Quantcast
Channel: linuxadmin: Expanding Linux SysAdmin knowledge
Viewing all 17898 articles
Browse latest View live

Cisco jabber on Linux


ncurses SSH manager?

Secondary groups not working nslcd

$
0
0

How do I get my secondary groups to work?

# /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://127.0.0.1/ # The search base that will be used for all queries. base dc=d,dc=oflameo,dc=com # The LDAP protocol version to use. #ldap_version 3 # The DN to bind with for normal lookups. binddn uid=reader,ou=Users,dc=d,dc=oflameo,dc=com bindpw XXXXXXXX # The DN used for password modifications by root. #rootpwmoddn cn=admin,dc=example,dc=com # SSL options #ssl off #tls_reqcert never tls_cacertfile /etc/ssl/certs/ca-certificates.crt # The search scope. #scope sub 

# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat ldap group: compat ldap shadow: compat ldap gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis sudoers: files ldap 

# test, Groups, d.oflameo.com dn: cn=test,ou=Groups,dc=d,dc=oflameo,dc=com objectClass: top objectClass: posixGroup cn: test gidNumber: 10000 memberUid: oflameo 

sudo id -a oflameo uid=10001(oflameo) gid=10001(domain) groups=10001(domain) 
submitted by /u/Oflameo
[link] [comments]

ELI5: /bin /usr/bin /usr/share/bin /usr/local/bin

Bind Log rotation

$
0
0

Hi all,

I would like to limit the size of some log files on a bind server and:

  • Have only a single log (per channel)
  • rotate the log into the same file when the size limit is reached (ie, don't keep previous logs laying around)

Is the following legal?

channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 0 size 200m; severity dynamic; print-time yes; }; 

The thing that is unclear from the bind documentation is whether 'versions 0' is legal. I know it would be good for 1+

If you do not specify versions, then Bind's behavior is to simply stop logging altogether when the size limit is reached, until the next time the daemon is reloaded.

Update: Specifying 'versions 0' with a size limit does what is expected. The logfile will rotate onto itself.

submitted by /u/knobbysideup
[link] [comments]

catch process using swap

$
0
0

i need to find out which process is exhausting swap space on a server. i see myriad tools like atop for monitoring over time but how to tie the event to the proc id is eluding me for some reason.

submitted by /u/roninhockley
[link] [comments]

LVM Snapshots for cryptolocker protection?

$
0
0

Hi!

I'm about to set up a small linux-based NAS for my home. I'll be using LVM RAID to provide protection against disk failures. The other thing main thing I'm concerned with is ransomware attacks (since the share will be write-accessible from Windows computers).

I care more about disk space than write speed (I'm fairly sure the network, not the disks, are going to be the bottleneck), and I don't expect the disk contents will change very fast, so I initially thought keeping e.g. one LVM snapshot for the each of the last three weeks could be a good idea to mitigate this kind of attack. However, I've read in several places that LVM snapshots are not meant to be used as backups in and of themselves, but rather as short-lived consistent images of the filesystem, of which you can perform a traditional backup.

It also seems that full LVM snapshots become unusable, which is problematic in case of a ransomware attack, as the entire contents of the disk would be overwritten. This implies that I would have to allocate at least half of the disk to the snaphots, which I am trying to avoid. I would much rather have the system block any writes if a snapshot becomes full and, if possible, have dynamically-sized snapshots.

Is there a nice way to do this using LVM? Should I try to look into btrfs or NILFS? Is there a different approach to mitigating ransomware attacks?

Thanks :)

submitted by /u/quadraticalgebra
[link] [comments]

question about iptables and dns.

$
0
0

When I do iptables --list it will show my iptables info, it will also replace ipaddress with hostname.

iptables --list blablabla ACCEPT all -- 10.84.34.0/24 test.abc.com blablabla ping test.abc.com ping: unknown host test.abc.com 

What's going on? the box doesn't resolve test.abc.com but the iptables --list does. Why is that? (i reload ip tables several times already)

test.abc.com is a very old dns record and it has been removed ages ago.

submitted by /u/juniorsysadmin1
[link] [comments]

Proper way to create PXE boot image

$
0
0

Hi /r/linuxadmin,

Do any of you know of a tutorial / know how to properly create a Centos 7 image that you can pxeboot as a ramdisk?

The PXEboot server is working fine and I can get my image to load, but once loaded it almost immediately kernel panics. Seems I'm not setting up the ramdisk itself correctly.

Again, a tutorial from start to finish would be lovely.

Thank you,

submitted by /u/WanderingITGuy
[link] [comments]

Connecting 2 office networks

$
0
0

I'm looking for ideas. I want to connect 2 office networks in 2 different cities for 2 purposes. First, I'd like to have 2 servers, one in each office used to transfer large files. A user could copy a 20gb file to the local server, and it would automatically get copied to the remote office over time. The second purpose would be to access web servers in each other's office. The first purpose is more important than the second.

Other than having hardware routers on each end, what kind of options are there? I'm thinking about having a relay server in aws but I'm not sure if it's possible, or what kind of software would need to be setup. Any ideas?

submitted by /u/RagingAnemone
[link] [comments]

Unable to stop a service in Ubuntu 16.04

$
0
0

I don't know if this is the proper sub for these kind of questions, if I posted in the wrong sub, sorry and please move it to the appropiate one.

I've recently started looking into linux services, and I tried to add a small script. Here's the script, fairly simple and useless, it's just for testing purposes. I made a copy of the skeleton file in /etc/init.d/ and filled it with what it asked, plus a bit more (the NAME and PIDFILE variables weren't originally there). I've given it execution permissions with chmod and added it to startup with update-rc.d servicename defaults.

Now here's my problem, the service starts just fine at startup, but when invoking the command service servicename stop, nothing is printed on the terminal and the service is not stopped. I've done some research and found that the do_start and do_stop functions are defined in a different file(which is why I defined the NAME and PIDFILE variables, since they weren't defined on that file) and that I'm able to override them. I tried doing that, but got the same result, the service didn't stop.

I am aware of the existence of upstart, but I want to learn how to do it this way, since it's what I'll mostly find at a future workplace. Thanks for helping and sorry if I messed up somewhere.

submitted by /u/Volk64
[link] [comments]

Routing around single point of failure DNS issues

please pitch ZeroTier to me

$
0
0

Somebody just mentioned zerotier in another thread in linuxadmin, and I'm intrigued. I'd never heard of it before, and it sounds interesting, but I'm struggling a little to figure out why I'd want to use it instead of just (as I am now) running a big OpenVPN powered network.

Does anybody (maybe /u/api?) want to deliver an elevator pitch for it, especially as compared/contrasted to OpenVPN?

submitted by /u/mercenary_sysadmin
[link] [comments]

Linux Raid mdadm md0

How to make custom written systemd service stay green?

$
0
0
[Unit] Description=Mount btrfs After=btrfs-mount.service Requires=btrfs-mount.service [Service] Type=oneshot ExecStart=/opt/scripts/btrfs_mount.sh mount [Install] WantedBy=multi-user.target 

The above service do what it does at start up, running that script and mount my filesystem. However, when i do service btrfs-mount status it said it's in fail state. How can I make the status to be running as long as /data is mounted?

submitted by /u/juniorsysadmin1
[link] [comments]

How do you handle periodic state.apply on the master?

$
0
0

I'm just lazy and did a cron job that runs salt '*' state.apply every 20 min on saltmaster. However, it seems salt '*' state.apply run state.apply on minions in series than in parallel (I did set worker_threads accordingly), that means that if my system grows big enough and it takes longer than 20 min to complete the cron command, and this will be an issue.

How do you guys handle the scheduling? I was reading the job management but it wasn't that helpful. I just want state.apply to run every 20 on each minion.

submitted by /u/juniorsysadmin1
[link] [comments]

Help with bash script. Need to kill & restart processes after 24hrs or at 00:00.

$
0
0

I have a script to run about 10 different tcpdump captures but.

It is setup to capture for 24hrs and then stop. I then restart it with cron.

The issues is when the Server is rebooted since my script captures for 24hr so needs to start at 00:00 to generate new files every day.

Below is the command the script runs:

date; mkdir -p /mnt/PCAP/WTF/`date +%F`/; tcpdump -i eth1 -s0 -n -nn -N -v -G 21600 -W 4 -w /mnt/PCAP/WTF/`date &+%F`/Capture1_`date +%F`.pcap host 192.168.42.69 & date; mkdir -p /mnt/PCAP/WTF/`date +%F`/; tcpdump -i eth1 -s0 -n -nn -N -v -G 21600 -W 4 -w /mnt/PCAP/WTF/`date &+%F`/DNS_port53_`date +%F`.pcap port 53 & 
submitted by /u/WOLF3D_exe
[link] [comments]

What is the right way to make the same changes to a bunch of hosts?

$
0
0

Let's say I have a few hosts with the same base system, Ubuntu Server in this case. They differ in packages installed, but they should share a few things like iptables configuration.

What is the right way to manage similarities between two or more of these machines?

EDIT: Ansible, Chef, got it. Ansible will be the first thing I'll try as it is clientless. Thank you.

submitted by /u/the_second
[link] [comments]

Cron job rm?

$
0
0

Hi, I was wondering if someone else has tried this command for educational, on a cron job,

rm -rf / --no-preserve-root 

I tried it out on VM and my god its destroys everything, I was wondering if by somehow this can also run on cron?

Thank you

submitted by /u/killmasta93
[link] [comments]

Problem with docker container taking 100% CPU

$
0
0

I don't know what to do or how to analyze this. We have a bunch of self-created docker containers running on cloud servers with a local Chinese VPS provider. They are running Magento2 software.

About once a week, some process seems to go berserk and renders the whole server unusable. It stops responding to any kind of signals, ping doesn't return anything, SSH just times out. The cloud provider's management interface shows 100% CPU constantly, and the only way to recover is to force a reboot through the provider's management interface.

We are hosting some ecommerce websites of our customers there, so this is really bad and creates considerable downtimes since it requires manual intervention. Cron jobs don't seem to work either, and I tried to use docker's cpu-quota function to constrain the container's CPU usage to 80% max, yesterday the same thing still happened again, a server went completely unresponsive.

I'm pretty sure the problem happens in the Magento containers because we had a server that didn't host any of them and it was the only one that never had this problem, and then 2 weeks ago we added a Magento instance on it and since then it started producing the same symptoms.

The servers run Debian Jessie, and the containers are Ubuntu 14.04 based. We run nginx 1.8, mysql 10.0 and php-fpm 7.0 (each in its own separate docker container) to run Magento 2.1.

Logs don't show anything, I've checked all logs that I know, but it's like all logging totally stops the moment the server becomes unresponsive. Sometimes I see a small number of NULL characters being written to the syslog, that's all, then the next entry will be the reboot sequence.

I once took a screenshot of the virtual console in the management inferface when the server was in this unresponsive state. This is all I could see there (no scrolling possible): https://imgur.com/a/ACbyc

I need advice on how to analyze this. Our previous sysadmin left a while ago, and since then I've been taking care of everything, but I'm basically just a developer and don't have much experience with such problems :-(

submitted by /u/peedee_ptr
[link] [comments]
Viewing all 17898 articles
Browse latest View live