Displaying 20 results from an estimated 20000 matches similar to: "crypto-policies / per connection based config"
2020 Aug 09
2
Fixing grub/shim issue Centos 7
Il 07/08/20 17:39, Leon Fauster via CentOS ha scritto:
> Am 07.08.20 um 17:17 schrieb Alessandro Baggi:
>>
>> Hi Johnny,
>>
>> what is the current status of the notification tool for security
>> updates on C8? There are possibilities to get soon announces on ML
>> for EL8?
>>
>> Would be great have the tool working.
>>
>>
>
>
2020 Jun 14
3
halt versus shutdown
Working with different OSs can be quite challenging (mentally :-)).
I wonder why the command "halt" has not same result between EL6 and EL8.
To shutdown the vm or workstation in EL8 i must use "shutdown now".
Who mandates this behavior in terms of configuration file?
--
Leon
2020 Aug 28
2
EL8: SElinux / dac_override / tmpwatch
Hi, I'm moving some old stuff from EL6 to EL8 and one setup has a
cron job which uses "tmpwatch -umc $dir" to clean some directories
(/etc/cron.daily/tmpwatch). It seems that this triggers this AVC
(SElinux mode is enforcing):
type=AVC msg=audit(1598576896.772:4267): avc: denied { dac_override }
for pid=11013 comm="tmpwatch" capability=1
2020 Jun 17
1
EL8 / certwatch missing
Am 17.06.20 um 12:28 schrieb John Horne:
> On Sun, 2020-06-07 at 23:36 +0200, Leon Fauster via CentOS wrote:
>> I have some scripts using certwatch from the crypto-utils package. This
>> rpm seems to be unshipped with EL8. Any ideas whats the "new" tool to
>> check pem cert files?
>>
> Hi,
>
> I have used the 'x509watch' package for several
2020 Jun 09
3
firewalld / iptables / nftables
Despite that the migration of our applications comes with a significant
workload. It seems that also every aspect of common services had changed
with EL8.
In EL8 firewalld uses nftables as backend. I wonder why iptables does
not list any rules while also configured to use nftables as backend.
# iptables -V
iptables v1.8.2 (nf_tables)
# firewall-cmd --list-all |egrep -o '22|ssh'
ssh
2020 Jul 29
1
Thunderbird 68.10.0
On 7/27/20 1:43 PM, Leon Fauster via CentOS wrote:
> Am 27.07.20 um 19:50 schrieb Chris Schanzle via CentOS:
>> Sorry if I'm being overly impatient, but is there some snag with
>> releasing Thunderbird 68.10.0 for EL8?
>>
>> [RHSA-2020:3038-01] Important: thunderbird security update
>>
>> https://access.redhat.com/errata/RHSA-2020:3038
>>
>>
2020 Jun 07
2
EL8 / certwatch missing
I have some scripts using certwatch from the crypto-utils package. This
rpm seems to be unshipped with EL8. Any ideas whats the "new" tool to
check pem cert files?
--
Leon
2019 Oct 22
2
C8 regression / tmp on tmpfs
Am 22.10.19 um 04:52 schrieb Orion Poplawski:
> On 10/21/19 3:42 PM, Leon Fauster via CentOS wrote:
>> Does someone have a working tmp on tmpfs via
>>
>> systemctl enable tmp.mount
>>
>> under CentOS8/RHEL8? This seems to work straight in EL7 ...
>>
>>
>> # LANG=C systemctl enable tmp.mount
>> The unit files have no installation config
2019 May 08
2
kickstart compat C7 -> C8
> Am 08.05.2019 um 19:20 schrieb mark <m.roth at 5-cent.us>:
>
> Leon Fauster via CentOS wrote:
>> Hi all,
>>
>>
>> I still use the following kickstart partition scheme for C7 installations
>> (via virt-install):
>> Briefly, fixed size for /root and /boot, and the rest is filled up for
>> /srv.
>>
>> The same kickstart
2019 Jul 08
0
epoch rpm el8 obsolete?
On Mon, 8 Jul 2019 at 18:08, Leon Fauster via CentOS <centos at centos.org>
wrote:
> I am building a new workstation based on EL8 now. As someone else here
> mentioned, the raw EL8 distribution
> is unusable as a workstation. Therefore I am building lot of additional
> packages. Today I came across a problem
> with a custom package with an Epoch version, that kills the
2020 Jul 26
1
tmpfs / selinux issue
Am 26.07.20 um 12:23 schrieb Strahil Nikolov:
>
> ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????:
>> Hi all,
>>
>> I have some AVC in the logs and wonder how to resolve this: Under
>> EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs.
>>
>>
>> # tail -1 /etc/fstab
>> tmpfs
2020 Mar 29
3
Upgrade to CentOS8
Hi Leon,
I don't have the infra (nor the knowledge or expertise) to create a LiveCD
I didn't think about Fedora. This is indeed a good pointer, I will
definitely try that
Actually, I'm not too worried about the basics, but rather about the wifi,
audio & video drivers (one of the boxes is a multimedia system)
Thanks!
2019 Oct 22
0
C8 regression / tmp on tmpfs
On 10/22/19 7:04 AM, Leon Fauster via CentOS wrote:
> Am 22.10.19 um 04:52 schrieb Orion Poplawski:
>> On 10/21/19 3:42 PM, Leon Fauster via CentOS wrote:
>>> Does someone have a working tmp on tmpfs via
>>>
>>> systemctl enable tmp.mount
>>>
>>> under CentOS8/RHEL8? This seems to work straight in EL7 ...
>>>
>>>
>>>
2020 Jul 26
0
tmpfs / selinux issue
Hi Leon,
have you tried mounting with 'httpd_sys_rw_content_t' instead of 'httpd_var_run_t' ?
Best Regards,
Strahil Nikolov
?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????:
>Hi all,
>
>I have some AVC in the logs and wonder how to resolve this: Under
>EL8 (enforcing SElinux) I have /var/lib/php/session mounted as
2020 Aug 09
0
Fixing grub/shim issue Centos 7
On 8/9/20 2:49 AM, Alessandro Baggi wrote:
>
> Il 07/08/20 17:39, Leon Fauster via CentOS ha scritto:
>> Am 07.08.20 um 17:17 schrieb Alessandro Baggi:
>>>
>>> Hi Johnny,
>>>
>>> what is the current status of the notification tool for security
>>> updates on C8? There are possibilities to get soon announces on ML
>>> for EL8?
2019 Jul 08
2
epoch rpm el8 obsolete?
I am building a new workstation based on EL8 now. As someone else here mentioned, the raw EL8 distribution
is unusable as a workstation. Therefore I am building lot of additional packages. Today I came across a problem
with a custom package with an Epoch version, that kills the yum/dnf update process (it tries to find a "best"
package etc.). My actually question; is the RPM Epoch
2020 Jun 09
0
firewalld / iptables / nftables
On Tue, Jun 09, 2020 at 02:19:17PM +0200, Leon Fauster via CentOS wrote:
>
> Despite that the migration of our applications comes with a significant
> workload. It seems that also every aspect of common services had changed
> with EL8.
>
> In EL8 firewalld uses nftables as backend. I wonder why iptables does not
> list any rules while also configured to use nftables as
2020 Jun 14
0
halt versus shutdown
On Sun, Jun 14, 2020 at 4:32 PM Leon Fauster via CentOS <centos at centos.org>
wrote:
> Working with different OSs can be quite challenging (mentally :-)).
>
> I wonder why the command "halt" has not same result between EL6 and EL8.
>
> To shutdown the vm or workstation in EL8 i must use "shutdown now".
>
fwiw, i've always used 'init 0' to
2020 Jun 17
0
EL8 / certwatch missing
On Sun, 2020-06-07 at 23:36 +0200, Leon Fauster via CentOS wrote:
> I have some scripts using certwatch from the crypto-utils package. This
> rpm seems to be unshipped with EL8. Any ideas whats the "new" tool to
> check pem cert files?
>
Hi,
I have used the 'x509watch' package for several years now to see when
certificates are about to expire.
John.
--
John Horne
2020 Aug 28
0
EL8: SElinux / dac_override / tmpwatch
On Aug 28, 2020, at 17:53, Leon Fauster via CentOS <centos at centos.org> wrote:
>
> Is cron running in EL8 with stripped CAPs of? Does some one have an
> idea to address this?
In general, we no longer use tmpwatch at all. In CentOS 7 and 8, use systemd-tmpfiles. Here is a blog post that describes it pretty well: