logs archiveIRC Archive / Freenode / #centos / 2015 / June / 27 / 1
mircx1
someone to know what i need install for this GnuTLS not found, multiplex will have no SSL support
akoustik
do you have gnutls and/or gnutls-devel?
mircx1
this for ssl
TrevorH
@sourcebuilds
centbot
This venue is unable to provide assistance with building from source; you are strongly encouraged to learn to create proper packages that can be installed via rpm/yum.
akoustik
mircx1: well i would try it anyway. not sure what you're building, but TLS is basically modern SSL... don't know if that's the best description
but your message does specifically mention "GnuTLS"
TrevorH
the fact that it complains about GnuTLS being missing might be a hint that it's looking for GnuTLS maybe?
sixth
anyone had experience with forcing tlsv1.2 on centos 6.5 with apache 2.4 epel build?
DiscordianUK
Do you mean httpd-2.4?
         

Jeff_S
(Action) pretty sure httpd would not be in EPEL...
DiscordianUK
Likewisw
But apache-2.4 is a debianism
Bahhumbug
2.4 is in IUS for C6/C7, fwiw
DiscordianUK
6.6 is current and supported I thought
Bahhumbug
httpd v2.4
And yep, 6.6 is current :)
TrevorH
sixth: EPEL does not ship httpd
Bahhumbug
DiscordianUK: I completely spaced on the 6.6 current thing. Yeah, 6.5 is old, insecure and unsupported rubbish at this point.
DiscordianUK
aye
xand
I don't understand that numbering. if you just yum update you'll sometimes move up a version number
but usually just get some new packages
TrevorH
point releases come out every ~6 months
DiscordianUK
yum update will get you to 6.6
Bahhumbug
xand: point releases can be viewed in a similar light to windows service packs; point in time roll-up of all updates to that point.
sixth
sorry yep i meant httpd2.4
TrevorH
sixth: pastebin the output of rpm -qi httpd please
sixth
just a sec
ofir
Hi, I've resized the root lvm using: lvresize -L 30G /dev/mapper/centos-root
sixth
package httpd is not installed
ofir
and now the system is in a bad state, I can't even reboot
TrevorH
httpd24? or whatever it's called?
sixth
oh httpd24-httpd
yeah
pasting now
         

TrevorH
ofir: smaller or larger?
ofir
TrevorH: smaller, I can't even reboot :/
-bash: /sbin/reboot: Input/output error
TrevorH
yes, you broke it
sixth
TrevorH, http://pastebin.com/yM1awvFw
TrevorH
you have to resize the filesystem on an LV before you make it smaller or you truncate it
ofir
Is there any way to work it out?
TrevorH
boot from rescue media and resize it back and cross your fingers and hope
next time, make the filesystem smaller first then resize the LV
sixth
when i do 'openssl version' i get 1.0.1e, but when i curl httpd's header I see it uses ssl v1.0.0
TrevorH
and for / that means booting rescue media, you cannot do it live
ofir
TrevorH: so booting from a rescue media, restoring it to original size (45G) and then a reboot should do?
TrevorH
that looks like RHEL's SCL version of httpd 2.4
ofir: maybe, if you're very lucky though it depends on what else happened to it after you resized the LV
personally I'd be reaching for the backups and getting ready to restore them
@backups
centbot
It's a good thing you've got a robust backup policy in place and can restore from backups though! A lot of people with insufficient experience and bad administrative habits would not be in such a good position.
ofir
TrevorH: I won't have physical access to the machine till Sunday, if I copy /sbin/reboot from another machine, will it work?
TrevorH
ofir: rebooting is the least of your problems
sixth
êß ÜÙ éàÙÙÔ ÐÙêÕ àÕ
TrevorH is the SCL version bad?
ofir
TrevorH: snap =[
raatti
ofir: ouch, resizing FS..
TrevorH
no idea, never used it
Bahhumbug
Newer SCLs were just released. Is this the new SCL or the older one?
sixth
not sure
ran 'yum update' and reinstalled yesterday
TrevorH
sixth: I would google for instructions on how to do it on el7's httpd and do the same for yours
@uname sixth
centbot
sixth, please paste the single line of output from the 'uname -a' command run on the server in question to the channel.
ofir
raatti: indeed. what's the safest way to resize the home (lvm) partition then?
sixth
Linux ny2jirdev04.xxx.org 2.6.32-431.29.2.el6.x86_64 #1 SMP Tue Sep 9 21:36:05 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
raatti
ofir: depends on enviroment, but generally I try downsizing root
*to avoid
Bahhumbug
That's old.
sixth
I dont have full control on the VM so I cant update it or do those type of drastic changes
ofir
raatti: lvresize -L 40G /dev/mapper/centos-root, and then lvresize -L 40G /dev/mapper/centos-home ?
msgol
testing
raatti
ofir: most FS tools work on growing but there is no good tools to "downsize"
TrevorH
ofir: before you resize an LV you *must* resize the filesystem on it *first*
raatti
but yeah, FS first
sixth
we have jira running it and want to lock it down to use ssl tls1.2 auth only before we open it to the internet
TrevorH
or use -r to lvresize and have it do it for you
well you want to update that kernel too since that's old and unsupported and riddled with exploits
ofir
TrevorH: I see. I'm a bit novice when it comes to Linux fs. so what's the process (in terms of command line)?
Bahhumbug
It's irresponsible to have an internet-facing machine that's not up to date. Go smack someone there that _is_ responsible for it.
raatti
ofir: depends on FS
TrevorH
ofir: if it's an ext[234] filesystem then you run resize2fs
sixth
Bahhumbug; the joy of working with remote offices... :p
ofir
TrevorH: how do I determine the ext fs type?
TrevorH
if it's xfs and you want to make it smaller then you back it up and make it smaller and format it and restore your data
raatti
but newer CentOS 7 uses XFS and downsizing XFS cannot be safely
DiscordianUK
blkid
TrevorH
raatti: not just "safely": at all
raatti
if you have the space, it might work if your running VM using this method: http://blog.endpoint.com/2015/01/shrink-xfs-partition-almost-possible.html
TrevorH
"almost"
raatti
yup
XFS has no option for shrinking
ofir
it's the default CentOS 7.1 so I guess it chose the default fs type
raatti
xfs then
TrevorH
the default filesystem in el7 is xfs unless you change it
ofir
you guys are awesome. thanks for the help
I will try _physically_ rebooting the machine on Sunday and cross my fingers
because it takes lots of time to get the environment ready and unfortunately I don't have an image
sixth
Bahhumbug do you happen to know any web scanners to scan the jira for o/s vuln and perhaps prove my case for upgrading?
« prev 1 2 3 4 next »