Profile Details

Toggle Sidebar
Loading cover... Drag cover to reposition
Recent updates
  • Tony Ellis
    Tony Ellis replied to a discussion, ClearOS 8

    Marcel write


    I haven't the slightest idea how much work it is to re-brand a for example RHEL.

    As I understand it CentOS has six developers on its staff. In addition they receive significant help direct from the RHEL developers plus the CentOS community at large. There is another RHEL clone, "Scientfiic Linux" create by Fermilab, but they have announced this... here

    Toward that end, we will deploy CentOS 8 in our scientific computing
    environments rather than develop Scientific Linux 8.

    Fermilabs will coninue support for their Versions 6 and 7 until it's lifecycle is over. Apparantly CentOS hired Fermilabs lead developer :)

  • Tony Ellis

    There is a suggestion that some of the CPU microcode update problems stem from the update requiring a newer BIOS - and the need to match your BIOS level with what formware you need to run...
    So, generally speaking, if your board manufacturer doesn't supply a newer BIOS ???

  • Tony Ellis
    Tony Ellis's reply was accepted as an answer

    Re: Is my firewall Status is Normal or Not ?

    That command only tells us what SHOULD happen at various times, eg on bootup, shutdown, single user mode etc.It doesn't tell us what it is ACTUALLY doing or what state it is currently in. What version of ClearOS are you running?

    The output of chkconfig suggests you are possibly using an outdated, out of support, version. If this is true, then we can definitely say that your sytem is vulnerable to all types of newer threats and thus your firewall, even if it is running, will no longer provide adequate protection.

  • Tony Ellis

    OK - remember these two machines have already upgraded to the latest kernel and microcode_ctl without problems - did the downgrade and both rebooted OK



    Note these are very old CPUs and probably have very few, if any, patches for the newly discovered CPU threats
    madeleine Intel E8400 genuine CentOS 7.8
    violetta Intel Atom D510 ClearOS 7.8
    There are a few other more modern Intel machines here, but they are all Windows or Fedora.

  • Tony Ellis

    Remember I had not rebooted and was not running the latest kernel. This i7 is running 8 very long (think days) medical research jobs with widely spaced check-points so am reluctant to reboot. Interestingly the i3 here of same vintage as the i7 is running the very latest up-to-date Fedora without a problem; microcode_ctl-2.1-37.fc32.x86_64 and kernel 5.6.16-300.fc32.x86_64. I have two much older Intel boxes, one has ClearOS installed and the other CentOS 7.8, will check them out.

  • That command only tells us what SHOULD happen at various times, eg on bootup, shutdown, single user mode etc.It doesn't tell us what it is ACTUALLY doing or what state it is currently in. What version of ClearOS are you running?

    The output of chkconfig suggests you are possibly using an outdated, out of support, version. If this is true, then we can definitely say that your sytem is vulnerable to all types of newer threats and thus your firewall, even if it is running, will no longer provide adequate protection.

  • Tony Ellis

    Interestingly the Beta tests here were performed on machines with AMD CPUs. The one that had the problem was an Intel, an i7-3770. Intel CPUs generally require more microcode patches against attacks focusing on CPU vulnerabilties. so maybe that was the problem.
    I have now set the default boot kernel to the older currently running kernel, 3.10.0-1062.18.1.el7.x86_64, in case the machine reboots itself. Hopefully that has taken, the list commad indicates success...

    # grub2-set-default 1
    # grub2-mkconfig -o /boot/grub2/grub.cfg
    # grub2-editenv list

  • See my append here her hanging off from a reboot..

  • Tony Ellis
    Tony Ellis replied to a discussion, ClearOS 8

    The following is an extract from the CentOS Mailing list just addedd y "Niki" Nicholas Kovacs...


    The author's theory ("unspoken truth"): while it's a positive thing that Red
    Hat is sponsoring CentOS, the amount of sponsoring is just insufficient enough
    so that the product is "starved to death" by Red Hat (e. g. IBM) to encourage
    users to move to RHEL.

    The author's conclusion is quite severe: in the current state of things, CentOS
    8 is not recommendable for production as updates are lagging too much behind.
    While CentOS 7 may be usable, CentOS 8 has been "degraded to teaching and
    testing purposes".

    Still according to Mister Kofler, this "sorry state of things" will probably
    encourage users to move to Oracle Linux, the other big RHEL clone.

    For the whole thing read Original blog Article (in German)

  • Tony Ellis

    Hi - installed the update - but a little challenge... (there are no problems - only challenges or opportunities :p )
    Had previously installed the Beta on a couple of machines - no problem. However, on updating a production machine the yum update hung right at the end during initramfs stage with a disk full message for /boot - even though it is a full 1G in size. Used yum to delete a couple of older kernels and was then able to finish the update OK using the suggested yum commands from the previous yum error messages. Have now edited /etc/yum.conf to reduce the "installonly_limit" parameter fom the default 5 to 4. Have not yet rebooted into the kernel-3.10.0-1127.10.1.el7.x86_64 - still on 3.10.0-1062.18.1.el7.x86_64. Have reinstalled 3.10.0-1127.10.1.el7 using yum to make sure it is installed correctly. Looked in /boot and initramfs-3.10.0-1127.10.1.el7.x86_64.img seems to be the the expected size and /boot/grub2/grub.cfg seems OK.
    So ensure your /boot partition is large enough! Strangely the 'test' machines with the Beta have slightly smaller /boot partitions.
    Otherwise all appears to be OK...