LinuxAdmin: Expanding Linux SysAdmin knowledge

Subscribe to LinuxAdmin: Expanding Linux SysAdmin knowledge feed
Expanding Linux SysAdmin knowledgelinuxadmin: Expanding Linux SysAdmin knowledge
Updated: 3 min 11 sec ago

Video on how to get a job without a job to give you experience that the new job requires.

Thu, 11/15/2018 - 22:26

That feels pretty convoluted. Anyway, a common question from new admins w/o degrees is: If I don't have experience, and all the entry level jobs require experience to get the job, how do I get the experience. Note: this is for people trying to get their first job in IT. If you are a 20 year veteran of the IT trenches, this may not be useful for you, but additional suggestions for people just getting started are always appreciated.

Thanks again for all the support /r/linuxadmin! It hasn't even been a week since I posted my first video, and I've had something like 700 views and 75 subscriptions. This is boggling my mind, but I hope you guys keep finding this useful. Also, in this one, my dog Bits makes a cameo. :)

Please let me know if you have any questions or topics you'd like me to discuss.


submitted by /u/nickbernstein
[link] [comments]

Apache Guacamole Installation Script for RHEL/CentOS

Thu, 11/15/2018 - 16:17

I have created an installation script for Apache Guacamole in RHEL/CentOS 7.x and up. I was hoping to get some feedback on it and maybe even some help improving it.

The Github repo can be found at

Some key features of the script are:

  • Allows installing from Stable version or git source
  • Installs and configures dependent packages including Nginx, JDBC/LDAP extensions, MariaDB, Java KeyStore, etc.
  • Can use LDAP as an authentication method without modifying the LDAP server (sign in with AD credentials)
  • Has options for LetsEncrypt cert or self-signed cert
  • Hardened Nginx SSL settings option (scored A+ on Qualys SSL Labs SSL Test)
  • Hardens MariaDB
  • Nginx URI Path parameter (changes URL from default to something shorter like
  • Option for DHE/Forward Secrecy via ssl_dhparam in Nginx
  • Logging the script activities
  • etc.

I am interested in feedback, constructive criticism, and help testing and updating the script. Please be kind I am not a programmer by trade and I am well aware the script isn't perfect. The Github repo (especially the documentation) is very much still a work in progress.

Currently I am unable to test the LetsEncrypt portion of the script as I would like. I want to move away from downloading the standalone version of Certbot and instead install it from the Distros repo. The scripts silent/unattended and help portions need attention too. I have listed in the wiki on my Github repo some additional features I would like to add as well.

I am hoping the script will help others and that I/We can further refine it to make it a great option for those looking to setup Apache Guacamole without the fuss of doing it entirely manually.


submitted by /u/Zer0CoolXI
[link] [comments]

[Help] How to check video integrity of many files

Thu, 11/15/2018 - 14:53

Hi, I'm on Debian 9 and I've many video files (terabytes) on a errorless filesystem on a new hard drive. I'd like to test files for video integrity. I know that some of them are corrupt, I can see corrupt files with mpv video player only in part (the not corrupt part). What is the best and faster way to list files that are corrupt on a text file?

I searched a lot and I found bash scripts that use ffmpeg (converting file to "null") but they are slow and not really "smart" because after finding an error on a file, they continue to scan the same file instead of jumping it.

submitted by /u/fonduta
[link] [comments]

Help with arp script

Thu, 11/15/2018 - 13:57

I’m new to Bash scripting and working on a senior project.

I am trying to create a script that will send an email with the arp table to a user. I am a bit confused as to how I should go about doing this.

I was tinkering with the arp command and connected my phone to the network, then ran the arp command, but my phone wasn’t listed. I pinged my phone, then ran arp, and my phone was now listed in the arp table.

This got me thinking, maybe I could ping the subnet then run arp? This doesn’t work as once I pinged the subnet and ran arp, it gave me an empty entry for all other IPs on the network.

I don’t know how often the arp table refreshes and am trying to make the script run twice a day, possibly 3, and send an email each time with the connected devices.

Can anyone give some insight as to how I should go about doing this?

submitted by /u/siymjbd
[link] [comments]

[Help] Using Active Directory to authenticate SSH

Thu, 11/15/2018 - 13:06

Hello hello linux admins. I have an environment of RHEL 7 and CentOS 7 boxes that are in desperate need to a centralized authentication method. The other admins here all used a shared account and I have had enough. So in my lab I'm trying to make a vm authenticate ssh logins with AD accounts. I've followed this guide to a T LINK. I continue to get permission denied when I try to ssh with my test AD account. the SSHD config is open to all users and groups. I've set both the CentOS and Windows Server to pull time from the same external NTP server. I've set the sssd debug to level 9 and can provide that if needed. But I'm at a loss here. Even disabled both firewalls to make sure everything in getting through on both sides. Any help here would be much appreciated.

submitted by /u/NiftyMist
[link] [comments]

What are the advantages of firewalld over iptables

Wed, 11/14/2018 - 17:13

Hey everyone, right now I'm in the process of migrating system we built from CentOS 6.9 to 7.5. In our kickstart we basically just copy over an iptables ruleset that was defined many lifetimes ago, and more recently we've been using iptables to tag packets with DSCP values on their way out.

With the upgrade to CentOS 7 I have a choice to either use iptables-service or spend the time configuring firewalld to match our iptables policy which comes with lots of testing and verification.

I'm thinking about dropping firewalld all together and just using iptables so that we can more or less continue with how things were in CentOS 6 but I've found conflicting answers as to whether or not this is a good idea. So what are the advantages of using firewalld vs iptables and is one preferred over the other? I will put in the time to configure everything if the benefits outweigh the costs

submitted by /u/grrfunkel
[link] [comments]

Setting up Samba on an IPA client

Wed, 11/14/2018 - 16:51

Hi all,

By following these instructions I am able to get a Samba share working on my IPA controller server:

Is it possible to have a similar setup but on an IPA client server?

I installed the IPA client on a file-server and it joined my realm without issue. When I run ipa-adtrust-install I get an "IPA is not configured on this system." message despite it being configured as a client.


submitted by /u/lildergs
[link] [comments]

Using UDP protocol with Apache Guacamole and RDP Connections

Wed, 11/14/2018 - 16:15

Hi all,

I am not a Linux admin I primarily manage Windows and Mac so pls be gentle. We are testing using Guacamole to provide a single portal to multiple physical workstations. However, there has been some performance degradation in the stream from guacamole. Connecting to the same computers with the native RDP client is noticeably smoother. CPU usage on the guac server isn't an issue but I noticed guac was doing all of it's communication using TCP/TLS while the RDP client was just using UDP. Presumably this is why the RDP client had better performance with UDP having less overhead.

I was wondering if guac is able to make RDP connections using UDP or if there is a similar solution out there that can.

Thanks :)

submitted by /u/iblowuup
[link] [comments]

Jenkins, RH JBOSS Enterprise, Apache HTTD, and ports

Wed, 11/14/2018 - 13:57

My experience is very limited with JBOSS and Jenkins. I have setup more than a few HTTPD and Tomcat instances. In those cases I did use some type of connector in HTTPD to pass back to the tomcat instance, that was listening on localhost. I am trying to figure out what others have done for Jenkins and JBOSS. Do you guys just leverage HTTPD in the same manner as I did for Tomcat or what? Also what connector did you use?

Usually application teams give me more feedback on what they need, though lately management seems to be micromanaging requirements and the application isn't really giving me any detailed requirements.

submitted by /u/DogNamedCharlie
[link] [comments]

Can a network interface be shared between a host and a VM?

Wed, 11/14/2018 - 13:30

Have not found a clear answer online on whether the network connection can be shared? I am new to linux, and cannot think of what I can do to make it work.

I am running Qemu/kvm on a RHEL 7.5 machine with only one network interface. This is on a stand alone networked environment. I would like to have the VM connected to the same network as the host. Previously tried adding a bridge through network scripts, but when I do that only the VM will be connected and I am no longer able to ping or communicate with the host.

Guidance on how to get it done would be greatly appreciated.

submitted by /u/gristlyjewel
[link] [comments]

What are your conventions with Bash/shell scripts? What is your preferred style guide, if any?

Wed, 11/14/2018 - 11:20

I always find it kind of jarring seeing a new coworkers style and conventions for the first time. Some folks are all about function definitions with parens `foo() {}`, whereas I prefer using the keyword `function foo {}`. 4-character indents vs. 2-characters, tabs vs spaces, etc etc.

What are you preferred conventions?

submitted by /u/el_seano
[link] [comments]

DOD Linux user group?

Wed, 11/14/2018 - 11:04

Anyone know of an active group for Linux admins in the DOD space? It would be great to be able to collaborate with others on some issues specific to .mil.

submitted by /u/NotAWittyScreenName
[link] [comments]

apt cache with ppa

Wed, 11/14/2018 - 10:08

My understanding of apt cache is that it downloads updates once, then distributes them to all of the servers in your infrastructure. The question is, can you install a ppa to the apt cache server and use it to get software not normally available, or will servers reject the new software?

Example, Saltstack is 2014 in the official repo last time I checked and they have released 2018 through the official ppa. If I were to install that ppa to the apt-cache server and run updates, would my client servers be on 2014, or would they update to 2018? I could see it going both ways depending on the methods used for data validation (MD5 checksums for example).

This question also applies to satellite/spacewalk ect.

submitted by /u/G6q0u1imtyRtucHre0v1
[link] [comments]

Completely stuck at writing a IPA script

Wed, 11/14/2018 - 06:28

Hello, I have been trying to figure out how to write IPA user maintenance tool/script. What I need: Disable users with last login time > 1 year. Remove users with last login time > 2 years.

I am a junior linux admin and i am completely stuck at automating this task... has anyone implemented something like this? I know that i can query for users last auth using: ipa user-find --all --raw | grep -iE "(dn:|krbLastSuccessfulAuth)" but how could i automate using this output as input to ipa user-suspend <user> , i cant figure this out for quite a long time. Can this be done in bash or do i need to use something like python? Any advice or code examples are welcome... Thanks in advance.

submitted by /u/jimmysoldnumseven
[link] [comments]

Please help me achieve my dream; To make good money with less hours

Tue, 11/13/2018 - 15:47

Hi everyone,

I'm currently a Linux Admin, my goal in life is to leverage IT to be able to have a good life while working only 20-30 hours. I don't need to be rich, something like $80,000-$120,000 would be more than enough for me. I enjoy IT, but there's a lot of other things I enjoy in life as well.

The older I get, the more I value time. There's so many things I want to do, and people I want to do them with, where working 40+ hrs a week makes it incredibly difficult and stressful.

The only route to get there seems to be consulting or contracting work, but how do I get there?

submitted by /u/anacondapoint6
[link] [comments]

What you prefer in Linux that we don't have in Windows Server or vice versa ?

Tue, 11/13/2018 - 15:37

What you prefer in Linux that we don't have in Windows Server or vice versa ?

submitted by /u/Cloud_Strifeeee
[link] [comments]