Category Archives: CentOS

Auto Added by WPeMatico

WHO DID WHAT WITH ROOT?!

When you are not sure who is using SUDO on a server, and you really need to know who keeps making that annoying change.  You can install something to watch them, and maintain that software and related logs. Keep it setup in your package management system, and make sure it doesn’t have any patches.

OR

You could use the little-known (at least those I have asked in the field) modifications I will list below.  They are two fold.  One, you will enable to record who logs in and uses SUDO, and records their session. Much like many pieces of software out there today.  The one catch to my method is simple.  You already have the software installed, yup this has been a feature of SUDO since version 1.7.4p4.  So nothing else to install, worry about, or maintain.  It is also very easy to setup, see below:


/etc/sudoers modifcation:
All you need to do is to add 2 tags to all required sudoers entries.
*(where "su" specified, either with command or alias). 
LOG_INPUT and LOG_OUTPUT
Example: 
%admins ALL=(ALL) NOPASSWD: LOG_INPUT: LOG_OUTPUT: ALL

It will add the following default log dir structure to sudoers: Defaults iolog_dir=/var/log/sudo-io/%{user}
Note:
Output is logged to the directory specified by the iolog_dir option (/var/log/sudo-io by default) using a unique session ID that is included in the normal sudo log line, prefixed with TSID=.  The iolog_file option may be used to control the format of the session ID.  Output logs may be viewed with the
sudoreplay(8) utility, which can also be used to list or search the available logs.   Keeping in mind that if the user has a really long session you will be viewing it like a movie, it will replay as if he is sitting there typing.  With this in mind, sudoreplay gives you the ability to play back at faster speeds.  This makes it easier to find where things happened in a long recording.

So that is one good method to help find a culprit, but what if you are just looking at history of root?  Can you tell me who ran what? Can you tell me when they ran the commands you see when you type ‘history’?  By default, no.  The next tidbit of info is very useful, and extremely easy to add to your machines.  Simply add the following to your /etc/profile:

export HISTTIMEFORMAT="%m.%d.%y %T "

Yes, that is a space at the end.  If you do not put that in there you will end up with it running together with the actual command typed in history.  So your history should look like the example below:

1995 06.10.15 13:08:05 top
1996 06.10.15 13:08:05 clear
1997 06.10.15 13:08:05 df -h
1998 06.10.15 13:08:05 umount /media
1999 06.10.15 13:08:05 sudo umount /media
2000 06.10.15 13:08:05 sudo su –
2001 06.10.15 13:08:07 history

I hope this helps someone save some time, as it has me.  Please feel free to share with others.

-M

 

Linux Gaming just got way better!

Since the release of ProtonDB, there have been over 2500 games added to Linux!

What is Proton?

Proton is a new tool released by Valve Software that has been integrated with Steam Play to make playing Windows games on Linux as simple as hitting the Play button within Steam. Underneath the hood, Proton comprises other popular tools like Wine and DXVK among others that a gamer would otherwise have to install and maintain themselves. This greatly eases the burden for users to switch to Linux without having to learn the underlying systems or losing access to a large part of their library of games. Proton is still in its infancy so support is inconsistent, but regularly improving.

ProtonDB is used to collaborate on performance on different hardware/software configurations. Allowing the community to work together to get the games working.

Setting Up Proton in STEAM – Tested Ubuntu 18.10

Using Nano with Markdown in Linux

Fan of nano?  Like having pretty colors to see where you messed up? Of course we do!  Much like many of us, I use nano.  Its quick, easy, and readily available.  However, I like to see the highlighting of my language.  As many of you know, there are “nanorc” files, that will tell nano how to handle language highlight.

They are usually located in  /usr/share/nano/ (at least in ubuntu); and you can make your own under your home directory with a .nanorc file.  I can post about that later…

For now let get markdown working in nano!

You will need to create a file called markdown.nanorc by doing the following:

 sudo touch /usr/share/nano/markdown.nanorc

Now that the file is created, we just need to populate it with the following below text, in a pastebin for your convenience.  Just copy that text, and paste it into the aformentioned file. Once a new session is started, you will be able to start using markdown.

https://pastebin.com/raw/tHkBqdef

Just a little note as well; if you have a need for another language, you can follow the same instructions with their pre-reated files.  Take a look here, to see other nanorc files.  Also, nano has just been updated after a very long while, please take a look at the new support when you can.

 

 

 

Don’t forget! Linux Learning Resources

This is kept under the Linux Learning Project and Learning Resources section of the site, and is updated occasionally with new links.  Feel free to suggest one by contacting me directly.


LEARNING RESOURCES

Help/Chat:

Resources:

Need DevOps Help?

  • Had issues with your DevOps pipeline?
  • Need help streamlining automation or configuration management?
  • Need to green field or “lift and shift” applications into the cloud?

If you are trying to do any of these, and running into issues please contact me.  I am now open to consulting directly.  Fixing even a few small inefficiencies can have a huge impact on the bottom line.  Not only that, if the DevOps philosophies are really taken up, its likely that the employee base will also be happier, and proud of their accomplishments as a team.

As far as technologies I support, please take a look at my Technologies page.  (Updated often)  I am also happy to take on new ones for a project if needed.

Creating an efficient pipeline is what I do; and a fully functional system that is working well can be an amazing thing.

 

Matthew Curry
MattCurry.Com

 

Thank you to all… Jasper v1.6 Image News!

First, I would like to say thank you to the community members for helping out. I have gotten a lot of input on the new image.  This has also given me better feel for what the community wanted in an image. Which leads me to the next bit of news.


Some of you are undoubtedly wondering why I have not released my Jasper v1.6 image as of yet.  Well, I can assure you there are very good reasons.

Firstly,  I have had some severe family/health issues come up as of late which take priority.  I am also in the middle of moving a family of 5.  Combine that with the other reasons below, and I feel that most will feel the wait to be worth it.

This leads me to the next bit of news, however shocking it may be.

  1.  There will be no version 1.6 image.
    1. There will be no image at all…
  2.  Instead, there will be a full installer.
    1. This is one of the reasons for the delay.
  3.   The installer will work with a full GUI, and on the desktop.
    1. Examples:
      1. Full ubuntu Install.
      2. Fresh RPI install with GUI.
  4. The installer will be iterated on by feature going forward.
    1. We can add community approved features one at a time.
      1. Example:
        1. Change Jaspers Name
        2. Change STT after setup
        3. Etc.

FAQ (COMING SOON)

  • So whats that mean for me?
  • What do I do if I am running Jasper v.15?
  • Where do I get the installer?
  • Do I need to upgrade?

 

A few BASH tips from an old Linux admin.

Everyone has seen these “Top 50 commands” blah blah blah….. #clickbait….

I am writing this just to make BASH a much more pleasant experience for people new and old to Linux.  It is also for any sysadmin that has simply not been introduced to some of them.

I could list tons of them, but that’s going to get a simple TL;DR for most people.  Then they will move on.  So I will list a few and lets let those digest.  Keep in mind all commands are in Linux, and may vary by distribution.

First BASH tips (Simple, but time savers):

  1.  Type ‘cd’ and you will go to your home directory for the user you are logged into.
    1. Similar to “cd” ~, however ~ can sometimes rely on the environment.
  2. To return to the previous directory you can type ” cd -“.
    1. This will return you to your previous location, not home.
  3. Type “tailf”, instead of “tail f” for the same results.
    1. Also, “tail -200” can be used instead of “tail -n 200”
  4. Use a custom “PS1” for root, and regular users.
    1. A “PS1” is the text in the login prompt. See Example to the right:
      1. Notice it is yellow
      2. Do the same but in red for root.
    2. Examples:
      1. Debian PS1 for a normal user (as seen to the right)
      2. Debian PS1 for a ROOT user.
        1. These will need to be added to the bottom of “.bashrc” in your home directory
        2. Keep in mind files starting with a . are hidden in Linux, but there.
          1. I also have MAC PS1’s public in my gists.

 

I think that is enough for today, I hope this helps make BASH your friend.

 

-M

Reason #… I’ve lost count…not to use Microsoft.

image

Welcome all windows, and samba users. Please read badlock.org for why poor decisions have led to this day.

There is a known vulnerability with samba, please read the site listed. If time permits I will update this article with better info.  However, if you are running Samba the shame on you… especially the old version. I have not “had to run samba”, for anything in several years now.

Please read my article on using AFPd in linux to use it as a time machine  backup.  Works great! Or my preference is NFS on a LAN. 

Either way, I  hope this helps a few people. Please share the article if it helped.  There is a patch with CVE on the way according to their site.

Sincerely,
M

Be Careful with LetsEncrypt!

 

I must say, like a lot of people I love the idea of a free SSL Certificate.  So I thought this would be great for my site.  So I downloaded the LetsEncrypt package on to an Ubuntu 15.10 box.  The server was running Apache2, and was pretty much stock.  When I applied the cert to the site, it was super easy.  I was very impressed with the ‘–apache’ option.  I then updated my URLs in WordPress to HTTPS.  That’s it I was up and running in a few min.  I was pretty happy at this point.

Then, I realized it broke all of the other services I had on the machine that were public facing.  I had several.  Even ones with their own certs were breaking.  So I decided to remove it…. After removing it from Apache completely I noticed an issue.  All of my users that had been to the site; were getting redirected still.  Somehow it is keeping the redirct with the cert/data that is installed when the cert is installed from visiting the site.

Long story short, I had many people that thought my site was down.  I even moved servers; and it still happened. I tried clearing browser cache, DNS Cache on my MAC, from another IP. Finally after a reinstall (probably not needed, but quicker); I was able to actually load my site without the redirect.  I am sure there is something here I am not seeing; but to be honest I didn’t feel like spending all my time dealing with browser settings.

If anyone would like to let me know how they get around this I would like to know.

I hope this helps those who are thinking of trying out LetsEncrypt.  I am not saying its a bad product; or idea.  I love the install and the idea of it.  However, the practical implementation is not there yet.  For those reading this keep in mind that it is still in Beta as of this article.  So this might eventually go away.

P.S. – To those on the LetsEncrypt project, I appreciate all the work; and I hope you take this criticism positively. A good uninstall path is needed before I think this will go mainstream on monolithic boxes.  Maybe its ok with a 12 factor applications.

Sincerely,

Matthew Curry

TCPDUMP with Date for Wireshark

Just another handy snippet:

It will date the output, and also put it in a handy pcap for Wireshark.

tcpdump -i eth1 -s0 -v -w /tmp/capture_`date +%d_%m_%Y__%H_%I_%S`.pcap

*Note: Should work on all Linux distros (make sure to have the right network interface selected, Ex: eth1); it might have to be slightly modified for Mac. Windows can go DIAF.