Firewalld.cond
by Antonio M
should this file be linked to some other file, i.e.
firewall-workstation.conf???
--
Antonio Montagnani
Skype : amontag52
Linux Fedora 22 (Twenty-two)
inviato da Gmail
8 years, 5 months
selinux question
by Paolo Galtieri
I have 2 systems running f22. On these 2 systems I have setup snort.
On both these systems snort logs to directory /var/log/snort. On both
these systems /var/log/snort is owned by user snort and group snort.
However, on one of the systems I cannot write to /var/log/snort as user
snort.
On the system that works
/bin/ls -ldZ /var/log/snort
lrwxrwxrwx. 1 root root unconfined_u:object_r:snort_log_t:s0 34 Oct 22
12:54 /var/log/snort -> /media/NSM/NSM-SENSOR-1/logs/snort
/bin/ls -ldZ /media/NSM/NSM-SENSOR-1/logs/snort
drwxr-xr-x. 2 snort snort unconfined_u:object_r:colord_var_lib_t:s0 4096
Oct 27 10:50 /media/NSM/NSM-SENSOR-1/logs/snort
On the system that fails
/bin/ls -ldZ /var/log/snort
lrwxrwxrwx. 1 root root unconfined_u:object_r:snort_log_t:s0 44 Oct 24
17:29 /var/log/snort -> /run/media/pgaltieri/NEWDATA2/NSM/logs/snort
/bin/ls -ldZ /run/media/pgaltieri/NEWDATA2/NSM/logs/snort
drwxr-xr-x. 2 snort snort unconfined_u:object_r:unlabeled_t:s0 4096 Oct
28 15:31 /run/media/pgaltieri/NEWDATA2/NSM/logs/snort
Note that on the failing system the selinux context shows the directory
has unlabeled_t context while on the working system it's
colord_var_lib_t. I set this at some point (I think), but I forget how
I did it :-(
I have also set up user snort so that I can login to the account and I get
su - snort
Password:
su: warning: cannot change directory to /var/log/snort: Permission denied
-bash: /var/log/snort/.bash_profile: Permission denied
I can write to the directory if I do
sudo touch /var/log/snort/testfile
So what do I need to do to fix this so I can get snort to write to it's
log directory?
Any assistance is appreciated.
Paolo
8 years, 5 months
Detecting empty office doc containing virus macro
by Gary Stainburn
We are receiving LOTS of emails that contain empty XLS or DOC documents with
embedded virus macros. These are getting past SPAMASSASSIN, Clamav and
Kaspersky.
I'm trying to write a filter for EXIM to block these emails but I need to know
a good, quick, command-line to detect an empty doc with a macro.
Is there anything available that I can use??
I have managed to write a PERL script to detect empty xls xlsx, doc and docx
files but I cannot detect whether they have any macros embedded
Gary
8 years, 5 months
digital ocean - setting up secure dev system.
by bruce
Hey guys.
Thinking of taking the step and putting Fed on a test digital ocean droplet.
Has anyone done this that I can talk to/work with to save time/steps.
Basicaally, looking to have a test setup with 3-4 droplets
-minimal ports/services
-mysql on one droplet
-nfs server on one
-dev boxes for the other 2
want to be able to have whatever secuirty is required to lock down the boxes
-want to have php/py on the dev boxes
-is yum/dnf used?
-want dns, to allow me to connect from boxA to boxB by name instead of
ip -- can this be done via cloudflare?
-might also tie git/new relic/etc to have monitoring/backup in place as well
what will I need? I've been looking at different articles and see
different approaches, so figured I'd post here. (sure I'm not the only
one!)
I want to get this all right/correct, as I want to do a writeup, and
walk some others through the process..
So, you sys admins who've been so helpful, pointers, articles I should
definitely hit! All are appreciated.
Thanks
8 years, 5 months
vinagre uses wrong keyboard layout
by Antonio M
when I connect to my remote desktop (both using italian layout) from
vinagre I get different characters for example ò instead of ; and so
on..why?
--
Antonio Montagnani
Skype : amontag52
Linux Fedora 22 (Twenty-two)
inviato da Gmail
8 years, 5 months
laptop external monitor
by Paul Cartwright
I am running f22 on a Dell laptop. I have a 23" monitor plugged in and I
always use just the external monitor. Everytime I boot it reverts to
1024 X 680 and I have to go to the dispay settings, uncheck the box for
both screens the same, turn off the laptop screen & set the external
monitor to 1920 X 1080.
there is no xorg.conf file. Here is the xrandr outout:
$ xrandr
Screen 0: minimum 8 x 8, current 1920 x 1080, maximum 32767 x 32767
LVDS1 connected (normal left inverted right x axis y axis)
1280x800 59.91 +
1024x768 60.00
800x600 60.32 56.25
640x480 59.94
640x400 60.00
TV1 disconnected (normal left inverted right x axis y axis)
VGA1 connected primary 1920x1080+0+0 (normal left inverted right x axis
y axis) 510mm x 287mm
1920x1080 60.00*+
1280x1024 75.02 60.02
1152x864 75.00
1024x768 75.08 60.00
800x600 75.00 60.32
640x480 75.00 60.00
720x400 70.08
VIRTUAL1 disconnected (normal left inverted right x axis y axis)
how do I get this to boot into this mode everytime??
8 years, 5 months
Fedora 22 - Change login screen resolution?
by CS DBA
Hi All;
I'm playing around with Fedora 22 (KDE spin) on a macbook pro retina. I
can login and change the screen resolution and it stays permanent.
However the login screen is still tiny, anyone know how to change /
scale the resolution of the login screen?
Thanks in advance
8 years, 5 months
Problem - All grub kernel options not showing?
by Michael D. Setzer II
Had a load shedding issue that hit my college building at 2am and building
generator didn't kick in, and UPS didn't say up for the hour outage. Went in at
about 6:30am on Sunday to fix things, and found that one of my main servers
was coming up with the grub menu, but only the options for memtest and my
g4l special option were showing up. None of the kernel option would show
up? After booting with the g4l option with its kernel, I was able to look at the
grub.cfg file, and options are there in the grub.cfg file.
I was able to get it to load the kernel by copying the kernel options to the end,
and removing the extra stuff after the menuentry name?? I had also
commented out the load_video line, and switched, the linux16 and initrd16 to
linux and initrd, but don't think that was the issue, since after doing a reboot,
it wouldn't show the opiton until I changed it to just
menuentry 'Fedora' {
I though it might be the blkid that was off, but it seems to be correct.
Below is the current grub.cfg that I had made on the machine using
grub2-mkconfig -o /boot/grub2/grub.cfg
Originally, it went thru, but the reboot showed only the memtest option, and
the g4l option, and I did the coping of the line, and modification to get it to
boot.
Had a 7am meeting that I ended up being late for, since I could get the
machines all up quickly. Machine is now running, but still don't know why the
regulare grub menu options are not showing. The 20+ other machines seem
to have the grub working just fine. This machine did recently have a
motherboard failure, and it was replaced, but everything else was the same.
Below is the grub.cfg and the output of blkid??
Thanks.
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
set pager=1
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="${saved_entry}"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_msdos
insmod ext2
set root='hd0,msdos2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2
--hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 --hint='hd0,msdos2'
1228e51c-1d2f-43b0-a792-84d87541e746
else
search --no-floppy --fs-uuid --set=root
1228e51c-1d2f-43b0-a792-84d87541e746
fi
font="/usr/share/grub/unicode.pf2"
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_output gfxterm
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'
606cfbb3-1aed-4527-bbb2-78ab50772212
else
search --no-floppy --fs-uuid --set=root
606cfbb3-1aed-4527-bbb2-78ab50772212
fi
insmod png
background_image -m stretch /verne.png
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=30
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=30
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Fedora (fedup) 22 (Twenty Two)' --class fedora --class gnu-linux
--class gnu --class os --unrestricted $menuentry_id_option
'gnulinux-fedup-advanced-1228e51c-1d2f-43b0-a792-84d87541e746' {
savedefault
# load_video
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'
606cfbb3-1aed-4527-bbb2-78ab50772212
else
search --no-floppy --fs-uuid --set=root
606cfbb3-1aed-4527-bbb2-78ab50772212
fi
linux16 /vmlinuz-fedup
root=UUID=1228e51c-1d2f-43b0-a792-84d87541e746 ro quiet rhgb
initrd16 /initramfs-fedup.img
}
menuentry 'Fedora (4.2.3-200.fc22.x86_64) 22 (Twenty Two)' --class fedora
--class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option
'gnulinux-4.2.3-200.fc22.x86_64-advanced-1228e51c-1d2f-43b0-a792-84d87
541e746' {
savedefault
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'
606cfbb3-1aed-4527-bbb2-78ab50772212
else
search --no-floppy --fs-uuid --set=root
606cfbb3-1aed-4527-bbb2-78ab50772212
fi
linux /vmlinuz-4.2.3-200.fc22.x86_64
root=UUID=1228e51c-1d2f-43b0-a792-84d87541e746 ro quiet rhgb
initrd /initramfs-4.2.3-200.fc22.x86_64.img
}
menuentry 'Fedora (4.1.10-200.fc22.x86_64) 22 (Twenty Two)' --class fedora
--class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option
'gnulinux-4.1.10-200.fc22.x86_64-advanced-1228e51c-1d2f-43b0-a792-84d8
7541e746' {
savedefault
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'
606cfbb3-1aed-4527-bbb2-78ab50772212
else
search --no-floppy --fs-uuid --set=root
606cfbb3-1aed-4527-bbb2-78ab50772212
fi
linux /vmlinuz-4.1.10-200.fc22.x86_64
root=UUID=1228e51c-1d2f-43b0-a792-84d87541e746 ro quiet rhgb
initrd /initramfs-4.1.10-200.fc22.x86_64.img
}
menuentry 'Fedora (4.1.8-200.fc22.x86_64) 22 (Twenty Two)' --class fedora
--class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option
'gnulinux-4.1.8-200.fc22.x86_64-advanced-1228e51c-1d2f-43b0-a792-84d87
541e746' {
savedefault
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'
606cfbb3-1aed-4527-bbb2-78ab50772212
else
search --no-floppy --fs-uuid --set=root
606cfbb3-1aed-4527-bbb2-78ab50772212
fi
linux /vmlinuz-4.1.8-200.fc22.x86_64
root=UUID=1228e51c-1d2f-43b0-a792-84d87541e746 ro quiet rhgb
initrd /initramfs-4.1.8-200.fc22.x86_64.img
}
menuentry 'Fedora (0-rescue-0d711253e61b4e2e99580424e9c03ce5) 22
(Twenty Two)' --class fedora --class gnu-linux --class gnu --class os
--unrestricted $menuentry_id_option
'gnulinux-0-rescue-0d711253e61b4e2e99580424e9c03ce5-advanced-1228e
51c-1d2f-43b0-a792-84d87541e746' {
savedefault
load_video
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'
606cfbb3-1aed-4527-bbb2-78ab50772212
else
search --no-floppy --fs-uuid --set=root
606cfbb3-1aed-4527-bbb2-78ab50772212
fi
linux /vmlinuz-0-rescue-0d711253e61b4e2e99580424e9c03ce5
root=UUID=1228e51c-1d2f-43b0-a792-84d87541e746 ro quiet rhgb
initrd /initramfs-0-rescue-0d711253e61b4e2e99580424e9c03ce5.img
}
if [ "x$default" = 'Fedora (4.2.3-200.fc22.x86_64) 22 (Twenty Two)' ]; then
default='Advanced options for Fedora>Fedora (4.2.3-200.fc22.x86_64) 22
(Twenty Two)'; fi;
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/20_memtest86+ ###
menuentry 'Fedora Memtest memtest86+-5.01' {
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'
606cfbb3-1aed-4527-bbb2-78ab50772212
else
search --no-floppy --fs-uuid --set=root
606cfbb3-1aed-4527-bbb2-78ab50772212
fi
insmod bsd
echo 'Loading Fedora Memtest ...Loading memtest86+-5.01 ...'
knetbsd /elf-memtest86+-5.01
}
### END /etc/grub.d/20_memtest86+ ###
### BEGIN /etc/grub.d/20_ppc_terminfo ###
### END /etc/grub.d/20_ppc_terminfo ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type
the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
menuentry G4L {
linux /bz4x2.3 ramdisk_size=65536 root=/dev/ram0 telnetd=yes
initrd /ramdisk.lzma
}
menuentry 'Fedora' {
savedefault
# load_video
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'
606cfbb3-1aed-4527-bbb2-78ab50772212
else
search --no-floppy --fs-uuid --set=root
606cfbb3-1aed-4527-bbb2-78ab50772212
fi
linux /vmlinuz-fedup
root=UUID=1228e51c-1d2f-43b0-a792-84d87541e746 ro quiet rhgb
initrd /initramfs-fedup.img
}
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
blkid output
/dev/sda1: UUID="606cfbb3-1aed-4527-bbb2-78ab50772212" TYPE="ext4"
PARTUUID="00091aaa-01"
/dev/sda2: UUID="1228e51c-1d2f-43b0-a792-84d87541e746" TYPE="ext4"
PARTUUID="00091aaa-02"
/dev/sda3: UUID="561f3970-eb54-4136-906a-702ddc2b588b" TYPE="swap"
PARTUUID="00091aaa-03"
/dev/sda5: UUID="23c9f17b-db7c-409f-89ee-a9aaff08b219"
SEC_TYPE="ext2" TYPE="ext3" PARTUUID="00091aaa-05"
/dev/sda6: UUID="e4ae7827-cd39-44b3-92b7-a293cfea694f"
SEC_TYPE="ext2" TYPE="ext3" PARTUUID="00091aaa-06"
+----------------------------------------------------------+
Michael D. Setzer II - Computer Science Instructor
Guam Community College Computer Center
mailto:mikes@kuentos.guam.net
mailto:msetzerii@gmail.com
http://www.guam.net/home/mikes
Guam - Where America's Day Begins
G4L Disk Imaging Project maintainer
http://sourceforge.net/projects/g4l/
+----------------------------------------------------------+
http://setiathome.berkeley.edu (Original)
Number of Seti Units Returned: 19,471
Processing time: 32 years, 290 days, 12 hours, 58 minutes
(Total Hours: 287,489)
BOINC@HOME CREDITS
ROSETTA 35918145.959220 | SETI 65626088.603721
ABC 16613838.513356 | EINSTEIN 75791784.507694
8 years, 5 months
F23 ?
by Paul Cartwright
is it too early to be talking about migration to F23 ???
when it IS time, is fedup the way to go??
just like DNF, fedup is lacking in man pages...
$ man fedup
No manual entry for fedup
8 years, 5 months
Can't upgrade F21 to F22
by CLOSE Dave
Output below. This has been repeated all day. Any thoughts?
====
[root@dsusim ~]# cat /etc/fedora-release
Fedora release 21 (Twenty One)
[root@dsusim ~]# fedup --clean
resetting bootloader config
removing boot images
removing downloaded packages
removing miscellaneous files
[root@dsusim ~]# yum update
Loaded plugins: langpacks
No packages marked for update
[root@dsusim ~]# fedup --network 22
setting up repos...
default-installrepo/metalink | 14 kB 00:00
default-installrepo | 3.6 kB 00:00
default-installrepo/group_gz | 106 kB 00:04
default-installrepo/primary_db | 1.4 MB 00:37
fedora/22/x86_64/metalink | 14 kB 00:00
fedora/22/x86_64 | 3.8 kB 00:00
fedora/22/x86_64/group_gz | 230 kB 00:03
fedora/22/x86_64/primary_db | 18 MB 07:45
google-chrome | 951 B 00:00
google-chrome/primary | 1.8 kB 00:00
rpmfusion-free/22/x86_64 | 3.0 kB 00:00
rpmfusion-free/22/x86_64/primary_db | 337 kB 00:04
rpmfusion-free-updates/22/x86_64 | 3.0 kB 00:00
rpmfusion-free-updates/22/x86_64/primary_db | 70 kB 00:02
rpmfusion-nonfree/22/x86_64 | 3.0 kB 00:00
rpmfusion-nonfree/22/x86_64/primary_db | 101 kB 00:01
rpmfusion-nonfree-updates/22/x86_64 | 3.0 kB 00:00
rpmfusion-nonfree-updates/22/x86_64/primary_db | 29 kB 00:00
updates/22/x86_64/metalink | 13 kB 00:00
updates/22/x86_64 | 4.7 kB 00:00
updates/22/x86_64/group_gz | 230 kB 00:01
updates/22/x86_64/updateinfo | 814 kB 00:17
updates/22/x86_64/primary_db | 6.9 MB 02:32
getting boot images...
.treeinfo.signed | 2.0 kB 00:00
Downloading failed: couldn't get boot images: No more mirrors to try.
Last error was: [Errno 14] HTTP Error 503 - Service Unavailable
====
Debuglog shows that fedup tried at least 34 systems.
--
Dave Close
8 years, 5 months
