Quantcast
Channel: linuxadmin: Expanding Linux SysAdmin knowledge
Viewing all 17768 articles
Browse latest View live

Moved FreeIPA VM to new virtual host. Now Web UI is dead. Suggestions?

September 24, 2017, 5:11 pm
$
0
0

I recently moved about 8 VMs over to a new server this weekend, and after bringing everything over, every service that was moved seems to be working perfectly. pfSense, Owncloud, Cockpit, my Ubiquity controller, media server, etc. However, FreeIPA somehow has flaked out, and after hours of looking for the root cause I thought I would appeal here to see where I should start.

What works: I can authenticate my web apps against it still, however DNS name resolution does not work, so I need to hit those apps by IP address to test them. When I type in the IP of the FreeIPA server, it immediately rewrites the URL as https://hostname.domain/ipa/ui and dies, cuz no DNS (or at least external to the server). If I'm logged into the FreeIPA console and I ping a hostname of a server on the network, it will ping without a problem.

Keep in mind there have been no firewall changes, update, or anything between shutting down on the old system and starting the VM up on here.

Any suggestions?

submitted by /u/zachsandberg
[link] [comments]
Search

rng-virtio module - necessary?

September 24, 2017, 6:34 pm
$
0
0

Might be an obvious question, but how can I tell if I need it? It doesn't autoload, and I see no problems doing ssl/ssh type things on the box, am I overthinking this? I don't think I've ever knowingly run out of randomness.

submitted by /u/w2brhce
[link] [comments]

DRBD autopromote

September 25, 2017, 3:01 pm
$
0
0

Hi all,

I have two nodes with replicated lvm logical volumes using drbd (so drbd over lvm), in a master/slave configuration. I know I can promote a node manually and it works well, but I’m looking to do that automatically if the master node fails for some reason. I’ve heard about heartbeat/pacemaker and checked the documentation from linbit but they all imply that you want to have a service running on some replicated storage which is actually not my case. Do some of you have some simple case documentation on that or a simple solution? All I want to have is basically just replicated storage on those machines with auto-promote and no virtual IP.

Thanks!

submitted by /u/carlm42
[link] [comments]

Simple HTML Server monitoring tool?

September 25, 2017, 12:41 pm
$
0
0

I'm looking for a simple web portal to show me CPU, Memory and disk usage for about 20-30 servers.

I like the look of Monit, but they charge for the centralized portal to monitor multiple servers. (not saying they shouldn't, just looking for free)

Xymon is well known, but hideous, and doesn't really give graphs at the surface level.

Nagios core etc is overly complex.

Has anyone found a simple, free tool to spin up a web portal to keep an eye on their servers?

submitted by /u/GildMyKarma
[link] [comments]

[HELP] Appliance web interface over reverse SSH

September 25, 2017, 6:51 am
$
0
0

Hey guys,

Came here to brainstorm some options as I am in a bit of a rut in finding a solution for a current problem we are facing.

Problem:

We have a bunch of affiliate sites that management purchases. These sites can be all over the world and have no site-to-site VPN or WAN connectivity. We are running a syslog-ng appliance + a Splunk universal forwarder at these sites to harvest security logs. So to streamline this deployment I've created a custom OVA appliance that deploys flawlessly. The only issue I am having is how to remotely manage the appliance. So I was thinking of the following options:

  1. Create a reverse SSH tunnel for SSH management. I feel like this would be a good option but I am not sure of the security considerations. Should I be using key pairs? Is it possible to access HTTPS web interfaces using a reverse SSH session?

  2. Get a RMM tool or something similar?

Any help is appreciated.

Thanks!

submitted by /u/n3ts3cn00b
[link] [comments]

Could you guys help me out with encryption and server hardening?

September 25, 2017, 10:17 am
$
0
0

I have an interview coming up soon and one of the things that will be required of me is to be knowledgeable in security technologies ( VPNs, server hardening, PKI, encryption methods, etc).

My knowledge in this area is fairly broad so I was looking to get some help or resources to expand my skills/awareness.

Anybody have any suggestions, advice, tips, or tools that would point me in the right direction?

submitted by /u/purplelinux
[link] [comments]

Need web site for Linux admin reference?

September 26, 2017, 5:25 am
$
0
0

Hi,

I want to start the career as Linux administrator and started. Exploring that but I need some website in which I could get real time scenarios and interview questions, queries with solution, Notes and tips.

Thanks & Regards,

submitted by /u/lifeforandroid
[link] [comments]

User login management

September 26, 2017, 6:44 am
$
0
0

We are about to build a new server on RHEL6. My colleague doing the work told me the /etc/password, /etc/shadow, and /etc/group files can't be copied over. They'll need to be manually recreated on the new server. Without any follow up comments to this statement, I took this to mean such work falls on me. I have no problem helping out with this, but I'm not a server admin and so know nothing about what's involved. In supporting the software that will run on this new server and being in the early stages of a CompSci degree, I'm somewhat familiar with working in a Linux environment. What's involved in manually recreating these files? Can't I simply copy them to my local machine and then copy to the new server?

submitted by /u/amino_fly
[link] [comments]
Search

Samba client access open in iptables but still cannot access

September 26, 2017, 10:52 am
$
0
0

I am using Ubuntu. These are my rules:

-P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT -N DOCKER -N DOCKER-ISOLATION -N DOCKER-USER -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 137 -j ACCEPT -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 138 -j ACCEPT -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 139 -j ACCEPT -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 445 -j ACCEPT -A DOCKER-ISOLATION -j RETURN -A DOCKER-USER -j RETURN

I am trying to access a samba server as a client and I can't - I get messages that connection was not possible.

If I do iptables -P INPUT ACCEPT then immediately I get access without a problem. So what is the deal here? Why do I need INPUT ports open for SMB ? What am I missing ?

submitted by /u/verumnosliberat
[link] [comments]

Having a tough time learning bash scripting

September 26, 2017, 7:26 pm
$
0
0

I mean, I know how to do the basic stuff, loops, if statements, etc.

I just don't know how to make practical scripts.

Granted, I'm trying to learn this stuff at home, but what can I do to make scripts that would have practical use

submitted by /u/anacondapoint6
[link] [comments]

md RAID with SSDs - far layout?

September 27, 2017, 12:54 pm
$
0
0

I'm setting up a new server and I'm planning to use 6 SSDs in it. In the past I have used mdadm to do nested RAID1+0, and that's fine. I have never used the RAID10 "complex" RAID before, and I'm wondering about the use of far layout. I can see the advantage when using HDDs, but what about with SSDs? Should it still improve read performance?

submitted by /u/Lowley_Worm
[link] [comments]

Another post regarding NFS and iptables

September 28, 2017, 2:25 am
$
0
0

I am using Arch and I am setting up NFS and iptables for a Virtualbox VM that is hosted on 192.168.100.2:

These are my rules right now:

-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -N TCP -N UDP -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -s 192.168.100.0/24 -p tcp -m tcp --dport 111 -j ACCEPT -A INPUT -s 192.168.100.0/24 -p udp -m udp --dport 2049 -j ACCEPT -A INPUT -s 192.168.100.0/24 -p tcp -m tcp --dport 2049 -j ACCEPT -A INPUT -s 192.168.100.0/24 -p tcp -m tcp --dport 20048 -j ACCEPT -A INPUT -s 192.168.100.0/24 -p udp -m udp --dport 20048 -j ACCEPT -A INPUT -s 192.168.100.0/24 -p udp -m udp --dport 111 -j ACCEPT -A INPUT -s 192.168.100.0/24 -p tcp -m tcp --dport 34567 -j ACCEPT -A INPUT -s 192.168.100.0/24 -p tcp -m tcp --dport 34568 -j ACCEPT -A INPUT -s 192.168.100.0/24 -p tcp -m tcp --dport 34569 -j ACCEPT -A INPUT -s 192.168.100.0/24 -p tcp -m tcp --dport 34570 -j ACCEPT -A INPUT -s 192.168.100.0/24 -p udp -m udp --dport 34567 -j ACCEPT

This is my /etc/nfs.conf file:

# # This is a general conifguration for the # NFS daemons and tools # #[exportfs] # debug=0 # #[gssd] # use-memcache=0 # use-machine-creds=1 # avoid-dns=1 # limit-to-legacy-enctypes=0 # context-timeout=0 # rpc-timeout=5 # pipefs-directory=/var/lib/nfs/rpc_pipefs # keytab-file=/etc/krb5.keytab # cred-cache-directory= # preferred-realm= # [lockd] port=34567 udp-port=34567 # [mountd] # debug=0 # manage_gids=n # descriptors=0 port=34568 # threads=1 # reverse-lookup=n # state-directory-path=/var/lib/nfs # ha-callout= # #[nfsdcltrack] # debug=0 # storagedir=/var/lib/nfs/nfsdcltrack # [nfsd] # debug=0 # threads=8 # host= port=34569 # grace-time=90 # lease-time=90 # udp=y # tcp=y # vers2=n # vers3=y # vers4=y # vers4.0=y # vers4.1=y # vers4.2=y # rdma=n # #[statd] # debug=0 port=34570 # outgoing-port=0 # name= # state-directory-path=/var/lib/nfs/statd # ha-callout= # #[sm-notify] # debug=0 # retry-time=900 # outgoing-port= # outgoing-addr= # #[svcgssd] # principal=

NFS works just fine because I have set the INPUT policy to ACCEPT. If I turn it to DROP, everything fails.

I wonder what am I missing here. Can anyone help ?

submitted by /u/verumnosliberat
[link] [comments]

How to use remote USB Modem to send SMS?

September 28, 2017, 6:40 am
$
0
0

Hello,

I'm trying to implement a way to receive SMS notification from my nagios monitor.

Now, I have 2 sites, Datacenter & Office.

Each site have nagios monitor of his own.

At the data center there is no signal so I cannot put USB modem there. What I'm trying to do is, connect USB modem to one of my office ESXi's, and connect it to a linux VM.

Now, following this tutorial:

https://www.unixmen.com/send-nagios-alert-notification-using-sms/

I see how to use USB modem to send nagios sms notifcation using directly connected usb modem, but I need to find out how to send the 'sendsms' command to remote host.

submitted by /u/MadHackerTV
[link] [comments]

Monitoring system like Monit, but pretty?

September 28, 2017, 4:10 am
$
0
0

I like that you can just define ports and scripts to monitor with monit and it shows success/failure and notifies you.

But I'd really like a sexier dashboard, where I can see with a single glance a plethora of red/yellow/green "badges"/lights/whatever and just define super simple checks to perform, possibly with a similar descriptive language.

Is there something like it? Maybe even a "skin" for Monit? I've used Nagios, Zabbix and Icinga in the past and these solutions are way too bloated for my needs.

EDIT: Basically, I like Zabbix' dashboard and agent-less features, but I'd really like to have cabot's simplicity.

submitted by /u/butterfs
[link] [comments]

Rancid fails to input SSH passwords correctly

September 28, 2017, 10:50 am
$
0
0

My Rancid test box fails to properly ssh into my Cisco switch on password. I posted in r/networking and figured I'd ask r/LinuxAdmin.

The box can ping and communicate via regular cli ssh, but the clogin config structure seems correct. The connection error is the password not taking.

bin/clogin 192.168.201.30 and get the following:

spawn ssh -c 3des -x -l admin 192.168.201.30

Password:

Password:

Password:

192.168.201.30's password:

Error: Couldn't login: 192.168.201.30

EDIT In r/sysadmin its always dns. In linux its always comment your freakin code. The examples were uncommented and just realized it. Thanks for the assist all.

submitted by /u/Jisamaniac
[link] [comments]
Search

Replacing failed disk on software RAID 1 but disk is 2 Mb smaller than original. Would it still work?

September 28, 2017, 1:42 pm
$
0
0

Hello, I have an NFS server with two 80GBs HDDs for boot and root. Each HDD has three partitions: boot, swap, and root. I replaced a failed disk recently with a similar model but I've just discovered the disk seems to be 2Mb smaller than the failed disk so I cannot add the disk partition to a RAID1 mirror. I am trying to add sda3 to raid group md1 below:

 # cat /proc/mdstat Personalities : [raid1] md0 : active raid1 sda1[3] sdb1[2] 511936 blocks super 1.0 [2/2] [UU] md1 : active raid1 sdb3[1] 73508736 blocks super 1.1 [2/1] [_U] bitmap: 1/1 pages [4KB], 65536KB chunk unused devices: <none> [root@mk-nfs-1 ~]# mdadm --add /dev/md1 /dev/sda3 mdadm: /dev/sda3 not large enough to join array

I've tried reducing the swap partition to make the sda3 partition bigger but it doesn't seem to work. I suspect it's because RAID1 requires the sectors used to be in the exact locations across both disks?

Do I have any other option or should I just buy a disk that would fit the 80.02MB?

submitted by /u/polkaron
[link] [comments]

Windows AD + FreeNAS CIFS (samba4) Breaks Every Monday

September 28, 2017, 5:16 pm
$
0
0

All,

Hoping to get some input/ideas on this issue before diving in this weekend.

Background story: A few months ago, we completed a fileserver migration from Windows to FreeNAS+CIFS, no problem. After that, we migrated to a new domain (clean environment, yay!) using SetACL (https://helgeklein.com/setacl/) on the new fileserver. No real problems there.

Now for the issues: -Every Monday morning, members of one security group can't access one SMB share on the server. The other shares they have access to, including the public (open to domain users) and their home share work fine. -One user's home share (not associated with the other department's security group) won't map.

I believe something is timing out over the weekend, presumably between AD and FreeNAS. A reboot of the NAS fixes the problem until the next Monday.

NAS Setup: -The NAS is joined to the domain -AD service checking is enabled on the NAS, no issues reported there -AD timeout has been increased, no change in problem -I've adjusted the SMB minimum and maximum protocol on the NAS, no change in problem. Currently the minimum is SMB2 and max is SMB 3_11 -I've been through the syslog, Samba4, and Winbind logs. Logging level is turned up to full, one step below debug. Nothing apparent causing the issue there.

AD Setup: -The malfunctioning security group is identical to all the others. -The user with the home drive issue is identical to all the others. I have reset ACLs on her folder, deleted and recreated, and now let AD create a brand new folder. No change. Planning to delete and recreate her profile next. -The user with the home drive issue now has the wait for network at logon GPO enabled. No change.

Windows reported errors vary, but it usually reports a permissions issue.

Due to the intermittent nature and scale of the issue, troubleshooting it has been a pain in the ass. I'm coming in Sunday (hopefully the timeout occurs by then) so I can do some uninterrupted troubleshooting without the pressure of getting it online ASAP (the quick fix, a reboot). I'll edit with more details as I think about them.

I'm not a samba wizard, any ideas on samba config options that might help here? Any other ideas or suggestions?

Anything helps, thank you!

submitted by /u/poke-it_with_a_stick
[link] [comments]

Vendor emailed and said ssh connection was dropping immediately

September 28, 2017, 5:22 pm
$
0
0

So I console in from vSphere and head over to /var/log. That directory doesn't exist. In fact, the only thing that's in /var is www (of course it is) and a directory they're mounting a data volume on. It's all gone. Everything. Every directory or file for logs, sockets, locks...gone.

Edit for clarity: they rm -rf /var/* like 5 times. I don't know why.

For those wondering, CentOS 6 32 bit because that's what their software can run on for whatever reason.

submitted by /u/bahaki
[link] [comments]

Moving to DevOps

September 29, 2017, 1:25 am
$
0
0

I've been working with Windows/Linux for 10+ years, and been messing around with both for longer than i can remember.

I've been offered to move/transistion from Backups/Restore, and a bit of DevOps in windows/phone system Linux, to looking after ProxMox Telecoms host, containers, IPSec vpns and "DevOping" backups and setup scripts.

They have offered me to work from home for the job, as i won't be able to do much in the day, due to the system being live.

Are there any pit falls that people can advise me to watch out for, either from the personal point or work jobs wise ?

submitted by /u/cooljimy84
[link] [comments]

LVM Sorceries: One ISO, Two hard drives

September 29, 2017, 6:57 am
$
0
0

Hi everyone,
I have to create a custom Debian 8.8 install with the following partitions configurations, on a 2TB hard drive:

  • LVM Volume Group that covers the entire 2TB HD
  • coreOs Logical Volume 50GB
  • swap Logical Volume 8GB
  • encryptedPartition Logical Volume 100%FREE (all of the remaining space)

Basically it's three partisions: 1 fixed partition for the Debian, 1 for swap, and the rest for an encrypted partition.
Now I have created an disk image that I have to dump on many micro-servers but here's the catch: Some micro-servers have a 4TB hard drive. What will happen when I copy the disk image on these bigger drives? Do I have to resize the Volume Group and the encryptedPartition Logical Volume will be resized automagically?

Thanks in advance

EDIT: I don't really know how they are going to get the HD images on the drives, because I'm not going to do it, but I guess they are using http://clonezilla.org/

submitted by /u/Murlocs_Gangbang
[link] [comments]
Viewing all 17768 articles
Browse latest View live
Search