2017年10月 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Search



このブログのフィードを取得
[フィードとは]

Powered by
Movable Type 4.23-ja

template by tokyobuddha

 ■■■■■免 責■■■■■
このサイトを参考にしたために発生した一切の損害に「てきとー管理者」は一切関知しませんし、補償もしません。 また、本サイトの記述が正しいことも保証しません。
自己責任にてお願いします。
 -------------------------

Galler Chocolate
ベルギー王室御用達として認定されたチョコレートブランド、ガレー。

岩塩ならクリスタルキンガ
野菜、肉、魚など素材本来の味を引き出します。上質でクセがなく西洋料理はもちろん中華、日本料理にも幅広くお使い頂けます。

最近のPgSQLでEUC

デフォルトがUTFなので、他の文字コードで設定する場合は

createdb -T template0 -E EUC_JP --locale=C "DBNAME"

になるらしいです。

index.htmlの有り無し統一

今更ながらindex.htmlの有り無し統一

今回は無しで統一

RewriteEngine on
RewriteCond %{THE_REQUEST} ^.*/index.html
RewriteRule ^(.*)index.html$ http://www.example.jp/$1 [R=301,L]


wwwの有り無しと併用したい場合は

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.jp
RewriteRule ^(.*)$ http://www.example.jp/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^.*/index.html
RewriteRule ^(.*)index.html$ http://www.example.jp/$1 [R=301,L]


尚、httpsへ統一している場合は、

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.jp
RewriteRule ^(.*)$ https://www.example.jp/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^.*/index.html
RewriteRule ^(.*)index.html$ https://www.example.jp/$1 [R=301,L]


DBのエクスポート、インポート

今更ながら・・・

DBのエクスポートとインポート


■データベースのエクスポート(バックアップ)
・MySQLデータベースのバックアップは、mysqldumpコマンドを実行して行います。

$ mysqldump -a --user=USERNAME --password=PASSWORD DATABASE > FILENAME.mysql

・PostgreSQLデータベースのバックアップは、pg_dumpコマンドを実行して行います。

$ pg_dump --username=USERNAME DATABASE > FILENAME.pg


■データベースのインポート(リストア)
・MySQLデータベースの復旧は、次のようにmysqlコマンドを実行します。

$ mysql --user=USERNAME --password=PASSWORD DATABASE < FILENAME.mysql

・PostgreSQLデータベースの復旧は、次のようにpsqlコマンドを実行します。

$ psql DATABASE < FILENAME.pg

CentOS7系でNICに複数IP

CentOS6以前とCentOS7ではNICへの追加IP方法が変わったらしい・・・
例えば、ifcfg-eth0がメインNICの場合、複数IPを割り当てる時は

ifcfg-eth0
ifcfg-eth0:0
ifcfg-eth0:1



ifcfg-eth0:9

こんな感じで作り込んでいたが、今後はifcfg-eth0内部に追加すれば良いらしい・・・

# vi ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.1.10
PREFIX=24
IPADDR1=192.168.1.11
PREFIX1=24
IPADDR2=192.168.1.12
PREFIX2=24
IPADDR3=192.168.1.13
PREFIX3=24



IPADDR11=192.168.1.19
PREFIX9=24
GATEWAY=202.45.165.1

こんな感じで統合出来るので、簡単に出来る・・・
設定後、ネットワークの再起動で有効化

# systemctl restart network
# ifconfig
   追加したIPは見えません
# ip addr show
  で、追加したIPを確認!!

Centos7でoci8を使う場合

OS標準のPHPだとoci8のパッケージが無いので、個別に入れなければならない。
ちと、面倒〜〜

oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm のインストール後、

# pecl install oci8-2.0.11
# vi /etc/php.d/oci8.ini
---
; Enable oci8 extension module
extension=oci8.so
---
を書き込んで、

# systemctl restart httpd

# php -m | grep oci
oci8


# php -i | grep oci8
/etc/php.d/oci8.ini,
oci8
oci8.connection_class => no value => no value
oci8.default_prefetch => 100 => 100
oci8.events => Off => Off
oci8.max_persistent => -1 => -1
oci8.old_oci_close_semantics => Off => Off
oci8.persistent_timeout => -1 => -1
oci8.ping_interval => 60 => 60
oci8.privileged_connect => Off => Off
oci8.statement_cache_size => 20 => 20


# php -i | egrep -i 'oracle|oci'
/etc/php.d/oci8.ini,
oci8
OCI8 Support => enabled
OCI8 DTrace Support => disabled
OCI8 Version => 2.0.11
Oracle Run-time Client Library Version => 12.1.0.2.0
Oracle Compile-time Instant Client Version => 12.1
oci8.connection_class => no value => no value
oci8.default_prefetch => 100 => 100
oci8.events => Off => Off
oci8.max_persistent => -1 => -1
oci8.old_oci_close_semantics => Off => Off
oci8.persistent_timeout => -1 => -1
oci8.ping_interval => 60 => 60
oci8.privileged_connect => Off => Off
oci8.statement_cache_size => 20 => 20


# php --rf oci_connect
Function [ function oci_connect ] {

- Parameters [5] {
Parameter #0 [ $username ]
Parameter #1 [ $password ]
Parameter #2 [ $connection_string ]
Parameter #3 [ $character_set ]
Parameter #4 [ $session_mode ]
}
}


pdo_ociも使い場合は、下記も実行

# git clone https://github.com/hotta/pdo_oci
# cd pdo_oci
# phpize
# ./configure --prefix=/usr --exec-prefix=/usr --with-php-config=php-config --with-pdo-oci=instantclient,/usr,12.1
# make
# make install

# vi /etc/php.d/pdo_oci.ini
---
; Enable oci extension module
extension=pdo_oci.so
---


# systemctl restart httpd


# php -m|grep -i pdo_oci
PDO_OCI


# php -i | egrep -i 'oracle|oci'
/etc/php.d/oci8.ini,
/etc/php.d/pdo_oci.ini,
oci8
OCI8 Support => enabled
OCI8 DTrace Support => disabled
OCI8 Version => 2.0.11
Oracle Run-time Client Library Version => 12.1.0.2.0
Oracle Compile-time Instant Client Version => 12.1
oci8.connection_class => no value => no value
oci8.default_prefetch => 100 => 100
oci8.events => Off => Off
oci8.max_persistent => -1 => -1
oci8.old_oci_close_semantics => Off => Off
oci8.persistent_timeout => -1 => -1
oci8.ping_interval => 60 => 60
oci8.privileged_connect => Off => Off
oci8.statement_cache_size => 20 => 20
PDO drivers => mysql, oci, odbc, sqlite
PDO_OCI
PDO Driver for OCI 8 and later => enabled
PWD => /home/takahashi/soft/pdo_oci
ORACLE_HOME => /usr/lib/oracle/12.1/client64/lib
_SERVER["PWD"] => /home/takahashi/soft/pdo_oci
_SERVER["ORACLE_HOME"] => /usr/lib/oracle/12.1/client64/lib


# php -m | grep oci
oci8


# php -i | grep oci8
/etc/php.d/oci8.ini,
oci8
oci8.connection_class => no value => no value
oci8.default_prefetch => 100 => 100
oci8.events => Off => Off
oci8.max_persistent => -1 => -1
oci8.old_oci_close_semantics => Off => Off
oci8.persistent_timeout => -1 => -1
oci8.ping_interval => 60 => 60
oci8.privileged_connect => Off => Off
oci8.statement_cache_size => 20 => 20


# php -i | egrep -i 'oracle|oci'
/etc/php.d/oci8.ini,
/etc/php.d/pdo_oci.ini,
oci8
OCI8 Support => enabled
OCI8 DTrace Support => disabled
OCI8 Version => 2.0.11
Oracle Run-time Client Library Version => 12.1.0.2.0
Oracle Compile-time Instant Client Version => 12.1
oci8.connection_class => no value => no value
oci8.default_prefetch => 100 => 100
oci8.events => Off => Off
oci8.max_persistent => -1 => -1
oci8.old_oci_close_semantics => Off => Off
oci8.persistent_timeout => -1 => -1
oci8.ping_interval => 60 => 60
oci8.privileged_connect => Off => Off
oci8.statement_cache_size => 20 => 20
PDO drivers => mysql, oci, odbc, sqlite
PDO_OCI
PDO Driver for OCI 8 and later => enabled
PWD => /home/takahashi/soft/pdo_oci
ORACLE_HOME => /usr/lib/oracle/12.1/client64/lib
_SERVER["PWD"] => /home/takahashi/soft/pdo_oci
_SERVER["ORACLE_HOME"] => /usr/lib/oracle/12.1/client64/lib


# php --rf oci_connect
Function [ function oci_connect ] {

- Parameters [5] {
Parameter #0 [ $username ]
Parameter #1 [ $password ]
Parameter #2 [ $connection_string ]
Parameter #3 [ $character_set ]
Parameter #4 [ $session_mode ]
}
}

こんな感じでしょうか〜〜

続きを読む "Centos7でoci8を使う場合" »

Centos7のvsftps

Centos6.xの内容で設定していると、接続出来ない・・・(泣)
FTPクライアントでは
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
と、エラーになったり、
サーバーでは
# systemctl start vsftpd
Job for vsftpd.service failed because the control process exited with error code. See "systemctl status vsftpd.service" and "journalctl -xe" for details.

だったりと、色々大変・・・(汗)


以下の様な設定で接続できた。

------------------------------------------------------------------------

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
#anonymous_enable=YES
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
#xferlog_enable=YES
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
xferlog_std_format=NO
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#listen=YES
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES
#listen_ipv6=NO

#listen_address=
#listen_address6=

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

# 追加設定 2016/09/06
use_localtime=YES
pasv_addr_resolve=YES
#pasv_address=XXXXXXXX.com
pasv_min_port=60000
pasv_max_port=60030
#ssl_enable=YES
#rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
#force_local_logins_ssl=NO
#force_local_data_ssl=NO
force_dot_files=YES
#reverse_lookup_enable=NO
seccomp_sandbox=NO
allow_writeable_chroot=YES

# ユーザー毎にアクセスディレクトリを変更するときの参照ディレクトリ
#user_config_dir=/etc/vsftpd/vsftpd_user_conf

------------------------------------------------------------------------

ポイントは
seccomp_sandbox=NO
allow_writeable_chroot=YES

でした。

SpamAssassinのスレッド数

SpamAssassinのスレッドのスレッド数の調整は

/etc/sysconfig/spamassassin

のオプションで行うようです。

標準では

SPAMDOPTIONS="-d -m5 -v -u vpopmail --virtual-config-dir=/home/vpopmail/domains/%d/%l/.spamassassin"

こんな感じで、 -m5 となっているので、最大で5つまで起動出来るようです。 -> 多分^^; 

試しに

SPAMDOPTIONS="-d -m1 -v -u vpopmail --virtual-config-dir=/home/vpopmail/domains/%d/%l/.spamassassin"

として設定を行い、差を見てみた。

-m5 の時は

# ps axuwf | grep spamd
root 12294 88.4 2.5 60820 52688 ? Ss 16:47 0:28 /usr/bin/spamd -d -m5 -v -u vpopmail --virtual-config-dir=/home/vpopmail/domains/%d/%l/.spamassassin -r /var/run/spamd.pid
vpopmail 12324 0.0 2.4 60820 50524 ? S 16:47 0:00 \_ spamd child
vpopmail 12326 0.0 2.4 60820 50436 ? S 16:47 0:00 \_ spamd child


-m1 の時は

# ps axuwf | grep spamd
root 12439 88.6 2.5 60828 52676 ? Ss 16:48 0:29 /usr/bin/spamd -d -m1 -v -u vpopmail --virtual-config-dir=/home/vpopmail/domains/%d/%l/.spamassassin -r /var/run/spamd.pid
vpopmail 12475 0.0 2.4 60828 50520 ? S 16:49 0:00 \_ spamd child

これ以外に

--max-children 4  とか  あるみたいだけど、
-m4 と --max-children 4 は同じみたい

それと --max-conn-per-child=1  のオプションが有るみたい。


念のため、SpamAssassinのヘルプ
---------
# spamassassin -h
SpamAssassin version 3.3.1
running on Perl version 5.8.8

For more information read the spamassassin man page.

Usage:
spamassassin [options] [ < *mailmessage* | *path* ... ]

spamassassin -d [ < *mailmessage* | *path* ... ]

spamassassin -r [ < *mailmessage* | *path* ... ]

spamassassin -k [ < *mailmessage* | *path* ... ]

spamassassin -W|-R [ < *mailmessage* | *path* ... ]

Options:

-L, --local Local tests only (no online tests)
-r, --report Report message as spam
-k, --revoke Revoke message as spam
-d, --remove-markup Remove spam reports from a message
-C path, --configpath=path, --config-file=path
Path to standard configuration dir
-p prefs, --prefspath=file, --prefs-file=file
Set user preferences file
--siteconfigpath=path Path for site configs
(def: /etc/mail/spamassassin)
--cf='config line' Additional line of configuration
-x, --nocreate-prefs Don't create user preferences file
-e, --exit-code Exit with a non-zero exit code if the
tested message was spam
--mbox read in messages in mbox format
--mbx read in messages in UW mbx format
-t, --test-mode Pipe message through and add extra
report to the bottom
--lint Lint the rule set: report syntax errors
-W, --add-to-whitelist Add addresses in mail to persistent address whitelist
--add-to-blacklist Add addresses in mail to persistent address blacklist
-R, --remove-from-whitelist Remove all addresses found in mail from
persistent address list
--add-addr-to-whitelist=addr Add addr to persistent address whitelist
--add-addr-to-blacklist=addr Add addr to persistent address blacklist
--remove-addr-from-whitelist=addr Remove addr from persistent address list
--ipv4only, --ipv4-only, --ipv4 Disable attempted use of ipv6 for DNS
--progress Print progress bar
-D, --debug [area=n,...] Print debugging messages
-V, --version Print version
-h, --help Print usage message
---------

んで〜、SPAMDOPTIONSのオプションは
---------
spamd [options]

Options:

-l, --allow-tell Allow learning/reporting
-c, --create-prefs Create user preferences files
-C path, --configpath=path Path for default config files
--siteconfigpath=path Path for site configs
--cf='config line' Additional line of configuration
-d, --daemonize Daemonize
-h, --help Print usage message
-i [ipaddr], --listen-ip=ipaddr Listen on the IP ipaddr
--ipv4only, --ipv4-only, --ipv4 Disable attempted use of ipv6 for DNS
-p port, --port=port Listen on specified port
-m num, --max-children=num Allow maximum num children
--min-children=num Allow minimum num children
--min-spare=num Lower limit for number of spare children
--max-spare=num Upper limit for number of spare children
--max-conn-per-child=num Maximum connections accepted by child
before it is respawned
--round-robin Use traditional prefork algorithm
--timeout-tcp=secs Connection timeout for client headers
--timeout-child=secs Connection timeout for message checks
-q, --sql-config Enable SQL config (needs -x)
-Q, --setuid-with-sql Enable SQL config (needs -x,
enables use of -H)
--ldap-config Enable LDAP config (needs -x)
--setuid-with-ldap Enable LDAP config (needs -x,
enables use of -H)
--virtual-config-dir=dir Enable pattern based Virtual configs
(needs -x)
-r pidfile, --pidfile Write the process id to pidfile
-s facility, --syslog=facility Specify the syslog facility
--syslog-socket=type How to connect to syslogd
-u username, --username=username Run as username
-g groupname, --groupname=groupname Run as groupname
-v, --vpopmail Enable vpopmail config
-x, --nouser-config Disable user config files
--auth-ident Use ident to authenticate spamc user
--ident-timeout=timeout Timeout for ident connections
-A host,..., --allowed-ips=..,.. Limit ip addresses which can connect
-D, --debug[=areas] Print debugging messages (for areas)
-L, --local Use local tests only (no DNS)
-P, --paranoid Die upon user errors
-H [dir], --helper-home-dir[=dir] Specify a different HOME directory
--ssl Run an SSL server
--ssl-port port Listen on port for SSL connections
--ssl-version sslversion Specify SSL protocol version to use
--server-key keyfile Specify an SSL keyfile
--server-cert certfile Specify an SSL certificate
--socketpath=path Listen on given UNIX domain socket
--socketowner=name Set UNIX domain socket file's owner
--socketgroup=name Set UNIX domain socket file's group
--socketmode=mode Set UNIX domain socket file's mode
-V, --version Print version and exit
---------

旧Plesk(8.x とか 11.0.x ・・・)でのSHA-2版SSLサーバ証明書発行

古いPleskを未だに利用しているケースが多々有りますが、SSL証明書のバージョン
がSHA-1版SSLサーバ証明書からSHA-2版SSLサーバ証明書に切り替わりましたが、
そのままでは旧タイプのSHA-1で生成されてしまいます。

そこで、メーカーからの情報を元に、SHA-2版のCSRがPleskの操作で生成出来る
ようにしたいと思います。

先ず・・・
ホストにSSH等で接続して

/usr/local/psa/admin/conf/openssl.cnf をゴニョゴニョします。

---------------
[ req ]
attributes=req_attributes
distinguished_name=req_distinguished_name

↓ ↓ ↓

[ req ]
attributes=req_attributes
distinguished_name=req_distinguished_name

default_bits = 2048
default_md = sha256
---------------

追加項目は
default_bits = 2048
default_md = sha256
だけです。

その後Pleskを再起動(/etc/rc.d/init.d/psa restart)で準備完了!!

あとは、そのままPleskでSSL証明書(CSR)の発行を行うだけ。

treeコマンドでディレクトリ構成・所有者・パーミッション確認

ls -la では所有者とかパーミッションを見ることができるが、一緒にディレクトリ構成も
見たい時ってありませんか?

そんなときは


# tree -fpug ./

こんな感じで表示される。
浅い階層で実施すると、とんでもなく大量に表示されるので、見たいところに降りてから
実施ねw

CentOS 4.x系をどうしても使い続けたいぃ〜

既にサポートが終了しているCentOS4.x系
現在yumは使えなくなってるが、yumの設定をチョットだけ変更すると、
4.9まではアップデート可能。

/etc/yum.repos.d/CentOS-Base.rpeo の

[base]
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://vault.centos.org/4.9/os/$basearch

[update]
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://vault.centos.org/4.9/updates/$basearch/

[addons]
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
baseurl=http://vault.centos.org/4.9/addons/$basearch/

[extras]
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://vault.centos.org/4.9/extras/$basearch/

[centosplus]
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=http://vault.centos.org/4.9/centosplus/$basearch/

[contrib]
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
baseurl=http://vault.centos.org/4.9/contrib/$basearch/


mirrorlist をコメントアウトしてbaseurlを追加する。
設定後に一旦 yum clean all して
yum update すれば、一覧が出てくる!!


しかし、1点注意が

CentOS4系のBindをアップデートすると、既存のnamed.confがnamed.conf.rpmsave
にリネームされデフォルトのname.confに入れ替わってしまう場合が有る。
その場合は、named.conf.rpmsaveの内容を確認してからnamed.confへ上書きコピー、
その後BINDを再起動すれば元に戻る。
Bindを動かしている場合は、name.confのバックアップを取ってから実行することが吉!!

って、言っても4.x系を未だに使っているところは少ないと思いますけどねw