logs archiveIRC Archive / Freenode / #centos / 2015 / September / 4 / 1
_TheDude
anyone ever heard of a yum update for iptables turning off iptables from starting at boot.. chkconfig showed it disabled.. Iv'e seen this happen a couple times before and didn't know why
It started after a yum update
wN
ive never heard of that
fenrus02
"sudo yum history .." and find out what package did it.
_TheDude
I've had it happen before and I know someone else who's seen it. I was worried that maybe this one particular server got hacked but I can't find any evidence of it at all how the firewall got dropped.. nothing in the history showing it was disabled. It happened after a yum update 2 nights ago
fenrus02
should be trivial to locate then. just look at the history for what was altered.
if you also used etckeeper, you would know exactly when/what changed it. easier than sifting through yumdb history.
_TheDude
what history.. yum log?
fenrus02
the command is above.
it's not a log file.
_TheDude
there was an iptables update
oh sorry didnt see that
Yeah was a pretty major update when I updated the software 2 nights ago
but t heir software didn't touch iptables but yum did definitely
fenrus02
stop guessing.
use the commands above and FIND it.
         

_TheDude
can you check the ID specifically? I see the ID never used yum history before
fenrus02
Yes
_TheDude
ahh thats the ..
fenrus02
"man yum" and it has all the history details
_TheDude
thanks for the clues I appreciate it
fenrus02
example situation, maybe a package was "removed" then "added" back instead of "upgraded". That alters the state of services.
_TheDude
ahhh yes
fenrus02
i'd also suggest you use etckeeper. imho, it should be default ;)
_TheDude
I installed tripwire after this event hehe
etckeeper though I never heard of it I"ll check it out
fenrus02
replace "tripwire" with "aide"
_TheDude
Cool I never heard of that one I'll check it out..
is it in the base repos?
fenrus02
etckeeper == git repo for your config files. it's sweet.
aide is in el7 base. didnt check 6
_TheDude
I'm just starting to mess with 7 now setting up a template
wN
fenrus02: what can i do about getting unbanned from #fedora?
fenrus02
aide is also in el6 base. iirc, tripwire found in epel is ancient - but it's the newest version allowed by license
_TheDude
I love git
fenrus02
wN, wrong place to ask? file a feedback ticket, provide logs etc..
_TheDude
Yeah the tripwire I used was from epel
Was just in the process of firewalling some of these servers upstream too heh this accellerated my process heh
wN
fenrus02: yeah. sorry. i sent you a pm but you never responded :P can you send me more information on the feedback ticket?
in pm
fenrus02
wN, go to #fedora-ops or /msg fedbot @feedback
iirc, either should work
         

wN
thanks
sartan
tripwire, aide.. ?
fenrus02
sartan, yum info tripwire aide
sartan
Still trying to think of who is fighting who now :)
Er, it wasn't really a question it was more of a meta question
fenrus02
hah
sartan
as in, 'decisions, decisions'
fenrus02
much of the foss world comes down to personal preference. sometimes it's just licensing.
sartan
Did you read the grsecurity blog announcement this morning?
fenrus02
the pre-death certificate? yes.
dictvm
After enabling systemd users services for a specific user via loginctl enable-linger $user, I think I should be able to control user-specific systemd units as that users. However, upon entering "systemctl --user daemon-reload" I only end up getting "Failed to get D-Bus connection: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11". Any ideas?
sartan
the company not mentioned was intel
fenrus02
dictvm, does the service you are trying to use require x11?
dictvm
No, it doesn't.
It's a headless server where I have no X11-related packages installed.
fenrus02
dictvm, sounds like a bug. is there already an open bugid ?
dictvm
fenrus02: no, only one that was closed: https://bugzilla.redhat.com/show_bug.cgi?id=1198655
fenrus02: I have no idea how to change this default.
_TheDude
So I had E, I, U | 293 >E on that update .. meaning at least one was uninstalled and there was an error .. thing is the software I updated does the yum update for me its all automated so I had no control over it. But they do log the update so I can see it
Def some new stuff added but iptables was only updated
fenrus02
_TheDude, things like "sudo yum history info 293 |grep iptable" work too. pick whatever info you like really. but after you have a candidate, "rpm -q --scripts packagename" will show you what it runs on install / upgrade / removal.
_TheDude
Really it gives you that much detail? Cool
Interesting .. says the package is not installed
There we go need to use the common name instead of the actual package name
fenrus02
are you using firewalld instead of iptables directly?
_TheDude
no.. iptables
shows the script does .. post install it actually does chkconfig --add iptables
dictvm
fenrus02: Do you have any idea how I might change this default?
fenrus02
dictvm, i avoid using dbus whereever possible. not the right person to ask.
dictvm
fenrus02: I want to enable several users to run persistent services from their home directories. I do not explicitly need dbus either.
fenrus02
dictvm, what you're doing above explicitly uses dbus.
dictvm
fenrus02: Okay, then that's a requirement by systemd. Alright.
_TheDude
INteresting though there is no "upgrade" portion of the iptables script
only preinstall post install preuninstall and postuninstall
which does -del iptables and then the install -add's it.. but by default adding it does not turn it on.. there is no chkconfig iptables on or 234 etc
fenrus02
in that case, if yumdb reported the package was remove/add rather than "upgrade" - you know why it stopped.
_TheDude
It didnt.. it reported it as U
fenrus02
_TheDude, likely something else then.
_TheDude
I saw the update logs but the script itself nowhere touches or turns off anything. It only adds and removes it from chkconfig
shivaya
are there some major changes to config files in centos 7 compared to 6?
fenrus02
YES
shivaya
like what?
ntz
:D
fenrus02
like about everything.
c6 -> c7 is a non-trivial move. almost everything changed. read the release notes for details.
saml
hey, what's name of installation script?
fenrus02
for what?
saml
i put installation cd (iso mounted on virtualbox). i got to shell. found /dev/sr0 (cdrom) isn't mounted. so i mounted. now i want to start installation process
https://www.youtube.com/watch?v=G2b4cnMwMVc&t=1m problem is this. CentOS Disc is not found in any of your CDROM devices
so , i got to shell and mounted cdrom myself. i want to resume or start installation blue screen
fenrus02
sounds like a #vbox problem.
saml
but what's installer ?
fenrus02
ask in #vbox
saml
shouldn't there be /sbin/start_install or something?
i was using netinstall.iso, which only supports net install.
fenrus02
third time is a charm. ask about vbox in #vbox .. not here saml. this isnt the best place to ask. you could ALWAYS read the docs for vbox too.
manualdidact
Hi, does anyone have any pointers for getting vnc and gdm working with centos 7? I've got tigervnc installed, I've set up /etc/gdm/custom.conf according to a random article I found ( http://www.itzgeek.com/how-tos/linux/centos-how-tos/remote-login-with-gdm-and-vnc-on-centos-7-rhel-7-configure-vnc-on-xinetd-with-xdmcp-centos-7-rhel-7.html ), but I only get a black screen with the X cursor when I connect
FWIW, I'm also tunneling through SSH, the SSH port is the only thing open on the box. That part seems to be working, at least
« prev 1 2 3 4 5 6 7 next »