From bda20 at cam.ac.uk Mon Feb 2 12:48:54 2015 From: bda20 at cam.ac.uk (Ben) Date: Mon, 2 Feb 2015 12:48:54 +0000 (GMT) Subject: [rhelv6-list] Subscription Manager functionality In-Reply-To: <1352753435.4612495.1422643944139.JavaMail.zimbra@redhat.com> References: <54C2716C.4010802@umiacs.umd.edu> <1352753435.4612495.1422643944139.JavaMail.zimbra@redhat.com> Message-ID: On Fri, 30 Jan 2015, Dan Lah wrote: > All, > > I'll start with an apology that there should have been better directions > in the RHSA and subsequent email on how to follow conversations and > updates on our progress to integrate the RHN functionality into the new > subscription service interfaces. The apology's very much appreciated, thank you. _Will_ there be emails, etc. on updates regarding progress to integrate the RHN functionality into the new subscription service interfaces? > Since I've seen that this thread has moved to the discuss > "https://access.redhat.com/discussions/1337603" I'll review there and drop > in updates on status and on the closure of feature gap items. I'll take a look at the links you've provided there as soon as time allows, and comment there rather than here. > Sorry for the confusion and thanks for your efforts to reach out, > Dan Lah And again, thank you for taking the time to actually respond on-list. I wish RH had chosen to stick with the mailing lists. Ben -- Unix Support, UIS, University of Cambridge, England From dlah at redhat.com Mon Feb 2 14:56:43 2015 From: dlah at redhat.com (Dan Lah) Date: Mon, 2 Feb 2015 09:56:43 -0500 (EST) Subject: [rhelv6-list] Subscription Manager functionality In-Reply-To: References: <54C2716C.4010802@umiacs.umd.edu> <1352753435.4612495.1422643944139.JavaMail.zimbra@redhat.com> Message-ID: <266876471.5501283.1422889003942.JavaMail.zimbra@redhat.com> in-line... ----- Original Message ----- > From: "Ben" uk> > To: "Red Hat Enterprise Linux 6 (Santiago) discussion mailing-list" > Sent: Monday, February 2, 2015 7:48:54 AM > Subject: Re: [rhelv6-list] Subscription Manager functionality > > On Fri, 30 Jan 2015, Dan Lah wrote: > > > All, > > > > I'll start with an apology that there should have been better directions > > in the RHSA and subsequent email on how to follow conversations and > > updates on our progress to integrate the RHN functionality into the new > > subscription service interfaces. > > The apology's very much appreciated, thank you. _Will_ there be emails, > etc. on updates regarding progress to integrate the RHN functionality into > the new subscription service interfaces? > With the RHSA you should have also received a general distribution email that was sent out with information and a link to a "landing page" for RHN Transition. We will have regular general emails sent out with updates about new capabilities in the subscription service tools. > > > Since I've seen that this thread has moved to the discuss > > "https://access.redhat.com/discussions/1337603" I'll review there and drop > > in updates on status and on the closure of feature gap items. > > I'll take a look at the links you've provided there as soon as time > allows, and comment there rather than here. > I will create an "official" discussion for RHN Transition that I can monitor and update. I'll update that link here, in the landing page, and in the discussion page already started so I can establish one discussion page on RHN Transition. > > > Sorry for the confusion and thanks for your efforts to reach out, > > Dan Lah > > And again, thank you for taking the time to actually respond on-list. I > wish RH had chosen to stick with the mailing lists. > I can appreciate that however we try to work thru the Customer Portal for communication. The general emails are designed to direct you to the "landing page" so we can have one place to update information. However, as you recognized, the "landing page" is one directional so the RHN Transition discussion will hopefully open two-way comm. Thanks again for your efforts, Dan Lah > Ben > -- > Unix Support, UIS, University of Cambridge, England > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list > -- Thank you, Dan Lah irc = dlah dlah at redhat.com 919.890.8595 (o) 919.699.8830 (m) From pvjuliet at gmail.com Tue Feb 3 05:47:02 2015 From: pvjuliet at gmail.com (PV Juliet) Date: Tue, 3 Feb 2015 11:17:02 +0530 Subject: [rhelv6-list] Linux network card details Message-ID: Hi all, where i can get all the network interface details including what type of network card, which company ,etc. Thanks and Regards Juliet -------------- next part -------------- An HTML attachment was scrubbed... URL: From john.haxby at gmail.com Tue Feb 3 09:40:09 2015 From: john.haxby at gmail.com (John Haxby) Date: Tue, 3 Feb 2015 09:40:09 +0000 Subject: [rhelv6-list] Subscription Manager functionality In-Reply-To: <266876471.5501283.1422889003942.JavaMail.zimbra@redhat.com> References: <54C2716C.4010802@umiacs.umd.edu> <1352753435.4612495.1422643944139.JavaMail.zimbra@redhat.com> <266876471.5501283.1422889003942.JavaMail.zimbra@redhat.com> Message-ID: On 2 February 2015 at 14:56, Dan Lah wrote: > > > > > Sorry for the confusion and thanks for your efforts to reach out, > > > Dan Lah > > > > And again, thank you for taking the time to actually respond on-list. I > > wish RH had chosen to stick with the mailing lists. > > > > I can appreciate that however we try to work thru the Customer Portal for > communication. The general emails are designed to direct you to the > "landing page" so we can have one place to update information. However, as > you recognized, the "landing page" is one directional so the RHN Transition > discussion will hopefully open two-way comm. The reason people like mailing lists that they only have to go to one place to gety to everything they're interested in. A forum is great for disseminating information if you're the disseminator. It's a nice easy to manage central place where everything you care about is in one place and it has all the tools you need for managing it and keeping up to date. It's terrific. On the other hand, in order to read and contribute to all the things I'm interested in I have to visit each and every web site that hosts a forum I'm interested in and on each and every forum click through all the topics that are new or that I have previouslyt noticed (and remembered) are interesting, fight the clunky reply interface and move on. And I'm at the mercy of whatever the network connection is doing to me. I'm active on half a dozen lists and lurk on many more than that. Even if I did nothing else, including sleeping, I could not possibly follow that many forums. Even if I dropped the lists I only lurk on I'd still spend all my waking hours going through forums. I wouldn't mind a forum if it was also a mailing list. I know these things exist, why can't the Red Hat forum also be a mailing list and then we could all choose? jch -------------- next part -------------- An HTML attachment was scrubbed... URL: From john.haxby at gmail.com Tue Feb 3 09:51:57 2015 From: john.haxby at gmail.com (John Haxby) Date: Tue, 3 Feb 2015 09:51:57 +0000 Subject: [rhelv6-list] Linux network card details In-Reply-To: References: Message-ID: On 3 February 2015 at 05:47, PV Juliet wrote: > > > where i can get all the network interface details including what type > of network card, which company ,etc. > > There isn't a single place unless you count what goes into a sosreport. "ethtool -i DEVNAME" is often a good start because that gives you the driver name and the pci slot it's connected to. Other ethtool options will tell you about the current state of the NIC. Now you've got the pci slot, you can use lspci -vs to get more information. For example, on one of my machines: $ ethtool -i p4p2 driver: e1000e version: 2.3.2-k firmware-version: 5.6-2 bus-info: 0000:03:00.1 supports-statistics: yes supports-test: yes supports-eeprom-access: yes supports-register-dump: yes supports-priv-flags: no $ sudo lspci -vs 0000:03:00.1 03:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (rev 06) Subsystem: Intel Corporation PRO/1000 PT Dual Port Server Adapter Flags: bus master, fast devsel, latency 0, IRQ 35 Memory at e1a20000 (32-bit, non-prefetchable) [size=128K] Memory at e1a00000 (32-bit, non-prefetchable) [size=128K] I/O ports at 2000 [size=32] Capabilities: [c8] Power Management version 2 Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [e0] Express Endpoint, MSI 00 Capabilities: [100] Advanced Error Reporting Capabilities: [140] Device Serial Number 00-15-17-ff-ff-1d-f5-56 Kernel driver in use: e1000e Kernel modules: e1000e That should at least be a good start. jch -------------- next part -------------- An HTML attachment was scrubbed... URL: From bda20 at cam.ac.uk Tue Feb 3 10:15:43 2015 From: bda20 at cam.ac.uk (Ben) Date: Tue, 3 Feb 2015 10:15:43 +0000 (GMT) Subject: [rhelv6-list] Subscription Manager functionality In-Reply-To: References: <54C2716C.4010802@umiacs.umd.edu> <1352753435.4612495.1422643944139.JavaMail.zimbra@redhat.com> <266876471.5501283.1422889003942.JavaMail.zimbra@redhat.com> Message-ID: On Tue, 3 Feb 2015, John Haxby wrote: > I'm active on half a dozen lists and lurk on many more than that. Even if > I did nothing else, including sleeping, I could not possibly follow that > many forums. Even if I dropped the lists I only lurk on I'd still spend > all my waking hours going through forums. > > I wouldn't mind a forum if it was also a mailing list. I know these > things exist, why can't the Red Hat forum also be a mailing list and then > we could all choose? Being in exactly the same situation I'd like to add my full support to this idea. Having to click through many different sites/pages to see all of the discussions going on, and not necessarily knowing whether what I'm going to be be reading is totally relevant until I've loaded the page wastes, over the hours, a considerable amount of time. Mailing lists, and emails in my inbox (I use a text-based mail client, not web), are much, _much_ faster to work through. Ben -- Unix Support, UIS, University of Cambridge, England From solarflow99 at gmail.com Tue Feb 3 18:16:45 2015 From: solarflow99 at gmail.com (solarflow99) Date: Tue, 3 Feb 2015 10:16:45 -0800 Subject: [rhelv6-list] Subscription Manager functionality In-Reply-To: References: <54C2716C.4010802@umiacs.umd.edu> <1352753435.4612495.1422643944139.JavaMail.zimbra@redhat.com> <266876471.5501283.1422889003942.JavaMail.zimbra@redhat.com> Message-ID: +1 On Tue, Feb 3, 2015 at 2:15 AM, Ben wrote: > On Tue, 3 Feb 2015, John Haxby wrote: > >> I'm active on half a dozen lists and lurk on many more than that. Even if >> I did nothing else, including sleeping, I could not possibly follow that >> many forums. Even if I dropped the lists I only lurk on I'd still spend all >> my waking hours going through forums. >> >> I wouldn't mind a forum if it was also a mailing list. I know these >> things exist, why can't the Red Hat forum also be a mailing list and then we >> could all choose? > > > Being in exactly the same situation I'd like to add my full support to this > idea. Having to click through many different sites/pages to see all of the > discussions going on, and not necessarily knowing whether what I'm going to > be be reading is totally relevant until I've loaded the page wastes, over > the hours, a considerable amount of time. Mailing lists, and emails in my > inbox (I use a text-based mail client, not web), are much, _much_ faster to > work through. > > Ben > -- > Unix Support, UIS, University of Cambridge, England > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list From pvjuliet at gmail.com Wed Feb 4 04:24:08 2015 From: pvjuliet at gmail.com (PV Juliet) Date: Wed, 4 Feb 2015 09:54:08 +0530 Subject: [rhelv6-list] Subscription Manager functionality In-Reply-To: References: <54C2716C.4010802@umiacs.umd.edu> <1352753435.4612495.1422643944139.JavaMail.zimbra@redhat.com> <266876471.5501283.1422889003942.JavaMail.zimbra@redhat.com> Message-ID: Hi All, I am using RHEL 6.4 . I am facing a problem of booting my newt based application from rc.local . How i can execute my application from rc.local? Is it possible to run without autologin ??? Thanks in advance Juliet On Tue, Feb 3, 2015 at 3:10 PM, John Haxby wrote: > > > On 2 February 2015 at 14:56, Dan Lah wrote: > >> > >> > > Sorry for the confusion and thanks for your efforts to reach out, >> > > Dan Lah >> > >> > And again, thank you for taking the time to actually respond on-list. I >> > wish RH had chosen to stick with the mailing lists. >> > >> >> I can appreciate that however we try to work thru the Customer Portal for >> communication. The general emails are designed to direct you to the >> "landing page" so we can have one place to update information. However, as >> you recognized, the "landing page" is one directional so the RHN Transition >> discussion will hopefully open two-way comm. > > > > The reason people like mailing lists that they only have to go to one > place to gety to everything they're interested in. > > A forum is great for disseminating information if you're the > disseminator. It's a nice easy to manage central place where everything > you care about is in one place and it has all the tools you need for > managing it and keeping up to date. It's terrific. > > On the other hand, in order to read and contribute to all the things I'm > interested in I have to visit each and every web site that hosts a forum > I'm interested in and on each and every forum click through all the topics > that are new or that I have previouslyt noticed (and remembered) are > interesting, fight the clunky reply interface and move on. And I'm at the > mercy of whatever the network connection is doing to me. > > I'm active on half a dozen lists and lurk on many more than that. Even > if I did nothing else, including sleeping, I could not possibly follow that > many forums. Even if I dropped the lists I only lurk on I'd still spend > all my waking hours going through forums. > > I wouldn't mind a forum if it was also a mailing list. I know these > things exist, why can't the Red Hat forum also be a mailing list and then > we could all choose? > > jch > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pareilly at tcd.ie Wed Feb 4 11:35:53 2015 From: pareilly at tcd.ie (Paul Reilly) Date: Wed, 4 Feb 2015 11:35:53 +0000 Subject: [rhelv6-list] no repositories available ? Message-ID: Hello I have one RHEL 6.5 server which I wish to install yum-cron on. When I try to add the extra optional repo, I get this message: # subscription-manager repos --enable=rhel-6-server-optional-rpms Error: rhel-6-server-optional-rpms is not a valid repo ID. Use --list option to see valid repos. # subscription-manager repos --list This system has no repositories available through subscriptions. My /etc/yum.repos.d/redhat.repo is overwritten by rhsm and is empty. The system is showing as having a valid subscription attached when I view it at access.redhat.com. I've tried unregistering it, and re-registering it, and attaching the subscription again, but I get the same message. How do I fix the repo problem? Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: From gianluca.cecchi at gmail.com Wed Feb 4 14:46:53 2015 From: gianluca.cecchi at gmail.com (Gianluca Cecchi) Date: Wed, 4 Feb 2015 15:46:53 +0100 Subject: [rhelv6-list] no repositories available ? In-Reply-To: References: Message-ID: On Wed, Feb 4, 2015 at 12:35 PM, Paul Reilly wrote: > Hello > > I have one RHEL 6.5 server which I wish to install yum-cron on. When I try > to add the extra optional repo, I get this message: > > # subscription-manager repos --enable=rhel-6-server-optional-rpms > Error: rhel-6-server-optional-rpms is not a valid repo ID. Use --list > option to see valid repos. > > # subscription-manager repos --list > This system has no repositories available through subscriptions. > > My /etc/yum.repos.d/redhat.repo is overwritten by rhsm and is empty. > > The system is showing as having a valid subscription attached when I view > it at access.redhat.com. I've tried unregistering it, and re-registering > it, and attaching the subscription again, but I get the same message. How > do I fix the repo problem? > > Paul > > > Hello, I too saw this behavior in the past with the command # subscription-manager repos --list that indeed created an empty /etc/yum.repos.d/redhat.repo I didn't investigate much because I noticed that then the command # yum repolist had populated it with repositories and so I could run further subscription-manager commands Could you try "yum repolist" too and verify? Gianluca -------------- next part -------------- An HTML attachment was scrubbed... URL: From bda20 at cam.ac.uk Thu Feb 5 14:49:42 2015 From: bda20 at cam.ac.uk (Ben) Date: Thu, 5 Feb 2015 14:49:42 +0000 (GMT) Subject: [rhelv6-list] RAID/SCSI error combined with core dump of rrdtool Message-ID: Greetings, I have a server with a four disk RAID5 set. A few days ago two disks went offline at the same time. The ext4 filesystem went read-only and although you could still SSH in, the system was totally hosed. It certainly wouldn't shutdown via the command line. I powered the box off, and via the RAID BIOS brought both disks back online manually. I then initiated a consistency check. About 75% of the way through one of the two disks screamed (literally) and quit for good. The other disk remained online and hasn't been a problem since (but I didn't trust it). The filesystem was a mess come fsck time. Many things ended up in /lost+found, during clean up clusters required cloning, inodes that were orphaned were deleted, etc. It wasn't pretty. I managed to put all but three of the files put in /lost+found back where they were supposed to be. As far as I can see, the three remaining files don't appear to be important to the operation of the server. As and when I discover what they're for I'll put them back in their original locations but they seem to be to do with SSL/CA certificates. The hosted MySQL DB was also totally hosed (InnoDB table corruption). Not only that, but the MySQL software itself was too. I reinstalled that and recreated the DB, and now the software which relies on it (Observium, http://www.observium.org/) is operating normally again. I also got Nessus (http://www.tenable.com/) working again (with help from Tenable Support) after many of its files went away. However, I now have the following issue. There appears to be a SCSI fault such that every time /usr/bin/rrdtool (RH-supplied) runs it core dumps: Feb 5 14:27:28 mole2 kernel: sd 0:2:0:0: [sda] Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK Feb 5 14:27:28 mole2 kernel: sd 0:2:0:0: [sda] CDB: Read(10): 28 00 0b 33 d7 e0 00 00 08 00 Feb 5 14:27:28 mole2 kernel: end_request: I/O error, dev sda, sector 187946976 Feb 5 14:27:28 mole2 abrt[5346]: Saved core dump of pid 4491 (/usr/bin/rrdtool) to /var/spool/abrt/ccpp-2015-02-05-14:27:28-4491 (761856 bytes) Feb 5 14:27:28 mole2 abrtd: Directory 'ccpp-2015-02-05-14:27:28-4491' creation detected It's always the same sector of the (virtual, presented by the RAID hardware to the OS) disk. I've replaced both of the underlying broken/suspect physical disks, but this error refuses to go away. I've also reinstalled the rrdtool software in the hope that this would place it on another part of the disk. The only thing rrdtool runs on/over is the data collected by Observium. I've been through all of the graphs it generates and deleted and recreated any RRDs that were producing errors rather than graphs (on the assumption that they were corrupt files), and I'm still getting the SCSI errors and core dumps. What should I try next? Eventually I imagine I will have to reinstall the OS, but I'd rather not just yet. Does anyone have any suggestions? Chassis: Dell PowerEdge 610 OS: RHEL6.6 fully patched, kernel: 2.6.32-504.8.1.el6.x86_64 RAID: PERC 6/i Integrated, F/W: 6.3.3.0002, Driver: 06.803.01.00-rh1 rrdtool: rrdtool-perl-1.3.8-7.el6.x86_64 rrdtool-1.3.8-7.el6.x86_64 rrdtool-php-1.3.8-7.el6.x86_64 rrdtool-devel-1.3.8-7.el6.x86_64 With thanks, Ben -- Unix Support, UIS, University of Cambridge, England From dag at wieers.com Mon Feb 9 21:59:48 2015 From: dag at wieers.com (Dag Wieers) Date: Mon, 9 Feb 2015 22:59:48 +0100 (CET) Subject: [rhelv6-list] Subscription Manager functionality In-Reply-To: References: <54C2716C.4010802@umiacs.umd.edu> <1352753435.4612495.1422643944139.JavaMail.zimbra@redhat.com> <266876471.5501283.1422889003942.JavaMail.zimbra@redhat.com> Message-ID: On Tue, 3 Feb 2015, solarflow99 wrote: > On Tue, Feb 3, 2015 at 2:15 AM, Ben wrote: >> On Tue, 3 Feb 2015, John Haxby wrote: >> >>> I'm active on half a dozen lists and lurk on many more than that. Even if >>> I did nothing else, including sleeping, I could not possibly follow that >>> many forums. Even if I dropped the lists I only lurk on I'd still spend all >>> my waking hours going through forums. >>> >>> I wouldn't mind a forum if it was also a mailing list. I know these >>> things exist, why can't the Red Hat forum also be a mailing list and then we >>> could all choose? >> >> Being in exactly the same situation I'd like to add my full support to this >> idea. Having to click through many different sites/pages to see all of the >> discussions going on, and not necessarily knowing whether what I'm going to >> be be reading is totally relevant until I've loaded the page wastes, over >> the hours, a considerable amount of time. Mailing lists, and emails in my >> inbox (I use a text-based mail client, not web), are much, _much_ faster to >> work through. > > +1 Agreed. -- Dag From pvjuliet at gmail.com Tue Feb 17 06:19:48 2015 From: pvjuliet at gmail.com (PV Juliet) Date: Tue, 17 Feb 2015 11:49:48 +0530 Subject: [rhelv6-list] Automatic root login Message-ID: HI , I am doing automatic root login in rhel 6.4 . But the login :root (automatic login) displays before going to the shell. Is there any way make this invisible?/ Thanks and Regards juliet -------------- next part -------------- An HTML attachment was scrubbed... URL: From jas at cse.yorku.ca Sun Feb 22 20:29:32 2015 From: jas at cse.yorku.ca (Jason Keltz) Date: Sun, 22 Feb 2015 15:29:32 -0500 Subject: [rhelv6-list] bonding Message-ID: <54EA3C2C.4060200@cse.yorku.ca> I've setup bonding between two 1 Gb/s interfaces using .. Bonding Mode: load balancing (xor) Transmit Hash Policy: layer2+3 (2) The link is up, and I can access it from various hosts. I have a group of identical clients. If I ping/ssh from each of those clients, then one of these things happens: 1) traffic goes over 1 interface of the bond 2) traffic goes over the other interface of the bond 3) traffic goes over BOTH interfaces .... (client -> server over one NIC, and server -> client over the other) I can understand 1 & 2 - but why 3? Finally, is there any way with balance-xor (and without special switch support) to ensure a load balance in such a way that if one interface is too busy, the other is used? (Eg. clientA talks to the serverA over NIC1 of 2. ClientA uses NIC1 to capacity. ClientB also wants to talk to serverA, and because of MAC ADDR/IP is assigned to NIC1 of the bond -- but NIC1 is too busy - NIC2 isn't being used though... Can ClientB be assigned NIC2 instead) Jason. From sjt5atra at gmail.com Mon Feb 23 06:14:25 2015 From: sjt5atra at gmail.com (Steven Tardy) Date: Mon, 23 Feb 2015 01:14:25 -0500 Subject: [rhelv6-list] bonding In-Reply-To: <54EA3C2C.4060200@cse.yorku.ca> References: <54EA3C2C.4060200@cse.yorku.ca> Message-ID: <78090C7C-DCFC-4F01-A95E-8DC0E81CC4B5@gmail.com> > On Feb 22, 2015, at 3:29 PM, Jason Keltz wrote: > > I've setup bonding between two 1 Gb/s interfaces using .. > > Bonding Mode: load balancing (xor) > Transmit Hash Policy: layer2+3 (2) > > The link is up, and I can access it from various hosts. > > I have a group of identical clients. If I ping/ssh from each of those clients, then one of these things happens: > 1) traffic goes over 1 interface of the bond > 2) traffic goes over the other interface of the bond > 3) traffic goes over BOTH interfaces .... (client -> server over one NIC, and server -> client over the other) > > I can understand 1 & 2 - but why 3? > > Finally, is there any way with balance-xor (and without special switch support) to ensure a load balance in such a way that if one interface is too busy, the other is used? > (Eg. clientA talks to the serverA over NIC1 of 2. ClientA uses NIC1 to capacity. ClientB also wants to talk to serverA, and because of MAC ADDR/IP is assigned to NIC1 of the bond -- but NIC1 is too busy - NIC2 isn't being used though... Can ClientB be assigned NIC2 instead) > > Jason. The NIC of the bond is chosen via a deterministic hashing algorithm allowing all packets of any given single flow(src ip/src port/src mac/dst ip/dst port/dst mac) are always sent through the exact same path through the network. This prevents out of order and many other unwanted things. By changing the mac/ip of the destination one might be able to over-engineer the traffic flow. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Using_Channel_Bonding.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From adruch2002 at gmail.com Thu Feb 26 20:31:31 2015 From: adruch2002 at gmail.com (Andrew Ruch) Date: Thu, 26 Feb 2015 13:31:31 -0700 Subject: [rhelv6-list] Random seed on stateless system Message-ID: Hello, I have a question about how the handle the random-seed file on a stateless system. I get RHEL6 installed and configured as desired and then switch to a stateless system using /etc/sysconfig/readonly-root. During the install process, /var/lib/random-seed is generated. This file is also read and written to during startup/shutdown via rc.sysinit and halt. However, once the system is stateless, this file can never be modified again. Is it better for this file to exist on a stateless system and every boot will feed /dev/urandom the same seed? Or should this file be deleted so no seed exists? Thanks, Andrew Ruch From leonfauster at googlemail.com Thu Feb 26 23:31:16 2015 From: leonfauster at googlemail.com (Leon Fauster) Date: Fri, 27 Feb 2015 00:31:16 +0100 Subject: [rhelv6-list] Random seed on stateless system In-Reply-To: References: Message-ID: <2C9BB944-550C-4D61-862D-244C6165B745@googlemail.com> Am 26.02.2015 um 21:31 schrieb Andrew Ruch : > Hello, > > I have a question about how the handle the random-seed file on a > stateless system. I get RHEL6 installed and configured as desired and > then switch to a stateless system using /etc/sysconfig/readonly-root. > During the install process, /var/lib/random-seed is generated. This > file is also read and written to during startup/shutdown via > rc.sysinit and halt. > > However, once the system is stateless, this file can never be modified > again. Is it better for this file to exist on a stateless system and > every boot will feed /dev/urandom the same seed? Or should this file > be deleted so no seed exists? prng means pseudo random number generator - the seed helps to get started with higher entropy. If you have a hrng (hardware) then the seed is less important. -- LF From john.haxby at gmail.com Fri Feb 27 10:12:37 2015 From: john.haxby at gmail.com (John Haxby) Date: Fri, 27 Feb 2015 10:12:37 +0000 Subject: [rhelv6-list] Random seed on stateless system In-Reply-To: References: Message-ID: On 26 February 2015 at 20:31, Andrew Ruch wrote: > > I have a question about how the handle the random-seed file on a > stateless system. I get RHEL6 installed and configured as desired and > then switch to a stateless system using /etc/sysconfig/readonly-root. > During the install process, /var/lib/random-seed is generated. This > file is also read and written to during startup/shutdown via > rc.sysinit and halt. > > However, once the system is stateless, this file can never be modified > again. Is it better for this file to exist on a stateless system and > every boot will feed /dev/urandom the same seed? Or should this file > be deleted so no seed exists? I'd be very surprised if a read-only /var worked. All kinds of things expect to be able to write files there. /var/lib is comparatively static, but not entirely static (/var/lib/random-seed is the obvious one). jch -------------- next part -------------- An HTML attachment was scrubbed... URL: From adruch2002 at gmail.com Fri Feb 27 15:26:29 2015 From: adruch2002 at gmail.com (Andrew Ruch) Date: Fri, 27 Feb 2015 08:26:29 -0700 Subject: [rhelv6-list] Random seed on stateless system In-Reply-To: References: Message-ID: Thank you for the response. It's a read-only /var as far as the hard drive is concerned. It works by having a few files and directories bind mounted in memory using /etc/sysconfig/readonly-root and /etc/rwtab. I already have a stateless system up and working. My concern was using the same random-seed for every boot. By using the same random-seed, does this cause /dev/urandom to produce the same sequence of random numbers, thus weakening the security posture? Is it better to use the same random-seed or no random-seed at all? Andrew On Fri, Feb 27, 2015 at 3:12 AM, John Haxby wrote: > On 26 February 2015 at 20:31, Andrew Ruch wrote: >> >> >> I have a question about how the handle the random-seed file on a >> stateless system. I get RHEL6 installed and configured as desired and >> then switch to a stateless system using /etc/sysconfig/readonly-root. >> During the install process, /var/lib/random-seed is generated. This >> file is also read and written to during startup/shutdown via >> rc.sysinit and halt. >> >> However, once the system is stateless, this file can never be modified >> again. Is it better for this file to exist on a stateless system and >> every boot will feed /dev/urandom the same seed? Or should this file >> be deleted so no seed exists? > > > > I'd be very surprised if a read-only /var worked. All kinds of things > expect to be able to write files there. /var/lib is comparatively static, > but not entirely static (/var/lib/random-seed is the obvious one). > > jch > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list