latest selinux policy update errors
by Mark Haney
Is anyone else seeing these types of failures with the latest selinux
updates?
libsemanage.semanage_direct_remove: Module dpkg was not found.
semodule: Failed on dpkg!
error: %trigger(selinux-policy-strict-2.6.4-21.fc7.noarch) scriptlet
failed, exit status 1
libsemanage.semanage_direct_remove: Module dpkg was not found.
semodule: Failed on dpkg!
error: %trigger(selinux-policy-strict-2.6.4-23.fc7.noarch) scriptlet
failed, exit status 1
Should I file a bug report?
--
Da mihi sis bubulae frustrum assae, solana tuberosa in modo gallico
fricta, ac quassum lactatum coagulatum crassum
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
Call (866) ERC-7110 for after hours support
14 years, 7 months
X and Intel 965
by Jeffrey Ross
so far the installation of FC6 has gone relatively smoothly albeit some
additional learning and bumps due to the 64 bit architecture of this
machine.
The mother board is an Intel DG965RYCK which uses Intel's 965 express
chipset. Based upon what I've been able to find on the web, Intel has
released the drivers for this chipset to OSS, although there have been
issues as to what Intel actually released and how complete they might be.
Regardless I unable to run mplayer (or Realplayer) for that matter
without the display first freezing then going black followed by garbage
along the bottom of the screen. A Control-Alt-Backspace does not stop X
from running. The only way to recover the machine from this point is to
reboot the system. I am still able to connect from a remote system, its
just the display that has become unstable.
lspci -v shows the following for the graphics adapter
00:02.0 VGA compatible controller: Intel Corporation Integrated
Graphics Controller (rev 02) (prog-if 00 [VGA])
Subsystem: Intel Corporation Unknown device 514d
Flags: bus master, fast devsel, latency 0, IRQ 177
Memory at 50200000 (32-bit, non-prefetchable) [size=1M]
Memory at 40000000 (64-bit, prefetchable) [size=256M]
I/O ports at 3110 [size=8]
Capabilities: [90] Message Signalled Interrupts: 64bit-
Queue=0/0 Enable-
Capabilities: [d0] Power Management version 2
suggestions would be appreciated.
Thanks
15 years, 7 months
OFF-TOPIC: Fedora 7 already installed, can't install XP on empty partition
by Andre Costa
Hi,
this is somehow off-topic, but hopefully someone here has been through
this already...
I just bought a shiny new Core 2 Duo machine (Intel DG33BU mobo), with
a nice 250G SATA disk. Fedora 7 installation went surprisingly well
(and fast), only problem was that onboard NIC was not recognized, but
upgrading the kernel offline fixed this. Everything is amazingly fast
=)
BUT... I need this machine to dual-boot to Windows XP (still addicted
to some Windows-only games =( ). XP setup CD hangs just after showing
"examining hardware configuration" or something like that. It doesn't
really hangs, it just switches to a blank screen and sits there
forever (I already left it there for more than 15min to no avail).
Keyboard is responsive and HD led stays on. CTRL+ALT+DEL reboots as
expected.
I talked to IT guys at work and they told me they've been through this
already lots of times, it seems XP is unable to properly recognize the
disk when only Linux is installed on it (?!?), and only solution would
be to reformat the whole thing and install XP first.
Is that true?
My system is configured as:
~ fdisk -l /dev/sda
Disk /dev/sda: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 10467 83971755 8e Linux LVM
HD specs are:
~ hdparm -I /dev/sda
/dev/sda:
ATA device, with non-removable media
Model Number: SAMSUNG SP2504C
Serial Number: S09QJ1SP208120
Firmware Revision: VT100-50
GRUB is installed on MBR. All remaining space is sitting there,
waiting for XP to take over... =/
Anyone knows of a workaround? Should I try to create an additional
partition on the empty space and format it as VFAT hoping this would
make Windoze less stupid? Or am I doomed to remove all partitions and
start from scratch, starting with XP?
TIA
Andre
15 years, 8 months
vstpd.conf
by dhottinger@harrisonburg.k12.va.us
Im having a devil of a time getting vsftpd configured for auth. with
an ldap backend on Fedora Core 5. I keep getting a 530 530 Login
incorrect.
Unable to make a connection. Please try again.
The server has a username incorrect message.
Anonymous works fine. I have standard vsftpd.conf here is the snippet:
anonymous_enable=No
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
pam_service_name=vsftp
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES
User authentication is against an ldap server. That seems to be
working fine. AFP users can connect ok. I read about an issue with
the pam module, but that doesnt seem to be the case. I keep beating
this thing around and around with no joy so far.
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
15 years, 10 months
Kernel numbers
by Jeff Stevens
What does it mean to see an rpm with a kernel of 2.6.10-1.741_FC3, when
we go to a site like http://www.kernel.org and see the latest kernel is
at 2.6.10? If one wanted to compile their own kernel from this site,
would they be losing fixes/etc. from the "-1.741_FC3" portion?
Thanks, still learning here...
--
Jeffrey Stevens
gpg --keyserver pgp.mit.edu --recv-keys D2E5A4E8
Key fingerprint: 1C86 8717 E485 FA4D B9EF 96E2 A1AC 4B00 D2E5 A4E8
15 years, 11 months
tar backup on tape doesn't work
by Budiono
Hi all,
I 'm just install a scsi card BusLogic BT-958 and HP DAT 40, on my
fedora core 6 system. I usually backup my system, using tar.
My problem is backup doesn't running well.
And this is my backup script:
#tar -b 1024 -cvf /dev/st0 /usr/local/src/my_home/yahoomail | bzip2 -9 >
/var/log/Backup.log.bz2
Backup only run a while, and archive some files in directory and then stop.
[root@mis-s155 ~]# tar -b 1024 -cvf /dev/st0
/usr/local/src/my_home/yahoomail | bzip2 -9 > /var/tmp/Backup.log.bz2
tar: Removing leading `/' from member names
tar: /dev/st0: Cannot write: Device or resource busy
tar: Error is not recoverable: exiting now
But when I put out -b parameter on tar. It run a while and not backup
directory at all
The backup script I used was running well when I'm using redhat 9.0 system.
I attach some message from my system
scsi: ***** BusLogic SCSI Driver Version 2.1.16 of 18 July 2002 *****
scsi: Copyright 1995-1998 by Leonard N. Zubkoff <lnz(a)dandelion.com>
scsi5: Configuring BusLogic Model BT-958 PCI Wide Ultra SCSI Host Adapter
scsi5: Firmware Version: 5.06I, I/O Address: 0xDC00, IRQ Channel:
225/Level
scsi5: PCI Bus: 2, Device: 3, Address: 0xFEAFF000, Host Adapter SCSI ID: 7
scsi5: Parity Checking: Enabled, Extended Translation: Enabled
scsi5: Synchronous Negotiation: Fast, Wide Negotiation: Enabled
scsi5: Disconnect/Reconnect: Enabled, Tagged Queuing: Enabled
scsi5: Scatter/Gather Limit: 128 of 8192 segments, Mailboxes: 211
scsi5: Driver Queue Depth: 211, Host Adapter Queue Depth: 192
scsi5: Tagged Queue Depth: Automatic, Untagged Queue Depth: 3
scsi5: SCSI Bus Termination: Both Enabled, SCAM: Disabled
scsi5: *** BusLogic BT-958 Initialized Successfully ***
scsi5 : BusLogic BT-958
Vendor: HP Model: C5683A Rev: YP61
Type: Sequential-Access ANSI SCSI revision: 03
scsi 5:0:3:0: Attached scsi generic sg1 type 1
st: Version 20050830, fixed bufsize 32768, s/g segs 256
st 5:0:3:0: Attached scsi tape st0
st0: try direct i/o: yes (alignment 512 B)
[root@mis-s155 ~]# mt -f /dev/st0 status
SCSI 2 tape drive:
File number=-1, block number=-1, partition=0.
Tape block size 0 bytes. Density code 0x26 (DDS-4 or QIC-4GB).
Soft error count since last status=0
General status bits on (1010000):
ONLINE IM_REP_EN
I very appeciate for any solution and comment.
Thank you
Budiono
16 years
Re: Port forwarding
by Andy
Hi,
Jari Marikainen wrote:
> I would like to forward incoming traffic from internet to
> "<195.198.111.x> port 80" to "<some other ip on the internet> port 80"
> in FC3 on the same interface.
I would try the DNAT/SNAT iptables targets, along the lines of:
iptables -t nat -A PREROUTING -p tcp --dport 80 -d 195.198.111.x \
-j DNAT --to-destination 65.114.4.69
iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 65.114.4.69 \
-j SNAT --to-source <your external IP address on this machine>
The second line makes the real server send it's replies through the same
path (otherwise it will reply directly to the client)
You have to enable/allow forwarding for everything to work.
hth,
/Andy
16 years
ssh and port 22 problem, cont.
by Gerhard Magnus
Greetings!
I've made some progress on troubleshooting this "ssh & port 22 problem".
Here was my original post:
When I try to connect from a remote machine to my one at home
using ssh I get the error message "ssh: connect to host 64.146.133.1 port
22: Connection refused" -- but using ssh in the outgoing direction (i.e.
from home to the remote location) works fine.
Here's what's happened since:
I have two machines (PuteA and PuteB) sharing an ActionTec DSL modem. The IP
I was using was that of my "Gateway" ISP (64.146.133.1) -- an error. But
when I used the correct, static IP address of the ActionTec
(64.146.133.52) I got this message:
ssh: connect to host 64.146.133.52 port22: Connection refused
I thought I had port forwarding (for port 22) set correctly on the modem. For
troubleshooting, my ISP advised me to run "tcpdump -n host 192.168.0.2" on
PuteA, where 192.168.0.2 is the "internal" IP of PuteA. Then I logged on
to the remote location from PuteB and tried to ssh from there to PuteA
using the static IP address. The ssh from the remote location timed out
with the same "port 22: connection refused" message. The tcpdump on Pute
A gave this message:
> tcpdump: listening on eth0
> 17:27:33.662753 arp who-has 192.168.0.2 tell 192.168.0.1
where 182.168.0.1 is the "internal" IP of the modem. (Sorry if I have
this terminology wrong.)
My ISP says the problem is the firewall on PuteA and that he doesn't do linux
firewalls.
Here are my replies to the people who responded to my first post:
(1) "Do you have the firewall configured to deny incoming packets to port
22?"
How do I check this?
(2) "You need to check that sshd is running on your system."
Yes. I comes up with each boot. Also "service sshd status" gives
"sshd (pid 787) is running".
(3) "sshd uses /etc/hosts.allow and /etc/hosts.deny. Check that they are
configured to allow your remote machine in."
Both files have only commented lines.
(4) "Also, if your /etc/ssh/sshd_config file has VerifyReverseMapping
turned on, you will get kicked out if your remote address does not work
with a reverse dns lookup."
There's a "VerifyReverseMapping no" line in the file but it's been commented
out.
(5) "Just to be sure: when you are at home machine, try 'ssh localhost'.
If this works, you probably need to check your firewall."
It seems to work -- I ssh to the machine itself.
(6) "This is common on every system I have ever loaded with FC2. Your
iptables are blocking the connection. You can do one of the following:
iptables -A INPUT -m tcp -p tcp --dport 22 - j ACCEPT"
I tried this. The ssh to PuteA from the remote location still times out.
(7) "Oh yes I also took out the REDHAT firewall entrie as I dont have a
clue as to how to work with it."
I've fiddled endlessly with this "system tool" at each of the three levels
of security as well as using the "customize" option to set eth0 as a
trusted device and to allow incoming ssh. It doesn't show the settings
that actually exist.
(8) "If your fedora box is connected directly to a DSL modem, you should
be able to find your IP address by running ifconfig from the command
line and looking for 'inet addr:' (probably under 'eth0')."
eth0 Link encap:Ethernet HWaddr 00:40:05:81:60:8E
inet addr:192.168.0.4 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2184 errors:0 dropped:0 overruns:0 frame:0
TX packets:2005 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1122075 (1.0 Mb) TX bytes:190214 (185.7 Kb)
Interrupt:5 Base address:0x3000
Could this be the problem -- the "inet addr" of 192.168.0.4? As far as I
can tell, the modem is 192.168.0.1, PuteA is 192.168.0.2, and PuteB is
192.168.0.3. I haven't set anything as 192.168.0.4.
(9) "nmap 64.146.133.52"
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
23/tcp open telnet
53/tcp open domain
80/tcp open http
Shouldn't ssh be here? And what's telnet doing open? The books have me
scared to death of this... hackers, crackers, script kiddies, etc.
Thanks for the help!
Jerry Magnus
16 years, 2 months