similar to: really nice squid bug?

On Tue, 24 Mar 2015 09:41:58 +0200 Eero Volotinen <eero.volotinen at iki.fi> wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1202858 > > affects also on centos? Bugs in internal, non-released, rh packages don't really affect centos, no. /Peter

in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 -- Eero 2015-04-16 21:02 GMT+03:00 Eero Volotinen <eero.volotinen at iki.fi>: > well. this hack solution might work: > http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html > > -- > Eero > > 2015-04-16 17:30 GMT+03:00 Leon Fauster <leonfauster at

I generated according to the docs . Which produced my server.secrets as below used the command ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/www.example.com.secrets : RSA { # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 # for signatures only, UNSAFE FOR ENCRYPTION

Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this error packet from *****:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44

Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest" solution. -- Eero 2015-04-17 14:15 GMT+03:00 Johnny Hughes <johnny at centos.org>: > On 04/16/2015 05:00 PM, Eero Volotinen wrote: > > in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 > > > > -- >

Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > Will ask my boss :) We are hosted on memset so not so easy to update > > Thanks > > On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote: > > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > >

Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey > file The man pages says ipsec showhostkey outputs in ipsec.conf(5) format, Ie ***.server.net.

err. upgrades? You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones.. -- Eero 2016-03-21 20:33 GMT+02:00 <m.roth at 5-cent.us>: > Glenn Pierce wrote: > > I asked about upgrading once and got no reply. Does anyone have > experience > > of having a hosted centos upgraded on a virtual server. Would you usually

Hi,volotinen: as it mentioned in your web link: "Your on the right track your module need to be signed", my question how to sign test_file_system.ko? thanks, w.k. ------------------ ???? ------------------ ???: "eero.volotinen";<eero.volotinen at iki.fi>; ????: 2016?1?22?(???) ??3:42 ???: "CentOS mailing list"<centos at

Am 16.04.2015 um 11:46 schrieb Leon Fauster <leonfauster at googlemail.com>: > Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>: >> Is there any nice way to get tlsv1.2 support to centos 5? >> upgrading os to 6 is not option available. > > > Unfortunately not. https://bugzilla.redhat.com/show_bug.cgi?id=1066914 -- LF

I have tried openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem I get unable to load Private Key 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY On 1 April 2016 at 13:59, Eero Volotinen <eero.volotinen at iki.fi> wrote: > You can do any kind of format conversions with openssl commandline client. >

This looka good: https://github.com/juliogonzalez/s3fs-fuse-rpm Eero 7.6.2015 4.23 ip. "Tim Dunphy" <bluethundr at gmail.com> kirjoitti: > > > > Centos 7 base repo contains fuse, use it. it works. handcompiling > packages > > to centos is *really* stupid, without proper knowledge.. > > > Thanks, you're right. The Centos 7 package works. > >

My boot folder has only rescue vm. How to get actual vm? Shiva Prasad Nath 92981134 On Sun, Nov 22, 2015 at 12:43 AM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > Using rescue mode or some other rescuecd.. > > Eero > 21.11.2015 6.41 ip. "Siva Prasad Nath" <shivaprasadnath21 at gmail.com> > kirjoitti: > > > Hi, > > From yesterday my

Glenn Pierce wrote: > Yes reinstall. I get you have to purchase a new instance for a time to > move over. I'd figure that they just move you to an instance that's already running a newer version of the o/s, giving you time to test for breakage. I really don't see them charging, except, possibly, for running in parallel during testing. mark > > -----Original

Centos 5 is still soon end of life. Using it as ipsec gateway is .. Eero 21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti: > On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com> > wrote: > > > I second Eero's comment, use a new IPSec daemon. > > > > Openswan was forked and became Libreswan. Paul, now

? 20151113_123827.mp4 <https://drive.google.com/file/d/0BwbqyaG4rXrCUXNfTWI3ZEk4N1k/view?usp=drive_web> ?We are using R630. Do you think it is better to install from DVD? Few times I waited for a long time. Bar was not moving in the screen. Please refer to the video. On Friday, November 13, 2015, Eero Volotinen <eero.volotinen at iki.fi> wrote: > what is model of your poweredge

Ok. try following: firewall-cmd --add-port=110/tcp --permanent firewall-cmd --reload Eero 2016-07-14 12:22 GMT+03:00 ???? <tadao at creative-japan.org>: > I cannot add pop3 with following error. > # firewall-cmd --permanent --zone=external --add-service=pop3 > Error: INVALID_SERVICE: pop3 > > And cannot access to 143 too. > telnet 153.153.xxx.xxx 143 > Trying

I think, this SIG would/should care about hardening CentOS itself as a system not a complete environment (proxies, firewalls, etc.) The examples of the opener show this. Something else could be integrity checking possibly. I imagine a tool/script that could apply hardening stuff. Regards Tim Am 22. April 2015 09:23:52 MESZ, schrieb Eero Volotinen <eero.volotinen at iki.fi>: >Sounds

2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>: > > > > errr, I meant, sftp, not rscp > > > Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow > regular ol' FTP using SELinux? Or does that just defeat the purpose of > having a secure SELlinux server entirely? > FTP is not safe as it does not encrypt username(s)

just for my curiosity, How can we make sure that its not affected? Is there any script to check whether its vulnerable or not (as in bash shell shock vulnerability test)? On Tue, Mar 31, 2015 at 12:25 PM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > Centos 5 is not affected by this bug, so fix is not available. > > Eero > 31.3.2015 9.48 ap. kirjoitti "Venkateswara