kotten
wolfy http://pastebin.com/8NFLQCY5
should be a default minimal installation
wolfy
kotten: hint: /dev/mapper/centos-home 2,7T 33M 2,7T 1% /home
kotten
wolfy yes.. But..
wolfy
users live in /home not in /root
kotten
I dont see any diff in the fstab between "/" and "/home"
both xfs both defaults both 0 0
well.. except this /dev/mapper/...
wolfy
which is the whole point. there are 2 different logical volumes,. one for / and one for /home
kotten
wolfy Yeah I get the point just looking on how to divert noquote to the / or /srv
so it works that same as /home
*the [..] *way
It seems logical it should be noquota but it seems to apper both on ../mapper/centos-root and .../mapper/centos-home
wolfy
kotten: do yourself a favor and learn about logical volumes
kotten: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Logical_Volume_Manager_Administration/index.html
kotten
wolfy thanks
msn
i am trying to make a service run as a specific user but seems daemon function is not tanking the --user option
Venemo
hey guys
msn
when i start it gives me daemon [+/-nicelevel] {program}
Venemo
could anyone give me some help configuring postfix?
siXy
Venemo: start here: http://www.postfix.org/documentation.html If run into a specific problem, feel free to come back and ask.
Venemo
siXy: yeah, I've already found that
the thing is, it's unclear how to set up virtual users (if I don't want the email addresses to match UNIX users)
I'd prefer to do it without having to deal with mysql
msn
you could ldap
or sasl
for auth
Venemo
and I'm also not sure how to properly configure smtpd_relay_restrictions
msn
++++++++++++++++++++++++++++++++++++++++++++++
sorry bag on keyboard
1 2 3 4 5 next »