similar to: Security Policies

Is it possible to mix and match crypto policies using approved tools in CentOS 8? Our environment requires a LEGACY setting for OpenSSL so we can maintain connections with our LDAP servers (which we cannot update at this time), but I'd like especially the OpenSSH settings to use the DEFAULT policy (and maybe even FUTURE on a test host or two). I think it's possible to manually

Okay, this will never come to an end otherwise: I would like to use <http://creativecommons.org/licenses/by-sa/3.0/> as the license for the complete content of the wiki. The content on the wiki is *NOT* licensed at all at the moment. So this call goes out to *ALL* people who have already contributed to the wiki: Is it okay with you to use this license for your content on the wiki? If

I've written a short howto on creating and mounting an encrypted filesystem using dm-crypt. The doc currently lives on our internal wiki (Trac) at work, but I'd love to rewrite and post for a general readership. I suppose the proposed URL would be something like http://wiki.centos.org/TipsAndTricks/EncryptedFilesystem -- Paul Heinlein <> heinlein at madboa.com <>

On Tue, 29 Oct 2019, JEFFREY MC DANIELS wrote: > Hello, > I just started working with CentOS and I want to say it's a great > OS. The only issue is that I no longer see the lists of Security > polices during the installation and I would like to know how to > install them in Centos 8 Do you mean "Crypto policies"? If so, the update-crypto-policies utility will

On Fri, 26 May 2017, Christian, Mark wrote: > On Fri, 2017-05-26 at 11:19 -0400, Bernard Fay wrote: >> Hi, >> >> Does a fix has already been made in the CenOS RPM repositories for this >> Samba remote execution code vulnerability, CVE-2017-7494? > yes. samba-3.6.23-43.el6_9.x86_64.rpm And samba-*-4.4.4-14.el7_3.x86_64 -- Paul Heinlein <> heinlein at

I've got a CentOS 6 machine that's slated to go into production providing some web and development-repository services. Part of the environment is gitweb, which works as expected with one glitch: SELinux doesn't allow gitweb.cgi to query sssd to display who owns the repositories. The audit log entries are pretty straightforward, e.g., type=AVC msg=audit(XXXXXXXXXXXX): avc:

On Thu, 23 May 2019, Stephen John Smoogen wrote: > I might actually be able to have a workable answer: > > alias drf='/usr/bin/df -x tmpfs' /usr/bin/df \ -x autofs -x binfmt_misc -x cgroup -x configfs -x debugfs \ -x devpts -x devtmpfs -x efivarfs -x hugetlbfs -x mqueue \ -x nfsd -x proc -x pstore -x rpc_pipefs -x securityfs \ -x selinuxfs -x sysfs -x tmpfs :-) --

hi everyone, I know this update has been a bit delayed, things have been pretty hectic. But lots of good updates for everyone: Distro -------- * Updates for CentOS Linux 5/7 : All updates from upstream are released into the CentOS mirror network. * Upstream 6.7 was released a few days back, we have all the rpms from that release built and released to the early-adopters into the CentOS-CR repos

Hi, Does anyone have a pointer to correct documantation for generating and installing a self signed ssl cert for use on httpd on a C-5 machine? The docs say to use genkey but AFAIK upstream rm'd crypto-utils from the distro and as such it is not available. I tried generating the cert on a C-4 machine using genkey and installing on the C-5 machine but I get the following error when I try to

Hi community, In CentOS 7 there is such rpm (libcxx-devel - it seems from EPEL repository), but in CentOS 8 it isn't. How is it possible to have it there as RPM? because alternative to build it (libc++) from sources is a big headache (I need it in order to build v9 and plv8 projects) Thanks

Hello all! I'm brand new to the mailing list, and I've encountered an issue with the microcode_ctl package version 2.1-16 being installed during the CentOS 7.3 upgrade. It causes my servers to hard stop and they need to be forcibly powered off and back on again with the power button to continue. This RedHat thread https://bugzilla.redhat.com/show_bug.cgi?id=1398698 details the issue,

Hello all, I've been googling my brains out since yesterday looking for up-to-date information on this matter, and have found information that is anywhere from 15 to 5 years old. I'd really like some information that much more up to date on the subject. Specifically configuring Sendmail SMTP authentication (_no smart host stuff_). I've got Sendmail 8.14 installed on a CentOS 7.3

On 03/08/2017 11:00 AM, Paul Heinlein wrote: > On Wed, 8 Mar 2017, Mark Weaver wrote: > > > Hello all, > > > > I've been googling my brains out since yesterday looking for up-to-date > > information on this matter, and have found information that is > anywhere from > > 15 to 5 years old. I'd really like some information that much more > up to

hope thus comes under the remit of this mailking list... We use puppet, and Im trying to come up with "code" that will create two user accounts with a shared groiup ID eg? user1 with UID 1000user 2 with UID 1001 but I would like them BOTH to share the GID of 2000 I've tried the following accounts::groups:? ? jointgroup:? ? ? ? gid: '2000' accounts::users: ? ? user1:? ? ? ?

On Mon, 12 Oct 2020, Alexandru Lazarev wrote: > Hi community, > In CentOS 7 there is such rpm (libcxx-devel - it seems from EPEL > repository), but in CentOS 8 it isn't. > > How is it possible to have it there as RPM? because alternative to build it > (libc++) from sources is a big headache (I need it in order to build v9 and > plv8 projects) Do you mean the

Hi everyone, by default, /var/www/html/ folder is under user/group root. Is it a good idea to change this to apache user/group? I'm trying to set up web server box using CentOS 4.2. Any idea how this change can effect the system and php programming? Any pros & cons for this change??? Any security risk to have /var/www/html/ folder under user/group root? Thanks, JC

Hello, I've got a client who wants to go ssl. He's running a web server, smtp/pop, and ftps and imaps is coming as well. I'm looking for a wildcard ssl certificate i believe it's called but one on the budget plan. I am also wanting to ensure that the mod_ssl with httpd on the server is only using the strongest encryption methods and protocols. Thanks. Dave.

For those of you who are either part of the secret cabal, or are otherwise keeping track of it, there is a new version available. The current version of the cryptex is version 3.1. It's changed rather significantly in some areas.

Hello, does it in any respect (throughput/performance, cpu load, I/O load, resilience, ...) matter, if one mounts subdirectories of an NFS (v3) export into separate directories or if one just mounts the parent directory? I.e. like this: server:/export/base/a -> /mnt/a server:/export/base/b -> /mnt/b server:/export/base/c -> /mnt/c server:/export/base/d -> /mnt/d

Hi, I am user of CentOS 8. When can we expect an image on AWS? I am just learning AWS and would like to use CentOS 8 for that. thanks --- Lee