similar to: crypto-policies / per connection based config

Il 07/08/20 17:39, Leon Fauster via CentOS ha scritto: > Am 07.08.20 um 17:17 schrieb Alessandro Baggi: >> >> Hi Johnny, >> >> what is the current status of the notification tool for security >> updates on C8? There are possibilities to get soon announces on ML >> for EL8? >> >> Would be great have the tool working. >> >> > >

Working with different OSs can be quite challenging (mentally :-)). I wonder why the command "halt" has not same result between EL6 and EL8. To shutdown the vm or workstation in EL8 i must use "shutdown now". Who mandates this behavior in terms of configuration file? -- Leon

Hi, I'm moving some old stuff from EL6 to EL8 and one setup has a cron job which uses "tmpwatch -umc $dir" to clean some directories (/etc/cron.daily/tmpwatch). It seems that this triggers this AVC (SElinux mode is enforcing): type=AVC msg=audit(1598576896.772:4267): avc: denied { dac_override } for pid=11013 comm="tmpwatch" capability=1

Am 17.06.20 um 12:28 schrieb John Horne: > On Sun, 2020-06-07 at 23:36 +0200, Leon Fauster via CentOS wrote: >> I have some scripts using certwatch from the crypto-utils package. This >> rpm seems to be unshipped with EL8. Any ideas whats the "new" tool to >> check pem cert files? >> > Hi, > > I have used the 'x509watch' package for several

Despite that the migration of our applications comes with a significant workload. It seems that also every aspect of common services had changed with EL8. In EL8 firewalld uses nftables as backend. I wonder why iptables does not list any rules while also configured to use nftables as backend. # iptables -V iptables v1.8.2 (nf_tables) # firewall-cmd --list-all |egrep -o '22|ssh' ssh

On 7/27/20 1:43 PM, Leon Fauster via CentOS wrote: > Am 27.07.20 um 19:50 schrieb Chris Schanzle via CentOS: >> Sorry if I'm being overly impatient, but is there some snag with >> releasing Thunderbird 68.10.0 for EL8? >> >> [RHSA-2020:3038-01] Important: thunderbird security update >> >> https://access.redhat.com/errata/RHSA-2020:3038 >> >>

I have some scripts using certwatch from the crypto-utils package. This rpm seems to be unshipped with EL8. Any ideas whats the "new" tool to check pem cert files? -- Leon

Am 22.10.19 um 04:52 schrieb Orion Poplawski: > On 10/21/19 3:42 PM, Leon Fauster via CentOS wrote: >> Does someone have a working tmp on tmpfs via >> >> systemctl enable tmp.mount >> >> under CentOS8/RHEL8? This seems to work straight in EL7 ... >> >> >> # LANG=C systemctl enable tmp.mount >> The unit files have no installation config

> Am 08.05.2019 um 19:20 schrieb mark <m.roth at 5-cent.us>: > > Leon Fauster via CentOS wrote: >> Hi all, >> >> >> I still use the following kickstart partition scheme for C7 installations >> (via virt-install): >> Briefly, fixed size for /root and /boot, and the rest is filled up for >> /srv. >> >> The same kickstart

On Mon, 8 Jul 2019 at 18:08, Leon Fauster via CentOS <centos at centos.org> wrote: > I am building a new workstation based on EL8 now. As someone else here > mentioned, the raw EL8 distribution > is unusable as a workstation. Therefore I am building lot of additional > packages. Today I came across a problem > with a custom package with an Epoch version, that kills the

Am 26.07.20 um 12:23 schrieb Strahil Nikolov: > > ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????: >> Hi all, >> >> I have some AVC in the logs and wonder how to resolve this: Under >> EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. >> >> >> # tail -1 /etc/fstab >> tmpfs

Hi Leon, I don't have the infra (nor the knowledge or expertise) to create a LiveCD I didn't think about Fedora. This is indeed a good pointer, I will definitely try that Actually, I'm not too worried about the basics, but rather about the wifi, audio & video drivers (one of the boxes is a multimedia system) Thanks!

On 10/22/19 7:04 AM, Leon Fauster via CentOS wrote: > Am 22.10.19 um 04:52 schrieb Orion Poplawski: >> On 10/21/19 3:42 PM, Leon Fauster via CentOS wrote: >>> Does someone have a working tmp on tmpfs via >>> >>> systemctl enable tmp.mount >>> >>> under CentOS8/RHEL8? This seems to work straight in EL7 ... >>> >>> >>>

Hi Leon, have you tried mounting with 'httpd_sys_rw_content_t' instead of 'httpd_var_run_t' ? Best Regards, Strahil Nikolov ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????: >Hi all, > >I have some AVC in the logs and wonder how to resolve this: Under >EL8 (enforcing SElinux) I have /var/lib/php/session mounted as

On 8/9/20 2:49 AM, Alessandro Baggi wrote: > > Il 07/08/20 17:39, Leon Fauster via CentOS ha scritto: >> Am 07.08.20 um 17:17 schrieb Alessandro Baggi: >>> >>> Hi Johnny, >>> >>> what is the current status of the notification tool for security >>> updates on C8? There are possibilities to get soon announces on ML >>> for EL8?

I am building a new workstation based on EL8 now. As someone else here mentioned, the raw EL8 distribution is unusable as a workstation. Therefore I am building lot of additional packages. Today I came across a problem with a custom package with an Epoch version, that kills the yum/dnf update process (it tries to find a "best" package etc.). My actually question; is the RPM Epoch

On Tue, Jun 09, 2020 at 02:19:17PM +0200, Leon Fauster via CentOS wrote: > > Despite that the migration of our applications comes with a significant > workload. It seems that also every aspect of common services had changed > with EL8. > > In EL8 firewalld uses nftables as backend. I wonder why iptables does not > list any rules while also configured to use nftables as

On Sun, Jun 14, 2020 at 4:32 PM Leon Fauster via CentOS <centos at centos.org> wrote: > Working with different OSs can be quite challenging (mentally :-)). > > I wonder why the command "halt" has not same result between EL6 and EL8. > > To shutdown the vm or workstation in EL8 i must use "shutdown now". > fwiw, i've always used 'init 0' to

On Sun, 2020-06-07 at 23:36 +0200, Leon Fauster via CentOS wrote: > I have some scripts using certwatch from the crypto-utils package. This > rpm seems to be unshipped with EL8. Any ideas whats the "new" tool to > check pem cert files? > Hi, I have used the 'x509watch' package for several years now to see when certificates are about to expire. John. -- John Horne

On Aug 28, 2020, at 17:53, Leon Fauster via CentOS <centos at centos.org> wrote: > > Is cron running in EL8 with stripped CAPs of? Does some one have an > idea to address this? In general, we no longer use tmpwatch at all. In CentOS 7 and 8, use systemd-tmpfiles. Here is a blog post that describes it pretty well: