Profile Details

Toggle Sidebar
Recent updates
  • Nick Howitt

    Ok, so a more comlplex set up. To save me the effort of working it out, what is the output to:Also please can you produce the output from the set up which you say used to work, without the ports being specified?

    Do you know when things stopped working as there was a firewall update recently which affected 1-to-1 NAT?

  • Nick Howitt
    Nick Howitt replied to a discussion, Web console not accessible

    @Steffen, I don't think the iso has yet been updates. I've pushed the update through to clearos-updates so, if you can get to it on the supermicro, you can update with:If you're on the Community edition, you don't need the enablerepo bit but it won't harm. If you can't yet use yum, you can download the file from here and install it manually.

  • Nick Howitt

    Nothing has changed to the order of the firewall loading, but note the position of IPS (snort) rules and app-attack-detector (fail2ban) rules is not guaranteed. They will be in one place (consistently) following a firewall restart, but an app restart may move them.
    If you're using ClearOS7.x, you could be hitting a race condition. In 7.x, in the custom firewall you need to use "$IPTABLES" or "iptables -w" and not "iptables". If you are doing that, please give the output of:And please put the output between "code" tags (the piece of paper icon with a <> on it) to make it readable.

  • We have some more apps for testing prior to release next Tuesday:

    • app-bmbackup - get it to use the same backup file list as app-configuration-backup
    • app-configuration-backup - a few more files have been added (e.g web proxy acl's)
    • clamav - increases the systemd start up timeout as it was failing on some systems. It also saves on 150MB of space by deleting redundant installation files.
    • snort - cuts back the /var/log/snort/snort.log.* logs retained otherwise they accumulate forever; silences a trivial start up error; restarts snort only once on log rotation

    To update app-bmbackup, please do:
    To update the others, please do

    We are releasing to the Community tonight the update to clearos-framework which was stopping console access. It is a very low risk update but you tend to need the console in emergency on rare occasions, but when you need it, you need it. We would like to release it to paid customers next Tuesday.

    I would appreciate more feedback on Windows Networking if any Community users are still having problems editing the settings and getting them to stick. We have had one negative comment. It was giving an Oops. It does not do that now but the user is having problems getting the settings to stick. After editing, editing again seems to display the old values.

  • @Richard George,
    I've done a quick update to app-bmbackup and it is sync'ing the testing repo. It should be in all repos within 2 hours. You can install it with:I am not an app-bmbackup user normally, but I'll see if I can test it as well.

    If it fails, you can revert with a:

  • Nick Howitt
    Nick Howitt replied to a discussion, New version of NextCloud

    Hi Tyler,
    I've updated a 13.0.5 installation and it worked. The issue I don't like is that the first person who connects to the web interface has to push the "start upgrade" button or whatever it was called. This could be anyone from the user base, not just the sysadmin, as no login is required. It really would be best if we could completely bypass this step so it did the upgrade at the time of the installation. I looks like the upgrade() function is called from /home/devel/apps/nextcloud/nextcloud/core/ajax/update.php but I can't help much more.

  • Richard George wrote:

    Nick; a little more on the Baremetal Backup ..

    I've been comparing the configuration file with the equivalent one in configuration_backup - it's clear that as the format is exactly the same, that the BMB version started life as the 'built-in' backup version - but it now lags behind .. as obviously things have moved on.

    Can I suggest that as a quick fix, the BMB version is updated to match the configuration_backup version, and moving forward, that perhaps BMB is undated to use the 'parent' instead? That way both versions of the backup mechanisms are 'singing from the same hymnsheet'.
    I think that is a good idea. I've had a little look at the programs. App-configuration-backup is installed by default and we could make app-bmbackup depend on it, then switch app-bmbackup to read the file from app-configuration-backup. I may even have enough c&p skills to do that (I am not a php programmer).

    FWIW the list in app-configuration-backup is also well out of date, not keeping up with new programs. It has not even kept up with the new layout of the web-proxy configuration files. There is an issue on GitLab raised to cover this.

  • Nick Howitt
    Nick Howitt replied to a discussion, Web console not accessible

    Hi Dave,
    It worked immediately on my VM. On my oldserver it went into a loooooong wait at a white screen before even getting the gconsole login, so I gave up and rebooted. It then worked immediately.

    It is unfortunately a double-edged sword. The links are just symlinks and the download page just shows 7.x and not even 7.6. This currently symlinks to 7.6 and 7.6 symlinks to It may be possible to download it as the full version number. Other people may want to just see 7.6. I'm sure Dave will see the thread and your post.

    As to how do you tell which version you have? In your case you have the faulty version as the new iso has not been rolled yet!

  • Packages being updated to the Community tonight (18/06/19)

    Tonight (11/06/19-12/06/19) the following updated packages are being released:
    app-samba-common - making changes to the settings screen was throwing an Ooops
    app-events - cron jobs were throwing an error unless the Events and Notifications Settings had been changed
    daq/daq-devel/daq-static - keep up with upstream (albeit a little late). These packages are needed to build snort.
    dansguardian-av - tweak to the cache clearing cron job.

    All packages released into the Community last week are being pushed into Business and Home.

    app-dynamic-vpn - move the updown scripts to from the global conf file to the individual conns. This allows the Dynamic VPN and Static VPN apps to work at the same time. Also some config tidy-ups. The app is ready and tested. It just needs to be pushed to the repos but this has hit a glitch.

    Packages available for testing:
    app-storage - updated tonight to 2.6.14. I have not had a chance to look at it yet. Hopefully it sorts some issues with bind mounts.
    app-network - probably not worth testing as there is a pending merge request which may cover some iof the issues found. Also you currently need to have at least two unconfigured interfaces before you can create a bridge interface in the first place. To permanently enable the Add Bridge button, you can change line 74 in /usr/clearos/apps/network/views/ifaces.php to:This is a separate issue.

    Packages available for testing can be installed with:

  • Nick Howitt
    Nick Howitt replied to a discussion, How can I manage the domain?

    It was the idea to have GPO support much earlier and there used to be a Samba Directory (beta) app for this. Unfortunately there were too many issues with it and it was not going to sit happily with other functions of ClearOS. One of the problems is that if you use Samba as a Directory Server, it will not use Unix file permissions, but needs Windows ACL's. This conflicts with the way things like flexshares have been set up. There were many other issues as well.

    The proposed way forward is through the link I gave. This will run a separate Samba Directory instance inside a docker container and ClearOS will continue to run its own instance of Samba with its Unix file shares. The AD Connector will then be used to connect between ClearOS and the Docker/Samba instance. Until I did the investigation for the link I gave, I'd never seen RSAT, but I have now used it to set up users and groups. I only have a mini test environment so have not tried things like Group Policies. I am not really an IT person until recently with ClearOS so I've never had to use them. I am pretty certain GPO's will work with Samba/Docker.