Managing an number of RHEL servers (VMs) with Oracle running on it.

Seems like in the past the DBAs had full root privileges, however I'm cracking down on that. White listing only the commands they need via sudo.

They want the ability to reboot these servers. I've researched online and can't find anything that is neither for or against this.

I know in the past, I've been working on a server and all of the sudden it goes down, so I think it would be best if the actual sys admin was in charge and anyone else has to schedule a reboot thru me.

Thoughts/Ideas?

thanks

For whatever reason I am having a hard time coming up with a reliable way to keep on top of newly discovered vulnerabilities. I initially had the idea of adding an RSS feed to my jira/confluence dashboard, but atlassian make this way more difficult than it needs to be.

While it's not a common occurrence, there are times that I am notified of vulnerabilities within our systems from colleagues outside of my team. Of course I am open to their observations and input, but I can't help but feel a little embarrassed that I did not discover them first.

I am curious as to how this is handled in other businesses. Do you have a good way of tracking these events?

Edit: formatting

Hi, i'm searching a manager for my connections to my VM's that supports ssh connections and rdp connections as well. now i'm using pac manager, but it's very buggy. Do you use another manager for your connections?

Thanks

So I'm doing some basic job control in a script and noticed that what I'm trying to do doesn't work in sh/dash (I'm on Ubuntu so sh is dash).

bash

$ jobs -p 3053 9202 $ jobs -p | wc -l 2 $ jobs -p | grep ".*" 3053 9202 $ 

sh/dash

$ jobs -p 9942 9940 $ jobs -p | wc -l 0 $ jobs -p | grep ".*" $ ls -l | wc -l 13 $ jobs -p > jobs.txt $ cat jobs.txt 9942 9940 

Anyone have any idea what's going on here? Seems like the jobs built-in is going to stdout, but for some reason doesn't make it to stdin of wc or grep?

Edit: found a mailing list thread about this: https://www.spinics.net/lists/dash/msg01165.html

Edit 2: Can't find a good workaround for this and the Debian bug report for it has been open for nine years. In the words of the person who started that mailing list thread, "To me, 'just use $!' sounds to me a lot more like 'just go use another shell'" so I'm just going to use bash. Good work Debian team.

Hi all,

I have several computers (desktop, laptop, work laptop, and some servers) for which I have different dotfiles. Right now I use dotbot with several profiles to handle difference between those. But that means I have sometimes copies of the same file with only 1 line changing and I think it’s a bit ugly so I wondered how you handle this.

I was looking at ansible assemble module which looks interesting, and I wanted to dig into ansible anyways, but maybe you have some more ideas !

Don't be me.

Cleaning up my NAS (while sitting on a concall half-listening), I torched a directory of VM images, since "all VMs are running out of the new directory".

Turns out that they weren't. And I only had backups of the VMs in the proper/new directory.

Poof, gone.

Don't be me. lsof and find can be your friends if you let them.

I'm in a hotel trying to connect to the Wi-fi. My Linux mint 18.2 discovers the network and even connects to it. But it doesn't work. The strange thing is that I'm supposed to put a password in but the machine connects without needing to put the password. And yet I am not able to connect.

Any ideas????

I'm closer than I've ever been to get a Linux admin position. The second interview is in about two weeks and will be more about tech this time (rather than me as a person). Primarily about OpenStack but also RedHat. I've never worked with either (although I'm familiar with CentOS).

My plan is to setup the training lab enviroment but I'm not really sure where to take it from there. My second Idea is to setup an OpenStack enviroment at home under Proxmox using nested virt.

Also, I can't really afford the RedHat training (yet). Is there anything similar available?

Any help with how I should approach the following weeks would be greatly appreciated. Sorry if this has been asked multiple times already...

Edit: I have some general knowledge (as in educated and/or working experience) of the following technologies:

• Debian, CentOS, pfsense, iptables, ZFS, bind, apache, mysql/mariadb, squid, LDAP, Grafana/Zabbix, sshd
• Client OS 7, 8, 10, Server 2012, 2016, Office365, AD, DFS(R), WSUS, NLB, FSRM, CA, DNSSEC
• Proxmox, ESXi, KVM, LXC, SmartOS, Virtualbox - Pfsense, F5, TCP/UDP, tshark/wireshark/tcpdump, OSPF, EIGRP, iSCSI, SMB/NFS, DNS, VPN, SNMP, VLAN, PVLAN, ICMP, DHCP
• Bash, power shell, lua, ahk, html/css, git, (c and js/php/sql fundamentals)
• WordPress, MediaWiki, DokuWiki

Hey all,

First question, I just passed my LPIC-1 Exam 1 about to take my LPIC-1 Exam 2 - should I take the RHCSA? (that was my original plan - but they cancelled my test, and now I am wondering how much I should invest in certs without seeing some return)

Second Question: What should I aim for job wise given a) my entire work history is in retail (although all my former bosses loved me) - and my awards were for great customer service and attitude b) my goal is to have some sort of career path as a linux admin with some sort of specialty. Basically, should i try to be a help desk person, even though it would kind of mean branching away from linux? I would probably also need to wait given that my only dual booting system has a bad motherboard that is currently getting RMA'd.

Third question, what kind of company should I target? I sent out one resume/cover letter to amazon and heard nothing back (before I even took the LPIC-1). So many of the places I have seen seem to be Microsoft environments - is it my location? I live in Norht Seattle.

Thanks in Advance

Hey everyone. I'm sure this is a very basic problem, but as a Linux noob, I can't quite figure it out. I have a CentOS box that is connected to our SAN, the iSCSI session is exposed as /dev/sdb. I went ahead and created a bunch of physical volumes, volume groups, and logical volumes and all is hunky dory there. The mounts for the logical volumes are set up in fstab for persistence. Now, if I reboot, it won't boot at all because the iSCSI session terminates and it can't mount the other devices that depend on it (I previously had to boot into emergency and remove the mounts from fstab to get it to boot again). So, I've done some research but can't quite wrap my head around how to solve this. /dev/sdb has no UUID so I can't put it in fstab. Did I screw up by not partitioning the entire sdb? Was I supposed to partition the entire sdb and then do pvcreate on the single partition instead of using pvcreate on sdb directly? As always, any help would be greatly appreciated. Thanks in advance.

Edit: Thanks everyone for the very helpful responses! Just getting back to this issue now.

So I'm dabbling in Python and I'm trying to wrap my head around how I could use this to automate certain tasks and make life easier.

Does anyone have any resources or advice for learning and applying Python specifically for System Administration?

I often have to access aws hosts using ssh via a jump host. I find it convenient to use ssh with ProxyCommand like this:

Long form

ssh -i key_for_destination_host.pem -o "ProxyCommand ssh -W %h:%p -i key_for_jumpbox.pem jumpbox_user@jump.box.host" destination_user@destination.host

Short form (presumes ssh keys already added)

ssh -o "ProxyCommand ssh -W %h:%p jumpbox_user@jump.box.host" destination_user@destination.host

But I have to negotiate several different AWS accounts and several different regions within each

I would like to have a script function taking 4 arguments interactively:

1. jumpbox_user (with a default value suggested)
2. jump.box.host (will be an IPv4 address)
3. destination_user (with a default value suggested)
4. destination.host (will be an IPv4 address)

then substituting these values into the command and opening my remote shell session in my terminal.

The defaults are because generally there is a common username for the jumpbox (although this could change) and a different common username for the destination host (although this also might change).

Ideally in operation I would call the function e.g. $ jumpy or whatever and get prompts similar to e.g. the awscli aws configure experience.

What is the asiest way to do this and where do I begin? A BASH function? A Python script? Something else? My workstation is Ubuntu and I have local root so I can use any framework

Thanks

This shi* is pissing me off. For some reason my network connection keeps connecting and disconnecting. One second I can ping to google, the next second I can't.

One second SSH is working, the next second my network disconnects.

Anybody know why this is happening? I'm trying to do homelabs and everytime I spin up a VM and connect it to my dns server it has these issues, but it doesn't seem to be a DNS issue.

I don't have these issues at all on Centos 6.

HI all,

i've been looking around for a while now for the perfect note taking tool and figured I would ask the community.

Given that I work in IT Operations with a decent (but not enough) amount of config management/coding I need a good note taking tool that supports both awful printscreens of shit legacy software installs and script snippits and the like.

so what is ‘perfect’ for me?

1. supports code highlighting (seems like markdown support is a thing now, which i quite like)
2. is hierarchical
3. cloud enabled (ideally dropbox support for linux desktops to use it)
4. has a linux client and not just a web browser
5. supports a phone client (iphone)
6. it's free, or if not absolutely not subscription based. I don't mind dropping money on something awesome, but I won't be doing that monthly. A free desktop app with a paid phone app for example I'm good with.

I currently use cherrytree http://www.giuspen.com/cherrytree/

and I quite like it. It fails on the above by not supporting a phone. It doesn't do markdown, but does do code highlighting. so it's pretty great. works great with dropbox and exporting note pages to pdf is really handy as I'm often doing some shit upgrade and taking detailed notes, then I just export the page and dump it in our wiki for the product as a discrete upgrade event.

I came from onenote on my microsoft desktop and that was NEARLY perfect with the huge negative of no markdown or codehighlighting. But it's the best implementation of hierachical notetaking ever (seperate notebooks, tabs and individual pages within tabs).

Others I looked at

laverna - this sort of ticks a lot of the boxes, but I find it a bit ugly to use. I don't even really understand how the hierachical thing is working and tags are tricky to use well. Didn't really like it and bailed quite fast

google keep - this is great for things like shopping lists and quick shareable notes. it's not great for ‘all my work stuff ever’. Misses the hierarchy thing. great tool, but not a work tool I find.

boostnote - seems pretty great and markdown is really well done. isn't hierachical though can only make 1 level folder. It's also purely for developers. so the pasting of screenshots doesn't really work for me. tags seems to make 0 sense currently as well.

inkdrop - looks incredible but it's 5 bucks a month. no way. might literally tick all of the boxes apart from the huge turnoff of a monthy cost.

simplenote - isn't hierachical

mynotex - this was pretty great but no code highlighting or markdown. seemed to replicate the hierachichal thing quite well that onenote is good at

that about wraps it up for my testing. So far I've concluded that ‘cherrytree’ is the best for my purposes, but it didn't hit all the right notes. I'm hoping someone here can help me a bit with an amazing suggestion that I didn't consider. Right now it's cherrytree for workstuff and google keep for impermanent notes like shopping lists and quick things I need to remember. Would like an ‘all in one tool’ though.

On one machine, I can't open luks encrypted drives. So I tried formatting it with luksFormat, on the machine in question, and then creating a new luks partition. It works, but then I can't open it still! I have no idea what the issue could be; anybody have any suggestions?

edit: I should specify that I'm using cryptsetup, and have made sure the cipher is one that both systems have. I can create a luks partition on the one that can't open it, and then open it on another machine.

Im still relatively new and green to being a linux admin. I had to take over a few servers some months ago and they all have a number of problems and Ive been fixing what I can but Im still learning a lot of this stuff at the same time.

They are all CentOS (6.9) WHM/Cpanel servers with LAMP stacks with a larger number of websites on different ips and one of them seemed to have a mail spam issue. I found that the disk space was filling up very fast in places such as /var/log/exim and in exim_mainlog there were records like this:

2017-06-28 23:02:42 1dQPj7-0005Mm-JP <= NAME@MYDOMAIN H=([127.0.0.1]) [78.90.72.196]:41899 P=esmtpa A=dovecot_plain:NAME@one_of_my_site.com S=15548 id=4D248BBE.3420710@one_of_my_sites.com T="Hand regard: following the hand with the eyes!" for some_name@prodigy.net 

some_other_name@google.comanother_name@yahoo.com etc etc...

I posted this in another thread on /r/webhosting at the time and was told that the account was compromised and most likely sending spam emails. So I deleted that email address (and all other emails for that site I think) from that account and also changed all logins and pws. I also changed or deleted something else related to exim as the /exim directory stopped filling up then but I cant recall exactly what I did.

Emails are not working for the any of the sites at all on the sever though still and I would like to fix it now. Ive tried sending test mails and it just hangs and nothing comes through. None of the email reports from cron jobs come through either and no messages from the contact forms on the websites are delivered.

The cpanel Mail Queue Manager has a bunch of frozen messages that seem to be from 'System' to 'root@server.my_server_name.com' and these mostly seem to be ones trying to send to my own Gmail accounts and failing due to the ip missing a PTR record.

I can the server name through mxtoolbox.com and got an ip back that some of my sites reside on so I guess that means that mail is sent from that ip to? After doing an SMTP test I got the following results too:

SMTP Reverse DNS Mismatch Reverse DNS does not contain the hostname SMTP Valid Hostname Reverse DNS is not a valid Hostname SMTP Banner Check Reverse DNS does not match SMTP Banner SMTP TLS Warning - Does not support TLS. SMTP Transaction Time 15.067 seconds - Not good! on Transaction Time More Info SMTP Connection Time 0 seconds - Good on Connection time SMTP Open Relay OK - Not an open relay. 

also it seems the ip is blacklisted on BARRACUDA (all other spam lists returned green though)

here's a sample of exim_mainlog:

2017-10-09 06:37:49 1e1VRU-00034a-Ie ** some_person@gmail.com R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [173.194.74.27] X=TLSv1.2:ECDHE-RSA- AES128- GCM-SHA256:128 CV=yes: SMTP error from remote mail server after end of data: 550-5.7.1 [129.121.177.10] The IP address sending this message does not have a\n550-5.7.1 PTR record setup. As a policy, Gmail does not accept messages from\n550-5.7.1 IPs with missing PTR records. Please visit\n550-5.7.1
https://support.google.com/mail/answer/81126#authentication for more\n550 5.7.1 information. p10si6085927ite.12 - gsmtp 2017-10-09 06:37:49 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1e1VRU-00034a-Ie 2017-10-09 06:37:49 1e1VRV-00034u-By <= <> R=1e1VRU-00034a-Ie U=mailnull P=local S=2923 T="Mail delivery failed: returning message to sender" for one_of_my_sites@server.MY_SERVER_NAME.com 2017-10-09 06:37:49 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1e1VRV-00034u-By 2017-10-09 06:37:49 1e1VRU-00034a-Ie Completed 2017-10-09 06:37:49 1e1VRV-00034u-By => ONE_OF_MY_SITES < one_of_my_sites@server.MY_SERVER_NAME.com> R=localuser T=dovecot_delivery S=3107 C="250 2.0.0 < one_of_my_sites@server.MY_SERVER_NAME.com> CIzRIX1R21kxLgAAQA8zkQ Saved" 2017-10-09 06:37:49 1e1VRV-00034u-By Completed 2017-10-09 06:37:50 SMTP connection from [171.61.112.215]:51188 (TCP/IP connection count = 1) 2017-10-09 06:37:50 SMTP connection from [182.18.168.216]:42187 (TCP/IP connection count = 2)

here's a sample output from exim_rejectlog

2017-10-09 06:30:24 dovecot_plain authenticator failed for (aahzvnlmll) [185.110.241.27]:64693: 535 Incorrect authentication data (set_id=support@ONE_OF_MY_SITES.com) 2017-10-09 06:30:30 dovecot_login authenticator failed for (aahzvnlmll) [185.110.241.27]:64693: 535 Incorrect authentication data (set_id=support@ONE_OF_MY_SITES.com) 

2017-10-09 06:33:09 dovecot_plain authenticator failed for (info-api.ru) [93.174.93.46]:59517: 535 Incorrect authentication data (set_id=admin@MY_SERVER_NAME.com)

Ive spent most of today reading up about Exim, Dovecot and how to setup mail severs but still feeling pretty overwhelmed and not sure where to start or even what my exact problem is.

What would be my best course of action here? Would removing everything and setting everything up again from scratch be an option?

thanks

e.g., generate say 1-100 lines' worth of random crap to create a new file or append to one? I'm talking going at crazy scale, possibly 500,000 actions a day for some tests.

What's the fastest in just plain raw efficiency on transactions? Content material is completely irrelevant for purposes, more or less.

Hi. We use samba winbind 4.2 and 4.6 with kerberos in in our linux environment (in a trusted domain setup) and have currently the problem that some user can not login and are not resolvable when one of the domain controllers is down. Any suggestions or tips for a proper configuration? Thanks

** Edit - not floating IP. Not sure why I wrote that. It's just the IP on the haproxy box for forwarding the connection.

Hey guys,

I'm having difficulty figuring out why my redis instances behind a haproxy in a test environment is not working.

I have 2 Redis boxen in master / slave replication with a password enabled, and Redis-sentinel running on 3 servers with a quorom of 2, and HA Proxy in front of everything performing health checks to point a floating IP to the current master.

My setup (sentinel running on all 3 boxes, but in production I will likely move sentinel completely off the redis machines):

redis1 - IP 10.0.2.11 redis2 - IP 10.0.2.12
redis-proxy - IP 10.0.2.13 and running haproxy on 10.0.2.14

Everything looks fine. Sentinel connects, and fails over the redis instances properly. I can connect to the redis instances from the haproxy server just fine. But when I try to connect through the HAProxy Redis IP I get this:

root@redis-proxy:~# redis-cli -h 10.0.2.14 -p 6380 -a redis-pass 10.0.2.14:6380> info Error: Server closed the connection 10.0.2.14:6380> quit 

But I can connect directly to the redis instances on both machines directly:

root@redis-proxy:~# redis-cli -h 10.0.2.12 -a redis-pass ping PONG root@redis-proxy:~# redis-cli -h 10.0.2.11 -a redis-pass ping PONG 

Here is my haproxy config:

root@redis-proxy:~# cat /etc/haproxy/haproxy.cfg defaults REDIS mode tcp timeout connect 3s timeout server 6s timeout client 6s frontend ft_redis bind 10.0.2.14:6380 name redis option tcplog log global default_backend bk_redis backend bk_redis option tcp-check tcp-check send AUTH\ redis-pass \r\n tcp-check send PING\r\n tcp-check expect string +PONG tcp-check send info\ replication \r\n tcp-check expect string role:master tcp-check send QUIT\r\n tcp-check expect string +OK server redis_1 10.0.2.11:6379 check inter 1s server redis_2 10.0.2.12:6379 check inter 1s 

Can anyone give me some insight into why my haproxy instance isn't connecting to redis through the .14 IP, but I can confirm connectivity so the backend shouldn't be having any issues?

I am testing pgbouncer in my test environment and I am running into some security concerns. I was wondering anyone here solved my problem. My setup is that pgbouncer will reside on the appserver and it will bouncer to database accordingly.

Before pgbouncer I have a .conf file to connect to database.

 gpgsql-host= testdb-abc.com gpgsql-dbname= testdb gpgsql-user= testuser gpgsql-port= 5432 gpgsql-password=testdbpw 

After pgbouncer my conf looks like this.

 gpgsql-host= localhost gpgsql-dbname= testdbpgbouncer gpgsql-user= testuser gpgsql-port= 6432 gpgsql-password=testdbpw 

pgbouncer.conf

 [databases] testdbpgbouncer = host=testdb-abc.com port=5432 dbname=testdb [pgbouncer] logfile = /var/log/postgresql/pgbouncer.log pidfile = /var/run/postgresql/pgbouncer.pid listen_addr = 127.0.0.1 listen_port = 6432 unix_socket_dir = /var/run/postgresql auth_type = md5 auth_file = /etc/pgbouncer/userlist.txt pool_mode = session server_reset_query = DISCARD ALL max_client_conn = 20 default_pool_size = 20 

and in the userlist.txt I have

"testuser" "testdbpw" 

Here's the concern I have.

1. In the pgbouncer setup, if either of the password is wrong in test.conf or userlist.txt. The connection to the db will not work. That is very odd because I would've thought one of params will triumph the other, but that's not the case.

2. I don't like having a clear text ustlist.txt sitting on my system showing all the possible db password. Having the cleartxt pw on the application's conf is bad enough now I have it in two places AND if they are not the same the connection to db will fail.

Note: the connection to db is not an application problem, i'm just testing it with psycopg2 atm.